Application layer security for Internet communications: A comprehensive review, challenges, and future trends

Abstract

The security of Internet communications has traditionally been delegated to controls at lower layers of the Transmission Control Protocol/Internet Protocol (TCP/IP) architecture. However, the increasing complexity and severity of current Internet threats have rendered this approach insufficient, necessitating enhanced security measures at higher levels. This paper presents a comprehensive review of Application layer security for Internet communications, utilizing a novel classification scheme of existing literature based on standards and frameworks. Unlike previous studies, our proposed classification scheme encompasses all current approaches to security provision, security goals, types of attacks, and types of controls at the Application layer. Moreover, it analyzes security solutions for both standardized and proposed protocols. Our review is domain-agnostic and considers all existing contributions without age restrictions, allowing us to analyze the complete landscape beyond the conventional use of browsers for accessing Internet services and to understand the evolution of Application layer security from the Internet’s inception. Our thorough review also identifies gaps, challenges, and forecasts future trends, serving as a baseline for future research. We conclude that the primary driver to secure the Application layer for Internet communications is the technological adaptation of standardized Application layer protocols to meet new requirements over time, which has given rise to new and dangerous threats, rendering controls at lower layers insufficient.