1. Smart Transportation/Mobility
Javed et al.
[1] conducted a security study on next-generation intelligent transport system (ITS) applications in smart cities, as shown in
Figure 1. After analysing the security architecture of the European Telecommunications Standards Institute (ETSI) ITS standard, they implemented ECC-based digital signatures and encryption procedures using experimental test beds. In their study, a network simulation model was used to reproduce the smart city scenario. From the experimental results, they found that existing security solutions could directly affect the quality of service and safety perception of vehicle applications. Wang et al.
[2] provided strategies to protect connected vehicles and the AI in the vehicles and also discussed automobile cybersecurity attacks. Kim et al.
[3] discussed the implications of attacks on autonomous vehicles and how to defend against such attacks when integrated with the AI within the main components of smart cities, based on a systemic survey.
Figure 1. The ITS communication architecture in smart cities
[1].
Sharmila et al.
[4] analysed the different vulnerabilities and threats in autonomous vehicles and provided a model to mitigate security threats. Chen and Quan
[5] discussed various attacks and targets within the Internet of Vehicles (IoV). They also proposed a framework for the IoV based on blockchain and suggested solutions for security, authentication, and privacy issues in the IoV.
ITSs and autonomous vehicles are essential components of smart cities. Researchers have analysed the security of these systems, including their architecture, vulnerabilities, and potential attacks. They have proposed various strategies to safeguard connected vehicles and mitigate security threats, including digital signatures and encryption procedures, as well as the use of blockchain frameworks. Studies have also shown that existing security solutions can affect the quality of service and safety perception of vehicle applications.
2. Smart Homes
Several research papers have addressed the cybersecurity and privacy concerns regarding smart homes. Ryu and Kwak
[6] investigated the risk of unauthorized access to smart homes and proposed a secure data access control scheme to prevent data leakage, privacy invasion, and the falsification of data. McGee
[7] evaluated the personally identifiable information (PII) vulnerabilities in smart home ecosystems and developed a security as a service (SECaaS) capability to assess the results. Liu and Hu
[8] highlighted the cybersecurity vulnerabilities in smart home infrastructure, particularly energy bill scheduling techniques, and described current detection methods and cyberattack tools. Nsunza et al.
[9] conducted an experiment to assess the performance of TCP and UDP network traffic using field programmable gate arrays (FPGAs) and system-on-chip (SoC) platforms in smart home routers.
Gamundani et al.
[10] and Ghirardello et al.
[11] investigated the vulnerabilities of authentication and home automation systems in smart homes and potential attack opportunities. Kraemer and Flechais
[12] explored the future directions of privacy research within the smart home domain. Bastos et al.
[13] proposed solutions for security issues in IoT devices in smart homes and predicted possible future cyberattacks. Sturgess et al.
[14] identified three factors that contributed to smart home privacy risks. The first factor involved evaluating heterogeneous devices from a top-down perspective. The second factor concerned the various cyberthreats that exist in smart homes. The final factor explained the difficulties in aggregating the highly valuable private data of homeowners. They suggested a capability-oriented model to facilitate the rapid development of smart homes. Siddhanti et al.
[15] suggested using a cybersecurity maturity assessment tool to secure smart home environments from cyberthreats.
Elmisery and Sertovic
[16] suggested a permission-based approach for revealing log records that require involvement with third parties. Personal usage logs from homes that are shared with third parties can lead to attacks on smart home environments. Rossi et al.
[17] identified a solution for detecting the exploitation of smart home systems by monitoring vulnerabilities in the systems-of-systems domain using a combination of defensive programming and Shodan APIs. Shodan APIs are a set of application programming interfaces (APIs) provided by the Shodan search engine that enable users to search and access information about Internet-connected devices and systems. Giannoutakis et al.
[18] presented a framework to address this issue by using blockchain technology to ensure the integrity of smart home devices and block malicious IPs from accessing smart home environments.
In 2021, Rauti et al.
[19] demonstrated attacks on the Chrome web browser by implementing a malicious browser extension. The user activities were modified, which affected the management consoles of smart homes. They showed that the connection of IoT devices to smart home networks caused potential man-in-the-browser attacks to target the remote control systems. Awang et al.
[20] proposed solutions to enhance the IoT ecosystems in smart homes and analysed the possible threats to smart home operational environments. Turner et al.
[21] discussed how the Internet connection between devices introduces security risks to smart homes as it allows access to private user information. They also provided recommendations for users regarding safely accessing cybersecurity data. Alshboul et al.
[22] also proposed a methodology for detecting and predicting intruders attempting to recognize the identities of smart home sensors. They emphasized that data should preserve their identity by knowing their sources and not adding extra loads to the network.
In 2022, Mahor et al.
[23] proposed a security solution using blockchain to evaluate performance parameters and analyse and detect correlations between traffic functions in smart home networks. Bringhenti et al.
[24] presented a configurable automation security system to secure personalization data in smart homes and improve usability by minimizing human interventions and implementing policy-based management. Allifah and Zualkernan
[25] presented a novel methodology to rank the security of home consumer devices. They also discussed the analytic hierarchy process (AHP) and applied it to ranking the overall security risks. Thammarat and Techapanupreeda
[26] proposed a protocol to fill the gap in security messages in smart homes regarding confidentiality, integrity, and mutual authentication using symmetric cryptography. They demonstrated the efficacy of their protocol using the Burrows–Abadi–Needham (BAN) logic and scyther tool framework.
The security and privacy of smart homes are of concern within the field of cybersecurity. Research on IoT security in smart homes has focused on identifying and addressing issues, such as unauthorized device access, vulnerabilities in PII, cybersecurity vulnerabilities in smart home infrastructure, and potential attacks on authentication and home automation systems. Proposed solutions to these security concerns include using blockchain technology to ensure the integrity of smart home devices and implementing policy-based management to secure personalization data. Additionally, protocols using symmetric cryptography have been suggested to protect confidentiality, integrity, and mutual authentication in smart homes.
3. IoT Cybersecurity Research
In this section, the researchers summarized the IoT cybersecurity research papers related to smart cities, as shown in
Table 1. Abomhara and Køien
[27] classified the types of cyberthreats to IoT devices and services and analysed the characteristics of attackers. Rohokale and Prasad
[28] proposed an approach for designing robust cybersecurity solutions for IoT device networks since heterogeneous networks are targeted by attackers and often encounter cyberthreats.
Table 1. A summary of the approaches and experiments presented in existing IoT cybersecurity research.
Saadeh et al.
[29] presented a literature review of authentication and communication processes between IoT objects. Sivanathan et al.
[30] evaluated the vulnerabilities of IoT devices to cyberattacks by rating their confidentiality, integrity, availability, and reflectiveness capabilities as either good, average, or poor. The evaluation process was divided into four categories: confidentiality, integrity, availability, and reflectiveness capabilities against attacks.
Neshenko
[31] generated cyberthreat intelligence related to Internet-scale inference and the assessment of malicious activity generated by compromised IoT devices for the immediate detection, mitigation, and prevention of IoT exploitation. Ainane et al.
[32] described how flooding occurs when data are exchanged between citizens and smart cities. They also identified the types of protocols that revolve around the IoT applications that are used during these exchanges. Vrabie
[33] presented IoT services that could help to develop smart cities and provided numerous examples of cities that have implemented these concepts. Viswanadham and Jayavel
[34] surveyed related research on blockchain technology implemented within IoT devices and applications. They aimed to provide an understanding of blockchain security and privacy features for IoT services. Lewis
[35] used a graph database to understand the complexity of IoT networks, as well as different devices that impact the security of networks and associated data. Wu et al.
[36] proposed a framework for the development of future IoT applications and analysed the future directions of IoT communication and its challenging aspects.
In 2019, James
[37] attempted to fill the gap in the research on cybersecurity challenges in IoT services and applications by conducting intrusion attacks on several IoT devices within smart homes. They also established a method to protect affected devices and smart home systems from future attacks using an intrusion prevention system. Shokeen et al.
[38] suggested a framework to assess the risks of cyberthreats to IoT systems that avoids external factors from being involved in the evaluation. Furthermore, it also reduces existing vulnerabilities. Roukounaki et al.
[39] proposed deploying security data collection systems in complex IoT devices and applying effective security analysis algorithms to identify threats, vulnerabilities, and related attack patterns. Van Kleek et al.
[40] proposed disaggregating the privacy of IoT networks to help prevent private end-user data from being collected. Thorburn et al.
[41] presented possible future development directions for third-party entities that collect personal information without the knowledge of homeowners, based on data flows in smart home environments. Nwafor and Olufowobi
[42] presented a framework to detect anomalous system events in IoT ecosystems and associated devices. Ullah et al.
[43] proposed a solution to classify the performance of measuring cyberthreats to IoT devices.
In 2020, Sharma et al.
[44] discussed the IoT cybersecurity issues and noted that the innovation of IoT devices is growing and expanding progressively. Karie et al.
[45] focused on developing combat strategies against IoT cybersecurity threats and also discussed future directions in this domain. Andrade et al.
[46] proposed a model for evaluating the risk levels related to IoT cybersecurity. The assessment model was based on a systematic literature review of research on developing smart city applications and cybersecurity risk levels. Singh et al.
[47] provided several examples of cyberthreats and countermeasures, as well as discussing how the combination of cloud computing and IoT devices could be used in smart city applications to identify these types of security threats.
In 2021, research on IoT was very active, especially in relation to smart cities. Cvitić et al.
[48] presented a model to detect DDoS traffic and identify IoT devices that were categorized into four different classes. Jhanjhi et al.
[49] proposed a solution to analyse cybersecurity privacy challenges by understanding the current state of cybersecurity. Ahmed et al.
[51] discussed various aspects of cybersecurity in IoT networks and analysed MLP, CNN, LSTP, and AI/ML models. Strecker et al.
[50] presented a cyberthreat intelligence model to evaluate and infer malicious activities targeting IoT devices and their data integrity. This model could also mitigate the exploitation of IoT devices. Houichi et al.
[52] discovered that ML could be used to detect anomalous threats and vulnerabilities in IoT devices and localize them, as well as generating reports and alerts for the threats. This solution was evaluated experimentally using the NSL-KDD dataset and demonstrated high accuracy (99.31%).
Bhargava et al.
[53] suggested enhancing the experience in smart cities by addressing security and privacy issues in IoT platforms and provided an overview of how ML and DL could be implemented in IoT devices and services. Al Solami
[54] presented a framework for secure resource administration that enhances IoT services in smart city applications by preventing replication. This involves the distribution of the cloud, networks, IoT platforms, and sensors. They also demonstrated how to prevent unintended attacks from original supplier sources by monitoring non-replicated services. Hulicki and Hulicki
[55] explored cyberthreats and vulnerabilities of customer premises networks and the resulting attacks associated with IoT applications and services. Ali et al.
[56] discussed the security issues in IoT devices and services that have been gathered and reported. They also classified these issues and provided solutions. Debnath and Chettri
[57] reviewed the current trends in IoT research, as well as identifying the recent issues and challenges in IoT applications and industries. Toutsop et al.
[58] proved that hackers can exploit sensors and gain unauthorized access to IoT networks. Furthermore, they attempted to carry out DoS attacks on IoT devices to understand the device vulnerabilities and provide intrusion detection using ML and DL. Balaji et al.
[59] analysed the types of cyberthreats and consequences that IoT systems may face. They also discussed how to prevent and avoid these attacks.
Khan
[60] suggested different privacy protection methods based on pseudonymization, clustering, anonymization, and more to prevent private data from being exchanged with service providers and third parties. Kowta et al.
[62] discussed the various cybersecurity threats and vulnerabilities in IoT devices. They performed several attacks on IoT devices and devised with solutions and methods to prevent these attacks. Nakkeeran and Mathi
[61] provided a framework for end-to-end IoT sensor and device solutions and a detection method for identifying suspicious and anomalous network behaviour through cross-layer analysis. Maidamwar et al.
[63] reviewed the design of an intrusion detection framework for the WSN-based IoT, which they described as being able to increase confidence in the reliability of IoT networks and contain network intrusions. Raimundo and Rosário
[64] filled a gap in the research on cybersecurity risks in the IoT domain by discussing the existing solutions and cyberthreats in the industrial Internet of Things (IIoT), based on a literature review. Fan et al.
[65] provided general security guidelines for enhancing the IoT in smart cities, which were presented in four main points. Firstly, they provided an overview of recent innovations and common security challenges. Secondly, they discussed the latest security implementations that use cryptography in the IoT. Thirdly, they analysed the security challenges using the activity–network–things architecture. Lastly, they discussed potential IoT security prospects.
Cybersecurity is a critical concern for the widespread adoption of IoT devices and services. To address this challenge, robust cybersecurity solutions have been proposed, including vulnerability assessments for IoT devices, cyberthreat intelligence generation, AI/ML-based threat detection, and models for mitigating malicious activities targeting IoT devices. The combination of cloud computing and IoT devices is also being explored as a means of enhancing the security of smart city applications.