Ensuring trustworthy and secure IoT: Fundamentals, threats, solutions, and future hotspots

Abstract

The Internet of Things (IoT) allows terminals to access the network freely, which leads to the complexity of authentication and heterogeneous access. Although traditional security mechanisms can effectively prevent external attacks, once a malicious attacker enters the network by forging identity or bypassing authentication, these mechanisms lose effectiveness. Consequently, internal IoT security, including critical attributes such as security, privacy, and trust, has emerged as a research hotspot. The trust mechanism can identify malicious nodes and predict their reliability in future data collection and transmission through numerical analysis of inherent attributes and historical behaviors. However, there is a scarcity of comprehensive reviews summarizing IoT security from a trust perspective. Therefore, this paper reviews representative works on IoT security and trust in recent years from aspects of threats, defenses, and challenges. First, we introduce the fundamentals of IoT system, analyze existing security threats from three levels: architecture, function and equipment, and summarize common malicious attacks as well as their manifestations, causes, and harms. Then, several representative security mechanisms are introduced, including authentication, access control, intrusion detection, secure routing, encryption and key management, and compare their technical principles and superiority. Next, trust mechanism is introduced to ensure internal security, and specialized malicious attacks against the trust model, typical approaches and existing problems are presented. Finally, we discuss the feasible ways to address IoT security issues and list research hotspots in the future.