A Systematic Roadmap on Privacy, Security, Trust, Identity Management, and Resilience: Wireless Sensor Networks and Internet of Things Architectures


  • Idrees Sarhan Kocher Energy Engineering Department, Technical College of Engineering, Duhok Polytechnic University, Duhok, KRG – Iraq




As everything around us will be linked to the net in many ways via the Internet of Things (IoTs) and compared to the standard Internet, new forms of problems and complications can arise. Huge IoTs experiments are currently under way, most of which concern its sight, supporting technology, software, or facilities. Recently, a limited studies have comprehensively defined the security requirements such as privacy concerns, security, and trusting in the IoTs that are deemed special to the future net, these terms need to be discussed and addressed via numerous scholars and research groups as well. This article surveyed through 102 references from popular literature databases to explore the features\ properties that define the distinctive IoT relating to forthcoming privacy, security and trust issues. Then created security requirements that were triggered by the mentioned properties. This article examined the privacy, security, trust and resilience components of the three most popular IoT architectures in consideration of the requirements as well. Also, this survey contributed to the state-of-the-art security issues for embedded devices in Internet of Things world including provide a comparative table of well-known secure routing protocols and their countermeasures to well-known attacks on Open Systems Interconnection (OSI) structure of Wireless Sensor Networks (WSNs) within Internet of Things world. Finally, this survey identifies a number of study gaps that will serve as the foundation for future research.


Download data is not yet available.


Köhler, M., Wörner, D., & Wortmann, F. (2014). Platforms for the internet of things–an analysis of existing solutions. In Proceeding of the 5th Bosch Conference on Systems and Software Engineering (BoCSE`14), Ludwigsburg, 1-15.

Zanellaa, A., Bui, N., Castellani, A., Vangelista, L., & Zorzi, M. (2014). Internet of things for smart cities. IEEE Internet of Things Journal (IoT-J), 1 (1), 22-32.

Gubbi, J., Buyya, R., Marusic, S., & Palaniswami, M. (2013). Internet of things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29(7), 1645-1660.

National Intelligence Council (NIC) (2008). Disruptive civil technologies: six technologies with potential impacts on us interests out to 2025. Conference Report CR 2008-07, available at https://www.fas.org/irp/nic/.

Bellavista, P., Cardone, G., Corradi, A., & Foschini, L. (2013). Convergence of MANET and WSN in IoT urban scenarios. IEEE Sensors Journal, 13(10), 3558-3567.

Tan, L., & Wang, N. (2010). Future internet: The internet of things. in Proceeding of the 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), 5(15), 376-380.

Vasilomanolakis, E., Daubert, J., Luthra, M., Gazis, V., Wiesmaier, A., & Kikiras, P. (2015). on the security and privacy of internet of things architectures and systems," in proceeding of 2015 International Workshop on Secure Internet of Things (SIoT), 49-57, doi: 10.1109/SIOT.2015.9.

Gao, L., & Bai, X. (2014). A unified perspective on the factors influencing consumer acceptance of internet of things technology,” Asia Pacific Journal of Marketing and Logistics, 26(2), 211–231.

Atamli, A.W., & Martin, A. (2014). Threat-Based security analysis for the internet of things,” IEEE Secure Internet of Things (SIoT), pp. 35–43.

Babar, S., Mahalle, P., Stango, A., Prasad, N., & Prasad, R. (2010). Proposed security model and threat taxonomy for the Internet of Things (IoT). in Proceeding of International Conference on Network Security & Applications (CNSA), 89, 420–429,Springer Berlin Heidelberg.

S. Cirani, G, F. and L. Veltri,” Enforcing security mechanisms in the IP-based internet of things: An algorithmic overview,” Algorithms, vol. 6, no. 2, pp.197–226, 2013.

V. Gazis, C. G. Cordero, E. Vasilomanolakis, P. Kikiras and A. Wiesmaier,” Security perspectives for collaborative data acquisition in the internet of things,”in Proceeding of International Conference on Safety and Security in Internet of Things, Springer, 2014.

J. Gubbi, R, Buyya, S. Marusic and M. Palaniswami,” Internet of Things (IoT): A vision, architectural elements, and future directions,”Future Generation Computer Systems, vol. 29, no. 7, pp. 1645–1660, September 2013.

A. Mayzaud, R. Badonnel and I. Chrisment,”Monitoring and security for the Internet of Things,” in Proceeding of International Conference on Autonomous Infrastructure, Management, and Security (AIMS`13), vol. 7943, pp. 37–40, 2013.

D. Miorandi, S. Sicari, F. D. Pellegrini and I. Chlamtac,” Internet of things: Vision, applications and research challenges,”Ad Hoc Networks, vol. 10, no. 7, pp. 1497–1516, 2012.

H. Ning, H. Liu, and L. T. Yang,” Cyberentity security in the internet of things,” Computer, vol. 46, no. 4, pp. 46–53, 2013.

R. Roman, P. Najera and J. Lopez,” Securing the internet of things,” Computer, vol. 44, no. 9, pp. 51–58, 2011.

R. H. Weber,” Internet of Things – New security and privacy challenges,” Computer Law & Security Review, vol. 26, no. 1, pp.

–30, 2010.

D. Bandyopadhyay and J. Sen, “Internet of things: Applications and challenges in technology and standardization”, Wireless Personal Communications, vol. 58, no. 1, pp. 49-69, 2011.

Q. I. Sarhan, “Internet of things: a survey of challenges and issues,” Int. J. Internet of Things and Cyber-Assurance, vol.1, no. 1, pp.40–75, 2018.

Said, O. & Masud, M. 2013 “Towards internet of things: Survey and future vision”, International Journal of Computer Networks (IJCN), 5(1), 1-17.

H. Chan and A. Perrig, “Security and privacy in sensor networks”, IEEE Computer, vol. 36, no.10, pp. 103-105, 2003.

J. Stankovic, “Research directions for the internet of things”, IEEE Internet of Things Journal (IoT-J), vol. 1, no.1, pp. 3-9, 2014.

M. Olurin, C. Adams, and L. Logrippo, “Platform for privacy preferences (P3P): Current status and future directions”, in

Proceeding of the tenth Annual International Conference on Privacy, Security and Trust (PST), pp. 217-220, 2012.

R. Roman, P. Najera and J. Lopez, “Securing the internet of things”, IEEE Computer, vol. 44, no. 9, pp. 51-58, 2011.

G. Broenink, J.-H. Hoepman, C. V. T. Hof, R. V. Kranenburg, D. Smits and T. Wisman, “The Privacy coach: Supporting customer

privacy in the Internet of Things”, in proceeding of workshop on What Can Internet Things Do for the Citizen? (CIOT), Radboud

Univversity, pp. 1-10, 2010.

S. Radomirovic, “Towards a model for security and privacy in the internet of things, ” in Proceeding of the 1st International

Workshop Security of the Internet of Things (SecIoT), Network Information and Computer Security Laboratory, pp. 1-6, 2010.

V. Oleshchuk, “Internet of things and privacy preserving technologies”, in Proceeding of the 1st International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (VITAE), pp. 336-340, 2009.

L. Atzori, A. Iera, and G. Morabito, “The internet of things: a survey”, Computer Networks: The International Journal of Computer

and Telecommunication Networking, vol. 54, no. 15, pp. 2787-2805, 2010.

V. K. Singh, D. S. Kushwaha, S. Singh and S. Sharma, “The Next evolution of the Internet of Things”, International Journal of

Engineering Research in Computer Science and Engineering (IJERCSE), vol. 2, no. 1, pp. 31-35, 2015.

C. Thompson, “25 Ideas for 2010: Digital Forgetting”, Wired UK, 2009, available at

http://www.wired.co.uk/magazine/archive/2009/12/features/25-ideas-for-2010-digital-forgetting, 2010, accessed in

October 2021.

V. Mayer-Schönberger, “Delete: The virtue of forgetting in the digital age”, Princeton University Press, 2009.

J. Wickramasuriya, M. Datt, S. Mehrotra and N. Venkatasubramanian, “Privacy protecting data collection in media spaces”, in

Proceeding of the 12th annual ACM International Conference on Multimedia, pp. 1-48, 2004.

C. M. Medaglia and A. Serbanati,” An overview of privacy and security issues in the internet of things,” in The Internet of

Things, pp. 389–395. Springer, 2010.

J. Daubert, A. Wiesmaier and P. Kikiras,”A view on privacy & trust in iot,” in IOT/CPS-Security Workshop, IEEE International

Conference on Communications, ICC 2015, London, GB, pp. 2665-267, IEEE, 2015.

A. Machanavajjhala, D. Kifer, J. Gehrke and M. Venkitasubramaniam,” L-diversity: Privacy beyond kanonymity,” TKDD, vol.

, no. 1, 2007.

L. Sweeney,” k-anonymity: A model for protecting privacy,” International Journal of Uncertainty, Fuzziness and Knowledge-Based

Systems, vol. 10, no. 5, pp. 557–570, 2002.

X. Xiao and Y. Tao,” M-invariance: towards privacy preserving re-publication of dynamic datasets,” in Proceeding of Proceedings

of the ACM SIGMOD International Conference on Management of Data, Beijing, China, pp. 689–700. ACM, 2007.

C. Dwork and J. Lei,” Differential privacy and robust statistics,” in Proceedings of the 41st Annual ACM Symposium on Theory

of Computing, STOC 2009, Bethesda, MD, USA, pp. 371–380. ACM, 2009.

A. Pfitzmann and M. Kohntopp,” Anonymity, unobservability, and pseudonymity - A proposal for terminology,” in Proceeding

of Designing Privacy Enhancing Technologies, International Workshop on Design Issues in Anonymity and Unobservability, Berkeley,

CA, USA, Proceedings, vol. 2009 of Lecture Notes in Computer Science, pp. 1–9. Springer, 2000.

Camenisch, J. & and E. V. Herreweghen, E. V. 2002. Design and implementation of the idemix anonymous credential system. in Proceedings of the 9th ACM Conference on Computer and Communications Security(CCS 2002), Washington, DC, USA, pp. 21–30.


R. Dingledine, N. Mathewson and P. F. Syverson,”Tor: The second generation onion router,” in Proceedings of the 13th USENIX

Security Symposium San Diego, CA, USA, pp. 303–320, USENIX, 2004.

I. S. Kocher, C-O. Chow, H. Ishii and T. A. Zia,” Threat models and security issues in wireless sensor networks,” International

Journal of Computer Theory and Engineering, vol. 5, no. 5, 2013.

T. A. Zia and A. Y. Zomaya, “Security issues in wireless sensor networks,” in Proceeding of the International Conference on Systems

and Networks (ICSNC), Tahiti, French Polynesia, 2006.

K. Zhao and L. Ge, “A survey on the internet of things security, “in Proceeding of the Ninth International Conference on

Computational Intelligence and Security (ICCIS), pp. 663–667, 2013.

I. S. Kocher, “Software engineering methods to improve the design of software reliability systems: roadmap, “Journal of

Southwest Jiaotong University, vol. 55, no. 3, pp. 1-9, 2020,

I. Gawdan and Q. I. Sarhan,“ Performance evaluation of novel secure key management scheme over ban wireless sensor

networks,” Journal of University of Duhok, vol. 19, No. 1, pp. 179-188, 2016.

I. S. Gawdan, C.-O. Chow, T. A. Zia and Q. I. Gawdan,” Cross-layer based security solutions for wireless sensor networks,”

International Journal of the Physical Sciences (IJPS), vol. 6, no. 17, pp. 4245-4254, 2011a.

I. S. Gawdan, C.-O. Chow, T. A. Zia and Q. I. Sarhan,”A novel secure key management module for hierarchical clustering wireless sensor networks,” in Proceeding of 3rd International Conference on Computational Intelligence, Modeling and Simulation (CIMSim 2011), Langkawi, Malaysia, pp. 312-316, 2011b.

I. S. Kocher and Q. I. Sarhan,”Classifying routing algorithms upon clustered based wireless sensor networks: a survey,” ZANCO Journal of Pure and Applied Science (ZJPAS), vol. 29, no. 2, pp. 25-36, 2017.

I. S. Kocher,”A systematical roadmap on various security vulnerabilities and countermeasures in routing algorithms upon wsns,” Academic Journal of Nawroz University (AJNU), vol. 10, no.4, 2021.

G. Schafer,”Security in fixed and wireless networks – an introduction to securing data communications,” Wiley, 2003, accessed in October 2021

A. Juels, “RFID security and privacy: a research survey,” IEEE Journal on Selected Areas in Communications (J-SAC), vol. 24, no. 2, pp.381–394, 2006.

R. Kumar, E. Kohler and M. Srivastava, “Harbor: software-based memory protection for sensor nodes, “The 6th International Symposium on Information Processing in Sensor Networks (IPSN), pp.340–349, 2007.

H. Krawczyk, M. Bellare and R. Canetti, “HMAC: keyed-hashing for message authentication,” IETF RFC 2104, 1997.

S. Kent and R. Atkinson. Security Architecture for the Internet Protocol. RFC 2401 (Proposed Standard), November 1998,

Obsoleted by RFC 4301, updated by RFC 3168, accessed in October 2020.

T. Dierks and E. Rescorla.,”The transport layer security (TLS) protocol version 1.2.,” RFC 5246 (Proposed Standard), August

, Updated by RFCs 5746, 5878, 6176. 2008.

R. Bonetto, N. Bui, V. Lakkundi, A. Olivereau, A. Serbanati, and M. Rossi,”Secure communication for smart IoT objects: Protocol

stacks, use cases and practical examples,” in 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia

Networks, WoWMoM 2012 - Digital Proceedings, 2012.

R. Sandhu, E. Coyne, H. Feinstein and C. Youman, “Role-based access control models,” IEEE Computer, vol. 29, no. 2, pp.38–47,

D. Miorandi, S. Sicari, F. De PellegriniI and I. Chlamtac, “Internet of things: vision, applications and research challenges, “Ad

Hoc Networks, vol. 10, no. 7, pp.1497–1516, 2012.

X. Wang, W. Gu, K. Schosek, S. Chellappan and D. Xuan, “Sensor network configuration under physical attacks, “Technical

Report (OSU-CISRC-7/04-TR45), Department of Computer Science and Engineering, Ohio State University, Ohio, USA, 2004.

E. Alsaadi and A. Tubaishat, “Internet of things: features, challenges, and vulnerabilities,” IJACSIT, vol. 4, no. 1, pp.1–13, 2015.

Daubert, J., Wiesmaier, A. & Kikiras, P. 2015. A view on privacy & trust in IoT, “The IEEE (ICCW), 2665–2670.

M. Blaze, J. Feigenbaum and J. Lacy, “Decentralized trust Management, “IEEE Symposium on Security and Privacy, pp.164–

, 1996.

A. Iliev and S. W. Smith,”Protecting client privacy with trusted computing at the server. IEEE Security & Privacy, vol. 3, no. 2,

pp. 20–28, 2005.

A. Jøsang, R. Ismail, and C. Boyd,” A survey of trust and reputation systems for online service provision. Decision Support

Systems, vol. 43, no. 2, pp. 618–644, 2007.

F. Bao and I.R. Chen, “Trust management for the internet of things and its application to service composition,” in Proceeding of

the IEEE International Symposium (WoWMoM), pp.1–6, 2012.

D. Chen, G. Chang, D. Sun, J. Li, J. Jia and X. Wang, “TRM-IoT: a trust management model based on fuzzy reputation for

internet of Things,” ComSIS 11, vol. 8, no. 4, pp.1207–1228, 2011.

H. Suo, J. Wan, C. Zou, and J. Liu,”Security in the internet of things: a review,” in Proceeding of Computer Science and Electronics

Engineering (ICCSEE), International Conference, vol. 3, pp. 648–651. IEEE, 2012.

J. G. Steiner, B. C. Neuman and I. J. chiller,”Kerberos: An authentication service for open network systems,” in Proceedings of the

USENIX Winter Conference, Dallas, Texas, USA, pp. 191–202. USENIX Association, 1988.

BETaaS Consortium,” Building the environment for the things as a service,” http://www.betaas.eu/, 2012, accessed in 11. Feb. 2020.

IoT-A Consortium,” IoT-A – Internet of Things Architecture,” http: //www.iot-a.eu/, accessed in May 2021

M. Bauer and S. Lange,” Enabling things to talk,” Springer Berlin Heidelberg, Berlin, Heidelberg, 2013.

A. Salinas, Y. Ben-Saied and D. Level,” Internet of things architecture concepts and solutions for privacy and security in the

resolution infrastructure,” (257521), 2013.

BETaaS Consortium,” D1.4.2 – TaaS Reference Model,” http://www.betaas.eu/docs/deliverables/BETaaS%20-

%20D1.4.2%.20 %20TaaS%20Reference% 20Model%20v1.0.pdf, October 2013, accessed in 11 Mar. 2014, accessed in October

BETaaS Consortium,”BETaaS building the environment for the things as a service D2. 2. 2 – Specification of the extended

capabilities of the platform, pp. 1–61, 2014, accessed in October 2021

OpenIoT Consortium,” OPENIoT D2.3 Detailed Architecture and Proof-of-Concept Specifications,”

http://openiot.eu/?q=node/49, 2013. Accessed in October 2021.

OpenIoT Consortium,” OPENIoT project description,” http://www.openiot.eu/, 2013. accessed in October 2021

R. Gwadera,” D5.2.1 Privacy and security framework. 2013, accessed in October 2021.

M. A. Al-Garadi, A. Mohamed, A. K. Al-Ali, X. Du, I. Ali and M. Guizani, "A Survey of Machine and Deep Learning Methods

for Internet of Things (IoT) Security," in IEEE Communications Surveys & Tutorials, vol. 22, no. 3, pp. 1646-1685, 2020, doi: 10.1109/COMST.2020.2988293.

Francesca Meneghello, Matteo Calore, Daniel Zucchetto, Michele Polese and Andrea Zanella,” IoT: Internet of Threats? A Survey of Practical Security Vulnerabilities in Real IoT Devices,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8182-8201, 2019.

Krishna RR, Priyadarshini A, Jha AV, Appasani B, Srinivasulu A and Bizon N,” State-of-the-Art Review on IoT Threats and Attacks: Taxonomy, Challenges and Solutions. Sustainability. 13(16):9463, 2021, https://doi.org/10.3390/su13169463.

Ammar M, Russello G and Crispo B,” Internet of Things: A survey on the security of IoT frameworks[J]. Journal of Information Security and Applications, vol.38, pp. 8-27, 2018.

Sharafi Afsaneh, Adabi Sepideh, Movaghar Ali and Al-Majeed Salah,” A two-layer attack-robust protocol for IoT healthcare securityTwo-stage identification-authentication protocol for IoT,” IET Communications, vol 15, no. 19, pp. 2390-2406, 7 September 2021.

D. Chaum,” Blind signatures for untraceable payments,” in Proceedings of CRYPTO ’82, Santa Barbara, California, USA, pp. 199– 203. Plenum Press, New York, 1982.

Pecho, P., Nagy, J., Hanacke, P. & Drahansky, M. 2009 . Secure collection tree protocol for tamper-resistant wireless sensors. Communications in Computer and Information Science, 58, 217– 224, Springer-Verlag, Heidelberg, Germany.

R. D. Pietro, L. V. Mancini, Y. W. Law, S. Etalle and P. Havinga, “ LKHW: a directed diffusion-based secure multi-cast scheme for WSNs. ICPPW’03, pp. 397-406, IEEE Computer Society Press, 2003.

Y-J. Han, M-W. Park and T-M. Chung, “SecDEACH: secure and resilient dynamic clustering protocol preserving data privacy in WSNs, “in Proceedings of ICCSA’10, pp. 142 – 157, 2010.

D. Liu and P. Ning, “Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks, ”in Proceedings of the 10th Annual Network and Distributed System Security Symposium, pp. 263 – 273, San Diego, CA, USA, 2003.

S. Zhu, S. Setia and S. Jajodia, “LEAP: efficient security mechanism for large-scale distributed sensor networks, ”in Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 62 – 72, New York, USA, ACM Press, 2004.

J. Sen and A. Ukil,”A secure routing protocol for wireless sensor networks,” in Proceedings of ICCSA’10, pp. 277 – 290, Fukuaka, Japan, 2010.

A. D. Wood, L. Fang, J. A. Stankovic and T. He, ”SIGF: a family of configurable, secure routing protocols for wireless sensor networks, “in Proceedings of the 4th ACM Workshop on Security of Ad Hoc and Sensor Networks, pp. 35 – 48, Alexandria, VA, USA, 2006.

K. Zhang and C. Wang,”A secure routing protocol for cluster-based wireless sensor networks using group key management,” in Proceedings of WiCOM’08, pp. 1-5, Dalian, 2008.

G. Zhan W. Shi and J. Deng,” TARF: a trust-aware routing framework for wireless sensor networks,” in Proceedings of EWSN’10, pp. 65 – 80, Coimbra, Portugal.2010.

Perrig, A., Szewczyk, R., Wen, V., Culler, D.E., & Tygar, J.D. (2002). SPINS: security protocols for sensor networks. Wireless Networks, 8 (5), 521-534.

Wood, A.D., & Stankvic, J.A. (2002). Denial of service in sensor networks,” IEEE Computer, 35(10), 54-62.

Karlof, C., & Wagner, D. (2003). Secure routing in wireless sensor networks: attacks and countermeasures, “in Proceedings of the

st IEEE International Workshop on Sensor Network Protocols and Applications, pp. 113-127.

Deng, H., Li, H., & Agrawal, D. (2002). Routing security in wireless ad hoc networks. IEEE Communications Magazine, 40 (10),

-75. DOI: 10.1109/MCOM.2002.1039859.

Chandra, S.J., Harihara, S.G., Reddy, H., & Balamuralidhar, P. (2007). A mechanism for detection of grayhole attack in mobile

ad hoc networks. in Proceedings of the 6th International Conference on Information, Communication, and Signal Processing (ICICS’07),

– 5, Singapore.

Newsome, J., Shi, E., Song, D., & Perrig, A. (2004). The Sybil attack in sensor networks: analysis and defenses. in Proceedings of

the 3rd International Symposium on Information Processing in Sensor Networks, pp. 259-268, ACM Press.

Kocher, I.S. (2021). An experimental simulation of addressing auto-configuration issues for wireless sensor networks. CMC-

Computers, Materials and Continua, 71(2), 3821-3838. DOI:10.32604/cmc.2022.023478.

Syeda, G.F., Syed, A.S., & Mohammed, S. (2018). Efficient Defense system for jamming attacks in wireless sensor networks,” in

International Journal of Electronics and Communication Engineering and Technology, 9 (4), 22–35. Manuscript ID:-00000-42994.



How to Cite

Sarhan Kocher, I. (2023). A Systematic Roadmap on Privacy, Security, Trust, Identity Management, and Resilience: Wireless Sensor Networks and Internet of Things Architectures. Academic Journal of Nawroz University, 12(4), 398–414. https://doi.org/10.25007/ajnu.v12n4a1116



Review Articles