A Study on Security Issues and Attacks, Challenges and Future Improvements
in Cloud-based IoT

Praveena       Nuthakki; Thummuru      Gunasekhar
Abstract

The Internet of Things (IoT) has become a rising and dynamic research area. It is the integration of numerous objects (things) to communicate information without human beings' intervention. Inappropriately, because of the qualities resource-constrained and limited communication range, it significantly relies upon the Cloud as outsourcing to store and compute the data. This reconciliation of IoT with the Cloud has brought new issues and poses difficulties regarding protection and security threats. The necessity for the wide arrangement of cloud-based IoT is rapidly expanding with significant security-related issues. This work plots existing security methodologies and vulnerabilities near to a portion of the current security strategies by a total review of existing work in the field of security in cloud-based IoT. This paper concentrated on security and protection in terms of privacy by investigating some potential difficulties and risks that should be resolved. The Cloud of Things (CoT) architectures and present applications have been explored and focused on the middleware layer's attacks. Furthermore, this paper outlines a concise scientific classification of the current security threats in cloudbased IoT, plans, and communication. Finally, a few captivating open issues are given with promising designs to trigger more research community research attempts.
Keywords: IoT, cloud computing, cloud-based IoT, security issues, attacks, communication.
Graphical Abstract

[1] 
Li F, Shinde A, Shi Y, Ye J, Li XY, Song W. System statistics learning-based IoT security: Feasibility and suitability. IEEE Internet of Things Journal  2019; 6(4): 6396-403.
[http://dx.doi.org/10.1109/JIOT.2019.2897063] 
[2] 
Mumtaz S, Al-Dulaimi A, Frascolla V, Hassan SA, Dobre OA. Guest editorial special issue on 5G and beyond—mobile technologies and applications for IoT. IEEE Internet of Things Journal  2019; 6(1): 203-6.
[http://dx.doi.org/10.1109/JIOT.2019.2896749] 
[3] 
 Calheiros RN. Fog and edge computing: challenges and emerging trends (Invited Talk). 2nd Workshop on Fog Computing and the IoT (Fog-IoT 2020) Schloss Dagstuhl-Leibniz-Zentrum für Informatik. Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik 2020; 80:11.
[4] 
 Salah K. A queueing model to achieve proper elasticity for cloud
cluster jobs. 2013 IEEE Sixth International Conference on Cloud
Computing. 755-61.
[http://dx.doi.org/10.1109/CLOUD.2013.20] 
[5] 
 Li X, et al. Enhancing cloud-based IoT security through trustworthy
cloud service: An integration of security and reputation approach.
IEEE Access 2019; 7: 9368-83.
[http://dx.doi.org/10.1109/ACCESS.2018.2890432] 
[6] 
 Kumar Raj, Kumar Pramod, Singhal Vivek. A survey: Review of
cloud IoT security techniques, issues and challenges. Issues and
Challenges 2019 March; 12
[7] 
Ezenwe A, Furey E, Curran K. Mitigating denial of service attacks with load balancing. J Robot Cont  2020; 1(4): 129-35.
[http://dx.doi.org/10.18196/jrc.1427] 
[8] 
Alam S, Siddiqui ST, Ahmad A, Ahmad R, Shuaib M. Internet of Things (IoT) enabling technologies, requirements, and security Challenges Advances in data and information sciences.  Singapore: Springer 2020; pp. 119-26.
[http://dx.doi.org/10.1007/978-981-15-0694-9_12] 
[9] 
Salami AF, Dogo EM, Nwulu NI, Paul BS. Toward sustainable domestication of smart IoT mobility solutions for the visually impaired persons in Africa Technological trends in improved mobility of the visually impaired.  Cham: Springer 2020; pp. 275-300.
[http://dx.doi.org/10.1007/978-3-030-16450-8_11] 
[10] 
 Sivagurunathan S, Prathapchandran K. Trust- based security mechanisms for self-organized networks (SONs) securing the internet of things: Concepts, methodologies, tools, and applications. IGI Global 2020;1 :1782-805.
[11] 
 Nayak, P, Kayiram K, and Mallikarjuna R. IoT-enabled agricultural
system applications, challenges and security issues. IoT and analytics
for agriculture. Singapore: Springer 2020; pp. 139-63.
[12] 
Thirumalai C, Mohan S, Srivastava G. An efficient public key secure scheme for Cloud and IoT security. Comput Commun  2020; 150: 634-43.
[http://dx.doi.org/10.1016/j.comcom.2019.12.015] 
[13] 
 Sughasiny M. Enhanced Security Framework for Cloud-Linked
IoT. International Journal of Advances in Scientific Research and
Engineering 34 2017.
[14] 
 Moustafa N. A systemic IoT-fog-cloud architecture for big-data
analytics and cyber security systems: A review of fog computing
2019. arXiv preprint arXiv:1906.01055.
[15] 
 Nooraiepour A, Bajwa WU, Mandayam NB. Learning-aided physical
layer attacks against multicarrier communications in IoT. IEEE
transactions on cognitive communications and networking IEEE
Transactions on Cognitive Communications and Networking 2021;
7:1.
[http://dx.doi.org/10.1109/TCCN.2020.2990657] 
[16] 
Huo T, Meng X, Wang W, et al. Bluethunder: A 2-level directional predictor based side-channel attack against SGX. IACR Transactions on Cryptographic Hardware and Embedded Systems  2020; 2020(1): 321-47.
[http://dx.doi.org/10.46586/tches.v2020.i1.321-347] 
[17] 
Chen Y, Tang C, Ye R. Cryptanalysis and improvement of medical image encryption using high- speed scrambling and pixel adaptive diffusion. Signal Processing  2020; 167: 107286.
[http://dx.doi.org/10.1016/j.sigpro.2019.107286] 
[18] 
Wang Y, Li Q, Chen Z, Zhang P, Zhang G. Shapeshifter: Intelligence-driven data plane randomization resilient to data-oriented programming attacks. Comput Secur  2020; 89: 101679.
[http://dx.doi.org/10.1016/j.cose.2019.101679] 
[19] 
Conti M, Kaliyar P, Lal C. CENSOR: Cloud‐enabled secure IoT architecture over SDN paradigm. Concurr Comput  2019; 31(8): e4978.
[http://dx.doi.org/10.1002/cpe.4978] 
[20] 
 Emura K, Miyaji A, Nomura A, Omote K, Soshi M. A ciphertextpolicy
attribute-based encryption scheme with constant ciphertext
length. In: Bao F., Li H., Wang G. (eds) Information Security Practice
and Experience. Lecture Notes in Computer Science, vol 5451.
Springer, Berlin, Heidelberg. ISPEC 2009.
[http://dx.doi.org/10.1007/978-3-642-00843-6_2] 
[21] 
 Nakagawa I, Shinji SZG. IoT Agent Platform mechanism with
Transparent Cloud Computing Framework for improving IoT Security
IEEE 41st Annual Computer Software and Applications Conference.
[http://dx.doi.org/10.1109/COMPSAC.2017.156] 
[22] 
Huang Q, Yang Y, Wang L. Secure data access control with ciphertext update and computation outsourcing in fog computing for internet of things. IEEE Access Journal  2017; 5: 12.
[23] 
Fan K, Zhu S, Zhang K, Li H, Yang Y. A lightweight authentication scheme for cloud-based RFID healthcare systems. IEEE Netw  2019; 33(2): 44-9.
[http://dx.doi.org/10.1109/MNET.2019.1800225] 
[24] 
Kumar R, Kumar P, Singhal VA. Survey: Review of Cloud IoT Security Techniques, Issues and Challenges. Proceedings of 2nd International Conference on Advanced Computing and Software Engineering (ICACSE) 
[25] 
Raza S. Tomas H, Panos P, Thiemo V, “SecureSense: End-to-end secure communication architecture for the cloud-connected internet of things”, Future Generation Computer Systems. Elsevier 2017.
[26] 
Dhillon PK, Kalra S. A lightweight biometrics based remote user authentication scheme for IoT services. J Info Sec App  2017; 34: 255-70.
[http://dx.doi.org/10.1016/j.jisa.2017.01.003] 
[27] 
Mukherjee B, Neupane RL, Calyam P. End-to-end IoT security middleware for cloud-fog communication. IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud);2017 June 26-28; New York, USA: IEEE 2017. 
[http://dx.doi.org/10.1109/CSCloud.2017.62] 
[28] 
El Kafhali S, Salah K. Efficient and dynamic scaling of fog nodes for IoT devices. J Supercomput  2017; 73(12): 5261-84.
[http://dx.doi.org/10.1007/s11227-017-2083-x] 
[29] 
Mosenia A, Jha NK. A comprehensive study of security of Internet-of-Things. IEEE Trans Emerg Top Comput  2017; 5(4): 586-602.
[http://dx.doi.org/10.1109/TETC.2016.2606384] 
[30] 
Caron X, Bosua R, Maynard SB, Ahmad A. The Internet of Things (IoT) and its impact on individual privacy: An australian perspective. Comput Law Secur Rev  2016; 32: 4-15.
[http://dx.doi.org/10.1016/j.clsr.2015.12.001] 
[31] 
Ryan MD. Cloud computing security: The scientific challenge, and a survey of solutions. J Syst Softw  2016; 86: 2263-8.
[http://dx.doi.org/10.1016/j.jss.2012.12.025] 
[32] 
Singh S, Jeong YS, Park JH. A survey on cloud computing security: Issues, threats, and solutions. J Netw Comput Appl  2016; 75: 200-22.
[http://dx.doi.org/10.1016/j.jnca.2016.09.002] 
[33] 
 Addo ID, Madiraju P, Ahamed SI, Chu WC. Privacy Preservation
in Affect-Driven Personalization. IEEE 40th Annual Computer
Software and Applications Conference (COMPSAC). Vol. 2: 400-
5.
[http://dx.doi.org/10.1109/COMPSAC.2016.168] 
[34] 
Lin J, Yu W, Zhang N, Yang X, Zhang H, Zhao W. A survey on Internet of Things: Architecture, enabling technologies, security and privacy, and applications. IEEE Internet Things J  2017; 4(5): 1125-42.
[http://dx.doi.org/10.1109/JIOT.2017.2683200] 
[35] 
Vasi’c V, Antoni’c AK. Pripuˇ zi’c, M. Mikuc, I. P.ˇZarko, Adaptable secure communication for the Cloud of Things. Softw Pract Exper  2017; 47(3): 489-501.
[36] 
Singh A, Chatterjee K. Cloud security issues and challenges: A survey. J Netw Comput Appl  2017; 79: 88-115.
[http://dx.doi.org/10.1016/j.jnca.2016.11.027] 
[37] 
Yang Y, Wu L, Yin G, Li L, Zhao H. A survey on security and privacy issues in Internet-of-Things. IEEE Internet Things J  2017; 4(5): 1250-8.
[http://dx.doi.org/10.1109/JIOT.2017.2694844] 
[38] 
Zhou J, Cao Z, Dong X, Vasilakos AV. Security and privacy for cloud-based IoT: Challenges. IEEE Commun Mag  2017; 55(1): 26-33.
[http://dx.doi.org/10.1109/MCOM.2017.1600363CM] 
[39] 
Gubbi J, Buyya R, Marusic S, Palaniswami M. Internet of Things (IoT): A vision, architectural elements, and future directions. Future Gener Comput Syst  2013; 29(7): 1645-60.
[http://dx.doi.org/10.1016/j.future.2013.01.010] 
[40] 
Ngu AH, Gutierrez M, Metsis V, Nepal S, Sheng QZ. IoT Middleware: A survey on issues and enabling technologies. IEEE Internet Things J  2017; 4(1): 1-20.
[41] 
 Datta T, Apthorpe N, Feamster N. A Developer - Friendly Library
for Smart Home IoT Privacy- Preserving Traffic Obfuscation Proceedings
of the the 2018 Workshop. 43-8. Budapest,Hungary.
2018; pp.
[http://dx.doi.org/10.1145/3229565.3229567] 
[42] 
Somu N, Gauthama Raman MR, Kirthivasan K, Shankar Sriram VS. A trust centric optimal service ranking approach for cloud service selection. Future Gener Comput Syst  2018; 86: 234-52.
[http://dx.doi.org/10.1016/j.future.2018.04.033] 
[43] 
Nagarajan R, Thirunavukarasu R, Shanmugam S. A fuzzy-based intelligent cloud broker with MapReduce framework to evaluate the trust level of cloud services using customer feedback. Int J Fuzzy Syst  2018; 20(1): 339-47.
[http://dx.doi.org/10.1007/s40815-017-0347-5] 
[44] 
Farris I, Taleb T, Khettab Y, Song J. A survey on emerging SDN and NFV security mechanisms for IoT systems. IEEE Commun Surveys Tuts  2019; 21: 812-37.
[http://dx.doi.org/10.1109/COMST.2018.2862350] 
[45] 
 Din IU, Guizani M, Kim BS, Hassan S, Khan MK. Trust management
techniques for the Internet of Things: A survey. IEEE Access
2018; 7: 29763-87.
[http://dx.doi.org/10.1109/ACCESS.2018.2880838] 
[46] 
 Hassija V, Chamola V, Saxena V, Jain D, Goyal P, Sikdar B. A
survey on IoT security: application areas, security threats, and solution
architectures. IEEE Access 2019; 7: 82721-43.
[http://dx.doi.org/10.1109/ACCESS.2019.2924045] 
[47] 
Wazid M, Das AK, Bhat V, Vasilakos AV. LAM-CIoT: Lightweight authentication mechanism in cloud-based IoT environment. J Netw Comput Appl  2020; 150: 102496.
[http://dx.doi.org/10.1016/j.jnca.2019.102496] 
[48] 
Conti M, Dehghantanha A, Franke K, Watson S. Internet of Things security and forensics: Challenges and opportunities. Future Gener Comput Syst  2018; 78: 544-6.
[49] 
Bendale SP, Prasad JR. Security threats and challenges in future mobile wireless networks. 2018 IEEE Global Conference on Wireless Computing and Networking (GCWCN)  146-50.
[http://dx.doi.org/10.1109/GCWCN.2018.8668635] 
[50] 
 Nguyen TG, Phan TV, Nguyen BT, So-In C, Baig ZA, Sanguanpong
S. Search: A collaborative and intelligent nids architecture
for sdn-based cloud iot networks. IEEE Access 2019; 7:
107678-94.
[http://dx.doi.org/10.1109/ACCESS.2019.2932438] 
[51] 
 Akter M, Dip GD, Mira MS, Hamid MA, Mridha MF. Construing
attacks of internet of things (iot) and a prehensile intrusion detection
system for anomaly detection using deep learning approach.
International Conference on Innovative Computing and Communications;
2019 Nov 17; Singapore. Germany: IEEE 2020.
[http://dx.doi.org/10.1007/978-981-15-0324-5_37] 
[52] 
Stergiou C, Psannis KE, Kim BG, Gupta B. Secure integration of IoT and cloud computing. Future Gener Comput Syst  2018; 78: 964-75.
[http://dx.doi.org/10.1016/j.future.2016.11.031] 
[53] 
 Gunti M, Mann TP. Secure booting of computer system. US Patent
No 10,592,669 2020 Mar.; 17
[54] 
Yasin M. Jeyavijayan JV Rajendran, and Ozgur Sinanoglu “Side-channel attacks” trustworthy hardware design: Combinational logic locking techniques.  Cham: Springer 2020; pp. 119-30.
[http://dx.doi.org/10.1007/978-3-030-15334-2_10] 
[55] 
Vgontzas A, Li W, Mostofsky E, Rueschman M, Mittleman MA, Bertisch SM. Associations between migraine attacks and nightly sleep characteristics among adults with episodic migraine: A prospective cohort study. Sleep (Basel)  2020; 43(7): 1.
[http://dx.doi.org/10.1093/sleep/zsaa001] [PMID:  31930318] 
[56] 
 Hall M, Durairajan R, Sekar V. Fighting Fire with Light: A case for
defending ddos attacks using the optical layer 2020. arXiv preprint
arXiv:2002.10009
[57] 
Rani DR, Geethakumari G. Secure data transmission and detection of anti-forensic attacks in cloud environment using MECC and DLMNN. Comput Commun  2020; 150: 799-810.
[http://dx.doi.org/10.1016/j.comcom.2019.11.048] 
[58] 
Smith R, Palin D, Ioulianou PP, Vassilakis VG, Shahandashti SF. Battery draining attacks against edge computing nodes in IoT networks. Cyber-Physical Systems  2020; 6(2): 96-116.
[http://dx.doi.org/10.1080/23335777.2020.1716268] 
[59] 
Silva RF, Barbosa R, Bernardino J. Intrusion detection systems for mitigating sql injection attacks: review and state-of- practice. Int J Inf Secur Priv  2020; 14(2): 20-40. [IJISP].
[http://dx.doi.org/10.4018/IJISP.2020040102] 
[60] 
Peng R, Xiao H, Guo J, Lin C. Optimal defense of a distributed data storage system against hackers’ attacks. Reliab Eng Syst Saf  2020; 197: 106790.
[http://dx.doi.org/10.1016/j.ress.2020.106790] 
[61] 
Al-Turjman F, Zahmatkesh H, Shahroze R. An overview of security and privacy in smart cities’ IoT communications. Trans Emerg Telecommun Technol  2019; 36: 77.
[http://dx.doi.org/10.1002/ett.3677] 
[62] 
Alam S, Siddiqui ST, Ahmad A, Ahmad R, Shuaib M. Internet of things (IoT) enabling technologies, requirements, and security challenges advances in data and information Sciences.  Singapore: Springer 2020; pp. 119-26.
[http://dx.doi.org/10.1007/978-981-15-0694-9_12] 
[63] 
Salami AF, Dogo EM, Nwulu NI, Paul BS. Toward sustainable domestication of smart IoT mobility solutions for the visually impaired persons in Africa Technological trends in improved mobility of the visually impaired.  Cham: Springer 2020; pp. 275-300.
[http://dx.doi.org/10.1007/978-3-030-16450-8_11] 
[64] 
Nayak P, Kayiram K, Mallikarjuna R. IoT-enabled agricultural system applications, challenges and security issues IoT and Analytics for Agriculture.  Singapore: Springer 2020; pp. 139-63.
[65] 
Sivagurunathan S, Prathapchandran K. Trust- based security mechanisms for self-organized networks (SONs) securing the internet of things: Concepts, methodologies, tools, and applications.  IGI Global 2020; pp. 1782-805.
[66] 
 Garg H, Dave M. Securing User Access at IoT Middleware Using
Attribute Based Access Control. 10th International Conference on
Computing, Communication and Networking Technologies
(ICCCNT) IEEE 2020; 98:101984.
[http://dx.doi.org/10.1109/ICCCNT45670.2019.8944879] 
[67] 
Gupta BB. A beginner’s guide to internet of things security: Attacks, applications, authentication, and fundamentals. London, England: CRC Press 2020.
[68] 
Furfaro A, Pace P, Parise A. Facing DDoS bandwidth flooding attacks. Simul Model Pract Theory  2020; 98: 101984.
[http://dx.doi.org/10.1016/j.simpat.2019.101984] 
[69] 
 Deva SVSVP, Akashe S, Kim H-J. Feasible challenges and applications
of iot in healthcare: essential architecture and challenges in
various fields of internet of healthcare things. In: Advances in
Healthcare Information Systems and Administration. IGI Global;
2020. p. 178–200.
[70] 
Chaudhry SA. Correcting design flaws: An improved and cloud assisted key agreement scheme in cyber physical systems. Comput Commun  2020; 153: 527-37.
[http://dx.doi.org/10.1016/j.comcom.2020.02.025] 
[71] 
Lee C, Wang Y-J. Development of a cloud- based IoT monitoring system for fish metabolism and activity in aquaponics. Aquacult Eng  2020; 90: 102067.
[http://dx.doi.org/10.1016/j.aquaeng.2020.102067] 
[72] 
 Nahas BA, et al. Blue Flood: Concurrent Transmissions for Multi-
Hop Bluetooth 5--Modeling and Evaluation 2020. arXiv preprint
arXiv:2002.12906
[73] 
Calyam P, Rajagopalan S, Seetharam S, Selvadhurai A, Salah K, Ramnath R. VDC-Analyst: Design and verification of virtual desktop cloud resource allocations. Comput Netw  2014; 68: 110-22.
[http://dx.doi.org/10.1016/j.comnet.2014.02.022] 
[74] 
 Al-Haidari F, Sqalli M, Salah K. Impact of cpu utilization thresholds
and scaling size on autoscaling cloud resources. IEEE 5th International
Conference on Cloud Computing Technology and Science;
2013 Dec 2-5; Bristol, UK. New Jersey:IEEE 2014.
[http://dx.doi.org/10.1109/CloudCom.2013.142] 
[75] 
 Gupta, Sarthak, Virain Malhotra, and Shailendra Narayan Singh
“Securing IoT-driven remote healthcare data through blockchain”
advances in data and information Sciences. Singapore: Springer
2020; pp. 47-56.
[76] 
Shrestha R, Bajracharya R, Nam SY. Challenges of future VANET and cloud-based approaches. Wirel Commun Mob Comput  2018; 2018: 1-15.
[http://dx.doi.org/10.1155/2018/5603518] 
[77] 
Tuli S. Health fog: An ensemble deep learning based smart healthcare system for automatic diagnosis of heart diseases in integrated iot and fog computing environments. Future Gener Comput Syst  2020; 104: 187-200.
[http://dx.doi.org/10.1016/j.future.2019.10.043] 
[78] 
 Liang Q, Shenoy P, Irwin D. AI on the Edge: Rethinking AI-based
IoT Applications Using Specialized Edge Architectures 2020.
arXiv preprint arXiv:2003.12488
Cite As
International Journal of Sensors, Wireless Communications and Control

A Study on Security Issues and Attacks, Challenges and Future Improvements in Cloud-based IoT

Abstract

Graphical Abstract
