A Review on Security and Privacy Issues in IoT Devices


  • Reben Mohamad Salem Kurda Information System Engineering Department, Technical Engineering College, Erbil Polytechnic University, Erbil, Iraq. [email protected]
  • Umran Abdullah Haje Computer science department, basic education college, Raparin university, ranya, sulaymanaiha, Iraq
  • Muhamad Hussein Abdulla Computer science department, basic education college, Raparin university, ranya, sulaymanaiha, Iraq
  • Zhwan Mohammed Khalid Computer science department, basic education college, Raparin university, ranya, sulaymanaiha, Iraq.




Internet of things, IoT privacy, IoT security, IoT technology, hardware security, IoT attacks


In our everyday lives, the IoT is everywhere. They are used for the monitoring and documentation of environmental improvements, fire safety and even other useful roles in our homes, hospitals and the outdoors. IoT-enabled devices that are linked to the internet transmit and receive a large amount of essential data over the network. This provides an opportunity for attackers to infiltrate IoT networks and obtain sensitive data. However, the risk of a loss of privacy and security could outweigh any of these benefits. Many tests have been carried out in order to solve these concerns and find a safer way to minimize or remove the effect of IoT technologies on privacy and security practices in order to protect them. The issue with IoT devices is that they have small output modules, making it impossible to adapt current protection methods to them. This constraint necessitates the presentation of lightweight algorithms that enable IoT devices. In this article, investigated the context and identify different safety, protection, and approaches for securing components of IoT-based ecosystems and systems, as well as evolving security solutions. In addition, several proposed algorithms and authentication methods in IoT were discussed in order to avoid various types of attacks while keeping the limitations of the IoT framework in mind. Also discuss some hardware security in IoT devices.


Download data is not yet available.

Author Biographies

Reben Mohamad Salem Kurda, Information System Engineering Department, Technical Engineering College, Erbil Polytechnic University, Erbil, Iraq. [email protected]

PhD in Computer science

Lectuer at the erbil polytechnic univeristy

Umran Abdullah Haje, Computer science department, basic education college, Raparin university, ranya, sulaymanaiha, Iraq

Master student

Muhamad Hussein Abdulla, Computer science department, basic education college, Raparin university, ranya, sulaymanaiha, Iraq

Master syudent

Zhwan Mohammed Khalid, Computer science department, basic education college, Raparin university, ranya, sulaymanaiha, Iraq.

Master student


I. Analytics, "Why the internet of things is called internet of things: Definition, history, disambiguation," ed, 2014.

V. M. Kumar, N. Yamsani, S. N. Korra, A. Harshavardhan, and B. V. Kumar, "A Scope on Auspices and Seclusion Issues in Internet of Things."

B. Lam and C. Larose, "How did the internet of things allow the latest attack on the internet?," ed, 2016.

S. Chaudhary, "Privacy and security issues in Internet of Things," Int. Educ. Res. J., vol. 3, pp. 2433-2436, 2017.

J. Granjal, E. Monteiro, and J. S. Silva, "Security for the internet of things: a survey of existing protocols and open research issues," IEEE Communications Surveys & Tutorials, vol. 17, pp. 1294-1312, 2015.

S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, "Security, privacy and trust in Internet of Things: The road ahead," Computer networks, vol. 76, pp. 146-164, 2015.

R. Roman, J. Zhou, and J. Lopez, "On the features and challenges of security and privacy in distributed internet of things," Computer Networks, vol. 57, pp. 2266-2279, 2013.

I. Ahmad, T. Kumar, M. Liyanage, J. Okwuibe, M. Ylianttila, and A. Gurtov, "Overview of 5G security challenges and solutions," IEEE Communications Standards Magazine, vol. 2, pp. 36-43, 2018.

L. a. Tawalbeh, F. Muheidat, M. Tawalbeh, and M. Quwaider, "IoT Privacy and security: Challenges and solutions," Applied Sciences, vol. 10, p. 4102, 2020.

L. Li, "Study on security architecture in the Internet of Things," in Proceedings of 2012 international conference on measurement, information and control, 2012, pp. 374-377.

R. H. Weber, "Internet of Things–New security and privacy challenges," Computer law & security review, vol. 26, pp. 23-30, 2010.

S. Kraijak and P. Tuwanut, "A survey on internet of things architecture, protocols, possible applications, security, privacy, real-world implementation and future trends," in 2015 IEEE 16th International Conference on Communication Technology (ICCT), 2015, pp. 26-31.

C. Qiang, G.-r. Quan, B. Yu, and L. Yang, "Research on security issues of the internet of things," International Journal of Future Generation Communication and Networking, vol. 6, pp. 1-10, 2013.

M. Burmester and B. De Medeiros, "RFID security: attacks, countermeasures and challenges," in The 5th RFID academic convocation, the RFID journal conference, 2007.

X. Xingmei, Z. Jing, and W. He, "Research on the basic characteristics, the key technologies, the network architecture and security problems of the internet of things," in Proceedings of 2013 3rd International Conference on Computer Science and Network Technology, 2013, pp. 825-828.

A. Kamble and S. Bhutad, "Survey on Internet of Things (IoT) security issues & solutions," in 2018 2nd International Conference on Inventive Systems and Control (ICISC), 2018, pp. 307-312.

A. K. Hussain, "A modified RSA algorithm for security enhancement and redundant messages elimination using K-nearest neighbor algorithm," IJISET-International Journal of Innovative Science, Engineering & Technology, vol. 2, pp. 858-862, 2015.

M. Nawir, A. Amir, N. Yaakob, and O. B. Lynn, "Internet of Things (IoT): Taxonomy of security attacks," in 2016 3rd International Conference on Electronic Design (ICED), 2016, pp. 321-326.

F. A. Alaba, M. Othman, I. A. T. Hashem, and F. Alotaibi, "Internet of Things security: A survey," Journal of Network and Computer Applications, vol. 88, pp. 10-28, 2017.

J. Choi, S. Li, X. Wang, and J. Ha, "A general distributed consensus algorithm for wireless sensor networks," in 2012 Wireless Advanced (WiAd), 2012, pp. 16-21.

A. V. Singh, V. Juyal, and R. Saggar, "Trust based intelligent routing algorithm for delay tolerant network using artificial neural network," Wireless Networks, vol. 23, pp. 693-702, 2017.

Z. Bi, L. Da Xu, and C. Wang, "Internet of things for enterprise systems of modern manufacturing," IEEE Transactions on industrial informatics, vol. 10, pp. 1537-1546, 2014.

H. Song, G. Fink, and S. Jeschke, Security and privacy in cyber-physical systems: Wiley Online Library, 2017.

M. Medwed, "Iot security challenges and ways forward," in Proceedings of the 6th International Workshop on Trustworthy Embedded Devices, 2016, pp. 55-55.

M. Conti, N. Dragoni, and V. Lesyk, "A survey of man in the middle attacks," IEEE Communications Surveys & Tutorials, vol. 18, pp. 2027-2051, 2016.

M. A. Khan and K. Salah, "IoT security: Review, blockchain solutions, and open challenges," Future Generation Computer Systems, vol. 82, pp. 395-411, 2018.

D. Zaldivar, A. T. Lo'ai, and F. Muheidat, "Investigating the security threats on networked medical devices," in 2020 10th Annual Computing and Communication Workshop and Conference (CCWC), 2020, pp. 0488-0493.

X. Liu, M. Zhao, S. Li, F. Zhang, and W. Trappe, "A security framework for the internet of things in the future internet architecture," Future Internet, vol. 9, p. 27, 2017.

A. T. Lo'ai and T. F. Somani, "More secure Internet of Things using robust encryption algorithms against side channel attacks," in 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications (AICCSA), 2016, pp. 1-6.

F. Dalipi and S. Y. Yayilgan, "Security and privacy considerations for iot application on smart grids: Survey and research challenges," in 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), 2016, pp. 63-68.

W. Trappe, R. Howard, and R. S. Moore, "Low-energy security: Limits and opportunities in the internet of things," IEEE Security & Privacy, vol. 13, pp. 14-21, 2015.

Y. Yang, L. Wu, G. Yin, L. Li, and H. Zhao, "A survey on security and privacy issues in Internet-of-Things," IEEE Internet of Things Journal, vol. 4, pp. 1250-1258, 2017.

R. Kotamsetty and M. Govindarasu, "Adaptive latency-aware query processing on encrypted data for the Internet of Things," in 2016 25th International Conference on Computer Communication and Networks (ICCCN), 2016, pp. 1-7.

H. Shafagh, A. Hithnawi, A. Dröscher, S. Duquennoy, and W. Hu, "Talos: Encrypted query processing for the internet of things," in Proceedings of the 13th ACM conference on embedded networked sensor systems, 2015, pp. 197-210.

S. Al Salami, J. Baek, K. Salah, and E. Damiani, "Lightweight encryption for smart home," in 2016 11th International Conference on Availability, Reliability and Security (ARES), 2016, pp. 382-388.

A. Abdullah, "Advanced encryption standard (aes) algorithm to encrypt and decrypt data," Cryptography and Network Security, vol. 16, 2017.

I. Andrea, C. Chrysostomou, and G. Hadjichristofi, "Internet of Things: Security vulnerabilities and challenges," in 2015 IEEE symposium on computers and communication (ISCC), 2015, pp. 180-187.

S. Babar, A. Stango, N. Prasad, J. Sen, and R. Prasad, "Proposed embedded security framework for internet of things (iot)," in 2011 2nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE), 2011, pp. 1-5.

M. U. Farooq, M. Waseem, A. Khairi, and S. Mazhar, "A critical analysis on the security concerns of internet of things (IoT)," International Journal of Computer Applications, vol. 111, 2015.

S. Uke, A. Mahajan, and R. Thool, "UML modeling of physical and data link layer security attacks in WSN," International Journal of Computer Applications, vol. 70, 2013.

H. Li, Y. Chen, and Z. He, "The survey of RFID attacks and defenses," in 2012 8th International Conference on Wireless Communications, Networking and Mobile Computing, 2012, pp. 1-4.

F. Kandah, Y. Singh, W. Zhang, and C. Wang, "Mitigating colluding injected attack using monitoring verification in mobile ad‐hoc networks," Security and Communication Networks, vol. 6, pp. 539-547, 2013.

Q. Gou, L. Yan, Y. Liu, and Y. Li, "Construction and strategies in IoT security system," in 2013 IEEE international conference on green computing and communications and IEEE internet of things and IEEE cyber, physical and social computing, 2013, pp. 1129-1132.

F. Salahdine and N. Kaabouch, "Social engineering attacks: a survey," Future Internet, vol. 11, p. 89, 2019.

A. Wahid and P. Kumar, "A survey on attacks, challenges and security mechanisms in wireless sensor network," International Journal for Innovative Research in Science and Technology, vol. 1, pp. 189-196, 2015.

M. I. Abdullah, M. M. Rahman, and M. C. Roy, "Detecting sinkhole attacks in wireless sensor network using hop count," IJ Computer Network and Information Security, vol. 3, pp. 50-56, 2015.

P. Jain and A. Sardana, "Defending against internet worms using honeyfarm," in Proceedings of the CUBE International Information Technology Conference, 2012, pp. 795-800.

M. Zulkifli and Z. W. Mohd, "Attack on cryptography," Comput. Secur, vol. 12, pp. 33-45, 2008.

V. Venugopalan and C. D. Patterson, "Surveying the hardware trojan threat landscape for the internet-of-things," Journal of Hardware and Systems Security, vol. 2, pp. 131-141, 2018.

A. Al-Omary, A. Othman, H. M. AlSabbagh, and H. Al-Rizzo, "Survey of hardware-based security support for IoT/CPS systems," KnE Engineering, pp. 52–70-52–70, 2018.



How to Cite

Mohamad Salem Kurda, R., Abdullah Haje, U., Hussein Abdulla, M., & Mohammed Khalid, Z. (2022). A Review on Security and Privacy Issues in IoT Devices. Academic Journal of Nawroz University, 10(4), 192–205. https://doi.org/10.25007/ajnu.v10n4a1245




Most read articles by the same author(s)