Enhancing IoT Security Through Modern Technologies

​

David Nichols, a Carnegie Mellon University was a grad student in 1982 with the desire to connect a campus vending machine to the local network (Teicher, 2018).  The purpose of this endeavor was to make his life easier and cut out unnecessary long walks through the Carnegie campus to the distant vending machine.  His trek would sometimes be unfruitful resulting in finding an empty vending machine or warm drinks from a newly refilled stock.  Recruiting help from fellow students, Mike Kazar, Ivor Durham and John Zsarnay, this vending machine became the first non-personal computer on the ARPANET in 1980s (Teicher, 2018).  At the time, the limited number of computers on the ARPANET and this endeavor by thirsty students required no forethought into security implications of connecting machines to computer networks.  The ARPANET was so small that it wasn’t until 1985 that the ARPANET reached 2,000 TCP/IP connected devices (Spicer et al., n.d.).  It would be a very long time until a recipe of technology existed for the general population to start to desire the same conveniences assisted by network technology.

​

The introduction of Wi-Fi standards 802.11a and 802.11b to the mainstream market in 1999 opened the door to new networking possibilities both within homes and businesses (IEEE, 1999a; IEEE, 1999b).  Users were no longer tethered to a network by physical limitations of network or telephone cables to communicate over Internet Protocols and the market was introduced to new modern wireless devices to connect to the Internet.

​

Aside from connectivity footprints expanding, compact computing power grew and continues to grow.  In 1965 a founding member of Intel, Gordon E. Moore, observed the number of transistors in computers doubled roughly every two years, the term Moore’s Law was coined and an ongoing observation of exponential growth of transistor counts remained true through the 80s, 90s and into the 2000s (Rajeshwar, 2007).  Whether the validity of Moore’s observation still holds true today in the semiconductor industry remains an ongoing debate (Vaidya, et al., n.d.).  Devices are still getting smaller and more powerful every year and new emerging low-power and low-cost devices capable of performing simple tasks.  This all paved the way for connected devices becoming possible anywhere and becoming smarter and more capable.          

​

About the same time in 1999 that Wi-Fi technology was becoming available to mainstream markets, a British technology pioneer Kevin Ashton was working on Radio Frequency Identification (RFID) technology as a way for devices to communicate wirelessly to one another for tracking product inventory.  During a speech he coined the term of those interconnected devices sharing data amongst each other as the “Internet of Things (IoT)” (Greengard, 2023).

​

IoT programming permits physical objects to interact, exchange information and use established Internet protocols, low range communication protocols and establish autonomous private networks to make decisions.  Adoption rates of IoT devices have skyrocketed creating a social and technological transformation.  Sensor technologies within IoT will continue to become cheaper, faster, more advanced and more widely available. The availability and cost bring new possibilities for sensor technologies including large-scale monitoring and detection (Dahlqvist et al, 2022).  The number of IoT devices is estimated to almost double from 15.1 billion in 2020 to over 29 billion connected devices in 2030 (Vailshery, 2023). Today people can buy a fridge that connects to their home network and reports the beverage inventory with no configuration needed.  The number and types of devices have limitless possibilities.  IoT devices are the backbone of “Smart Home” home automation technologies where a myriad of short-range IoT networks become interconnected to enhance people’s everyday lives.  The growing number of connected devices also means attackers have new ways to intervene in people’s lives by methods of attacking IoT devices (Kuzlu, et al. 2021. p2). 

​

Commercial implementations aim to improve efficiency and limit complexities in production as well as gain business insights out of information that already exists waiting to be unearthed.  Industrial Internet of Things (IIoT) is a sub-category of IoT devices that work along existing Supervisory Control and Aata Acquisition (SCADA) systems (Lumifi, n.d.).  Devices range from sensors that capture temperature, flow, pressures, quantities and weights.  Actuators on manufacturing equipment control sorting and process executions without human intervention require.  IoT devices extend outside industrial facilities to premise security applications and devices that interact with end customers to collect valuable customer data (Lumifi, n.d.). 

​

IoT, Big Data and AI technologies are part of the fourth industrial revolution known as Industry 4.0 Technologies.  Industry 4.0 functions will better collect and analyze data transforming it into information that businesses can use to gain a competitive edge (Karabegović, 2023).  The scale of industrial and municipality IoT networked devices bridge large geographic areas compared to home networks utilizing cellular communication technologies such as LTE and 5G. 

​

Internet of Medical Things (IoMT) connects medical devices with the intent to help drive down costs for the medical industry and provide more vital information on patients faster. Devices can integrate with the existing Electronic Health Record (EHR) enhancing patient observation, diagnosis, and treatment.  Goldman Sachs predicts that 300 billion in costs could be saved by IoMT in healthcare (Garg, 2002).   The cost savings are driving interest in the IoMT market at a competitive rate compared to residential and commercial implementations.  By 2020 it is estimated IoMT device to comprise 40% of the IoT market (Ghubaish et al., 2020) and by 2025 to have the majority of the IoT market share (Ksibi, et al, 2023).

 

Deeper integration into daily life in the areas of home, commercial and health, it raises questions about what steps are being taken to maintain security integrity in IoT equipment. Especially as equipment ages and both known and unknown vulnerabilities are exploited.  Low power devices utilizing embedded OSes can’t always use traditional desktop security solutions that end-hosts do (Diro, et al.2021).

Security vulnerability exposures arise due to the complexity and the diversity of

IoT technology implementations.  Several different security concerns are raised for each sector where IoT devices are used.  For residential, studies show adopters of IoT devices are concerned about privacy within the home, how transferred data is managed, stored or processed in cloud systems.  Homeowners are also worried of physical intrusion by malicious attackers bypassing security measures of smart devices used to physically secure the home (Schuster, 2022).  Addressing these security concerns is vital to the future commercial success of device adopting within people’s homes.  Furthermore, even if manufacturers work to address those security concerns, other relaxed security measures previously existing on home networks due to lack of consumer education and installation assistance could lead to compromise.  Broadband Genie, an independent UK comparison service performed a survey involving 2,205 people over the age of 18 and asked them a set of simple broadband security maintenance questions about their habits at home.  Only 14% of respondents have ever updated their router firmware (Powell, 2018).  Even more surprising is that 82% of respondents never changed their default router administrator password (Powell, 2018).

​

In commercial applications, mission critical industrial IoT networks are becoming a norm with Industry 4.0 while integrating into existing security models.  More connected devices introduce a broad attack surface for cybercriminals to compromise and create a large impact by interrupting manufacturing or facility use.  Industry reports indicate 40% of all industrial sites have Internet connectivity to the outside world (Lumifi, n.d.).  There could be financial implications or physical safety concerns with IoT compromise within the manufacturing environment.  The Open Worldwide Application Security Project (OWASP) was established to improve the security of software by providing frameworks for developers and organizations to strive for the goal of no more insecure software.  The OWASP indicated the lack of integrated risk management approach for IoT data lifecycle management creates widespread challenges for companies.  This may lead to poor risk management practices (Popescu et al., 2022). 

​

            In medical applications, IoMT poses safety concerns for people’s health and wellbeing if data or availability is compromised.  Ksibi, et al. (2023) presented a Comprehensive Study of Security and Cyber‑Security Risk Management within e‑Health Systems analysis stating:

Security and privacy are very challenging for e-health given the sensitivity of data. Many researchers have shown that security shortcomings in IoMT affect systemically patient’s health and safety.  As stated, there is a lack of governance mechanisms, standards, regulations and laws, as well as industry best practices which has led to great difficulties in security requirements implementation. (p. 110)

​​

            End to end security requirements is hard to fulfill but security is crucial for IoMT environments when privacy and confidentiality are backed by strict laws.  The Health Insurance Portability and Accountability Act (HIPAA) of 1996 contains a clause called the Privacy Rule.  The Privacy rule protects protected health information (PHI) all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form.  It’s up to the IoT controller to ensure confidentiality, integrity, and availability of all PHI created, maintained, transmitted or received.  As well as identify and protect against reasonably anticipated threats (HIPAA, 1996).  The privacy rules of HIPAA create security challenges in health environments.  Current e-health challenges include resource constrained devices, lack of standards and best practice rules, heterogenous protocols and channels, very sensitive data, anonymity/mobility and lack of skilled stakeholders (Ksibi, et al., 2023).

​

Globally in all sectors over 300,000 IoT devices were infected in 2016 to create a botnet called Mirai (Krebs, 2017).  The devices aided in a Distributed Denial of Service (DDoS) attack that took down major websites such as PayPal, Amazon, Spotify and more.  The source code for the attack was published online allowing others to take advantage of the unsecured IoT resources (CSO, 2016).  Examples of attacks like Mirai and concerns of IoT, IIoT and IoMT implementations are a driving force enhancing IoT security.  Security Intelligence notes that “For enterprises that are rapidly adopting both IoT technology and cloud architecture, insufficient security controls could expose the organization to elevated risk” (DeBeck, 2019). 

​

Modern Technologies

Emerging frameworks, Fog computing, encryption and hashing methods as well as machine learning show promising outlooks to secure future networks.

​

Emerging Frameworks

World Economic Forum’s 2020 State of the Connected World report sums up the importance of policy of setting frameworks and standards for emerging IoT technologies; “industry standards and self-governance approaches designed to achieve the greatest potential benefit of that technology for society as a whole. Effective technology governance mitigates risks and reduces the potential harms…” (WEF, 2020, p. 71).

In 2019 the National Institute of Standards and Technology (NIST) published a framework called Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks (Boeckl, 2019).   The paper summarizes the three recommendations that companies understand risks of IoT implementation, adjust policies to address cybersecurity and implement mitigation practices.  The Industrial Internet Consortium (IIC) Security Framework looks ahead at AI working in assistance with IoT by publishing guidelines based on business viewpoints, usage viewpoints and AI implementation considerations.  It offers suggestions on ethical considerations and social economic impacts of IoT deployment.

 

As previously mentioned, there is OWASP which was established to improve the security of software by providing frameworks for developers and organizations.  To help formulate much-needed frameworks, the Internet Engineering Task Force (IETF) works to set IoT security standards by increasing the visibility and communication between IETF and other SDOs, industry alliances, and organizations.  However, currently there does not appear to be more detailed frameworks that suggest protocol implementations, physical security considerations, data at rest policies, protection measures or perimeter security recommendations.  Detailed guidelines outlining these would pave a road for developers and manufacturers to align building their devices suited for these integration methods (Abdulghani, 2023).

​

Fog Computing

Smart sensors embedded in IoT devices can generate enormous amounts of data.  To overcome the limitations of bandwidth, storage capacity, processing latency and power consumption, most IoT devices traditionally have used cloud-based communication (Garg, 2022).  Smart sensors collect data while actual processing is offloaded outside of the local network where information can be accessed by end users.  Shared transportation and usage in cloud environments is prone to problems of latency, data loss and privacy violation. The concept of Fog computing, also known as Edge Computing, brings the Fog based model such as data pre-processing to the local network as an intermediary layer (Gasmi et al., 2022).  Storage and processing are handled within the local network by server(s) where end-users can access them locally.  Less frequently accessed data is offloaded to cloud environments.  Offloading locally on an intermediary layer created by Fog leaves the cloud entity to act as a control plane or for remote access to the IoT infrastructure information.  The Fog infrastructure architecture addresses latency issues of off-site network processing and connectivity provider outages.  In IoMT implementation with wearable devices like heart monitors or embedded pacemakers, response time and processing availability is critical where medical staff need to be notified immediately of a medical emergency.  Keeping data in-house for IoMT uses also reduces the need for Business Associate Agreements (BAA) with other providers for HIPAA regulations to offset liability in case of an outside data breach. 

Fog nodes can be higher capability nodes with more processing power called high-level nodes or nodes with less capability called low-level nodes.  An example of a low-level node would be a cell phone acting as an intermediary between a device and cloud layer.  Low-level nodes can have practical applications in remote IoT devices.  In 2015 Cao et al. conducted experiments in a system for fall detection of patients using a low-level fog node of a cellphone.  The results showed that the system achieved high sensitivity and low false alerts and adhered to the minimum response times as well as energy consumption (Cao, et al., 2015). 

​

The introduction of Fog computing and high-level nodes, such as servers, create an opportunity for securing IoT infrastructure within the local network by utilizing those high-level resources of processing power.  Song & García-Valls in 2022 proposes methods of self-monitoring from IoT edge nodes by monitoring the server, sensors and the personal device accessing the network in search of potential vulnerabilities, namely cross-site scripting (XSS) attacks.  Port scans, malware, and local anomalies within the local network that do not match existing activity baselines are all features that could be implemented on the network edge as a protective barrier to internal IoT devices (Song & García, 2022). 

​

Traditional IP address-based Access Control lists (ACLs) could prevent attackers from directly accessing the device by limited traffic to only known Fog nodes.  Additional computing resources by Fog computing assist resource constrained or battery-operated IoT devices that may not have the power to utilize Transport Layer Security (TLS) ciphers.  Intermediate encryption methods can be used on fog nodes and in turn the higher power node is responsible for increasing encryption protection to popular standards when transferring data beyond the network edge that IoT devices otherwise could not process under limited power and compute resources. 

Further building upon basic ACLs is the risk estimation of user behavior.  Daoud et al. proposed a new access control scheme in Fog based computing to detect abnormal behavior and then deactivate illegitimate actions by way of three basic functions (Daoud, et al., 2023).

Table 1 shows functions of an access control scheme.  Fog computing acts as a platform for many new possibilities acting as a first line of defense between the outside world and data collection nodes.

 

​

 

 

 

 

 

 

 

 

 

 

Low-Power Encryption

Hashing, digital signatures and encryption schemes are becoming a focus in cybersecurity to maintain data confidentiality, authenticity, and integrity in the modern communication world.  IoT devices have a wide range of data types they collect and transmit.  Personal information from residential IoT, proprietary data from industry IIoT and PHI from patients in IoMT.  Transport protocols often consider the low-power needs of IoT devices by minimizing protocol overhead on payloads and on-unit data processing. 

Adding overhead of commonly used encryption methods burdens existing resources of low-power devices.  RSA operates in asymmetric private and public key pairs imposing the need to exchange key pairs between devices and be managed through a key infrastructure management system.

AES and DES are symmetric encryption methods requiring only one key but impose other complex burdens.  The use of Initialization Vectors (IV) is to ensure the same payload data sent with the same key appears differently as a cipher requires additional memory.  The inter-device communication would also require storing unique keys for each device adds to multiplying memory usage.  Managing keys for 1000 devices would consume 160% of RAM in a PIC18F25K50 microchip commonly used in IoT hardware (Ko & Bilski, 2023).

Proposed solutions are to use higher security, which can be achieved by using lightweight cryptography (LWC) such as ChaCha and Play-fair encryptions. The ChaCha encryption scheme is widely used in areas, such as mobile networks and other wireless communications. The ChaCha to create a new keystream generator for manufacturing keys while boosting security standards and reducing difficult phases.  The Playfair encryption uses a cypher based on alphabet letter encryption that treats letters as separate data units and converts them to ciphertext letters. Studies found ChaCha and Play-fair encryptions reduces hardware requirements, power consumption and applies higher security standards in the IoT infrastructure (Jammula & Kondoju, 2022).

​

Validating data authenticity traditionally can be done by hash computation methods MD5, SHA1 or SHA2 but these too demand high computational output.  In an experiment, Ko & Bilski also attempted MD5 hashing on a Mica2 board and required 36360 CPU cycles.  Hashing using a lesser-known Light-weight One-way Cryptographic Hash Algorithm (LOCHA) proposed by Chowdhury, et al in 2014 only required 2952 clock cycles (Chowdhury, 2014).  Results show that a deviation from known Internet standards can effectively perform similar tasks that address the specific security concerns of low-power devices.  More research into new algorithms that address the limitations of key exchange and hash computations are needed but in the meantime the evolution of processing power and lower power consumption of new microprocessors may help bridge the gap between the computation needs of existing encryption algorithms and the capabilities of IoT devices.

 

Blockchain

Between 2008 and 2009 Blockchain was introduced to the public as a means of creating a decentralized cryptocurrency called Bitcoin (Judmayer, et al., 2022).  Since then, numerous currencies have been implemented using the Bitcoin protocol and blockchain technology.  Blockchain operates on a distributed ledger system creating accountability between records. The network of accountability between nodes has considerable potential for securing IoT devices by eliminating centralized cloud-based architecture dedicated to authentication and authorization of devices and users.  Additional key characteristics include data transparency, distributed information, and security from malicious attacks.  Researchers are focusing on power-efficient blockchain solutions for IoT devices and is an active research area (Arachchige, 2023).    A blockchain IoT framework characterizes, filters, and continuously monitors devices compiling digital signatures from the digital characteristics of the end device.  Digital signatures can be based on user identification and timestamps in turn protecting, proving and auditing non-repudiation in data-intensive applications and IoT systems (Kairaldeen, et al., 2023).  The use of blockchain technology requires application developers to consider the entire IoT ecosystem on a network and not just the application operating on a single IoT device.

​

Machine Learning

Developers are looking towards machine learning and artificial intelligence to have an up-to-date security posture that is ever changing to address new attack methods.  By implementing Machine Learning (ML) IoT devices could use the vast amounts of data produced to feed ML algorithms as part of a machine-learning-based IoT security model.  ML can be trained to recognize common attacks and stop them early on.  Methods can include rules, procedures or transfer auctions and networks by training Intrusion Detection System (IDS) to understand the IoT ecosphere.  Researchers fed data from historical telemetry data, camera data and sensor data from an IIoT network into a ML algorithm.  After proper training to the ML algorithm achieved a 13% improvement in the anomaly detection rate and a 3% decrease in false positives concluding “Improved anomaly detection enabled faster and more effective responses to unusual events, decreasing critical incidents and improving overall security.” (Jaramillo-Alcazar & Villegas-Ch, 2023).  Aside from security improvements within the network, the detection of anomalies can prevent downtime or device resource usage anomalies.  This shows promising avenues for automated detection from extracting actionable insight and automated prevention of unknown security threats through the use of machine learning methods.

 

Summary

Resource constraints presented by IoT device hardware limit traditional end-point security methods while IoT adopting rates continue to flourish.  Only by designing, planning and adhering to much needed cybersecurity frameworks can developers, manufacturers and end-users pave the way for end-to-end secure implementation of IoT ecosystems.  Powerful edge computing layers, device embedded security features including lightweight encryption mechanisms and machine learning offer promising technologies to create smarter IoT networks and improve functional efficiency and throughput. 

 

​

References

Arachchige, K. G., Branch, P., & But, J. (2023). Evaluation of Correlation between Temperature of IoT Microcontroller Devices and Blockchain Energy Consumption in Wireless Sensor Networks. Sensors (14248220), 23(14), 6265.
https://doi-org.proxy.library.kent.edu/10.3390/s23146265

​

Boeckl, K., Boeckl, K., Fagan, M., Fisher, W., Lefkovitz, N., Megas, K. N., ... & Scarfone, K. (2019). Considerations for managing Internet of Things (IoT) cybersecurity and privacy risks. Gaithersburg: US Department of Commerce, National Institute of Standards and Technology.  https://doi.org/10.6028/NIST.IR.8228

​

Cao, Y., Chen, S., Hou, P., & Brown, D. (2015, August). FAST: A fog computing assisted distributed analytics system to monitor fall for stroke mitigation. In 2015 IEEE international conference on networking, architecture and storage (NAS) (pp. 2-11). IEEE.

Chowdhury, A. R., Chatterjee, T., & DasBit, S. (2014). LOCHA: a light-weight one-way cryptographic hash algorithm for wireless sensor network. Procedia Computer Science, 32, 497-504.

​

Spicer, D., Bell, G. Zimmerman, J. Boas, J., Boas, B. (n.d.) Internet History of 1980s. Computer History. https://www.computerhistory.org/internethistory/1980s/

​

Dahlqvist,D., Patel, M., Rajko, A., & Shulman, J. (2022). Growing opportunities in the Internet of Things.  McKinsey & Company.  https://www.mckinsey.com/industries/private-equity-and-principal-investors/our-insights/growing-opportunities-in-the-internet-of-things#/

Daoud, W. B., Othmen, S., Hamdi, M., Khdhir, R., & Hamam, H. (2023). Fog computing network security based on resources management. EURASIP Journal on Wireless Communications & Networking, 2023(1), 1–18.
https://doi-org.proxy.library.kent.edu/10.1186/s13638-023-02256-1

​

DeBeck, C., Chung, J., McMillen, D. (2019). I Can’t Believe Mirais: Tracking the Infamous IoT Malware. SecurityIntelligence. https://securityintelligence.com/posts/i-cant-believe-mirais-tracking-the-infamous-iot-malware-2/

​

Diro, A., Chilamkurti, N., Nguyen, V.-D., & Heyne, W. (2021). A Comprehensive Study of Anomaly Detection Schemes in IoT Networks Using Machine Learning Algorithms. Sensors, 21(24), 8320. MDPI AG. Retrieved from http://dx.doi.org/10.3390/s21248320

​

Garg, N., Wazid, M., Singh, J., Singh, D. P., & Das, A. K. (2022). Security in IoMT‐driven smart healthcare: A comprehensive review and open challenges. Security & Privacy, 5(5), 1–27. https://doi-org.proxy.library.kent.edu/10.1002/spy2.235

​

Gasmi, K., Dilek, S., Tosun, S., & Ozdemir, S. (2022). A survey on computation offloading and service placement in fog computing-based IoT. Journal of Supercomputing, 78(2), 1983–2014. https://doi-org.proxy.library.kent.edu/10.1007/s11227-021-03941-y

​

Ghubaish, A., Salman, T., Zolanvari, M., Unal, D., Al-Ali, A., & Jain, R. (2020). Recent advances in the internet-of-medical-things (IoMT) systems security. IEEE Internet of Things Journal, 8(11), 8707-8718.

​

Greengard, S. (2023, October 20). Internet of Things. Encyclopedia Britannica. https://www.britannica.com/science/Internet-of-Things

HIPAA. (1996). Summary of the HIPAA Security Rule. HHS. https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html

  https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/

​

IEEE (1999a) IEEE Standard for Telecommunications and Information Exchange Between Systems - LAN/MAN Specific Requirements - Part 11: Wireless Medium Access Control (MAC) and physical layer (PHY) specifications: High Speed Physical Layer in the 5 GHz band. IEEE SA. https://standards.ieee.org/ieee/802.11a/1165/

​

IEEE (1999b) IEEE Standard for Information Technology - Telecommunications and information exchange between systems - Local and Metropolitan networks - Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications: Higher Speed Physical Layer (PHY) Extension in the 2.4 GHz band. IEEE SA. https://standards.ieee.org/ieee/802.11b/1166/

Jammula, M., Vakamulla, V. M., & Kondoju, S. K. (2022). Hybrid lightweight cryptography with attribute-based encryption standard for secure and scalable IoT system. Connection Science, 34(1), 2431–2447.
https://doi-org.proxy.library.kent.edu/10.1080/09540091.2022.2124957

​

Jaramillo-Alcazar, A., Govea, J., & Villegas-Ch, W. (2023). Anomaly Detection in a Smart Industrial Machinery Plant Using IoT and Machine Learning. Sensors (14248220), 23(19), 8286. https://doi-org.proxy.library.kent.edu/10.3390/s23198286

Judmayer, A., Stifter, N., Krombholz, K., & Weippl, E. (2022). Blocks and chains: introduction to bitcoin, cryptocurrencies, and their consensus mechanisms. Springer Nature.

​

Kairaldeen, A. R., Abdullah, N. F., Abu-Samah, A., & Nordin, R. (2023). Peer-to-Peer User Identity Verification Time Optimization in IoT Blockchain Network. Sensors (14248220), 23(4), 2106. https://doi-org.proxy.library.kent.edu/10.3390/s23042106

​

Karabegović, I. (2023). Sensory Technology Is One of the Basic Technologies of Industry 4.0 and the Fourth Industrial Revolution. Acta Technica Corviniensis - Bulletin of Engineering, 16(1), 1–6.

​

Ko, sciug, B., & Bilski, P. (2023). Energy Saving Chaotic Sequence Based Encryption, Authentication and Hashing for M2M Communication of IoT Devices. International Journal of Electronics & Telecommunications, 69(2), 253–259. https://doi-org.proxy.library.kent.edu/10.24425/ijet2023.144358

​

Ksibi, S., Jaidi, F., & Bouhoula, A. (2023). A Comprehensive Study of Security and Cyber-Security Risk Management within e-Health Systems: Synthesis, Analysis and a Novel Quantified Approach. Mobile Networks & Applications, 28(1), 107–127.
https://doi-org.proxy.library.kent.edu/10.1007/s11036-022-02042-1

​

Krebs, B. (2017). Mirai IoT Botnet Co-Authors Plead Guilty. Krebs on Security. https://krebsonsecurity.com/2017/12/mirai-iot-botnet-co-authors-plead-guilty/

​

Kuzlu, M., Fair, C., & Guler, O. (2021). Role of artificial intelligence in the Internet of Things (IoT) cybersecurity. Discover Internet of things, 1, 1-14. https://link.springer.com/article/10.1007/s43926-020-00001-4

Lumifi (n.d.) What is SCADA and IoT? Lumifi.
https://www.lumificyber.com/blog/what-is-scada-iot/

​

Popescu, T., Popescu, A., & Prostean, G. (2021). IoT Security Risk Management Strategy Reference Model (IoTSRM2). Future Internet, 13(6), 148. https://doi.org/10.3390/fi13060148

​

Powell, M. (2018) Wi-Fi router security knowledge gap putting devices and private data at risk in UK homes. Broadband Genie. https://www.broadbandgenie.co.uk/blog/20180409-wifi-router-security-survey

​

Rajeshwar, K., & Roozeboom, F. (2007). Gordon E. Moore and His Legacy: Four Decades and Counting. The Electrochemical Society Interface, 1, 1-14

Schuster, F., & Habibipour, A. (2022). Users’ Privacy and Security Concerns that Affect IoT Adoption in the Home Domain. International Journal of Human-Computer Interaction, 1–12. https://doi-org.proxy.library.kent.edu/10.1080/10447318.2022.2147302

​

SentinelOne. (2016). Expect More IoT Botnet Attacks: Mirai Source Code Now Freely Available. CSO. https://www.csoonline.com/article/558973/expect-more-iot-botnet-attacks-mirai-source-code-now-freely-available.html

​

Song, L., & García-Valls, M. (2022). Improving Security of Web Servers in Critical IoT Systems through Self-Monitoring of Vulnerabilities. Sensors (14248220), 22(13), 5004–N.PAG. https://doi-org.proxy.library.kent.edu/10.3390/s22135004

​

Teicher, Jordan. (2018) The little-known story of the first IoT device. IBM.  https://www.ibm.com/blog/little-known-story-first-iot-device/

​

Vaidya, D. & Wallstreetmojo Team (n.d.) Moore’s Law. WallStreet Mojo.  https://www.wallstreetmojo.com/moores-law/

​

Vailshery, Lionel Sujay. (2023). Number of IoT connected devices worldwide 2019-2023, with forecasts to 2030. Statista.

WEF (2020). The State of the Connected World. World Economic Forum. https://www3.weforum.org/docs/

WEF_The_State_of_the_Connected_World_2020.pdf

​