Internet Of Things Security Threats Research Articles

Health IoT Threats: Survey of Risks and Vulnerabilities

The secure and efficient collection of patients’ vital information is a challenge faced by the healthcare industry. Through the adoption and application of Internet of Things (IoT), the healthcare industry has seen an improvement in the quality of delivered services and patient safety. However, IoT utilization in healthcare is challenging due to the sensitive nature of patients’ clinical information and communicating this across heterogeneous networks and among IoT devices. We conducted a semi-systematic literature review to provide an overview of IoT security and privacy challenges in the healthcare sector over time. We collected 279 studies from 5 scientific databases, of which 69 articles met the requirements for inclusion. We performed thematic and qualitative content analysis to extract trends and information. According to our analysis, the vulnerabilities in IoT in healthcare are classified into three main layers: perception, network, and application. We comprehensively reviewed IoT privacy and security threats on each layer. Different technological advancements were suggested to address the identified vulnerabilities in healthcare. This review has practical implications, emphasizing that healthcare organizations, software developers, and device manufacturers must prioritize healthcare IoT security and privacy. A comprehensive, multilayered security approach, security-by-design principles, and training for staff and end-users must be adopted. Regulators and policy makers must also establish and enforce standards and regulations that promote the security and privacy of healthcare IoT. Overall, this study underscores the importance of ensuring the security and privacy of healthcare IoT, with stakeholders’ coordinated efforts to address the complex and evolving security and privacy threats in this field. This can enhance healthcare IoT trust and reliability, reduce the risks of security and privacy issues and attacks, and ultimately improve healthcare delivery quality and safety.

FIDWATCH: Federated incremental distillation for continuous monitoring of IoT security threats

The fast evolutions of Internet of Things (IoT) technologies have been accelerating their applicability in different sectors of life and becoming a pillar for sustainable development. However, this revolutionary expansion led to a substantial increase in attack surface, raising many concerns about security threats and their possible consequences. Machine learning has significantly contributed to designing intrusion detection systems (IDS) but suffers from critical limitations such as data privacy and sovereignty, data imbalance, concept drift, and catastrophic forgetting. This collectively makes existing IDSs an improper choice for securing IoT environments. This paper presents a federated learning approach called FIDWATCH to continuously monitor and detect a broad range of IoT security threats. The local side of FIDWATCH introduces contrastive focal loss to enhance the ability of the local model (teacher) to discriminate between diverse types of IoT security threats while putting an increased emphasis on hard-to-classify samples. A fine-grained Knowledge Distillation (KD) is introduced to allow the client to distill the required teacher's knowledge into a lighter, more compact model termed the pupil model. This greatly assists the competence and flexibility of the model in resource-constrained scenarios. Furthermore, an adaptive incremental updating method is introduced in FIDWATCH to allow the global model to exploit the distilled knowledge and refine the shared dataset. This helps generate global anchors for improving the robustness of the mode against the distributional shift, thereby improving model alignment and compliance with the dynamics of IoT security threats. Proof-of-concept simulations are performed on data from two public datasets (BoT-IoT and ToN-IoT), demonstrating the superiority of FIDWATCH over cutting-edge performance with an average f1-score of 97.07% and 95.63%, respectively.

The Study on Security in Internet of Things (IoT)

The Internet of Things, or IoT, has received a lot of attention lately since it has drastically altered human existence. In a wide range of applications, including smart buildings, smart health, smart transportation, and more, the Internet of Things facilitates the sharing of information or data. Sensitive information that may be disclosed is interchangeable among billions of interconnected objects. Thus, maintaining user privacy and bolstering IoT security present a significant issue. This paper aims to provide an in-depth analysis of IoT security. A taxonomy of security requirements depending on the objectives of the attacks is proposed after a number of IoT security threats are studied. In addition, current security solutions are categorised and characterised according to their use cases. In the end, open research directions and security issues are talked about. Keyword: Internet of Things (IOT), Wireless Sensor, Security, Privacy, Issues Networks.

Survey on IoT Privacy, Data Protection and Security Concerns

Abstract: The proliferation of Internet of Things (IoT) devices has transformed the way we interact with the digital world, offering unprecedented connectivity and convenience. However, this rapid expansion brings forth profound challenges concerning privacy, data protection, and security. This survey paper comprehensively explores the multifaceted landscape of IoT, dissecting its architecture, and delving into the intricate web of concerns surrounding user privacy, data safeguarding, and system security.Beginning with an examination of the IoT architecture, we dissect the interconnected layers, ranging from sensors to cloud platforms, illustrating the intricate pathways of data flow. The survey meticulously unfolds the privacy challenges embedded in the constant data collection, tracking, and profiling mechanisms intrinsic to IoT devices. Drawing on real-world examples, we underscore the tangible consequences of privacy breaches and the potential erosion of user trust.In the realm of data protection, we delve into the complexities of safeguarding data integrity, confidentiality, and availability within the IoT ecosystem. Regulatory frameworks, notably the General Data Protection Regulation (GDPR), are scrutinized for their impact on shaping data protection practices. Concurrently, the paper uncovers common security threats in IoT, emphasizing vulnerabilities in devices and the looming risks associated with unauthorized access and data breaches.Navigating through the regulatory landscape, the survey provides an overview of existing standards and regulations governing IoT. Case studies spotlight instances of privacy breaches, data protection lapses, and security vulnerabilities, offering practical insights into the implications of these incidents. Mitigation strategies, encompassing encryption, authentication, and access control, are explored to address the identified concerns.As the paper concludes, it synthesizes the key findings, emphasizing the urgency of continued efforts to fortify IoT against privacy, data protection, and security challenges. The survey anticipates future trends and challenges, offering a roadmap for researchers, policymakers, and industry stakeholders to collectively forge a secure and privacy-aware IoT landscape.

Advancing device and network security for enhanced privacy

The rapid proliferation of IoT (Internet of Things) devices has ushered in an era of unprecedented connectivity and automation. The widespread adoption has also exposed vulnerabilities, necessitating robust security and privacy measures. This research presents a comprehensive study focused on enhancing IoT device and network security and privacy through empirical investigation and advanced machine learning techniques. Commencing with an exhaustive literature review, it was assessed, the evolving landscape of IoT security threats, solutions, and identified research gaps. Building upon the foundation, it was designed and rigorously evaluated a machine learning-based classification model tailored for IoT device security. Utilizing a meticulously crafted simulated dataset mirroring real-world IoT features, our model undergoes comprehensive performance evaluations. Metrics include accuracy, precision, recall, F1 score, and ROC analysis. Our findings reveal a nuanced performance profile, shedding light on the model's capability to accurately classify IoT devices as Secure or Vulnerable. Precision-recall trade-offs, emphasizing the need for a judicious balance to mitigate false positives and false negatives was investigated. The critical role of feature engineering and model refinement, pointing to areas for future research and optimization. This research contributes to the burgeoning field of IoT security by employing machine learning as a proactive tool for fortifying IoT device and network security. Our findings advocate for a strategic approach to secure IoT ecosystems, ensuring data integrity and privacy in the face of evolving threats. As IoT devices continue to proliferate across industries, this research serves as a foundation for innovative strategies and ongoing investigations to harness the full potential of secure IoT environments while addressing multifaceted challenges in the ever-evolving IoT landscape.

Modified graph-based algorithm to analyze security threats in IoT.

In recent years, the growing and widespread usage of Internet of Things (IoT) systems has led to the emergence of customized structures dependent on these systems. Industrial IoT (IIoT) is a subset of IoT in terms of applications and usage areas. IIoT presents many participants in various domains, such as healthcare, transportation, agriculture, and manufacturing. Besides the daily life benefits, IIoT technology provides major contributions via the Industrial Control System (ICS) and intelligent systems. The convergence of IoT and IIoT systems brings some integration and interoperability problems. In IIoT systems, devices interact with each other using information technologies (IT) and network space. However, these common usages and interoperability led to some security risks. To avoid security risks and vulnerabilities, different systems and protocols have been designed and published. Various public databases and programs identify and provide some of the security threats to make it easier for system administrators' missions. However, effective and long-term security detection mechanisms are needed. In the literature, there are numerous approaches to detecting security threats in IoT-based systems. This article presents two major contributions: First, a graph-based threat detection approach for IoT-based network systems is proposed. Threat path detection is one of the most critical steps in the security of IoT-based systems. To represent vulnerabilities, a directed acyclic graph (DAG) structure is constructed using threat weights. General threats are identified using Common Vulnerabilities and Exposures (CVE). The proposed threat pathfinding algorithm uses the depth first search (DFS) idea and discovers threat paths from the root to all leaf nodes. Therefore, all possible threat paths are detected in the threat graph. Second, threat path-reducing algorithms are proposed considering the total threat weight, hop length, and hot spot thresholds. In terms of available threat pathfinding and hot spot detecting procedures, the proposed reducing algorithms provide better running times. Therefore, all possible threat paths are founded and reduced by the constructed IoT-based DAG structure. Finally, simulation results are compared, and remarkable complexity performances are obtained.

Threat Modeling for Communication Security of IoT-Enabled Digital Logistics

The modernization of logistics through the use of Wireless Sensor Network (WSN) Internet of Things (IoT) devices promises great efficiencies. Sensor devices can provide real-time or near real-time condition monitoring and location tracking of assets during the shipping process, helping to detect delays, prevent loss, and stop fraud. However, the integration of low-cost WSN/IoT systems into a pre-existing industry should first consider security within the context of the application environment. In the case of logistics, the sensors are mobile, unreachable during the deployment, and accessible in potentially uncontrolled environments. The risks to the sensors include physical damage, either malicious/intentional or unintentional due to accident or the environment, or physical attack on a sensor, or remote communication attack. The easiest attack against any sensor is against its communication. The use of IoT sensors for logistics involves the deployment conditions of mobility, inaccesibility, and uncontrolled environments. Any threat analysis needs to take these factors into consideration. This paper presents a threat model focused on an IoT-enabled asset tracking/monitoring system for smart logistics. A review of the current literature shows that no current IoT threat model highlights logistics-specific IoT security threats for the shipping of critical assets. A general tracking/monitoring system architecture is presented that describes the roles of the components. A logistics-specific threat model that considers the operational challenges of sensors used in logistics, both malicious and non-malicious threats, is then given. The threat model categorizes each threat and suggests a potential countermeasure.

The Advance of Internet of Things Security Threats and Possible Measures

The Internet of Things (IoT) is a new stage of human informatization development after the Internet. With the IoT, physical devices can seamlessly exchange and process data with each other, further improving the human ability to process information. However, Internet of Things security research is still preliminary despite frequent data breaches and security incidents. This paper starts with the introduction of the IoT and introduces its definition, technical characteristics, and hierarchical architecture of the IoT. After that, the security threats that may be encountered at each layer are discussed, and finally, the ways to enhance the security of IoT. This paper aims to examine the security issues that arise in the IoT system and investigate the security measures that can be employed to serve as security technology guidelines for constructing secure IoT systems.

A Comparison of IoT Security Threats and their Preventative Methods

The applicationof IoTnetworks in daily life attempts to simplify and minimize the complexity of our lives. However, it has also raised the number of brand-new security risks to our data and information. Our personal lives are also threatened by various kinds of security dangers. As a result, it is now necessary to be aware of many security risks that IoT networks may face. As our daily interactions with Internet of Things (IoT) devices grow, various security and privacy concerns—such as linkability, unauthorized chats, and side-channel attacks—are brought up. These problems could endanger the IoT if they are not addressed. They come about for two basic causes. One is that the limited computational, memory, and bandwidth capabilities of IoT gadgets make it difficult to directly deploy established Internet security approaches. The absence of generally regarded IoT security and privacy principles, as well as suitable implementation methods, is the second factor. Additionally, we identify the IoT stakeholders—including consumers andmanufacturers—who stand to gain the most from these rules. Additionally, we define a set of implementation methods for carrying out such directives and mitigating any threats to the levels stated before. Thirdly, we talk about the difficulties with IoT security and privacy regulations and briefly touch on IoT digital rights management. Finally, through this survey, we identify several unresolved concerns that demand future research. The authors' knowledge indicates that this work is the first survey to address the aforementioned goals. This paper investigates several IoT security risks and how they affect daily living. This paper highlights the strategies used to counter some attacks in an IoT network.

Model-Driven Dependability Assessment of Microservice Chains in MEC-Enabled IoT

Multi-access edge <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">c</i> omputing (MEC)-enabled Internet of Things (IoT) is considered as a promising paradigm to deliver computation-intensive and delay-sensitive services to users. IoT service requests can be served by multiple <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">m</i> icro <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">s</i> ervices (MSs) that form a chain, called a micro <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">s</i> ervice <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">c</i> hain (MSC). However, the high complexity of MSs and security threats in MEC-enabled IoT pose new challenges to MSC dependability. Proactive rejuvenation techniques can mitigate the impact of resource degradation of MSs and host <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">o</i> perating <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">s</i> ystems (OSes) executing them. In this paper, we develop a multi-dimensional semi-Markov model to investigate the effectiveness of proactive rejuvenation techniques in improving the dependability (availability and reliability) of a dynamic and heterogeneous MSC. The results of numerical experiments firstly reveal how MSs can be effectively combined, in different deployment configurations, with host OSes to improve MSC dependability, secondly jointly optimize the rejuvenation trigger intervals of host OS and MSs running on it, and finally show the impact of time-varying parameters. We also identify the bottlenecks for MSC dependability improvement by sensitivity analysis, and give the ranges of important parameter values guaranteeing five-nines availability. In addition, the superiority of our model is demonstrated by comparison with the continuous-time Markov chain model.

Cyber security threats in IoT: A review

The Internet of Things (IoT) is the most secure platform for making human existence easier and more comfortable. IoT has made a big contribution to a variety of software programs. The rapid proliferation of smart devices, as well as their trust in data transfer and the use of Wi-Fi mechanics, has increased their vulnerability to cyber-attacks. As a result, the cost of cybercrime is rising every day. As a result, investigating IoT security threats and possible countermeasures can assist researchers in creating acceptable ways to deal with a variety of stressful scenarios in cybercrime research. The IoT framework, as well as IoT architecture, protocols, and technology, are all covered in this assessment research. Various protection issues at each tier, as well as correction strategies, are also detailed. In addition, this article discusses the use of IoT forensics in cybercrime investigations in a variety of areas, including cybercrime research, Artificial intelligence, system learning, cloud computing, fog computing, and blockchain technology all play a role in this discussion. Finally, some open research on challenging situations in IoT is detailed to enhance cybercrime investigations, providing a cutting-edge course for future research.

Cryptography Algorithms for Enhancing IoT Security

In today's fast-paced world, a new technology paradigm known as the Internet of Things (IoT) is advancing every business. It provides communication between the digital and physical worlds, transforming the way people do business quickly. The IoT is a network of physical objects (things) equipped with sensors, intelligent networking, radio-frequency identification (RFID), and other technologies that communicate and exchange data with other systems and devices online. IoT applications are now significantly more prevalent worldwide. IoT is driving the real world to become more intelligent in several industries, including smart grids for electricity, intelligent traffic, and smart homes and buildings. As a result, predictions and research point to over 50 billion connected devices by 2020. It will be required to safeguard this growing volume of data during exchange because the amount of data being transmitted will be quite enormous. Data security is represented by cryptography, an essential tool (algorithms) in security, which is why many researchers are developing cryptographic algorithms to improve the Security of IoT. This survey paper introduced an overview of IoT technology, architecture, and applications and a detailed analysis comparing all cryptographic algorithms and their use in day-to-day life activities. This paper discusses lightweight block ciphers, stream ciphers, and hybrid ciphers. The report evaluates security algorithms, comparing performance and robustness with the computational complexity of these techniques. Finally, the survey presents IoT security challenges, threats, and attacks with their mitigation techniques.

A Review of Security and Privacy Concerns in the Internet of Things (IoT)

The recent two decades have witnessed tremendous growth in Internet of things (IoT) applications. There are more than 50 billion devices connected globally. IoT applications’ connectivity with the Internet persistently victimized them with a divergent range of traditional threats, including viruses, worms, malware, spyware, Trojans, malicious code injections, and backdoor attacks. Traditional threats provide essential services such as authentication, authorization, and accountability. Authentication and authorization are the process of verifying that a subject is bound to an object. Traditional authentication and authorization mechanisms use three different factors to identity a subject to verify if the subject has the right capability to access the object. Further, it is defined that a computer virus is a type of malware. Malware includes computer viruses, worms, Trojan horses, spyware, and ransomware. There is a high probability that IoT systems can get infected with a more sophisticated form of malware and high-frequency electromagnetic waves. Purpose oriented with distinct nature IoT devices is developed to work in a constrained environment. So there is a dire need to address these security issues because relying on existing traditional techniques is not good. Manufacturers and researchers must think about resolving these security and privacy issues. Most importantly, this study identifies the knowledge and research gap in this area. The primary objective of this systematic literature review is to discuss the divergent types of threats that target IoT systems. Most importantly, the goal is to understand the mode of action of these threats and develop the recovery mechanism to cover the damage. In this study, more than 170 research articles are systematically studied to understand security and privacy issues. Further, security threats and attacks are categorized on a single platform and provide an analysis to explain how and to what extent they damage the targeted IoT systems. This review paper encapsulates IoT security threats and categorizes and analyses them by implementing a comparative study. Moreover, the research work concludes to expand advanced technologies, e.g., blockchain, machine learning, and artificial intelligence, to guarantee security, privacy, and IoT systems.

Smart Distributed Multi-Ledger Construction Algorithm for Internet of things (IoT)

The Internet of Objects (IoT) could be a new paradigm for the linked, data-exchanging nature of things and their parts through a network supported by nodes. IoT has risen to the forefront of emerging technologies in a very type of applications, including peer-to-peer networks, smart energy grids, home and building automation, vehicle-to-vehicle communication, and wearable computing devices, because of the widespread use of small devices and embedded sensor frameworks. thanks to its tremendous expansion and widespread use, it's posed security issues that may prevent it from getting used during a style of new applications. The growing number of networked gadgets creates several access points for attackers, also as security issues. due to the fragile nature of IoT applications including health, automation, and energy grids, security concerns can't be tolerated. DLT (Distributed Ledger Technology) is one such technology which will help to mitigate IoT security threats. The vulnerability of a central node, which can compromise the whole system, are often reduced by adopting a distributed ledger to eliminate the necessity for one node. Blockchain, a distributed ledger technology, has sparked plenty of interest and generated real-world value. Here we construct a distributed multi ledger construction algorithm for peer-to-peer data transaction which involves key generation for each transaction.

A Taxonomy of Machine-Learning-Based Intrusion Detection Systems for the Internet of Things: A Survey

The Internet of Things (IoT) is an emerging technology that has earned a lot of research attention and technical revolution in recent years. Significantly, IoT connects and integrates billions of devices and communication networks around the world for several real-time IoT applications. On the other hand, cybersecurity attacks on the IoT are growing at an alarming rate since these devices are vulnerable because of their limited battery life, global connectivity, resource-constrained nature, and mobility. When attacks on IoT networks go undetected within a speculated period, such security attacks may prompt severe threats and disruptive behavior inside the network and make the network unavailable to the end user. Hence, it is quintessential to design an intelligent and robust security approach that promptly detects potential attack surfaces in a dynamic IoT network. This article investigates a comprehensive survey of machine learning, deep learning, and reinforcement learning-based intelligent intrusion detection techniques for securing IoT. Also, this article thoroughly illustrates the implementation of various categories of security threats in IoT with a neat diagram. Significantly, we classify the threats into two broad categories: 1) wireless sensor networks (WSNs) inherited security attacks and 2) routing protocol for low power and lossy networks (RPL) specific security attacks in IoT. Finally, we present potential research opportunities and challenges in intelligent intrusion detection approaches in future IoT security.

Critical analysis of the layered and systematic approaches for understanding IoT security threats and challenges

As an emerging technology, the Internet of Things (IoT) is revolutionizing the global economy and society. The wide adoption of IoT opens up new security and privacy challenges as well. Building efficient, secure IoT systems need a thorough understanding of the potential threats and vulnerabilities of the system. The non-uniformity in the presentation of IoT architecture poses a significant challenge in understanding security issues. Motivated by this, we present a systematic study of substantial threats and attacks based on four primary elements of the IoT ecosystem: devices, internal network services, external network services, and users. Besides, we include a detailed study of IoT malware. We examine the major security requirements and challenges to confront the devised attack categories. We believe that an IoT ecosystem can be designed efficiently and securely by adhering to the proposed requirements, including identity management, access control, end to end communication security and trust management systems.

A Survey on IoT-Enabled Home Automation Systems: Attacks and Defenses

With recent advances in communication technologies and Internet of Things (IoT) infrastructures, home automation (HA) systems have emerged as a new promising paradigm that provides convenient smart-home services to users. However, there exist various security risks during the deployment and application of HA systems, which pose severe security threats to users. On the one hand, traditional IoT security threats (e.g., device intrusion, protocol vulnerabilities, and so on) are inherent to HA systems. On the other hand, as the core of HA systems, the Trigger-Action Programming (TAP) model organizes cloud platforms, local hubs, and smart devices through user-customized rules, but the complex interactions involved bring new challenges to the security of HA systems. These two kinds of security issues have attracted widespread attention from both academia and industry, and explorations on both attack and defense have been made. However, there is not yet a survey that provides a summary of the overall HA systems&#x2019; security research. In this paper, we conduct a comprehensive survey of the state-of-the-art literature on HA system security from aspects of attack and defense. We first give a brief introduction to the HA system architecture and present a general workflow of HA systems. Then, we review and classify the relevant attacks based on the HA architecture, with an explicit analysis of vulnerabilities exploited by these attacks. We further elaborate on the security requirements of HA systems and provide detailed descriptions and comparisons of existing defenses methods. Finally, we conclude with a thorough discussion of open issues for future research.

Internet of Things security threats and key technologies

With the rapid development of the Internet of Things (IoT), new security issues are increasingly emerging. Security issues are key issues affecting the development of data sharing. Many countries are paying more and more attention to the security of data sharing. IoT represents the next evolution of the internet, taking a huge leap in its ability to gather, analyze, and distribute data that we can turn into information, knowledge and ultimately wisdom. In this context, IoT becomes immensely important. Based on IoT real attack cases in the world, this paper analyzes the security situation of IoT, analyzes the security threats of IoT from three dimensions of physical security, computing security, and data security, and discusses the key technologies that need to be focused on in the security of Internet of Things.

Predicting Internet of Things (IOT) Security and Privacy Risks – A Proposal Model

The Internet of things (IOT) users lack awareness of IOT security infrastructure to handle the risks including Threats, attack and penetration associated with its use. IOT devices are main targets for cyber-attacks due to variable personally identifiable information (PII) stored and transmit in the cyber centers. The security risks of the Internet of Things aimed to damage user's security and privacy. All information about users can be collected from their related objects which are stored in the system or transferred through mediums among diverse smart objects and may exposed to exposed dangerous of attacks and threats if it lack authentication so there are essential need to make IOT security requirements as important part of its efficient implementation. These requirements include; availability, accountability, authentication, authorization, privacy and confidentiality, Integrity and Non-repudiation. The study design is a survey research to investigate the visibility of the proposed model of security management for IOT uses, the security risks of IOT devices, and the changes IOT technology on the IT infrastructure of IOT users through answering of the research questionnaires. This work proposes a model of security management for IOT to predict IOT security and privacy threats, protect IOT users from any unforeseen dangers, and determine the right security mechanisms and protocols for IOT security layers, as well as give the most convenient security mechanisms. Moreover, for enhancing the performance of IOT networks by selecting suitable security mechanisms for IOT layers to increase IOT user's security satisfaction.

Blockchain as a mean to secure Internet of Things ecosystems – a systematic literature review

PurposeBlockchain is evolving to become a platform for securing Internet of things (IoT) ecosystems. Still, challenges remain. The purpose of this literature review is to highlight the applicability of blockchain as a medium to secure IoT ecosystems. A two-dimensional framework anchored on (1) IoT layers and (2) security goals is used to organize the existent IoT security threats and their corresponding countermeasures identified in the reviewed literature. The framework helped in mapping the IoT security threats with the inherent features of blockchain and accentuate their prominence to IoT security.Design/methodology/approachAn approach integrating computerized natural language processing (NLP) with a systematic literature review methodology was adopted. A large corpus of 2,303 titles and abstracts of blockchain articles was programmatically analyzed in order to identify the relevant literature. The identified literature was subjected to a systematic review guided by a well-established method in IS research.FindingsThe literature evidently highlights the prominence of blockchain as a mean to IoT security due to the distinctive features it encompasses. The authors’ investigation revealed that numerous existent threats are better addressed with blockchain than conventional mechanisms. Nevertheless, blockchain consumes resources such as electricity, time, bandwidth and disk space at a rate that is not yet easily accessible to common IoT ecosystems.Research limitations/implicationsResults suggest that a configurational approach that aligns IoT security requirements with the resource requirements of different blockchain features is necessary in order to realize the proper balance between security, efficiency and feasibility.Practical implicationsPractitioners can make use of the classified lists of convention security mechanisms and the IoT threats they address. The framework can help underline the countermeasures that best achieve their security goals. Practitioners can also use the framework to identify the most important features to seek for in a blockchain technology that can help them achieve their security goals.Originality/valueThis study proposes a novel framework that can help classify IoT threats based on the IoT layer impacted and the security goal at risk. Moreover, it applies a combined man-machine approach to systematically analyze the literature.