IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 5, OCTOBER 2017 1125
A Survey on Internet of Things: Architecture,
Enabling Technologies, Security and
Privacy, and Applications
Jie Lin, Wei Yu, Nan Zhang, Xinyu Yang, Hanlin Zhang, and Wei Zhao
Abstract—Fog/edge computing has been proposed to be
integrated with Internet of Things (IoT) to enable computing
services devices deployed at network edge, aiming to improve
the user’s experience and resilience of the services in case of fail-
ures. With the advantage of distributed architecture and close to
end-users, fog/edge computing can provide faster response and
greater quality of service for IoT applications. Thus, fog/edge
computing-based IoT becomes future infrastructure on IoT devel-
opment. To develop fog/edge computing-based IoT infrastructure,
the architecture, enabling techniques, and issues related to IoT
should be investigated first, and then the integration of fog/edge
computing and IoT should be explored. To this end, this paper
conducts a comprehensive overview of IoT with respect to system
architecture, enabling technologies, security and privacy issues,
and present the integration of fog/edge computing and IoT, and
applications. Particularly, this paper first explores the relation-
ship between cyber-physical systems and IoT, both of which play
important roles in realizing an intelligent cyber-physical world.
Then, existing architectures, enabling technologies, and security
and privacy issues in IoT are presented to enhance the under-
standing of the state of the art IoT development. To investigate the
fog/edge computing-based IoT, this paper also investigate the rela-
tionship between IoT and fog/edge computing, and discuss issues
in fog/edge computing-based IoT. Finally, several applications,
including the smart grid, smart transportation, and smart cities,
are presented to demonstrate how fog/edge computing-based IoT
to be implemented in real-world applications.
Index Terms—Applications, enabling technologies, fog/edge
computing, Internet of Things (IoT), security and privacy.
I. INTRODUCTION
FOG/EDGE computing is an architecture organized by thenetworking edge devices or clients to provide computing
Manuscript received September 27, 2016; revised February 13, 2017;
accepted February 28, 2017. Date of publication March 15, 2017; date of cur-
rent version October 9, 2017. This work was supported in part by the National
Science Foundation (NSF) under Grant CNS 1350145 and in part by the USM
Wilson H. Elkins Professorship fund. Any opinions, findings and conclusions
or recommendations expressed in this material are those of the authors and
do not necessarily reflect the views of the agencies. (Corresponding author:
Wei Yu.)
J. Lin and X. Yang are with the Department of Computer Science
and Technology, Xi’an Jiaotong University, Xi’an 710049, China (e-mail:
[email protected]; [email protected]).
W. Yu is with the Department of Computer and Information Sciences,
Towson University, Towson, MD 21252 USA (e-mail: [email protected]).
N. Zhang is with Department of Computer Science, George Washington
University, Washington, DC 20052 USA (e-mail: [email protected]).
H. Zhang is with the Department of Computer Science and Technology,
Qingdao University, Qingao 266061, China (e-mail: [email protected]).
W. Zhao is with the Department of Computer and Information Science,
University of Macau, Macau, China (e-mail: [email protected]).
Digital Object Identifier 10.1109/JIOT.2017.2683200
services for customers or applications in the space between
networking central servers and end-users [16], [147]. In
fog/edge computing, the massive data generated by different
kinds of Internet of Things (IoT) devices can be processed at
the network edge instead of transmitting it to the centralized
cloud infrastructure due to bandwidth and energy consumption
concerns [103], [116]. Because fog/edge computing is orga-
nized as distributed architecture and can process data and store
data in networking edge devices, which is close to end-users,
fog/edge computing can provide services with faster response
and greater quality, in comparison with cloud computing [147].
Thus, fog/edge computing is more suitable to be integrated
with IoT to provide efficient and secure services for a large
number of end-users, and fog/edge computing-based IoT can
be considered as the future IoT infrastructure [16].
To design and deploy fog/edge computing-based IoT, the
concept and features of IoT should be investigated first. IoT
can connect ubiquitous devices and facilities with various
networks to provide efficient and secure services for all appli-
cations anytime and anywhere [9], [80]. Based on the afore-
mentioned definition, two features are required in IoT. First,
IoT is the extension of the net or Internet [10], meaning that,
in IoT, various networks should coexist, and the interoperabil-
ity among these networks is critical for information delivery
and supporting applications [7], [87]. Interconnection is a crit-
ical architecture issue in IoT [131]. Second, things connected
in IoT are no longer limited to devices or objects, but can
also be information, human behaviors, etc. [119], [123]. Thus,
IoT should include mechanisms that handle the connection of
objects in a broader manner.
There have been a number of research efforts devoted to
developing IoT prototypical systems [131], [136]. Nonetheless,
most of the systems that focus on specific applications
are implemented within extranet or intranet, and have no
interaction with each other. Based on the features of IoT that
interconnection is a critical architecture issue, strictly speak-
ing, these systems or applications are not “IoT,” but the “Net
of Things,” or can even be considered as “Net of Devices,”
and the interactions between these extranets and intranets
were missed [123], [131]. Thus, IoT should cover all things
in large-scale networks, in which various networks should
coexist, and are able to interact with each other via various
gateways and middlewares, supported by the complex control
plane [87]. One vision is that a generalized network infras-
tructure that integrates various networks should be designed,
2327-4662 c© 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
1126 IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 5, OCTOBER 2017
and all IoT-based systems or applications can provide their ser-
vices by efficiently sharing network resources and information
across the generalized network infrastructure. For example, in
smart cities [14], [155], if a generalized network infrastructure
can be implemented and is able to cover all regions in a city,
applications (smart grid, smart transportation, smart health-
care, etc.) can share their individual network infrastructures to
enable data collection and information delivery. In this vision,
everything that is interconnected in the network can be realized
because all applications can interact with each other easily and
share the resources effectively. The implementation of gener-
alized network infrastructure can reduce the cost of network
deployment as well [155].
To have a generalized network infrastructure, the develop-
ment of IoT with respect to architectures, enabling technolo-
gies, and possible challenges should be studied first. In recent
years, several published survey papers reviewed the IoT tech-
nologies from different aspects. For example, the survey work
done by Atzori et al. [10] presented the enabling communica-
tion technologies and different visions of IoT, which can help
those who want to approach this field have a primary under-
standing of IoT. The survey work done by Al-Fuqaha et al. [7]
presented the enabling technologies, protocols, and possible
applications of IoT, in which the horizontal overview of IoT
was provided and the key IoT challenges were presented to
point out the future directions. There have been also a num-
ber of research efforts devoted to security and privacy issues in
IoT. For instance, the survey work done by Andrea et al. [8]
presented the security vulnerabilities and challenges in IoT
from the view of applications, networks, and physical systems,
and considered the security and privacy issues in technolo-
gies associated with physical systems, networking, software,
and encryption. The survey work done by Sha et al. [115]
presented challenges issues and opportunities in IoT. In addi-
tion to the aforementioned survey papers, Botta et al. [18]
considered the integration of cloud computing and IoT. Also,
Wu and Zhao [131] proposed a novel IoT infrastructure,
namely WInternet, which can be designed and realized by cur-
rent Internet technologies, and meets various requirements of
IoT. Although a number of efforts have been conducted, most
existing surveys have only focused on specific aspects of IoT.
This calls for a comprehensive survey of IoT to help newcom-
ers have a general understanding of the complex discipline of
this emergent research area.
To full the gap, this paper first reviews the existing efforts
on IoT and then present the integration of fog/edge computing
and IoT and related issues. In particular, this paper conduct
a comprehensive overview of IoT with respect to architec-
tures, enabling technologies, security and privacy issues, and
present the foundation of fog/edge computing-based IoT and
applications. Meanwhile, possible open issues and challenges
in IoT are presented as well. Particularly, the relation between
cyber-physical systems (CPSs) and IoT is explored first. Notice
that both CPS and IoT emphasize the interactions between
the cyber world and the physical world, and are easily con-
fused with one another. In addition, the difference between
CPS and IoT has not been clearly distinguished before. The
detailed relation between CPS and IoT can help newcomers to
understand the concept and features of IoT. Then, to provide a
better understanding of the state of the art in IoT development,
the architectures, enabling technologies, and challenges in IoT
are clearly presented. We consider IoT as multilayer archi-
tectures, divided into the perception layer, networking layer,
service layer, and application layer. Based on the multilayer
architecture, enabling technologies and open issues in each
layer are then presented. After that, security vulnerabilities
and challenges are discussed, and the security issues with
respect to confidentiality, integrity, availability, as well as pri-
vacy issues in IoT are discussed. In addition, the integration of
IoT and fog/edge computing and related issues are presented
to enable the design and deployment of fog/edge computing-
based IoT. Finally, several applications (smart grid, smart
transportation, and smart cities) are presented to illustrate
how fog/edge computing-based IoT are to be implemented in
real-world IoT-based systems.
This paper is organized as follows. We introduce rela-
tion between CPS and IoT in Section II. We present the
architectures of IoT in Section III. We present the enabling
technologies and challenges of IoT in Section IV. We present
the security and privacy issues of IoT in Section V. The
integration of IoT and fog/edge computing is presented in
Section VI. Finally, we conclude this paper in Section VIII.
II. CPSs AND IoT
In this section, the relation between CPS and IoT is clarified.
In the following, we first give the overview of CPS and then
discuss the key differences between CPS and IoT.
A. Overview of CPS
Generally speaking, CPS is referred to as the system that
can efficiently integrate both cyber and physical components
through the integration of the modern computing and com-
munication technologies [5], [130], aiming to changing the
method of interaction among the human, cyber and physical
worlds. CPS emphasizes the interactions between cyber and
physical components and has a goal of making the monitor-
ing and control of physical components secure, efficient, and
intelligent by leveraging cyber components [23].
In CPS, “cyber” means using the modern sensing, comput-
ing, and communication technologies to effectively monitor
and control the physical components, while “physical” means
the physical components in real world, and “system” reflects
the complexity and diversity. Based on the clarification, we
can see that a CPS consists of multiple heterogeneous dis-
tributed subsystems [50]. Similar to the development of IoT,
CPS has been developed in numerous areas [50], [72], [73],
including smart grid, smart transportation, etc.
As shown in [23], the CPS is the integration of physi-
cal components, sensors, actuators, communication networks,
and control centers, in which sensors are deployed to mea-
sure and monitor the status of physical components, actuators
are deployed to ensure the desirable operations on physi-
cal components, and communication networks are used to
deliver measured data and feedback comments among sen-
sors, actuators, and control centers. The control centers are
LIN et al.: SURVEY ON IoTs: ARCHITECTURE, ENABLING TECHNOLOGIES, SECURITY AND PRIVACY, AND APPLICATIONS 1127
Fig. 1. Integration of IoT and CPS.
used to analyze measured data and sent feedback com-
mands to actuators, ensuring the system operate in desired
states [23], [143].
B. Difference Between CPS and IoT
Based on the overview of CPS, we know that both CPS and
IoT aim to achieve the interaction between cyber world and
physical world [99]. Particularly, CPS and IoT can measure
the state information of physical components via smart sensor
devices without human’s input. Meanwhile, in both CPS and
IoT, the measured state information can be transmitted and
shared through wired or wireless communication networks.
After the analysis of measured state information, both CPS
and IoT can provide secure, efficient, and intelligent services
to applications. The existing efforts on CPS applications and
IoT applications have been expanded to similar areas (smart
grid, smart transportation, smart city, etc.).
Because of the similarities between CPS and IoT, it is an
urgent need to clarify the difference between CPS and IoT
so that newcomers may enter this complex discipline easily.
Nonetheless, few existing efforts clearly identify the difference
between CPS and IoT, and several efforts have even considered
the CPS and IoT to be the same concept. Thus, to fulfil this
gap, the difference of CPS and IoT is clarified below.
As mentioned above, the essence of CPS is the system and
the main objective of CPS is to measure the state information
of physical devices and ensure the secure, efficient, and intelli-
gent operation on physical devices. In CPS, the sensor/actuator
layer, communication layer, and application (control) layer are
present. The sensor/actuator layer is used to collect real-time
data and execute commands, communication layer is used to
deliver data to upper layer and commands to lower layer, and
application (control) layer is used to analyze data and make
decisions. Fig. 1 illustrates the three layers in CPS. From this
figure, we can see that CPS is a vertical architecture.
In contrast, IoT is a networking infrastructure to connect a
massive number of devices and to monitor and control devices
by using modern technologies in cyber space. Thus, the key
of IoT is “interconnection.” The main objective of IoT is
to interconnect various networks so that the data collection,
resource sharing, analysis, and management can be carried
out across heterogeneous networks. By doing so, reliable, effi-
cient, and secure services can be provided. Thus, IoT is a
horizontal architecture, which should integrate communica-
tion layers of all CPS applications to achieve interconnection,
as shown in Fig. 1. Notice that, the interconnection of
various networks is not only limited to physical connections.
Control plane (interfaces, middleware, protocols, etc.) should
be designed to ensure that data can be efficiently delivered
across different kinds of networks and shared. For instance,
in a smart city, networks of smart weather forecasting, smart
transportation, and smart grid should be interconnected and
interact with each other. Data from smart transportation and
smart weather forecasting should be processed and extracted
and used by the smart grid to determine the states and bright-
ness of street-lamps to ensure efficient use of energy resources,
as well as traffic safety at night.
Actually, control plane in IoT is more complex than that
in Internet and has been ignored by most if not all. Recently,
some efforts have been focused on the control plane in IoT.
For example, Wu and Zhao [131] proposed an IoT architecture,
namely WInternet, which focuses on interconnecting various
Net of Things into a large-scale global network. In WInternet,
the internal architecture of nodes was innovated with embed-
ded computing capability to ensure that critical applications
can interaction with physical space. Also, protocols (netlet
computation and pipe communication protocol) were designed
to meet requirements of IoT applications.
To summarize, the basic difference between CPS and IoT
is that, CPS is considered as a system, while IoT is consid-
ered as “Internet.” The common requirements for both CPS
and IoT are real-time, reliable, and secure data transmission.
The distinct requirements for CPS and IoT are listed as fol-
lows: for CPS, effective, reliable, accurate, real-time control
is primary goal, while for IoT, resource sharing and manage-
ment, data sharing and management, interface among different
nets, massive-scale data and big data collection and storage,
data mining, data aggregation and information extraction, and
high quality of network quality of service (QoS) are important
services.
In fact, one of the most representative applications that inte-
grate CPS and IoT is smart cities, in which several CPS appli-
cations operate simultaneously, including smart gird, smart
transportation, smart healthcare, etc. As shown in Fig. 1, the
communication layers of all applications are interconnected as
a unified network to provide service for smart cities.
III. ARCHITECTURE
In this section, we show several existing architectures
for IoT.
A. Three-Layer Architecture
Typically, the architecture of IoT is divided into three
basic layers [83]: 1) application layer; 2) network layer; and
3) perception layer, which are further described below.
1) Perception Layer: It is also known as the sensor layer,
is implemented as the bottom layer in IoT architecture [11].
The perception layer interacts with physical devices and com-
ponents through smart devices (RFID, sensors, actuators, etc.).
Its main objectives are to connect things into IoT network, and
to measure, collect, and process the state information associ-
ated with these things via deployed smart devices, transmitting
the processed information into upper layer via layer interfaces.
1128 IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 5, OCTOBER 2017
2) Network Layer: It is also known as the transmission
layer, is implemented as the middle layer in IoT architec-
ture [68]. The network layer is used to receive the processed
information provided by perception layer and determine the
routes to transmit the data and information to the IoT hub,
devices, and applications via integrated networks. The network
layer is the most important layer in IoT architecture, because
various devices (hub, switching, gateway, cloud comput-
ing perform, etc.), and various communication technologies
(Bluetooth, Wi-Fi, long-term evolution, etc.) are integrated
in this layer. The network layer should transmit data to or
from different things or applications, through interfaces or
gateways among heterogeneous networks, and using various
communication technologies and protocols.
3) Application Layer: It is also known as the business layer,
is implemented as the top layer in IoT architecture [7]. The
application layer receives the data transmitted from network
layer and uses the data to provide required services or oper-
ations. For instance, the application layer can provide the
storage service to backup received data into a database, or
provide the analysis service to evaluate the received data for
predicting the future state of physical devices. A number of
applications exist in this layer, each having different require-
ments. Examples include smart grid, smart transportation,
smart cities, etc. [124], [132].
The three-layer architecture is basic for IoT and has been
designed and realized in a number of systems [132]. Yet,
despite the simplicity of the multilayer architecture of IoT,
functions and operations in the network and application lay-
ers are diverse and complex. For example, the network layer
not only needs to determine routes and transmit data, but
also provide data services (data aggregation, computing, etc.).
The application layer not only needs to provide services to
customers and devices, it must also provide data services
(data mining, data analytics, etc.). Thus, to establish a generic
and flexible multilayer architecture for IoT, a service layer
should be developed between network layer and application
layer to provide the data services in IoT. Based on this con-
cept, service-oriented architectures (SoAs) have recently been
developed to support IoT [7], [136].
B. SoA-Based Architecture
Generally speaking, SoA is a component-based model,
which can be designed to connect different functional units
(also known as services) of an application via interfaces and
protocols [10], [86], [135]. SoA can focus on designing the
workflow of coordinated services, and enable the reuse of soft-
ware and hardware components, improving the feasibility of
SoA for use in designing IoT architecture [10], [136]. Thus,
SoA can be easily integrated into IoT architecture, in which
data services provided by the network layer and the appli-
cation layer in the traditional three-layer architecture can be
extracted and form a new layer, namely the service layer (also
known as the interface layer or middleware layer). Thus, in an
SoA-based IoT architecture, four layers exist and interact with
each other [122], these being the perception layer, network
layer, service layer, and application layer. It is worth noting
that, in some existing efforts, the service layer is divided into
two sublayers, namely service composition sublayer and ser-
vice management sublayer. In addition, the business layer is
extracted from the application layer and works as the upper
layer of the application layer to provide complex service
requests.
In the four-layer SoA-based IoT architecture, the percep-
tion layer is performed as the bottom layer of the architecture,
and used to measure, collect, and extract the data associ-
ated with physical devices [52]. The network layer is used
to determine routes and provide data transmission support
via integrated heterogeneous networks [10], [47]. The service
layer is located between network layer and application layer,
providing services to support the application layer [10]. The
service layer consists of service discovery, service composi-
tion, service management, and service interfaces. Here, service
discovery is used to discover desired service requests, service
composition is used to interact with the connected objects,
and divide or integrate services to meet service requests in
an efficient way, service management is used to manage and
determine the trust mechanisms to meet service requests, and
service interfaces are used to support interactions among all
provided services. The application layer is used to support
the service requests by users. The application layer can sup-
port a number of applications, including smart grid, smart
transportation, smart cities, etc.
IV. ENABLING TECHNOLOGIES AND
CHALLENGES IN DIFFERENT LAYERS
Based on the architectures mentioned above, IoT can be
realized with several enabling technologies. In this section, the
four-layer SoA-based IoT architecture is taken as an example
to present the relevant enabling technologies and challenges
in each layer.
A. Perception Layer
In the perception layer, the main function is to identify
and track objects. To achieve this function, the following
technologies can be implemented.
1) RFID: Generally speaking, RFID, as a noncontact com-
munication technology, is used to identify and track objects
without contact. It support data exchange via radio signals
over a short distance [8], [162]. The RFID-based system con-
sists of RFID tag, RFID reader, and antenna [62]. RFID
tag can be a microchip attached to an antenna. Each RFID
tag is attached in an object and has its unique identification
number. An RFID reader can identify an object and obtain
the corresponding information by querying to the attached
RFID tag through appropriate signals [64]. An antenna is used
to transmit signals between RFID tag and RFID reader. In
comparison with other technologies, RFID has the following
benefits [51], [123] (fast scanning, durability, reusability, large
storage, noncontact reading, security, small size, low cost,
etc.). Because of these benefits, RFID can be useful in the per-
ception layer of IoT to identify and track objects and exchange
information.
LIN et al.: SURVEY ON IoTs: ARCHITECTURE, ENABLING TECHNOLOGIES, SECURITY AND PRIVACY, AND APPLICATIONS 1129
2) Wireless Sensor Networks: Wireless sensor network
(WSN) can play a very important role in IoT [34], [66], [85],
[94], [133], [150]. WSN can monitor and track the status of
devices, and transmit the status data to the control center or
sink nodes via multiple hops [6], [69]. Thus, WSN can be
considered as the further bridge between the real world and
the cyber world [130]. In comparison with other technolo-
gies, WSN has a number of benefits, including scalability,
dynamic reconfiguration, reliability, small size, low cost, and
low energy consumption. All these benefits help WSN to be
integrated in various areas with diverse requirements.
Notice that both RFID and WSN can be used for data acqui-
sition in IoT, and the difference is that RFID is mainly used
for object identification, while WSN is mainly used for the
perception of real-world physical parameters associated with
the surrounding environment [123].
3) Others: Barcode, also denoted 1-D code, stores the
information in several black lines and white spacings. These
lines and spacings have different widths, organized in a lin-
ear or 1-D direction, and are arranged with special encoding
rules [49]. The information included in the barcode can be
read by a machine that scans the barcode with an infrared
beam [93].
A 2-D code records the information by using black and
white pixels laid out on the plane, in which black pixel rep-
resents a binary of “1” and white pixel represents a binary
of “0” [49]. With special encoding rules, the black and
white pixels can store a significant amount of information.
In comparison with barcode, 2-D code has the benefit of
high information content, high reliability, high robustness,
etc. [123].
In addition, RFID sensor network (RSN) is an integration of
RFID system and sensor network. In an RSN, sensor network
can cooperate with RFID system to identify and track the sta-
tus of objects [138]. In an RSN, small RFID-based sensing
devices and RFID reader are implemented, where the RFID
reader works as a sink node to generate data and provides
power for network operations.
B. Network Layer
The network layer is used to determine routing, and provide
data transmission support through integrated heterogeneous
networks. In the following, some protocols that can enable
the reliable and secure communication in IoT are presented.
1) IEEE 802.15.4: IEEE 802.15.4 is a protocol designed for
the physical layer and the MAC layer in wireless personal area
networks (WPANs) [7], [37]. The goal of IEEE 802.15.4 is to
focus on low-rate WPANs, providing the low rate connections
of all things in a personal area with low energy consumption,
low rate transmission, and low cost [4]. IEEE 802.15.4 proto-
col stack is based on open system interconnection model, in
which each layer only implements parts of transmission func-
tions, and lower layers can provide service to upper layers.
IEEE 802.15.4 can support bands of 868/915M and 2.4 GHz,
and the data transmission rate on these bands can achieve 20,
40, and 250 Kb/s, respectively, [7]. IEEE 802.15.4 is a basis
for many wireless communication technologies and protocols,
such as ZigBee [63], WirelessHART [59], etc.
2) 6LoWPAN: Low-power WPANs (LoWPANs) are orga-
nized by a large number of low-cost devices connected via
wireless communications [123]. In comparison with other
types of networks, LoWPAN has a number of advantages
(small packet sizes, low power, low bandwidth, etc.) [123]. As
an enhancement, 6LoWPAN protocol was designed by com-
bining IPv6 and LoWPAN. In 6LoWPAN, IPv6 packets can
be transmitted over IEEE 802.15.4 networks [98]. Because
of the low cost and low energy consumption, 6LoWPAN is
suitable to IoT, in which a large number of low cost devices
are included. 6LoWPAN have several advantages, including a
great connectivity and compatibility with legacy architectures,
low-energy consumption, ad-hoc self-organization, etc.
3) ZigBee: ZigBee is a wireless network technology,
designed for short-term communication with low-energy con-
sumption [99]. In ZigBee protocol, five layers are included:
the physical layer, the MAC layer, the transmission layer, the
network layer, and the application layer [123]. The advantages
of ZigBee networks include low energy consumption, low cost,
low data rate, low complexity, reliability, and security. ZigBee
network can support multiple topologies, including star, tree,
and mesh topologies [13].
4) Z-Wave: Z-wave is a short-term wireless communica-
tion technology with the advantages of low cost, low energy
consumption, and great reliability [99]. The main objective of
Z-wave is to provide reliable transmission between a control
unit and one or more end-devices, and Z-wave is suitable for
the network with low bandwidth. Notice that no more than
232 nodes (slaves) can be included in a Z-wave network, and
all nodes (slaves) would be controlled by the controller and
have routing capability [99], [123]. Z-wave network supports
the dynamic routing technology, and each slave stores a route
list in its memory, which is updated by the controller [41].
Although both of ZigBee and Z-wave support the short-
range wireless communication with low cost and low energy
consumption, there are some differences between them. The
main difference between ZigBee and Z-wave is the frequency
band operated in by the physical layer. In ZigBee, the
frequency band of the physical layer is normally 2.4 GHz,
while the frequency band in Z-wave is less than 1 GHz (908.42
∼ 868.42 MHz) [123]. The ZigBee network can support end-
devices (slaves) up to 65 000, while the Z-wave network can
only support 232 end-devices (slaves) [123]. In comparison
with ZigBee architecture, Z-wave is simple in implementation.
5) Message Queue Telemetry Transport: Using the pub-
lish/subscribe technique, message queue telemetry transport
(MQTT) is a messaging protocol, which is used to collect
measured data on remote sensors and transmit the data to
servers [7]. MQTT is a simple and lightweight protocol, and
supports the network with low bandwidth and high latency.
MQTT can be implemented in various platforms to connect
things in IoT into the Internet, and thus MQTT can be used as
a messaging protocol between sensors/actuators and servers,
making MQTT play an important role in IoT.
6) Constrained Application Protocol: Constrained applica-
tion protocol (CoAP) is a messaging protocol based on repre-
sentational state transfer (REST) architecture [7], [17], [38].
Because most of devices in IoT are resources constrained
1130 IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 5, OCTOBER 2017
(i.e., small storage and low computing capability), HTTP can-
not be used in IoT, due to its complexity. To overcome the
issue, CoAP was proposed to modify some HTTP functions
to meet the requirements for IoT. Generally speaking, CoAP
is the application layer protocol in the 6LoWPAN protocol
stack, and aims to enable resources constrained devices to
achieve RESTful interactions. The group communication and
push notification are supported by CoAP, but broadcasting
is not. Resource observation, block-wise resource transport,
resource discovery, interaction with HTTP, and security are
all the important features provided by CoAP [7], [38].
7) Extensible Messaging and Presence Protocol:
Extensible messaging and presence protocol (XMPP) is an
instant messaging protocol based on XML streaming proto-
cols [7], [111]. XMPP inherits features of XML protocol, so
that XMPP has great scalability, addressing, and security capa-
bilities, and can be used for multiparty chatting, voice and
video streaming, and tele-presence. In XMPP, the following
three roles are included: 1) client; 2) server; and 3) gateway, as
well as bidirectional communication is supported between two
parties of these three roles. Particularly, the server can achieve
the functionality of link management and message routing, the
gateway is used to support the stable communication among
heterogeneous systems, and the client can be connected to the
server based on TCP/IP protocol and transmit context based on
XML streaming protocol. Thus, XMPP can be used in IoT to
support the object to object communication with XML-based
text messages.
8) Data Distribution Service: Data distribution service
(DDS) is a publish/subscribe protocol for supporting high
performance device-to-device communication [7], [44]. DDS
was developed by object-manage-group [44] and is a data
centric protocol, in which multicasting can be supported to
achieve great QoS and high reliability. The broker-less pub-
lish/subscribe architecture makes DDS suitable to real-time
constrained IoT and device-to-device communications [7]. In
addition, DDS can achieve great scalability.
9) Advanced Message Queuing Protocol: Advanced mes-
sage queuing protocol (AMQP) is an open standard
message queuing protocol used to provide message service
(queuing, routing, security, reliability, etc.) in the applica-
tion layer [7], [40]. AMQP focuses on the message-oriented
environments and can be considered as a message-oriented
middleware protocol. Using AMQP, clients can achieve sta-
ble communication with message middlewares, even if these
clients and middlewares are produced by different programming
languages. In addition, AMQP implements various kinds of
message exchange architectures, including store and forward,
publish and subscribe, message distribution, message queuing,
context-based routing, and point-to-point routing [113].
10) Others: In addition to the transmission protocols,
communication protocols, and messaging protocols, other pro-
tocols can play important roles in IoT as well. For example,
multicast DNS (mDNS) can support the name resolution in IoT
applications [7], [55]. DNS service discovery can be used by
clients to discover desired services in a special network via
mDNS [7], [30]. Routing protocol for low power and lossy
networks is a link-independent routing protocol, which can be
deployed at resource-constrained nodes to determine routes
over low power and lossy links [7], [128], [151]. Although
these protocols can be integrated into IoT, enhanced protocols
with more security, reliability, and interoperability capabilities
are required to advance the development of IoT.
C. Service Layer
As described above, the service layer is located between
the network layer and the application layer, and provides effi-
cient and secure services to objects or applications. In the
service layer, the following enabling technologies should be
included to ensure that the service can be provided efficiently:
interface technology, service management technology, mid-
dleware technology, and resource management and sharing
technology.
1) Interface: The interface technology must be designed
in the service layer to ensure the efficient and secure infor-
mation exchange for communications among devices and
applications. In addition, the interface should efficiently man-
age the interconnected devices, including device connection,
device disconnection, device communication, and device oper-
ation [136].
To support applications in IoT, an interface profile (IFP)
can be considered as a service standard, which can be used to
facilitate the interactions among services provided by various
devices or applications. To achieve an efficient IFP, univer-
sal plug and play should be implemented [36], [45], [136].
As the development of IoT, a number of efforts on the
interface have been performed. For instance, SOCRADES
integration architecture can be used to provide effective inter-
actions between applications and services [45], [107]. As the
development of SoA-IoT, service provisioning process has the
functionality of providing interactions with applications and
services [136], [166]. Although a number of interface tech-
nologies have been developed for IoT, implementing more
effective, secure, and scalable interface technologies with
low cost remains a great challenge in future research to
support IoT.
2) Service Management: Service management can effec-
tively discover the devices and applications, and schedule effi-
cient and reliable services to meet requests. A service can be
considered as a behavior, including collection, exchanging, and
storage of data, or an association of these behaviors to achieve
a special objective [10], [86]. In IoT, some requirements can
be met by only one service, while other requirements have
to be met by the integration of multiple services. Thus, the
service can be divided into two categories in IoT: 1) primary
service and 2) secondary service [136]. The primary service,
also known as the basic service, can expose the primary func-
tionalities at devices or applications. In contrast, the secondary
service can achieve the auxiliary functionalities based on the
primary service or other secondary service.
To hide the implementation detail of services and make
these services be compatibly implemented in heterogeneous
devices and applications, SoA has been used to integrate ser-
vices. Through this, the reliability and consistence of services
can be provided [78], [136]. For example, OSGi platform
LIN et al.: SURVEY ON IoTs: ARCHITECTURE, ENABLING TECHNOLOGIES, SECURITY AND PRIVACY, AND APPLICATIONS 1131
established by a dynamic SoA architecture is an effective mod-
ular platform to deploy services. To deploy an SoA-based
service, the service composition platforms should be devel-
oped first, and then the functionalities and communication
capabilities of devices should be abstracted. Finally, a com-
mon set of services should be provisioned [10], [136]. In
SoA-based service, each service offered by a device or appli-
cation can be considered as a standard service, which can be
effectively and easily used in various heterogeneous devices
and applications without any change. In this way, require-
ments in SoA-based IoT can be satisfied more quick and
efficient [136].
3) Middleware: Middleware is a software or service pro-
gramming that can provide an abstraction interposed between
IoT technologies and applications [46], [153]. In middleware,
the details of different technologies are hidden, and the stan-
dard interfaces are provided to enable developers to focus on
the development of applications without considering the com-
patibility between applications and infrastructures [10]. Thus,
by using middleware, devices and applications with different
interfaces can exchange information and share resources with
each other.
Middleware has the following benefits [10]: 1) middle-
ware can support various applications; 2) middleware can run
on various operating systems and platforms; 3) middleware
can support the distributed computing and the interaction of
services among heterogeneous networks, devices, and appli-
cations; 4) middleware can support standard protocols; and
5) middleware can provide standard interfaces, providing
portability and standard protocols to enable interoperability,
and making middleware play an important role in standard-
ization [25]. Middleware can also provide a stable high-level
interface for applications. With stable interfaces, applications
can work independently on hardware and operating system.
This feature makes middleware suitable for IoT, because a
large number of heterogeneous devices and networks are inte-
grated, and these devices and networks would be changed or
updated often.
A number of research efforts on middleware have been
developed, and can be divided into five categories [25], [102],
including: 1) message-oriented middleware; 2) semantic Web-
based middleware; 3) location-based service and surveillance
middleware; 4) communication middleware; and 5) perva-
sive middleware. Particularly, message-oriented middleware
can provide the reliable information exchange among var-
ious platforms, and communication protocols (e.g., AMQP,
DDS, MQTT, and XMPP) [7], [25]. Semantic Web-based
middleware can provide the interactions and interoper-
ability among various sensor networks. Examples of this
category includes the SoA-based middleware [118], task
computing-based middleware [43], etc. Location-based ser-
vice and surveillance middleware integrates the locations of
devices and other information to provide integrated value ser-
vices [109]. Communication middleware can provide reliable
communications among heterogeneous devices and applica-
tions. In communication middleware, RFID-based middle-
ware (Fosstrak [2], etc.), sensor network-based middleware
(TinyREST [81], etc.) and the supervisory control and data
acquisition are typical examples. Pervasive middleware is
designed for the pervasive computing environment, and pro-
vides services on multiple and heterogeneous platforms [92].
To integrate middleware into IoT, the following challenges
need to be addressed [25].
1) Interoperability challenge is to connect heterogeneous
devices in communication and information exchange.
2) Scalability challenge is to be effectively operated in
either small-scale environment or large-scale environ-
ment that could involve a massive number of objects.
3) Abstraction provision challenge is to provide abstrac-
tions at various levels.
4) Spontaneous interaction challenge is to provide the
reliable service for spontaneous events.
5) Infixed infrastructure challenge is to provide reliable
services without requesting a fixed infrastructure.
6) Multiplicity challenge is to support simultaneously com-
munication among devices and to select or schedule the
most suitable services for devices from a massive set of
services.
The middleware for IoT should achieve trust, security, and
privacy.
4) Resource Management and Sharing: Various heteroge-
neous networks are integrated to provide data delivery for
all applications in IoT (smart transportation, smart grid, etc.).
To reduce the cost, some applications can share part of the
network resources to increase its utilization. In this case,
ensuring that information requested by various applications
is delivered on time is a challenging issue in IoT. Existing
resource sharing mechanisms primarily focus on the spec-
trum sharing, which is used to efficiently coordinate multiple
networks in the same frequency to maximize the utilization
of network resources [77], [126], [164]. The spectrum shar-
ing can be divided into three dimensions, including time,
frequency, and space. While most of the existing schemes
were developed for machine-to-machine or device-to-device
communications, IoT focuses on thing-to-thing networks, in
which “thing” not only refers to devices or machines, but also
refers to human behaviors, and other objects. Thus, design-
ing an effective resource sharing scheme across heterogeneous
networks that is suitable for IoT environment is a significant
challenge for future development.
In addition, raw data in IoT are collected by smart devices
(RFID, sensors, etc.), and most of these smart devices are
resource-constrained and cannot harvest energy from environ-
ment. Thus, an energy saving scheme should be considered
in resource management [108]. There have been a number
of efforts on energy conservation and energy management
in sensor networks, including schemes to enhance the life
of sensors via harvesting energy from distributed energy
resources [21], schemes to reduce the energy of sensors via
duty-cycle scheme [97], energy-based routing protocols to bal-
ance the energy consumption and to increase the life of the
sensor network [150], [151], etc. Although these efforts can
work well on energy saving and management, a scheme that is
suitable for IoT network infrastructures comprised of heteroge-
neous networks is an unresolved challenge for future research
as well.
1132 IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 5, OCTOBER 2017
V. SECURITY AND PRIVACY
In this section, the security features of IoT are presented
first. Then, the security and privacy issues, and possible
solutions are discussed in detail.
A. Security Features of IoT
1) Confidentiality: Confidentiality can ensure that the data
is only available to authorized users throughout the process,
and cannot be eavesdropped or interfered by nonauthorized
users. In IoT, confidentiality is an important security princi-
ple, because a large number of measurement devices (RFID,
sensors, etc.) can integrated in IoT. Thus, it is critical to
ensure that the data collected by a measurement device will
not reveal secure information to its neighboring devices. To
achieve great confidentiality, enhanced techniques, including
secure key management mechanisms, and others should be
developed and used [22].
2) Integrity: Integrity can ensure that the data cannot be
tampered by intended or un-intended interference during the
data delivery in communication networks, ultimately providing
the accurate data for authorized users. Integrity is important
for IoT, because if IoT applications receive forged data or
tampered data, erroneous operation status can be estimated
and wrong feedback commands can be made, which could
further disrupt the operation of IoT applications. To achieve
acceptable integrity, enhanced secure data integrity mecha-
nisms (false data filtering schemes, etc.) should be developed
and applied [143].
3) Availability: Availability can ensure that the data and
devices are available for authorized users and services when-
ever the data and devices are requested. In IoT, services are
commonly requested in real-time fashion, and services can-
not be scheduled and provided if the requested data cannot
be delivered in a timely manner. Thus, availability is also an
important security principle. One of the most serious threats to
availability is the denial-of-service (DoS) attack, and enhanced
techniques (secure and efficient routing protocols, etc.) should
be studied and applied to ensure availability in IoT [82].
4) Identification and Authentication: Identification can
ensure that nonauthorized devices or applications cannot be
connected to IoT, and authentication can ensure that the data
delivered in networks are legitimate, and the devices or appli-
cations that request the data are legitimate as well. In IoT,
identifying and authenticating each data and object is diffi-
cult, because a large number of diverse objects comprise an
IoT. Thus, designing efficient mechanisms to deal with the
authentication of objects or things is critical in IoT [32].
5) Privacy: Privacy can ensure that the data can only be
controlled by the corresponding user, and that no other user
can access or process the data. Unlike confidentiality, which
aims to encrypt the data without being eavesdropped and inter-
fered by nonauthorized users, privacy ensures that the user
can only have some specific controls based on received data
and cannot infer other valuable information from the received
data [20], [106], [144], [159]. Privacy is considered as one of
important security principles due to a large number of devices,
services, and people sharing the same communication network
in IoT.
6) Trust: Trust can ensure the aforementioned security
and privacy objectives to be achieved during the interactions
among different objects, different IoT layers, and different
applications. The objectives of trust in IoT can be divided as
trust between each IoT layer, trust between devices, and trust
between devices and applications [8]. With trust, security, and
privacy can be enforced. Trust management systems should be
designed to implement these trust objectives in IoT.
B. Security
In this section, security challenges in each layer of IoT
architecture are presented in detail. In SoA-based IoT, the ser-
vice layer is established via extracting the functionality of data
services in the network layer and the application layer. Thus,
security challenges in the service layer can be attributed to
challenges in the network and the application layers. In the
following, only security challenges in the perception layer, the
network layer, and the application layer are presented.
1) Perception Layer: As the main purpose of the perception
layer in IoT is to collect data, the security challenges in this
layer focus on forging collected data and destroying perception
devices, which are presented below.
a) Node capture attacks: In a node capture attack, the
adversary can capture and control the node or device in IoT
via physically replacing the entire node, or tampering with the
hardware of the node or device [162]. If a node is compro-
mised by the node capture attack, the important information
(group communication key, radio key, matching key, etc.) can
be exposed to the adversary. The adversary can also copy the
important information associated with the captured node to
a malicious node, and then fake the malicious node as an
authorized node to connect to the IoT network or system. This
attack is denoted as the node replication attack. A node capture
attack can incur a serious impact on the network. To defend
against the node capture attack, effective schemes to monitor
and detect malicious nodes need to be studied [15].
b) Malicious code injection attacks: In addition to the
node capture attack, the adversary can control a node or a
device in IoT by injecting malicious code into the memory of
the node or device, which is denoted as the malicious code
injection attack [142]. The injected malicious code not only
can perform specific functions, but can also grant the adver-
sary access into the IoT system, and even gain the full control
of the IoT system. To defend against the malicious code injec-
tion attack, effective code authentication schemes need to be
designed and integrated into IoT [114], [142].
c) False data injection attacks: With the captured node
or device in IoT, the adversary can inject false data in place
of normal data measured by the captured node or device,
and transmit the false data to IoT applications [143]. After
receiving the false data, IoT applications can return erroneous
feedback commands or provide wrong services, which fur-
ther affects the effectiveness of IoT applications and networks.
To defend against such a malicious attack, techniques (false
data filtering schemes, etc.), which can efficiently detect and
LIN et al.: SURVEY ON IoTs: ARCHITECTURE, ENABLING TECHNOLOGIES, SECURITY AND PRIVACY, AND APPLICATIONS 1133
drop the false data before the data is received by the IoT
applications, need to be designed [71], [72].
d) Replay attacks (or freshness attacks): In IoT, the
adversary can use a malicious node or device to transmit
to the destination host with legitimate identification infor-
mation, which has been received by the destination host, in
order to make the malicious node or device obtain the trust
of IoT [89], [162]. Replay attack is commonly launched in
authentication process to destroy the validity of certification.
To mitigate the replay attack, techniques (secure time stamp
schemes, etc.) should be designed and developed in IoT [31].
e) Cryptanalysis attacks and side channel attacks: A
cryptanalysis attack can use the obtained ciphertext or plain-
text to infer the encryption key being used in the encryption
algorithm [157]. Nonetheless, the efficiency of cryptanalysis
attack is low. To improve the efficiency, new attacks, namely
the side channel attacks, can be introduced by the adver-
sary. For example, in the side channel attack investigated in
IoT [137], the adversary could deploy some techniques on
the encryption devices in IoT to obtain the encryption key,
which is used in IoT for encrypting data and decrypting data.
One of the typical side channel attacks is the timing attack,
in which the adversary can obtain the encryption key by ana-
lyzing the time information required to execute the encryption
algorithm. To mitigate the side channel attack, efficient and
secure encryption algorithms and key management schemes
need to be developed in IoT [22].
f) Eavesdropping and interference: Because most of
devices in IoT will communicate via wireless networks, vul-
nerability lies in the fact that information delivered in wireless
links can be eavesdropped by nonauthorized users [42], [163].
To deal with eavesdropping, secure encryption algorithms and
key management schemes are required. The adversary can
also send noise data or signal to interfere with the infor-
mation delivered in wireless links. To ensure the accuracy
and timely delivery of data, effective secure noise filtering
schemes are required to filter the noise data and restore original
data [90].
g) Sleep deprivation attacks: In IoT, most devices or
nodes have low power ability. To extend the life cycle of the
devices and nodes, devices or nodes are programmed to follow
a sleep routine to reduce the power consumption [8], [112].
Nonetheless, the sleep deprivation attack can break the pro-
grammed sleep routines and keep device or nodes awake all
the time until they are shut down. To extend the life cycle
of these devices and nodes, the energy harvest scheme can
be one possible solution, in which devices and nodes can har-
vest energy from the external environment (solar, etc. [21]). In
addition, other techniques, like secured duty-cycle mechanism
to mitigate the sleep deprivation attack, need to be studied
in IoT.
2) Network Layer: As the main purpose of the network
layer in IoT is to transmit collected data, the security chal-
lenges in this layer focus on the impact of the availability of
network resources. Also, most devices in IoT are connected
into IoT networks via wireless communication links. Thus,
most security challenges in this layer are related to wireless
networks in IoT.
a) DoS attacks: DoS attacks can consume all of the
available resources in IoT by attacking network protocols or
bombarding the IoT network with massive traffic, rendering
the services of IoT systems unavailable [83]. The DoS attack
is considered to be one of the most common attacks, and rep-
resents an attack category, which can result in the services of
IoT systems being unavailable. Thus, DoS attacks can be gen-
erated by attack schemes, including Ping of Death, TearDrop,
UDP flood, SYN flood, Land Attack, etc. To defend against
DoS attacks, attacking schemes need to be carefully investi-
gated first, and then the efficient defensive schemes to mitigate
attacks need be developed to secure IoT systems [82].
b) Spoofing attacks: The purpose of spoofing attacks is
for the adversary to gain full access to the IoT system, and
send malicious data into the system [8]. In IoT, examples of
spoofing attacks include IP spoofing [91], RFID spoofing [88],
etc. In an IP spoofing attack, the adversary can spoof and
record the valid IP address of other authorized devices in the
IoT, and then access the IoT system to send malicious data
with the obtained valid IP address, making malicious data
appear to be valid. In an RFID spoofing attack, the adver-
sary can spoof and record the information of a valid RFID
tag, and then send malicious data with this valid tag ID to
the IoT system. Secure trust management, identification and
authentication can be possible solutions to defend against the
spoofing attack [28], [32].
c) Sinkhole attacks: In a sinkhole attack, a compro-
mised device or node claims exceptional capabilities of power,
computation, and communication, such that more neighboring
devices or nodes will select the compromised device or node
as the forwarding node in data routing process because of the
appealing capabilities [117]. By doing this, the compromised
device or node can increase the amount of data obtained before
its delivered in the IoT system. Notice that a sinkhole attack
not only can break the confidentiality of delivered data, but
also can be a fundamental step to launch additional attacks
(DoS attack, etc.). To defend against the sinkhole attack, tech-
niques such as secure multiple routing protocols need to be
studied and applied [57].
d) Wormhole attacks: Wormhole attack can be launched
by two cooperative malicious devices or nodes in IoT, in which
the two malicious devices in different locations can exchange
routing information with private links to achieve a false one-
hop transmission between them, even if they are located far
away from each other [67]. In a wormhole attack, because
the forwarding hops are reduced, more data will be delivered
through these two malicious devices or nodes. With access
to more delivered data, the wormhole attack can lead to the
similar damage as sinkhole attack. To defend against worm-
hole attack, there are some possible defensive techniques.
One technique is to modify the routing protocols to enhance
the security in the route selection process [26], while other
techniques involve deploying secure hardware (GPS, directed
antenna, etc.).
e) Man in the middle attack: In a man in the mid-
dle attack, a malicious device controlled by the adversary
can be virtually located between two communicating devices
in IoT [96]. By stealing the identify information of the
1134 IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 5, OCTOBER 2017
two normal devices, the malicious device can be a middle
device to store and forward all data, which is communicated
between these two normal devices, while the two normal
devices cannot detect the existence of the malicious device,
and instead believe that they directly communicate with each
other. The man in the middle attack can violate the con-
fidentiality, integrity, and privacy of restricted data in IoT
through monitoring, eavesdropping, tampering, and controlling
the communication between the two normal devices. Unlike
malicious node capture attacks that need to physically tamper
with the hardware of devices, the man in middle attack can
be launched by only relying on the communication protocols
used in IoT networks. Secure communication protocols and
key management schemes, which can ensure the identify and
key information of normal devices not be leaked to the adver-
sary, can be efficient defense techniques to protect against the
attack [22], [82].
f) Routing information attacks: Routing information
attacks focus on the routing protocols in IoT systems, in which
the routing information can be manipulated and resent by the
adversary to create route loops in the data transmission of
the network, leading to the extension of source paths and the
increase of end-to-end delay in IoT networks [8]. To defend
against the routing information attack, secure routing protocols
and trust management to establish secure links among devices
in IoT and ensure the identifying information and IP addresses
not to be leaked to the adversary are possible techniques to
be used.
g) Sybil attacks: In a sybil attack, a malicious device,
namely a sybil device, can claim several legitimate identi-
ties and impersonate them in IoT systems [8], [95], [158].
Because a sybil device has several legitimate identities, false
data sent by the sybil device can be easily accepted by their
benign neighboring devices. Also, routes that select sybil
devices as forwarding nodes may consider that several dif-
ferent intersected paths are determined, but, in fact only
one path is determined and all transmitted data needs to go
through the sybil device, in which jamming and DoS can
be used. To defend against sybil attacks, secure identification
and authentication mechanisms need to be developed for IoT
systems [32].
h) Unauthorized access: RFID is an important enabling
technology in IoT. Nonetheless, as a large number of RFID-
based devices are integrated in IoT, and most of the RFID
tags lack proper authentication mechanisms, RFID tags can be
accessed and the information stored in tags can be obtained,
modified, and deleted by the adversary [8], [60]. Thus, autho-
rization access and authentication mechanisms for RFID-based
devices in IoT is a challenge in need of further develop-
ment [56].
3) Application Layer: The main purpose of the application
layer is to support services requested by users. Thus, chal-
lenges in the application layer focus on the software attacks.
Here, several possible challenges in the application layer of
IoT are presented below.
a) Phishing attack: In phishing attacks, the adversary
can obtain the confidential data of users, such as identification
and passwords, by spoofing the authentication credentials of
users via the infected e-mails and phishing websites [8], [54].
Secure authorization access, and identification and authentica-
tion can mitigate phishing attacks [8]. Nonetheless, the most
efficient way is for users themselves to always be vigilant
while surfing online. This becomes an issue as most of devices
in IoT are machines, which may lack of such intelligence.
b) Malicious virus/worm: A malicious virus/worm is
another challenges to IoT applications [8], [127], [154]. The
adversary can infect the IoT applications with malicious self-
propagation attacks (worms, Trojan Horse, etc.), and then
obtain or tamper with confidential data. Reliable firewall,
virus detection, and other defensive mechanisms need to be
deployed to combat malicious virus/worm attacks in IoT
applications [110].
c) Malicious scripts: Malicious scripts represent the
scripts that are added to software, modified in software, and
deleted from software with the purpose of harming the system
functions of IoT [8]. Because all IoT applications are con-
nected to the Internet, the adversary can easily fool the
customers in running malicious scripts (java attack applets,
active-x scripts, etc.) when requesting services through the
Internet. Malicious scripts can pose the leakage of confidential
data and even a complete system shut down. To defend against
malicious scripts, effective script detection techniques, includ-
ing honeypot techniques, static code detection, and dynamic
action detection, need to be deployed in IoT systems.
C. Privacy
In general, all of the massive data collected and used in
IoT should go through the following three steps: 1) data col-
lection; 2) data aggregation [129]; and 3) data mining and
analytics [125], [165]. Particularly, data collection is enacted
to sense and collect the status data of objects in IoT, data
aggregation integrates an amount of related data into a com-
prehensive information, and data mining and analytics extract
the potential value of integrated comprehensive information
for special applications in IoT [125]. Although data collection,
data aggregation, and data mining and analytics can provide
a number of services to our daily lives, the privacy issues of
the data in these steps are raised in IoT as well. Privacy, as a
new challenge in IoT, can lead to property loss, and even com-
promise human safety [106], [144]. For example, in the smart
grid, if the adversary obtains the private data of the energy con-
sumption of customers, he or she can infer the time when users
are in the home or out of home, and conduct theft or other
damage to users with a probability. Thus, privacy-preserving
mechanisms need to be developed to ensure private data not
to be leaked to the adversary in IoT.
Based on different data processing steps, privacy-preserving
mechanisms can be divided into three categories: 1) privacy
preservation in data collection [65]; 2) privacy preservation in
data aggregation; and 3) privacy preservation in data mining
and analytics [20], [134]. As the privacy in data collection,
data mining, and data analytics can be greatly preserved
by various techniques (encryption, key management, etc.), a
majority of the existing efforts on privacy preservation in IoT
focus on data privacy in data aggregation.
LIN et al.: SURVEY ON IoTs: ARCHITECTURE, ENABLING TECHNOLOGIES, SECURITY AND PRIVACY, AND APPLICATIONS 1135
In data aggregation, the relevant data could be processed in
several different locations, and thus it is difficult to achieve pri-
vacy preservation through traditional encryption mechanisms.
Thus, several privacy-preserving mechanisms have been devel-
oped that focused on data aggregation, and can be divided into
the following categories: 1) anonymity-based privacy preserva-
tion [104]; 2) encryption-based privacy preservation [39]; and
3) perturbation-based privacy preservation [48], [100], [101].
Particularly, in anonymity-based privacy preservation, sev-
eral related anonymity techniques (K-anonymity, L-diversity,
T-closeness, etc.) were used in the data aggregation process
to preserve the privacy of identification information [105]. In
addition, traffic analysis techniques could affect anonymous
communication systems [75], [76], [148]. In encryption-based
privacy preservation, several encryption techniques (homo-
morphic encryption, commitment mechanism, secret sharing,
zero-knowledge proof, etc.) were used in the data aggregation
to ensure data not to be eavesdropped by adversaries [39].
Nonetheless, existing encryption techniques can only achieve
the confidentiality on data transmission and may not work well
on privacy preservation. In perturbation-based privacy preser-
vation, perturbation-based techniques (data customization, data
sharing, random noise injection, etc.) were used in data aggre-
gation to perturb raw data, achieving privacy preservation [48],
however, the utilization of data could hinder the application
of this technique in the IoT.
Due to the great performance by directly operating on
raw data, perturbation-based privacy preserving schemes
are highly popular techniques used in IoT. Nonetheless,
most of perturbation-based privacy preserving achieves great
performance via reducing the utility of the data. With low
utility, data may not, or may only partially, support ser-
vices requested by IoT applications. Thus, the design of
privacy preserving schemes with great data utility remains
great challenges on data privacy preservation in IoT for future
research.
VI. INTEGRATION OF IoT AND FOG/EDGE COMPUTING
In this section, we present how to integrate IoT with
fog/edge computing.
A. Overview
The information generated by the things requires big data
to collect and process all of the information that is produced
and gathered, and turn it into something that is useful. Big
data requires the support of IoT because of the challenges of
massive sensing and actuating data supported by IoT (smart
grid, smart transportation, etc.). In addition, the data collected
in IoT applications are generally unstructured data, and need
further analysis to extract useful information. The IoT and big
data can work well with each other. One real-world example
is United Parcel Service (UPS), which is one of the largest
shipping companies in the world [79]. UPS deploys sensors to
collect data (which is the IoT application) and conduct the big-
data analysis to reduce cost and improve delivery efficiency.
The sensors are deployed on the delivery vehicles and collect
the tracking the information (mileage, speed, fuel cost, etc.).
Fig. 2. Fog/edge computing.
As IoT is becoming the next technology revolution, it will
affect big data in aspects of data storage, data processing, and
analytics. In IoT, continuous streams of data will affect the
data storage capacity in various organizations. Additional data
centers will be needed to deal with the load of data collected
from IoT applications. One possible solution is to move the
data to the cloud by leveraging the platform as a service. When
an organization selects a technology for performing big data
processing and analytics, the nature of the IoT data needs to be
considered. Hadoop and Hive can be used to handle big data.
Nonetheless, for data collected by IoT application, NoSQL
document databases (the Apache CouchDB, etc.) may be suit-
able [33]. This is because the NoSQL document databases can
provide high throughput and low latency. In addition, Apache
Kafka is one IoT tool for intermediate message brokering It
can be used for the real-time stream processing. The security
of big data will also be affected by IoT [156].
B. Fog/Edge Computing-Based IoT
Cloud computing is now a mature technology used to pro-
vide computing services or data storage over the Internet,
and most of the big IT companies (Amazon, IBM, Google,
etc.) are hosting cloud services. Cloud computing provides
the benefits of flexibility, efficiency, and ability to store and
use data. Nonetheless, when cloud computing is used in IoT,
new challenges will appear. In many IoT/CPS applications,
data from a massive number of things and objects spanning a
large geographical area need to be stored, processed, and ana-
lyzed efficiently. To fulfill the gap, fog/edge computing is able
to extend cloud computing to be closer to the things it sup-
ports [120]. Instead of doing all the computation in the center
of the cloud, fog/edge computing can provide computing and
storage service to devices (nodes) at the edge of the network.
A fog/edge computing node can be any network device with
the capability of storage, computing, and network connectivity
(routers, switches, video surveillance cameras, servers, etc.),
as shown in Fig. 2. These devices can be deployed at any
place with a network connection, and collect the data from
IoT devices associated with IoT applications. Different types
of IoT data can be directed to the proper place for further
analysis based on performance requirements. The high priority
data that needs to be addressed immediately can be processed
on fog/edge computing nodes, which are the closest to the IoT
devices that generate the data. The low priority data, which is
1136 IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 5, OCTOBER 2017
not delay-sensitive, can be directed to some aggregation nodes
for further processing and analysis.
In addition to the benefits that fog/edge computing can
contribute, there are some challenges to integrate fog/edge
computing with IoT. One possible challenge is how to effi-
ciently manage fog/edge computing infrastructure and allocate
available resources to IoT devices. At each time, a large num-
ber of services can be requested by IoT devices, and each
fog/edge service node only has limited computing and storage
capability. In this case, all fog/edge nodes should be opti-
mally managed and allocated for IoT devices (or a set of IoT
devices in a cluster) to provide requested services efficiently.
Another challenge is how to efficiently manage fog/edge com-
puting resources. While the previous challenge focuses on the
interface between fog/edge nodes and IoT services, this chal-
lenge focuses on the resource management among fog/edge
nodes.
When fog/edge nodes are allocated to provide services, dif-
ferent requirements need to be considered, including service
availability, energy consumption, and even revenue. Thus, how
to optically map the fog/edge service nodes to IoT devices to
meet requirements of IoT applications remains a compelling
issue. In addition, security and privacy issues (authentication,
access control, intrusion detection, trust management, etc.)
in fog/edge computing infrastructures that integrate with IoT
remain also challenging [27], [29], [35], [152]. The security
and privacy issues can be mitigated by countermeasure tech-
nologies mentioned in Section V, and thus the challenges
in resource allocation are discussed below. The challenges
on resources allocation in fog/edge computing-based IoT can
be divided as resources allocation between end-devices and
fog/edge node and resources allocation among fog/edge nodes.
1) Resource Allocation Between End-Devices and Fog/Edge
Node: Because computing and storing resources are limited
in a fog/edge node, it is difficult to totally satisfy all ser-
vices requested by end-users simultaneously. To address this
issue, each end-users may have a satisfaction function to assess
the allocated resources to provide its requested service. The
satisfaction function can be represented by
S(r) =
{
log(r + 1), 0 r < rmin
log(rmax + 1), r rmin (1)
where S is the satisfaction function, r is the allocated
resources, and rmax is the maximum resource, which is
required to provide the requested service.
With this satisfaction function, the main objective of
fog/edge node is to maximize the overall satisfaction of all
end-users, which can be represented as
Objective. max{Soverall} (2)
S.t. ⎧⎪⎪⎨
⎪⎪⎩
Soverall = ∑ni=1{pi · Si(ri)}
r1 + r2 + · · · + rn R
p1 + p2 + · · · + pn = 1
r1, r2, . . . , rn 0
(3)
where Soverall is the overall satisfaction of all end-users, R
is the resource that a fog/edge node has, ri is the resource
allocated for end-users i, and pi is the priority level for end-
user i. Based on (2) and (3), a fog/edge node can allocate its
resources to all end-device while achieving maximum overall
satisfaction.
In a fog/edge computing-based IoT, a number of fog/edge
nodes are connected, if a fog/edge node does not have enough
resources to provide the requested services from nearby end-
users while its neighboring nodes have spare resources, the
fog/edge node can move some local data to its neighboring
nodes to be processed and stored data. By doing this, ser-
vices for its local end-users can be provided. This is related
to the resource allocation among fog/edge nodes, which will
be described below.
2) Resource Allocation Among Fog/Edge Nodes: As the
distributed architecture of fog/edge computing-based IoT, all
fog/edge nodes can be connected with each other via the
network connections and share their computing and storing
resources to provide service for end-users. In this scenario,
if a fog/edge node does not have enough resource to pro-
vide local requested services, the fog/edge node can move
some requested services with low priority level to be pro-
cessed in its neighboring fog/edge nodes, which have spare
resources. The spare resources of a fog/edge node can be
represented as
Rfspare = Rf −
n∑
i=1
rmaxi (4)
where, Rf is the resource that fog/edge node f has, and rmaxi is
the maximum resource needed by end-user i. Thus, if Rfspare is
less than “0,” fog/edge node f does have enough resource and
needs assist from neighboring nodes, and the fog/edge node
can be denoted as resource-poor node. Otherwise, fog/edge
node f has spare resource to help other fog/edge nodes, and
the node can be denoted as resource-rich node in the fog/edge
computing infrastructure.
In the resource allocation among fog/edge nodes, a resource-
poor fog/edge node may not care about which resource-node
helps it to provide computing services, and a resource-rich
node does not care about data from which that it processes.
The only one all fog/edge nodes care about is to achieve the
minimum cost (minimum delay, etc.) in the overall fog/edge
computing infrastructure. By taking the objective of the min-
imum delay as an example, we have
Objective. min
⎛
⎝Costall = 12 ·
∑
Lfg∈L
(∣∣∣Rfgspare
∣∣∣ · Costfg
)⎞⎠
S.t. ⎧⎪⎪⎪⎪⎪⎪⎪⎨
⎪⎪⎪⎪⎪⎪⎪⎩
∀f ∈ NS, ∑
i∈Nf
Rfispare ≤ Rfspare
∀g ∈ Ng, ∑
j∈Ng
Rjgspare = Rgspare
∀Lfg ∈ L, Rfgspare = −Rgfspare
∀Lfg ∈ L,
∣∣∣Rfgspare
∣∣∣ ≤ Constraintsfg
(5)
where Costall is the total cost, Costfg is the cost of delivering
data on link Lfg between fog/edge node f and g, Nf is the set
of neighboring nodes of fog/edge node f , Rjgspare is the data
LIN et al.: SURVEY ON IoTs: ARCHITECTURE, ENABLING TECHNOLOGIES, SECURITY AND PRIVACY, AND APPLICATIONS 1137
moved from fog/edge node j to node g, and Constraintsjg is
the constraints of link Lfg (bandwidth, etc.). Based on this
formalization, resource allocation among fog/edge nodes with
the minimum cost in fog/edge computing infrastructure can be
realized.
VII. APPLICATIONS
In the following, several applications, including the smart
grid, smart transportation, and smart cities, are presented
to demonstrate how fog/edge computing-based IoT to be
implemented in real-world applications.
A. Smart Grid
In integrating IoT and CPS, the smart grid has been devel-
oped to replace traditional power grid to provide reliable and
efficient energy service to consumers [1]. In the smart gird,
distributed energy generators are introduced to improve the
utilization of distributed energy resources and electric vehi-
cles are introduced to improve the capability of energy storage
and reduce emission of CO2, and smart meters and bidi-
rectional communication networks are introduced to achieve
the interactions between customers and utility providers. With
these techniques, the smart grid can achieve great reliability,
efficiency, safety, and interactivity [71], [72].
By integrating with IoT, a large number of smart meters
can be deployed in houses and buildings connected in smart
grid communication networks [74]. Smart meters can mon-
itor energy generation, storage, and consumption, and can
interact with utility providers to report energy demand infor-
mation of customers and receive real-time electricity pricing
for customers [71], [160]. With the aid of fog/edge computing
infrastructure, the large amount of data collected from smart
meters can be stored and processed so that the effective oper-
ations of the smart grid can be supported. With the interaction
information, utility providers can optimize the energy dispatch
of the grid, and customers can optimize their energy consump-
tion, resulting in the improvement of resource utilization and
the reduction of cost.
Lastly, because a large number of smart meters are deployed
in the smart grid, and communicate with each other via
wireless communication links and processed in fog/edge com-
puting infrastructure, adversaries can easily capture these
smart meters, nodes in fog/edge computing infrastructure, and
obtain or modify the data collected [72], [142]. The con-
fidentiality and privacy of energy consumption information
can be available to adversaries. With the modified data, util-
ity providers may incorrectly estimate the energy supply and
demand of the gird, and can feedback erroneous energy dis-
patch decisions, leading to imbalance on energy supply and
demand in the grid and even posing large-scale outages [72].
In addition, key function components in the smart grid can
be disrupted. Examples include state estimation [139], [141],
energy routing [70], [72], energy price [71], [145], [161], opti-
mal power flow [140], etc. Thus, efficient security mechanisms
that can preserve data privacy and integrity in the data collec-
tion and transmission processes need to be developed for the
smart grid [146], [149].
B. Smart Transportation
Smart transportation, also known as intelligent transporta-
tion systems, is another typical IoT-CPS-based application, in
which intelligent transportation management, control system,
communication networks, and computing techniques are inte-
grated to make transportation systems reliable, efficient, and
secure [73]. In the smart transportation system, a large num-
ber of smart vehicles are included and connected with each
other through wireless networks [58], [61]. Smart vehicles can
efficiently perceive and share traffic data and schedule drivers’
travels with great efficiency, reliability, and safety. In the recent
past, smart vehicles (Google’s Self-Driving car, etc.) have been
designed and tested. Those smart vehicles can detect objects
around them and safely manage speed during traveling without
the operation of drivers [3].
In the smart transportation system, each smart vehicle is
deployed with a number of electronic control units (ECUs) to
monitor and control subsystems in the vehicles. These ECUs
are organized as an internal network to share the collected
data within the vehicle [121]. In addition, each smart vehicle is
deployed with communication interfaces to connect to the out-
side network. With these communication interfaces, vehicles
can carry out vehicle-to-vehicle communication and vehicle-
to-infrastructure communication [58]. In this way, all vehicles
can be connected into the smart transportation system, namely
the vehicular network, and exchange and share massive data
of current traffic status, and ultimately offer the most efficient
and secure travels to customers. The massive collected data
can be further stored and processed in the fog/edge computing
infrastructure, enabling efficient service to drivers and system
operators.
Because all the traffic status data are shared by vehic-
ular networks, the adversary may intrude into the system
and control ECUs in vehicles by launching malicious attacks
against vehicle networks and fog/edge computing nodes in the
fog/edge computing-based IoT infrastructure, sharing mislead-
ing traffic status data with other vehicles via communication
interfaces deployed in the compromised vehicle [12], [140].
In this case, the confidentiality, integrity, and privacy of traffic
status data can be compromised by the adversary, and seri-
ous damage to the transportation system can be caused (the
increase number of congested roads, increase time spent to
complete travels, etc.). Thus, in order to deploy an efficient
and secure smart transportation system, techniques that can
support services in the aforementioned eight main categories
and related security issues need be carefully investigated in
future research.
C. Smart Cities
Smart cities can be considered a complex IoT paradigm,
which aims to manage public affairs via introducing infor-
mation and communication technology (ICT) solutions [155].
Smart cities can use public resources in more efficient ways,
resulting in the improvement of the QoSs provided to users
and the reduction of operational costs to public administra-
tors [53], [155]. For instance, one practical implementation of
smart cities, namely Padova Smart City, has been realized in
1138 IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 5, OCTOBER 2017
the city of Padova in Italy, which can select open data and
ICT solutions for public administrators as early as possible to
achieve the best use of public resources [19], [24].
Smart cities, as a complex CPS/IoT application, may consist
of several subapplications or services [84], [155], includ-
ing the smart gird, smart transportation, the structural health
of buildings, waste management, environmental monitoring,
smart health, smart lighting, etc. All these subapplications,
or services, should be supported by a unified communication
network infrastructure, or communication networks designed
for these subapplications or services should be interconnected
to establish a large-scale interconnected heterogenous network
for IoT/CPS applications, with the aim of achieving the best
use of public resources in cities. To enable effective smart
cities, all enabling technologies discussed in Section IV and
security and privacy issues discussed in Section V should be
carefully investigated and integrated. In addition, the fog/edge
computing-based IoT can enable efficient subapplications and
services in smart cities.
VIII. CONCLUSION
In this paper, a comprehensive review of IoT has been
presented, including architectures, enabling technologies, and
security and privacy issues, as well as the integration of
fog/edge computing and IoT to support diverse applications.
Particularly, the relationship and difference between IoT and
CPS has been clarified at the outset. Possible architectures
for IoT have been discussed, including the traditional three-
layer architecture and the SoA-based four-layer architecture.
Based on the SoA-based IoT architecture, enabling technolo-
gies in layers (perception layer, network layer, and service
layer) have been detailed, respectively. In addition, to secure
IoT, potential security and privacy issues that could affect
the effectiveness of IoT, and their potential solutions, have
been presented. To investigate the fog/edge computing-based
IoT, the relationship between IoT and fog/edge computing and
related issues have been discussed. Furthermore, several appli-
cations, including the smart grid, smart transportation, and
smart cities, are presented to show how fog/edge computing-
based IoT to be implemented in real-world applications. The
main purpose of this survey is to provide a clear, comprehen-
sive, and deep understanding of IoT and its integration with
fog/edge computing, outlining the breadth of topics that IoT
entails, and highlighting areas that remain unresolved, in an
effort to further promote the development of IoT.
REFERENCES
[1] NIST & The Smart Grid. Accessed on Sep. 21, 2016. [Online].
Available: http://www.nist.gov/smartgrid/nistandsmartgrid.cfm
[2] Fosstrak: Open Source RFID Software Platform. [Online]. Available:
https://fosstrak.github.io/
[3] Google Self-Driving Car. [Online]. Available: http://www.google.com/
selfdrivingcar/how/
[4] IEEE Standard for Local and Metropolitan Area Networks: Overview
and Architecture, IEEE Standard 802-2001, pp. 1–48, Feb. 2002.
[5] S. H. Ahmed, G. Kim, and D. Kim, “Cyber physical system:
Architecture, applications and research challenges,” in Proc. IFIP
Wireless Days (WD), Valencia, Spain, Nov. 2013, pp. 1–5.
[6] I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, “A sur-
vey on sensor networks,” IEEE Commun. Mag., vol. 40, no. 8,
pp. 102–114, Aug. 2002.
[7] A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and
M. Ayyash, “Internet of Things: A survey on enabling technologies,
protocols, and applications,” IEEE Commun. Surveys Tuts., vol. 17,
no. 4, pp. 2347–2376, 4th Quart., 2015.
[8] I. Andrea, C. Chrysostomou, and G. Hadjichristofi, “Internet of Things:
Security vulnerabilities and challenges,” in Proc. IEEE Symp. Comput.
Commun. (ISCC), Larnaca, Cyprus, Jul. 2015, pp. 180–187.
[9] A. P. Athreya and P. Tague, “Network self-organization in the Internet
of Things,” in Proc. IEEE Int. Conf. Sens. Commun. Netw. (SECON),
Jun. 2013, pp. 25–33.
[10] L. Atzori, A. Iera, and G. Morabito, “The Internet of Things: A survey,”
Comput. Netw., vol. 54, no. 15, pp. 2787–2805, Oct. 2010.
[11] L. Atzori, A. Iera, G. Morabito, and M. Nitti, “The social Internet of
Things (SIoT)—When social networks meet the Internet of Things:
Concept, architecture and network characterization,” Comput. Netw.,
vol. 56, no. 16, pp. 3594–3608, Nov. 2012.
[12] S. Azadegan, W. Yu, H. Liu, A. Sistani, and S. Acharya, “Novel anti-
forensics approaches for smart phones,” in Proc. 45th Hawaii Int. Conf.
Syst. Sci. (HICSS), 2012, pp. 5424–5431.
[13] P. Baronti et al., “Wireless sensor networks: A survey on the state of
the art and the 802.15.4 and ZigBee standards,” Comput. Commun.,
vol. 30, no. 7, pp. 1655–1695, May 2007.
[14] J. Bélissent, “Getting clever about smart cities: New opportunities
require new business models,” Forrester Res., Cambridge, MA, USA,
Tech. Rep., Nov. 2010. [Online]. Available: https://www.forrester.com/
report/Getting+Clever+About+Smart+Cities+New+Opportunities+
Require+New+Business+Models/-/E-RES56701?aid=AST127312
[15] M. V. Bharathi, R. C. Tanguturi, C. Jayakumar, and K. Selvamani,
“Node capture attack in wireless sensor network: A survey,” in Proc.
IEEE Int. Conf. Comput. Intell. Comput. Res. (ICCIC), Coimbatore,
India, Dec. 2012, pp. 1–3.
[16] F. Bonomi, R. A. Milito, J. Zhu, and S. Addepalli, “Fog computing and
its role in the Internet of Things,” in Proc. 1st Edition MCC Workshop
Mobile Cloud Comput., Helsinki, Finland, Aug. 2012, pp. 13–16.
[17] C. Bormann, A. P. Castellani, and Z. Shelby, “CoAP: An application
protocol for billions of tiny Internet nodes,” IEEE Internet Comput.,
vol. 16, no. 2, pp. 62–67, Mar./Apr. 2012.
[18] A. Botta, W. de Donato, V. Persico, and A. Pescapé, “On the integra-
tion of cloud computing and Internet of Things,” in Proc. Int. Conf.
Future Internet Things Cloud (FiCloud), Barcelona, Spain, Aug. 2014,
pp. 23–30.
[19] N. Bressan et al., “The deployment of a smart monitoring system using
wireless sensor and actuator networks,” in Proc. 1st IEEE Int. Conf.
Smart Grid Commun. (SmartGridComm), Gaithersburg, MD, USA,
Oct. 2010, pp. 49–54.
[20] Z. Cai, Z. He, X. Guan, and Y. Li, “Collective data-sanitization
for preventing sensitive information inference attacks in social
networks,” IEEE Trans. Depend. Secure Comput., to be published,
doi: 10.1109/TDSC.2016.2613521.
[21] A. Cammarano, C. Petrioli, and D. Spenza, “Pro-energy: A novel
energy prediction model for solar and wind energy-harvesting wire-
less sensor networks,” in Proc. IEEE 9th Int. Conf. Mobile Ad-Hoc
Sensor Syst. (MASS), Las Vegas, NV, USA, Oct. 2012, pp. 75–83.
[22] S. Capkun, L. Buttyan, and J.-P. Hubaux, “Self-organized public-
key management for mobile ad hoc networks,” IEEE Trans. Mobile
Comput., vol. 2, no. 1, pp. 52–64, Jan./Mar. 2003.
[23] A. A. Cardenas, S. Amin, and S. Sastry, “Secure control: Towards
survivable cyber-physical systems,” in Proc. 28th Int. Conf. Distrib.
Comput. Syst. Workshops, Beijing, China, Jun. 2008, pp. 495–500.
[24] P. Casari et al., “The ‘wireless sensor networks for city-wide
ambient intelligence (WISE-WAI)’ project,” Sensors, vol. 9, no. 6,
pp. 4056–4082, May 2009.
[25] M. A. Chaqfeh and N. Mohamed, “Challenges in middleware solutions
for the Internet of Things,” in Proc. Int. Conf. Collaboration Technol.
Syst. (CTS), Denver, CO, USA, May 2012, pp. 21–26.
[26] U. K. Chaurasia and V. Singh, “MAODV: Modified wormhole detec-
tion AODV protocol,” in Proc. 6th Int. Conf. Contemp. Comput. (IC3),
Noida, India, Aug. 2013, pp. 239–243.
[27] F. Chen, T. Xiang, X. Fu, and W. Yu, “User differentiated verifiable file
search on the cloud,” IEEE Trans. Services Comput., to be published,
doi: 10.1109/TSC.2016.2589245.
[28] I.-R. Chen, J. Guo, and F. Bao, “Trust management for service compo-
sition in SOA-based IoT systems,” in Proc. IEEE Wireless Commun.
Netw. Conf. (WCNC), Istanbul, Turkey, Apr. 2014, pp. 3444–3449.
[29] Z. Chen et al., “A cloud computing based network monitoring and
threat detection system for critical infrastructures,” Big Data Res.,
vol. 3, pp. 10–23, Apr. 2016.
LIN et al.: SURVEY ON IoTs: ARCHITECTURE, ENABLING TECHNOLOGIES, SECURITY AND PRIVACY, AND APPLICATIONS 1139
[30] S. Cheshire, “DNS-based service discovery,” INTERNET-DRAFT
draft-cheshire-dnsext-dns-sd-04.txt, 2011.
[31] C.-H. Cho, K.-H. Do, J.-W. Kim, and M.-S. Jun, “Design of RFID
mutual authentication protocol using time stamp,” in Proc. 4th
Int. Conf. Comput. Sci. Convergence Inf. Technol. (ICCIT), Seoul,
South Korea, Nov. 2009, pp. 1047–1051.
[32] M.-C. Chuang and J.-F. Lee, “TEAM: Trust-extended authentication
mechanism for vehicular ad hoc networks,” IEEE Syst. J., vol. 8, no. 3,
pp. 749–758, Sep. 2014.
[33] C. Doukas and F. Antonelli, “COMPOSE: Building smart & context-
aware mobile applications utilizing IoT technologies,” in Proc. 5th
IEEE Glob. Inf. Infrastruct. Netw. Symp., Trento, Italy, Oct. 2013,
pp. 1–6.
[34] X. Du, Y. Xiao, M. Guizani, and H.-H. Chen, “An effective key man-
agement scheme for heterogeneous sensor networks,” Ad Hoc Netw.,
vol. 5, no. 1, pp. 24–34, 2007.
[35] X. Fu, Z. Ling, W. Yu, and J. Luo, “Cyber crime scene investi-
gations (C2SI) through cloud computing,” in Proc. IEEE 30th Int.
Conf. Distrib. Comput. Syst. Workshops (ICDCSW), Genoa, Italy, 2010,
pp. 26–31.
[36] K. Gama, L. Touseau, and D. Donsez, “Combining heterogeneous
service technologies for building an Internet of Things middleware,”
Comput. Commun., vol. 35, no. 4, pp. 405–417, Feb. 2012.
[37] G. Gan, Z. Lu, and J. Jiang, “Internet of Things security analysis,”
in Proc. Int. Conf. Internet Technol. Appl. (iTAP), Wuhan, China,
Aug. 2011, pp. 1–4.
[38] W. Gao, J. Nguyen, W. Yu, C. Lu, and D. Ku, “Assessing performance
of constrained application protocol (CoAP) in MANET using emula-
tion,” in Proc. ACM Int. Conf. Rel. Convergent Syst. (RACS), Odense,
Denmark, 2016, pp. 103–108.
[39] J. Girao, D. Westhoff, and M. Schneider, “CDA: Concealed data aggre-
gation for reverse multicast traffic in wireless sensor networks,” in Proc.
IEEE Int. Conf. Commun. (ICC), vol. 5. Seoul, South Korea, May 2005,
pp. 3044–3049.
[40] R. Godfrey, D. Ingham, and R. Schloming, OASIS Advanced Message
Queuing Protocol (AMQP) Version 1.0; OASIS Standard,” Oct. 2012.
[41] C. Gomez and J. Paradells, “Wireless home automation networks:
A survey of architectures and technologies,” IEEE Commun. Mag.,
vol. 48, no. 6, pp. 92–101, Jun. 2010.
[42] G. Gomez, F. J. Lopez-Martinez, D. Morales-Jimenez, and
M. R. McKay, “On the equivalence between interference and eaves-
dropping in wireless communications,” IEEE Trans. Veh. Technol.,
vol. 64, no. 12, pp. 5935–5940, Dec. 2015.
[43] A. Gómez-Goiri and D. López-de Ipiña, “A triple space-based semantic
distributed middleware for Internet of Things,” in Proc. Int. Conf. Web
Eng., Vienna, Austria, Jul. 2010, pp. 447–458.
[44] Data Distribution Service (DDS), Version 1.2, Object Manag. Group,
Nov. 2016.
[45] D. Guinard, V. Trifa, S. Karnouskos, P. Spiess, and D. Savio,
“Interacting with the SOA-based Internet of Things: Discovery, query,
selection, and on-demand provisioning of Web services,” IEEE Trans.
Services Comput., vol. 3, no. 3, pp. 223–235, Jul./Sep. 2010.
[46] S. Hadim and N. Mohamed, “Middleware: Middleware challenges and
approaches for wireless sensor networks,” IEEE Distrib. Syst. Online,
vol. 7, no. 3, p. 1, Mar. 2006.
[47] C. Han, J. M. Jornet, E. Fadel, and I. F. Akyildiz, “A cross-layer com-
munication module for the Internet of Things,” Comput. Netw., vol. 57,
no. 3, pp. 622–633, Feb. 2013.
[48] W. He, X. Liu, H. Nguyen, K. Nahrstedt, and T. Abdelzaher, “PDA:
Privacy-preserving data aggregation in wireless sensor networks,”
in Proc. 26th IEEE Int. Conf. Comput. Commun. (INFOCOM),
Anchorage, AK, USA, May 2007, pp. 2045–2053.
[49] X. He, “The two-dimensional bar code application in book manage-
ment,” in Proc. Int. Conf. Web Inf. Syst. Min. (WISM), vol. 1. Sanya,
China, Oct. 2010, pp. 409–411.
[50] R. G. Helps and S. J. Pack, “Cyber-physical system concepts for
IT students,” in Proc. 14th Annu. ACM SIGITE Conf. Inf. Technol.
Educ. (SIGITE), Orlando, FL, USA, Oct. 2013, pp. 7–12.
[51] D. ´Cika, M. Draganic´, and Z. Šipuš, “Active wireless sensor with radio
frequency identification chip,” in Proc. 35th Int. Conv., Opatija, Croatia,
May 2012, pp. 727–732.
[52] E. Ilie-Zudor, Z. Kemény, F. van Blommestein, L. Monostori, and
A. van der Meulen, “Survey paper: A survey of applications and
requirements of unique identification systems and RFID techniques,”
Comput. Ind. Eng., vol. 62, no. 3, pp. 227–252, Apr. 2011.
[53] A. Laya, V.-I. Bratu, and J. Markendahl, “Who is investing in machine-
to-machine communications?” in Proc. 24th Eur. Regional Conf. Int.
Telecommun. Soc., Florence, Italy, Oct. 2013, pp. 1–21.
[54] T. N. Jagatic, N. A. Johnson, M. Jakobsson, and F. Menczer, “Social
phishing,” Commun. ACM, vol. 50, no. 10, pp. 94–100, Oct. 2007.
[55] A. J. Jara, P. Martinez-Julia, and A. Skarmeta, “Light-weight multicast
DNS and DNS-SD (lmDNS-SD): IPv6-based resource and service dis-
covery for the Web of Things,” in Proc. 6th Int. Conf. Innov. Mobile
Internet Services Ubiquitous Comput. (IMIS), Palermo, Italy, Jul. 2012,
pp. 731–738.
[56] B.-Z. Jing et al., “RFID access authorization by face recognition,” in
Proc. Int. Conf. Mach. Learn. Cybern., vol. 1. Jul. 2009, pp. 302–307.
[57] G. Kalnoor and J. Agarkhed, “QoS based multipath routing for intru-
sion detection of sinkhole attack in wireless sensor networks,” in Proc.
Int. Conf. Circuit Power Comput. Technol. (ICCPCT), Mar. 2016,
pp. 1–6.
[58] M. Khanjary and S. M. Hashemi, “Route guidance systems: Review
and classification,” in Proc. 6th Euro Amer. Conf. Telematics Inf.
Syst. (EATIS), Valencia, Spain, May 2012, pp. 1–7.
[59] A. N. Kim, F. Hekland, S. Petersen, and P. Doyle, “When HART
goes wireless: Understanding and implementing the wirelessHART
standard,” in Proc. IEEE Int. Conf. Emerg. Technol. Factory Autom.,
Hamburg, Germany, Sep. 2008, pp. 899–907.
[60] D. S. Kim, T.-H. Shin, and J. S. Park, “Access control and authorization
for security of RFID multi-domain using SAML and XACML,” in Proc.
Int. Conf. Comput. Intell. Security, vol. 2. Nov. 2006, pp. 1587–1590.
[61] R. Kim, H. Lim, and B. Krishnamachari, “Prefetching-based data dis-
semination in vehicular cloud systems,” IEEE Trans. Veh. Technol.,
vol. 65, no. 1, pp. 292–306, Jan. 2015.
[62] D. M. K. Finkenzeller, RFID Handbook: Fundamentals and
Applications in Contactless Smart Cards, Radio Frequency
Identification and Near-Field Communication, 3rd ed. Chichester,
U.K.: Wiley, Aug. 2010.
[63] W. Kluge et al., “A fully integrated 2.4-GHz IEEE 802.15.4-compliant
transceiver for ZigBeeTM trade applications,” IEEE J. Solid-State
Circuits, vol. 41, no. 12, pp. 2767–2775, Dec. 2006.
[64] S. Lahiri, RFID Sourcebook. Upper Saddle River, NJ, USA: IBM Press,
2005.
[65] N. D. Lane et al., “A survey of mobile phone sensing,” IEEE Commun.
Mag., vol. 48, no. 9, pp. 140–150, Sep. 2010.
[66] T. N. Le, W. Yu, X. Bai, and D. Xuan, “A dynamic geographic hash
table for data-centric storage in sensor networks,” in Proc. IEEE Int.
Conf. Comput. Netw. Commun. (WCNC), Las Vegas, NV, USA, 2007,
pp. 2168–2174.
[67] P. Lee, A. Clark, L. Bushnell, and R. Poovendran, “A passivity
framework for modeling and mitigating wormhole attacks on net-
worked control systems,” IEEE Trans. Autom. Control, vol. 59, no. 12,
pp. 3224–3237, Dec. 2014.
[68] M. Leo, F. Battisti, M. Carli, and A. Neri, “A federated architecture
approach for Internet of Things security,” in Proc. Euro Med Telco
Conf. (EMTC), Naples, Italy, Nov. 2014, pp. 1–5.
[69] J. Lin, X. Yang, W. Yu, and X. Fu, “Towards effective en-route filter-
ing against injected false data in wireless sensor networks,” in Proc.
IEEE Glob. Telecommun. Conf. (GLOBECOM), Houston, TX, USA,
Dec. 2011, pp. 1–5.
[70] J. Lin et al., “On distributed energy routing protocols in the smart
grid,” in Software Engineering, Artificial Intelligence, Networking
and Parallel/Distributed Computing (Studies in Computational
Intelligence), vol. 492, R. Lee, Ed. Heidelberg, Germany: Springer,
2013.
[71] J. Lin, W. Yu, and X. Yang, “Towards multistep electricity prices in
smart grid electricity markets,” IEEE Trans. Parallel Distrib. Syst.,
vol. 27, no. 1, pp. 286–302, Jan. 2016.
[72] J. Lin, W. Yu, X. Yang, G. Xu, and W. Zhao, “On false data injec-
tion attacks against distributed energy routing in smart grid,” in Proc.
IEEE/ACM 3rd Int. Conf. Cyber-Phys. Syst. (ICCPS), Beijing, China,
Apr. 2012, pp. 183–192.
[73] J. Lin et al., “A novel dynamic en-route decision real-time route
guidance scheme in intelligent transportation systems,” in Proc. IEEE
35th Int. Conf. Distrib. Comput. Syst. (ICDCS), Columbus, OH, USA,
Jun. 2015, pp. 61–72.
[74] M. B. Line, I. A. Tøndel, and M. G. Jaatun, “Cyber security challenges
in smart grids,” in Proc. 2nd IEEE PES Int. Conf. Exhibit. Innov. Smart
Grid Technol. (ISGT Europe), Manchester, U.K., Dec. 2011, pp. 1–8.
1140 IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 5, OCTOBER 2017
[75] Z. Ling et al., “A new cell counter based attack against tor,” in
Proc. 16th ACM Conf. Comput. Commun. Security (CCS), Chicago,
IL, USA, 2009, pp. 578–589.
[76] Z. Ling et al., “A new cell-counting-based attack against tor,”
IEEE/ACM Trans. Netw., vol. 20, no. 4, pp. 1245–1261, Aug. 2012.
[77] H. Liu, S. Hua, X. Zhuo, D. Chen, and X. Cheng, “Cooperative spec-
trum sharing of multiple primary users and multiple secondary users,”
Digit. Commun. Netw., vol. 2, no. 4, pp. 191–195, 2016.
[78] Y. Liu and G. Zhou, “Key technologies and applications of
Internet of Things,” in Proc. 5th Int. Conf. Intell. Comput. Technol.
Autom. (ICICTA), Zhangjiajie, China, Jan. 2012, pp. 197–200.
[79] S. Lohr, “The age of big data,” New York Times, Feb. 2012.
[80] P. López, D. Fernández, A. J. Jara, and A. F. Skarmeta, “Survey of
Internet of Things technologies for clinical environments,” in Proc. 27th
Int. Conf. Adv. Inf. Netw. Appl. Workshops (WAINA), Barcelona, Spain,
Mar. 2013, pp. 1349–1354.
[81] T. Luckenbach, P. Gober, S. Arbanowski, A. Kotsopoulos, and K. Kim,
“Tinyrest-a protocol for integrating sensor networks into the Internet,”
in Proc. Real-World Wireless Sensor Netw. (REALWSN), Jun. 2005,
pp. 101–105.
[82] S. U. Maheswari, N. S. Usha, E. A. M. Anita, and K. R. Devi, “A novel
robust routing protocol RAEED to avoid DoS attacks in WSN,” in Proc.
Int. Conf. Inf. Commun. Embedded Syst. (ICICES), Chennai, India,
Feb. 2016, pp. 1–5.
[83] R. Mahmoud, T. Yousuf, F. Aloul, and I. Zualkernan, “Internet
of Things (IoT) security: Current status, challenges and prospec-
tive measures,” in Proc. 10th Int. Conf. Internet Technol. Secured
Trans. (ICITST), London, U.K., Dec. 2015, pp. 336–341.
[84] S. Mallapuram, N. Ngwum, F. Yuan, C. Lu, and W. Yu, “Smart city:
The state of the art, datasets, and evaluation platforms,” in Proc. 16th
IEEE/ACIS Int. Conf. Comput. Inf. Sci. (ICIS), 2017.
[85] L. D. Mello and L. T. Kubota, “Review of the use of biosensors as
analytical tools in the food and drink industries,” Food Chem., vol. 77,
no. 2, pp. 237–256, 2002.
[86] D. Miorandi, S. Sicari, F. De Pellegrini, and I. Chlamtac, “Internet of
Things,” Ad Hoc Netw., vol. 10, no. 7, pp. 1497–1516, Sep. 2012.
[87] M. H. Miraz, M. Ali, P. S. Excell, and R. Picking, “A review on Internet
of Things (IoT), Internet of everything (IoE) and Internet of Nano
Things (IoNT),” in Proc. Internet Technol. Appl. (ITA), Wrexham, U.K.,
Sep. 2015, pp. 219–224.
[88] A. Mitrokotsa, M. R. Rieback, and A. S. Tanenbaum, “Classifying
RFID attacks and defenses,” Inf. Syst. Front., vol. 12, no. 5,
pp. 491–505, Nov. 2010.
[89] Y. Mo and B. Sinopoli, “Secure control against replay attacks,”
in Proc. 47th Annu. Allerton Conf. Commun. Control Comput.,
Monticello, IL, USA, Sep./Oct. 2009, pp. 911–918.
[90] J. R. Mohammed, “A new simple adaptive noise cancellation scheme
based on ALE and NLMS filter,” in Proc. 5th Annu. Conf. Commun.
Netw. Services Res. (CNSR), Fredericton, NB, Canada, May 2007,
pp. 245–254.
[91] A. Mukaddam, I. Elhajj, A. Kayssi, and A. Chehab, “IP spoofing detec-
tion using modified hop count,” in Proc. IEEE 28th Int. Conf. Adv. Inf.
Netw. Appl., Victoria, BC, Canada, May 2014, pp. 512–516.
[92] A. Mukherjee, D. Saha, and C. Biswas, “Present scenarios and future
challenges in pervasive middleware,” in Proc. 1st Int. Conf. Commun.
Syst. Software Middleware, New Delhi, India, Jan. 2006, pp. 1–5.
[93] R. Muniz, L. Junco, and A. Otero, “A robust software barcode reader
using the Hough transform,” in Proc. Int. Conf. Inf. Intell. Syst.,
Bethesda, MD, USA, Oct. 1999, pp. 313–319.
[94] J. Nakamura, Image Sensors and Signal Processing for Digital Still
Cameras (Opt. Sci. Eng.). Boca Raton, FL, USA: CRC Press,
Aug. 2005.
[95] J. Newsome, E. Shi, D. Song, and A. Perrig, “The Sybil attack
in sensor networks: Analysis & defenses,” in Proc. 3rd IEEE Int.
Symp. Inf. Process. Sensor Netw., Berkeley, CA, USA, Apr. 2004,
pp. 259–268.
[96] R. P. Padhy, M. R. Patra, and S. C. Satapathy, “Cloud computing:
Security issues and research challenges,” Int. J. Comput. Sci. Inf.
Technol. Security, vol. 1, no. 2, pp. 136–146, Dec. 2011.
[97] M. R. Palattella et al., “On optimal scheduling in duty-cycled indus-
trial IoT applications using IEEE802.15.4e TSCH,” IEEE Sensors J.,
vol. 13, no. 10, pp. 3655–3666, Oct. 2013.
[98] M. R. Palattella et al., “Standardized protocol stack for the Internet
of (important) Things,” IEEE Commun. Surveys Tuts., vol. 15, no. 3,
pp. 1389–1406, 3rd Quart., 2013.
[99] H. B. Pandya and T. A. Champaneria, “Internet of Things: Survey and
case studies,” in Proc. Int. Conf. Elect. Electron. Signals Commun.
Optim. (EESCO), Visakhapatnam, India, Jan. 2015, pp. 1–6.
[100] A. Pingley, W. Yu, N. Zhang, X. Fu, and W. Zhao, “CAP: A context-
aware privacy protection system for location-based services,” in Proc.
IEEE Int. Conf. Distrib. Comput. Syst. (ICDCS), Montreal, QC, Canada,
2009, pp. 49–57.
[101] A. Pingley, W. Yu, N. Zhang, X. Fu, and W. Zhao, “A context-aware
scheme for privacy-preserving location-based services,” Comput. Netw.,
vol. 56, no. 11, pp. 2551–2568, 2012.
[102] R. Prodan and S. Ostermann, “A survey and taxonomy of infrastructure
as a service and Web hosting cloud providers,” in Proc. 10th IEEE/ACM
Int. Conf. Grid Comput., Banff, AB, Canada, Oct. 2009, pp. 17–25.
[103] Q. Pu et al., “Low latency geo-distributed data analytic,” in Proc. ACM
SIGCOMM, London, U.K., Aug. 2015, pp. 421–434.
[104] K. P. N. Puttaswamy, R. Bhagwan, and V. N. Padmanabhan,
“Anonygator: Privacy and integrity preserving data aggregation,” in
Proc. ACM/IFIP/USENIX 11th Int. Conf. Middleware, Bengaluru,
India, 2010, pp. 85–106.
[105] F. Qiu, F. Wu, and G. Chen, “Privacy and quality preserving multimedia
data aggregation for participatory sensing systems,” IEEE Trans.
Mobile Comput., vol. 14, no. 6, pp. 1287–1300, Jun. 2015.
[106] X. Ren, X. Yang, J. Lin, Q. Yang, and W. Yu, “On scaling pertur-
bation based privacy-preserving schemes in smart metering systems,”
in Proc. 22nd Int. Conf. Comput. Commun. Netw. (ICCCN), Nassau,
The Bahamas, Jul. 2013, pp. 1–7.
[107] D. Romero et al., RESTful Integration of Heterogeneous Devices
in Pervasive Environments. Heidelberg, Germany: Springer, 2010,
pp. 1–14.
[108] L. Roselli et al., “Review of the present technologies concurrently con-
tributing to the implementation of the Internet of things (IoT) paradigm:
RFID, green electronics, WPT and energy harvesting,” in Proc. IEEE
Topical Conf. Wireless Sensors Sensor Netw. (WiSNet), San Diego, CA,
USA, Jan. 2015, pp. 1–3.
[109] A. Roxin, C. Dumez, N. Cottin, J. Gaber, and M. Wack, “TransportML:
A middleware for location-based services collaboration,” in Proc. 3rd
Int. Conf. New Technol. Mobility Security, Cairo, Egypt, Dec. 2009,
pp. 1–6.
[110] A. K. Sahoo, A. Das, and M. Tiwary, “Firewall engine based on graph-
ics processing unit,” in Proc. Int. Conf. Adv. Commun. Control Comput.
Technol. (ICACCCT), May 2014, pp. 758–763.
[111] P. Saint-Andre, “Extensible messaging and presence protocol (XMPP):
Core,” Internet Eng. Task Force, Fremont, CA, USA, RFC 6121,
Mar. 2011.
[112] M. Sarkar and D. B. Roy, “Prevention of sleep deprivation attacks using
clustering,” in Proc. 3rd Int. Conf. Electron. Comput. Technol. (ICECT),
vol. 5. Apr. 2011, pp. 391–394.
[113] S. Schneider, Understanding the Protocols Behind the Internet
of Things, Electron. Design, Oct. 2013. [Online]. Available:
http://electronicdesign.com/iot/understanding-protocols-behind-
internet-things
[114] A. Seshadri, A. Perrig, L. van Doorn, and P. Khosla, “SWATT:
Software-based attestation for embedded devices,” in Proc. IEEE Symp.
Security Privacy, Berkeley, CA, USA, May 2004, pp. 272–282.
[115] K. Sha, W. Wei, A. Yang, and W. Shi, “Security in Internet of Things:
Opportunities and challenges,” in Proc. Int. Conf. Identification Inf.
Knowl. Internet Things, Oct. 2016, pp. 49–50.
[116] W. Shi, J. Cao, Q. Zhang, Y. Li, and L. Xu, “Edge computing: Vision
and challenges,” IEEE Internet Things J., vol. 3, no. 5, pp. 637–646,
Oct. 2016.
[117] V. Soni, P. Modi, and V. Chaudhri, “Detecting sinkhole attack in wire-
less sensor network,” Int. J. Appl. Innov. Eng. Manag., vol. 2, no. 2,
pp. 29–32, Feb. 2013.
[118] P. Spiess et al., “Soa-based integration of the Internet of Things in
enterprise services,” in Proc. IEEE Int. Conf. Web Services (ICWS),
Los Angeles, CA, USA, Jul. 2009, pp. 968–975.
[119] J. A. Stankovic, “Research directions for the Internet of Things,” IEEE
Internet Things J., vol. 1, no. 1, pp. 3–9, Feb. 2014.
[120] I. Stojmenovic and S. Wen, “The fog computing paradigm: Scenarios
and security issues,” in Proc. Federated Conf. Comput. Sci. Inf.
Syst. (FedCSIS), Warsaw, Poland, Sep. 2014, pp. 1–8.
[121] I. Studnia et al., “Survey on security threats and protection mechanisms
in embedded automotive networks,” in Proc. 43rd Annu. IEEE/IFIP
Conf. Depend. Syst. Netw. Workshop (DSN W), Budapest, Hungary,
Jun. 2013, pp. 1–12.
LIN et al.: SURVEY ON IoTs: ARCHITECTURE, ENABLING TECHNOLOGIES, SECURITY AND PRIVACY, AND APPLICATIONS 1141
[122] H. Suo, J. Wan, C. Zou, and J. Liu, “Security in the Internet of Things:
A review,” in Proc. Int. Conf. Comput. Sci. Electron. Eng. (ICCSEE),
vol. 3. Hangzhou, China, Mar. 2012, pp. 648–651.
[123] J. Tan and S. G. M. Koo, “A survey of technologies in Internet
of Things,” in Proc. IEEE Int. Conf. Distrib. Comput. Sensor Syst.,
Marina Del Rey, CA, USA, May 2014, pp. 269–274.
[124] L. Tan and N. Wang, “Future Internet: The Internet of Things,” in
Proc. 3rd Int. Conf. Adv. Comput. Theory Eng. (ICACTE), vol. 5.
Chengdu, China, Aug. 2010, pp. V5-376–V5-380.
[125] C.-W. Tsai, C.-F. Lai, M.-C. Chiang, and L. T. Yang, “Data mining for
Internet of Things: A survey,” IEEE Commun. Surveys Tuts., vol. 16,
no. 1, pp. 77–97, 1st Quart., 2014.
[126] S. Wang and C. Wang, “Joint optimization of spectrum and energy
efficiency in cognitive radio networks,” Digit. Commun. Netw., vol. 1,
no. 3, pp. 161–170, 2015.
[127] X. Wang, W. Yu, A. Champion, X. Fu, and D. Xuan, “Detecting
worms via mining dynamic program execution,” in Proc. 3rd Int. Conf.
Security Privacy Commun. Netw., Nice, France, 2007, pp. 412–421.
[128] T. Winter et al., “RPL: Ipv6 routing protocol for low-power and lossy
networks,” Internet Eng. Task Force, Fremont, CA, USA, RFC 6550,
Mar. 2012.
[129] D. Wu, B. Yang, and R. Wang, “Scalable privacy-preserving big
data aggregation mechanism,” Digit. Commun. Netw., vol. 2, no. 3,
pp. 122–129, 2016.
[130] F.-J. Wu, Y.-F. Kao, and Y.-C. Tseng, “Review: From wireless sensor
networks towards cyber physical systems,” Pervasive Mobile Comput.,
vol. 7, no. 4, pp. 397–413, Aug. 2011.
[131] J. Wu and W. Zhao, “Design and realization of WInternet: From Net
of Things to Internet of Things,” ACM Trans. Cyber Phys. Syst., vol. 1,
no. 1, Feb. 2017, Art. no. 2.
[132] M. Wu, T.-J. Lu, F.-Y. Ling, J. Sun, and H.-Y. Du, “Research on
the architecture of Internet of Things,” in Proc. 3rd Int. Conf. Adv.
Comput. Theory Eng. (ICACTE), vol. 5. Chengdu, China, Aug. 2010,
pp. V5-484–V5-487.
[133] Y. Xiao et al., “A survey of key management schemes in wireless sensor
networks,” J. Comput. Commun., vol. 30, nos. 11–12, pp. 2314–2341,
2007.
[134] L. Xu, C. Jiang, J. Wang, J. Yuan, and Y. Ren, “Information secu-
rity in big data: Privacy and data mining,” IEEE Access, vol. 2,
pp. 1149–1176, Oct. 2014.
[135] L. D. Xu, “Enterprise systems: State-of-the-art and future trends,” IEEE
Trans. Ind. Informat., vol. 7, no. 4, pp. 630–640, Nov. 2011.
[136] L. D. Xu, W. He, and S. Li, “Internet of Things in industries: A survey,”
IEEE Trans. Ind. Informat., vol. 10, no. 4, pp. 2233–2243, Nov. 2014.
[137] B. Yang, K. Wu, and R. Karri, “Scan based side channel attack on ded-
icated hardware implementations of data encryption standard,” in Proc.
Int. Test Conf. (ITC), Charlotte, NC, USA, Oct. 2004, pp. 339–344.
[138] H. Yang and S.-H. Yang, “RFID sensor network network architectures
to integrate RFID, sensor and WSN,” Meas. Control, vol. 40, no. 2,
pp. 56–59, Mar. 2007.
[139] Q. Yang, L. Chang, and W. Yu, “On false data injection attacks against
Kalman filtering in power system dynamic state estimation,” Security
Commun. Netw., vol. 9, no. 9, pp. 833–849, Jun. 2016.
[140] Q. Yang et al., “On data integrity attacks against optimal power flow in
power grid systems,” in Proc. Annu. IEEE Consumer Commun. Netw.
Conf. (CCNC), Las Vegas, NV, USA, 2017.
[141] Q. Yang et al., “On false data-injection attacks against power system
state estimation: Modeling and countermeasures,” IEEE Trans. Parallel
Distrib. Syst., vol. 25, no. 3, pp. 717–729, Mar. 2014.
[142] X. Yang et al., “Towards a low-cost remote memory attestation for the
smart grid,” Sensors, vol. 15, no. 8, pp. 20799–20824, Aug. 2015.
[143] X. Yang et al., “A novel en-route filtering scheme against false data
injection attacks in cyber-physical networked systems,” IEEE Trans.
Comput., vol. 64, no. 1, pp. 4–18, Jan. 2015.
[144] X. Yang, X. Ren, J. Lin, and W. Yu, “On binary decomposition
based privacy-preserving aggregation schemes in real-time monitor-
ing systems,” IEEE Trans. Parallel Distrib. Syst., vol. 27, no. 10,
pp. 2967–2983, Oct. 2016.
[145] X. Yang et al., “Data integrity attacks against the distributed
real-time pricing in the smart grid,” in Proc. IEEE Int. Perform.
Comput. Commun. Conf. (IPCCC), Las Vegas, NV, USA, 2016,
pp. 1–8.
[146] X. Yang, P. Zhao, X. Zhang, J. Lin, and W. Yu, “Toward a Gaussian-
mixture model-based detection scheme against data integrity attacks in
the smart grid,” IEEE Internet Things J., vol. 4, no. 1, pp. 147–161,
Feb. 2017.
[147] S. Yi, C. Li, and Q. Li, “A survey of fog computing: Concepts, appli-
cations and issues,” in Proc. Workshop Mobile Big Data, Hangzhou,
China, Jun. 2015, pp. 37–42.
[148] W. Yu, X. Fu, S. Graham, D. Xuan, and W. Zhao, “DSSS-based
flow marking technique for invisible traceback,” in Proc. IEEE Symp.
Security Privacy (S P), Oakland, CA, USA, 2007, pp. 18–32.
[149] W. Yu, D. Griffith, L. Ge, S. Bhattarai, and N. Golmie, “An integrated
detection system against false data injection attacks in the smart grid,”
Security Commun. Netw., vol. 8, no. 2, pp. 91–109, 2015.
[150] W. Yu, T. N. Le, D. Xuan, and W. Zhao, “Query aggregation for
providing efficient data services in sensor networks,” in Proc. IEEE
Mobile Ad-Hoc Sensor Syst. (MASS), Fort Lauderdale, FL, USA, 2004,
pp. 31–40.
[151] W. Yu and J. Lee, “Efficient energy sensitive routing protocols in
mobile ad-hoc networks,” in Proc. Int. Conf. Wireless Netw., Las Vegas,
NV, USA, 2002.
[152] W. Yu, G. Xu, Z. Chen, and P. Moulema, “Cyber crime scene investiga-
tions (C2SI) through cloud computing,” in Proc. IEEE Conf. Commun.
Netw. Security (CNS), Washington, DC, USA, 2013, pp. 26–31.
[153] W. Yu, D. Xuan, B. Graham, S. Santhanam, R. Bettati, and W. Zhao,
“An integrated middleware-based solution for supporting secured
dynamic-coalition applications in heterogeneous environments,” in
Proc. IEEE Workshop Inf. Assurance Security, West Point, NY, USA,
2002, pp. 259–264.
[154] W. Yu, N. Zhang, X. Fu, and W. Zhao, “Self-disciplinary worms and
countermeasures: Modeling and analysis,” IEEE Trans. Parallel Distrib.
Syst., vol. 21, no. 10, pp. 1501–1514, Oct. 2010.
[155] A. Zanella, N. Bui, A. Castellani, L. Vangelista, and M. Zorzi, “Internet
of Things for smart cities,” IEEE Internet Things J., vol. 1, no. 1,
pp. 22–32, Feb. 2014.
[156] A. Zaslavsky, C. Perera, and D. Georgakopoulos, “Sensing as a service
and big data,” in Proc. Int. Conf. Adv. Cloud Comput. (ACC), Charlotte,
NC, USA, Jul. 2012.
[157] J. Zhang, D. Gu, Z. Guo, and L. Zhang, “Differential power cryptanaly-
sis attacks against present implementation,” in Proc. 3rd Int. Conf. Adv.
Comput. Theory Eng. (ICACTE), vol. 6. Chengdu, China, Aug. 2010,
pp. V6-61–V6-65.
[158] K. Zhang, X. Liang, R. Lu, and X. Shen, “Sybil attacks and their
defenses in the Internet of Things,” IEEE Internet Things J., vol. 1,
no. 5, pp. 372–383, Oct. 2014.
[159] L. Zhang, Z. Cai, and X. Wang, “Fakemask: A novel privacy preserving
approach for smartphones,” IEEE Trans. Netw. Service Manag., vol. 13,
no. 2, pp. 335–348, Jun. 2016.
[160] X. Zhang, X. Yang, J. Lin, G. Xu, and W. Yu, “Towards efficient
and secured real-time pricing in the smart grid,” in Proc. IEEE Glob.
Commun. Conf. (GLOBECOM), San Diego, CA, USA, Dec. 2015,
pp. 1–6.
[161] X. Zhang, X. Yang, J. Lin, G. Xu, and W. Yu, “On data integrity attacks
against real-time pricing in energy-based cyber-physical systems,”
IEEE Trans. Parallel Distrib. Syst., vol. 28, no. 1, pp. 170–187,
Jan. 2017.
[162] K. Zhao and L. Ge, “A survey on the Internet of Things security,”
in Proc. 9th Int. Conf. Comput. Intell. Security (CIS), Dec. 2013,
pp. 663–667.
[163] N. Zhao, F. R. Yu, M. Li, and V. C. M. Leung, “Anti-eavesdropping
schemes for interference alignment (IA)-based wireless networks,”
IEEE Trans. Wireless Commun., vol. 15, no. 8, pp. 5719–5732,
Aug. 2016.
[164] K. Zheng, F. Hu, W. Wang, W. Xiang, and M. Dohler, “Radio
resource allocation in LTE-advanced cellular networks with m2m com-
munications,” IEEE Commun. Mag., vol. 50, no. 7, pp. 184–192,
Jul. 2012.
[165] X. Zheng, Z. Cai, J. Li, and H. Gao, “Location-privacy-aware
review publication mechanism for local business service systems,” in
Proc. 36th Annu. IEEE Int. Conf. Comput. Commun. (INFOCOM),
Atlanta, GA, USA, 2017, pp. 1–9.
[166] H. Zhou, The Internet of Things in the Cloud: A Middleware
Perspective, 1st ed. Boca Raton, FL, USA: CRC Press, Oct. 2012.
1142 IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 5, OCTOBER 2017
Jie Lin received the B.S. and Ph.D. degrees from the
Department of Computer Science and Technology,
Xi’an Jiaotong University, Xi’an, China, in 2009 and
2013, respectively.
He is currently an Associate Professor with the
Department of Computer Science and Technology,
Xi’an Jiaotong University. His current research
interests include smart grid, cyberspace security, and
computer networks.
Wei Yu received the B.S. degree in electrical engi-
neering from the Nanjing University of Technology,
Nanjing, China, in 1992, the M.S. degree in elec-
trical engineering from Tongji University, Shanghai,
China, in 1995, and the Ph.D. degree in computer
engineering from Texas A&M University, College
Station, TX, USA, in 2008.
He was with Cisco Systems Inc., San Jose, CA,
USA, for nine years. He is currently an Associate
Professor with the Department of Computer and
Information Sciences, Towson University, Towson,
MD, USA. His current research interests include cyberspace security and pri-
vacy, computer networks, cyber-physical systems, and distributed computing.
Dr. Yu was a recipient of the 2014 NSF CAREER Award, the 2015
University System of Maryland (USM) Regents’ Faculty Award for Excellence
in Scholarship, Research, or Creative Activity, the USM’s Wilson H. Elkins
Professorship Award in 2016, and the Best Paper Awards from IEEE ICC
2008, ICC 2013, and IEEE IPCCC 2016.
Nan Zhang received the B.S. degree in computer
science from Peking University, Beijing, China, in
2001, and the Ph.D. degree in computer science from
Texas A&M University, College Station, TX, USA,
in 2006.
He is an Associate Professor of Computer Science
with the George Washington University, Washington,
DC, USA. His current research interests include
databases, data analytics, and information pri-
vacy/security.
Dr. Zhang was a recipient of several awards
including the NSF CAREER Award in 2008, the Best Paper Award of IEEE
ICC 2013 and IEEE NAS 2010, the Best Student Paper Award of ACM
CIKM 2013, the Best Paper Nomination from IEEE ISI 2015, and the GW
Technology Transfer Innovation Price and the First Place finish at the GW
Business Plan Competition, both in 2012.
Xinyu Yang received the B.S., M.S., Ph.D. degrees,
and Diploma degree in computer science and
technology from Xi’an Jiaotong University, Xi’an,
China, in 1995, 1997, 2001, and 2001, respectively.
He is currently a Professor with the Department of
Computer Science and Technology, Xi’an Jiaotong
University. His current research interests include
wireless communication, mobile ad hoc networks,
and network security.
Hanlin Zhang received the B.S. degree in software
engineering from Qingdao University, Qingdao,
China, in 2010, and the M.S. degree in applied
information technology and Doctoral degree in infor-
mation technology from Towson University, Towson,
MD, USA, in 2011 and 2016, respectively.
He is currently an Assistant Professor with
the Department of Computer Science, Qingdao
University. His current research interests include
information security, cloud security, mobile security,
and network security.
Wei Zhao received the undergraduate program in
physics degree from Shaanxi Normal University,
Xi’an, China, in 1977, and the M.S. and Ph.D.
degrees in computer and information sciences from
the University of Massachusetts Amherst, Amherst,
MA, USA, in 1983 and 1986, respectively.
He was the Dean of the School of Science,
Rensselaer Polytechnic Institute, Troy, NY, USA. He
is currently the Rector with the University of Macau,
Macau, China. From 2005 to 2006, he was the
Director for the Division of Computer and Network
Systems, U.S. National Science Foundation, Arlington, TX, USA, when he
was on leave from Texas A&M University, College Station, TX, USA, where
he was a Senior Associate Vice President for Research and a Professor of
Computer Science. He was the Founding Director of the Texas A&M Center
for Information Security and Assurance, which has been recognized as a
Center of Academic Excellence in Information Assurance Education by the
National Security Agency. Since then, he has been a Faculty Member with
Amherst College, Amherst, MA, USA, the University of Adelaide, Adelaide
SA, Australia, and Texas A&M University. His current research interests
include distributed computing, real-time systems, computer networks, and
cyber space security.

欢迎咨询51作业君