As the Internet of Things (IoT) sees an increasing use in the society, the security challenge it faces is becoming more and more severe. Data collected and shared in the IoT plays an important role in the significance of the IoT. Observing from a data perspective may be of great help in understanding IoT security. Though a number of surveys on IoT security have been out there, none of them is from such a perspective. To fill the gap, this paper investigates IoT security from data perspectives. Combining the concept of typical IoT architectures with data life cycles, the paper proposes a three-dimensional approach to exploring IoT security, i.e., with the one-stop, multi-stop and end-application dimensions. The one-stop dimension explores IoT security by observing data on an IoT device, the multi-stop dimension by observing data among a group of IoT entities, and the end-application dimension by observing data used in IoT applications. While data may flow from IoT end-point devices through the Internet to a cloud or vice versa, the most demanding IoT-specific issues are in the space from IoT end-point devices to the border of the Internet, therefore the paper focuses on this space. The one-stop dimension discusses IoT security with respect to data that may flow from and to an end-point device. The multi-stop dimension works from the angle of data among a group of IoT entities, concerning secure communication, authentication and access control. The end-application dimension acts from the viewpoint of data usage in IoT applications, covering privacy, forensics, and social or legal challenges of the entire system. The paper makes an in-depth analysis of the latest development in IoT security by observing from data perspectives, summarizing open issues and suggesting promising directions for further research and applications of IoT security.
Read full abstract