Framework-based security measures for Internet of Thing: A literature review

Abstract

Abstract This paper presents a review of state-of-the-art security frameworks for IoT applications. It aims to find out what alternatives have been proposed to guide IoT application developers in the implementation of security measures through all development phases. In this literature review, we identified 21 security frameworks, and we analyzed them from IoT application domains addressed and IoT elements protected. We find four application domains: generic, smart cities, smart car/VANET, and smart infrastructures. Concerning elements protected, we analyzed the frameworks through protected application resources and we also consider security properties in this paper. Our two principal findings are: (i) Even though there are a wide variety of security frameworks, we did not find a proposal that addresses all the layers of an IoT application (device, network, service and application) and all development phases (analysis, design, implementation, testing, deployment, and maintenance), (ii) Addressing security from the design phase allows IoT developers to have a broader perspective of the system, avoiding massive changes to be made in later stages, saving costs and time. This gap and concerns enable various research on security by design and secure development to be carried out, and proposed frameworks to address the identified problems.