See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/327393779

Features and Potential Security Challenges for IoT Enabled Devices in Smart City
Environment

Article in International Journal of Advanced Computer Science and Applications · August 2018
DOI: 10.14569/IJACSA.2018.090830

CITATIONS READS
20 642

1 author:

Gasim Alandjani
Yanbu Industrial College
43 PUBLICATIONS 190 CITATIONS

SEE PROFILE

All content following this page was uploaded by Gasim Alandjani on 12 February 2019.

The user has requested enhancement of the downloaded file.

 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 9, No. 8, 2018

Features and Potential Security Challenges for IoT

Enabled Devices in Smart City Environment
Dr. Gasim Alandjani
CSE-ICT Department
Yanbu University College
Yanbu Alsinayah, Kingdom of Saudi Arabia

Abstract—Introduction of Internet of Things in our lives have 26 billion devices will have IoT enabled sensors, which
brought drastic changes in the social norms, working habits, eventually will be creating huge opportunities for for hardware
ways of completing tasks and planning for future. Data about our manufacturers, data centers users, and developers. IDC also
interactions with everyday objects can be effectively transmitted expects huge investment in IoT industry with “billions of
to their destinations with many communicating tags that also devices and trillions of dollars” by the end of the decade and
often provide specific location information. The risk of potential resulting with the following potential challenges.
eavesdropping is always a major concern of data owners. Since
Internet of Things is primarily responsible for carrying data of  Enterprise: Security issues could pose safety risks.
smart objects which are mostly connected over wireless
technologies, securing of information carried by these wireless  Security: Increased automation and digitization creates
links to safeguard the private information is of utmost new security apprehensions.
importance. Cryptographic techniques to cypher data carried by
 Data: Tons of data will be generated, both for big data
the IoT networks is one possibility which is not feasible due to the
lack of sufficient computing resources at the sensor end of IoT
and personal data.
devices. In this paper, we discuss various security issues that  Consumer Privacy: Potential of privacy breaches.
haunt the secure IoT deployments and propose a layered solution
model that prevents breach of security during transmission of  Data Centre Network: WAN links are optimized for
data. human interface applications, IoT is expected to
dramatically change patterns by transmitting data
Keywords—IoT; privacy; smart city; smart society; actuators; automatically
sensors; industrial 4.0;5G
 Server Technologies: More investment in servers will
I. INTRODUCTION be necessary.
Technology is taking us to the next level for providing end  Storage Management: Industry needs to figure out a
users with state of the art services by using latest cutting-edge cost-effective way to deal with tons of data generated
technologies. As far as security is concerned for all these latest by these IoT enabled sensors.
technology we can take example of Internet which is still not
secure, so same is the case with other technologies and As technology is getting smarter there is great increase in
eventually there is no expectations that IoT will be secure. popularity of tinny technological gadgets including Smart
However, with the passage of time security is constantly wristbands, toasters and dog collars which aren’t a huge
evolving to meet new challenges and also addressing the old concern from a security perspective, due to low cost and there
ones that we’ve faced in past, and we’ll see them again, with is lack of processing power in these devices which is another
IoT and succeeding associated technologies. security problem, as most advanced encryption techniques
simply wouldn’t work very well, on the other hand if more
Leading companies have stopped development for old processing and storage capacity is added to these devices
technologies and shifted development for latest cutting-edge which will eventually increase their cost and will throw than
technologies, recent example is Intel who drops plans to out of the competition of these popular devices. In a Survey
develop spectre microcode for ancient chips. HP reviled that 70% of IoT devices are vulnerable to
New manufacturing processes generally result in faster and attackers.
more efficient processors, and time is not far when this gap Here is a list of points to consider that can help in improving
will close, thus providing developers with enough processing security.
power in these devices to implement enhanced and better
 Security emphasis from day first
security features.
 Lifecycle, future-proofing, updates
According to research firms International Data
Corporation (IDC) and Gartner, IoT will grow to technology  Consideration for Access control and device
to such advance level that which will change layout and authentication
processing requirements which are available in current format
of data centers. Gartner predicts by 2020 IoT market will have  Never underestimate power of hackers

231 | P a g e
www.ijacsa.thesai.org
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 9, No. 8, 2018

 Well Prepare for possible security weak points and principles aligning to technology, people, and institutions of
their solutions. smart city and it further goes to show human learnings based
on these facts. [6, 7] describe that most studies on practices of
Based on usage, network location and processing power of smart city address issues of technological infrastructure and
IoT devices the level of threat varies from device to device associated enabling technologies. The focus on state of the art
and there are uncountable concerns to consider while using infrastructure will help technology, accessibility and
them for domestic purpose end users should have sufficient availability of systems. [8] describes the iCore project which
knowledge about all these threats before they start using these is large management system for IOT in ecosystem. It consists
devices at homes and offices for personal use. of following components VO virtual objects, composite virtual
Users should be ready for potential security breaches. As objects and real world objects. In USA there are also many
they are inevitable, it can happen to you or someone else. IOT based projects. One of the projects is proposed by
Make sure that you should always have a solution for any DARPA which is High Assurance Cyber Military System
possible security breach for maximum security of data and (HACMS), it assures that military vehicles, equipment and
interpreting compromised data useless without breaking your drones cannot be hacked from outside. Roseline is another
IoT infrastructure( most the time It infrastructure in offices is project which is issued by NSF. Its work is to enhance the
and will be more secure as compared to normal users who will robustness in cyber-physical systems. Furthermore NSF
be using these devices for personal use at their homes. projects are: XIA-NP (Development-Driven Evaluation and
Evolution of the expressive Internet Architecture) which
If they are interested in expanding services through the IoT describes the diversity in network models, NDN-NP( Named
then they must keep consumer choice and preference while Data Networking-Next Phase addresses the technical
deciding which capabilities they would deliver on a challenges like routing, scalability, fast forwarding, trust
smartphone versus a smart watch. Similarly, a Mobile App models and privacy. NEBULA provides architecture for cloud
Development Service Provider should use the same lens while computing, and Mobility next Phase describes general mobile
developing applications for those connected devices. delay tolerant. These projects will explore novel network
While talking to user end services in smart city, which is architecture and protocols. Further projects are included by
offering a vast range of device automation and management at National Basic Research Program focuses on the Security
user side. The major security issues in IOT field are Protection among different entities of IOT.FIRE (Future
confidentiality, authentication, access control, trust, mobile Internet Research and Experimentation) is a project of Europe,
security, privacy, policy enforcement and secure middleware. China and Korea which is realization of different IOT
technologies in different areas. EU-JAPAN cooperate for
II. RELATED WORK developing global standards and seamless communication.[9]
Security in IOT is very interesting topic these days. Many describe a cloud model for provision of efficient services to
projects are started in this context. One of the projects is the end users without compromising their personal security
Butler which is European Union FP7 projects. It provides which using cloud any community cloud, it further describe
secure context-aware and location aware services to assist different available solutions based on different types of clouds
smart home, city, hospitals and business domains. [1] e.g public cloud, private cloud and community cloud. [10]
describes about Iot applications and their interaction with each describes a triple-helix model which enable to study the
other based on different nature of hardware interfaces different knowledge base of an urban economy for local community
devices are not able to communicate properly so is the case support regarding evolution of key components of innovation
with different types of applications which have been designed system, it further claims that cities can be considered as the
but still there are some missing dots that need to be filled to intellectual capital of universities, the wealth creation for
get maximum from these IoT based application which have industries and democratic government for civil society
been used to provide different services.[2] describes the Hydra interaction of these three densities generate dynamic spaces
project develops middleware for network embedded systems where knowledge can be used for bootstrap as technology for
based on service oriented architecture. This project deals with regional systems.[11] describes the conceptual scene for city
security issues and trust issues among distributed components e-governance, with a major focus on creation of cooperative
of middleware. The role of middleware is to incorporate digital environments to enable local competitiveness and
among heterogeneous devices using different technologies. [3] prosperity through knowledge networks and partnerships, it
Describes basic principles with methodology of experiment further showed results of a very detailed survey study in
which will be bridging social network interactions and sensor which was conducted in twelve European cities. [12]describes
measurements. Its aim is to exploit the smartSantander for smart infrastructure framework development supported by
sensor measurement and communication to the public. And survey regarding accuracy for position of any devices which
also to analyze and summarized sensor reporting and have been used for providing services to the inhabitants of
development of collective aware applications. [4] Describes smart society, it also discusses main advantages of proposed
uTRUSTit project which is usable trust in Internet of things. It architecture with measureable and non-measureable benefits.
offers the trust feedback toolkit in order to enhance user [13] describes a smart innovation ecosystem characteristics
security. [5] Describes for consideration of a particular city as which clarify the assembly of all smart city concepts into
smarter one based on different practices. It has used a set of green , open, instrumented, integrated and intelligent layers
multidimensional components as a core factor for smart city which further compose a planning frame work which is called
and successful delivery of its services. It also offers strategic smart city reference model based on different shapes and sizes

232 | P a g e
www.ijacsa.thesai.org
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 9, No. 8, 2018

of cities. This model can be used to for smart policy comprehensive, end-to-end approach is required to secure it.
paradigms and encirclement the green, broadband and urban Which is very difficult to develop.
economies. [14] Explains the industrial 4.0 where human will
be replaced by AI based robots which can be controlled by B. Absence or Immaturity of Standards
augmented reality based on needs and typical routine The IoT lacks well-established predominant standards [17]
requirements of work flow and in case of emergency to that describe about different components of technology should
control the delicate processes and critical situations. [15] interact. Some segments, such as industrials, still rely on a
Highlights the issues that can be a reason in increase of small set of proprietary, incompatible technology standards
multidimensional challenges for both (city residents and issued by the major players, as they have done for many years.
administration) entities of smart cities and further proposed a In other segments, such as automotive or smart buildings,
conceptual framework of cloud based architecture context standards are basic. Development of end-to-end security
aware smart services for inhabitants of smart cities. [16] its solutions in absence of common standards will be difficult
discusses about some standard navigation system which help task for IoT device manufacturers.
to create a navigation model which can be used to find
C. Consideration of IoT as Commodity
location of service providing devices installed on different
locations of smart city. [17] described about future trends With all new productive gadgets of IoT majority of
which will be going to create a community where classes will customers still consider it more as commodity rather
be defined based on community services for different classes considering it a mature product that’s the main reason they
and it will further create an environment of a jail-less don’t think to go for security of these devices.
community where there is be no conventional jail for D. Challenges for Manufacturers
criminals rather they will be deprived of some services and
they have to inform local police before leaving premises of Most of the semiconductor manufacturing companies are
smart city. currently struggling a lot to embed security features during
manufacture process as it result in high cost and difficult to
There is enormous pressure on the city management to meet market cost effective demands. One side role f IoT in
provide sustainable services and facilities to the growing cities smart buildings is expected to increase by 40%, On the other
paving the way to launch smart city initiatives by the hand IoT security breaches are rising in residential
government, public and private sector. IoT has also gained applications. This security trend may vary at user end based
importance in smart city development. IoT facilitate people on their usage behavior e.g. some users might update firmware
and things to connect with each other at anytime, anyplace, continuously on the other side some might not be updating
with anyone by using any network to access their required them which will eventually become a potential security risk
services. Smart city concept revolves around six fundamentals for these devices.
namely, smart people, smart governance, smart economy,
smart mobility, smart living and smart environment. Smart There is a great need to propose a sensor network model
City and IoT are evolving together to achieve the same goals. which follow the layered approach and get data in a systematic
IoT heavily relies on cloud services for data consolidation, big way from different sensors according to requirement for
data analytics, reporting and web front-end etc. Everything as communication.
a service (XaaS) is the concept offered by cloud to offer
different levels of services as per the requirements of the end
users or devices. The basic idea behind cloud computing and
storage is to concentrate resources such as hardware and
software into geographically diverse locations and offer those
resources as service to large number of consumers who are
located in many different geographical locations. There are
three well defined levels of cloud services i.e. Platform-as-a-
Service (PaaS), Infrastructure-as-a-Service (IaaS), and
Software-as-a-Service (SaaS). Based on these models sensing
as a Service model is designed to address solutions for IoT
and challenges in Smart City. It consists of four Conceptual
Layers as mentioned subsequently:
III. MAJOR SECURITY CHALLENGES
There a numerous security challenges for IoT devices with
current available infrastructure as of now and providing
connectivity in smart city environment.
A. Technical Sophistication Gaps
A multifaceted system of connected devices opens many Fig. 1. Data Collection through Different Sensors.
new attack vectors, even at individual level if each device is
secure while not connected to network. Since a system’s most This data can be collected by using different low
vulnerable point decides its overall security level, a computing devices including smart phones. Below figures are

233 | P a g e
www.ijacsa.thesai.org
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 9, No. 8, 2018

depicting different types of data collected by different sensors to get access to this system with intention to alter it for some
and then further plotted them against different values which specific goals results could catastrophic as people might be
smart city users will be using collecting data of smart relying on output values provided by these sensors. In case
environment to show it from different aspects. they get some wrong results at some critical time which might
generate great loss if there is extra ordinary increase in CO2.
Fig. 1 is showing data of different sensors which we have
calibrated by use of Cisco Packet Tracer software, where we Fig. 4 is showing different levels of ambient temperature
can add different sensors and read output for different values variation at different intervals of time throughout the whole
in any given scenario before its physical deployment. day, these values have been taken in normal situation, in case
if some unauthorized person manage to get access to this
Fig. 2 is showing different levels of atmospheric pressure system with intention to alter it for some specific goals results
at different intervals of time, these values have been taken in could catastrophic as people might be relying on output values
normal situation, in case if some unauthorized person manage provided by these sensors. In case they get some wrong results
to get access to this system with intention to alter it for some at some critical time which might generate great loss if there is
specific goals results could catastrophic as people might be extra ordinary change in environmental temperature and it
relying on output values provided by these sensors. In case might further make is critical for industry especial in the
they get some wrong results at some critical time which might presence of industrial 4.0 if it goes unnoticed due to fake
generate great loss. readings presented through any compromised IoT monitoring
system.

Fig. 4. Ambient Temperature Variations throughout a Day.

Fig. 2. Atmospheric Pressure.

Fig. 5. Humidity Level throughout a Day.

Fig. 3. Carbon Dioxide Levels.

Fig. 3 is showing different levels of Carbon Dioxide at

different intervals of time, these values have been taken in
normal situation, in case if some unauthorized person manage

234 | P a g e
www.ijacsa.thesai.org
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 9, No. 8, 2018

structure, however some of the KMS are effective like Blom

and polynomial schema whose computational overhead is low
and use public key infrastructure (PKI). A transmission model
which uses signature-encapsulation schemes and provides
anonymity, attack-resistance and trustworthiness. This model
utilizes object naming service (ONS) queries. Root ONS
authenticates queries by local ONS via trusted authentication
server (TAS) and prevents illegal ONS. Remote information
server of things (R-TIS) wraps the information in encryption
layer with the public key of routing node. The information is
routed at every node until the local information server of
things (L-TIS) receives plain text. However this method is
weak in attack-resistance. Although above methods provide
better security in terms of confidentiality and authentication
but some questions are really answerable i.e. at which layer
we should apply security mechanism, how to handle keys,
which key distribution method will be useful, can we use
Fig. 6. Sensors Data Graphical View. previous authentication mechanism and how to apply end-to-
end integrity to prevent malicious attacks. Some of the recent
Fig. 5 is showing different levels of humidity at different work to address such questions is authentication mechanism
intervals of time, these values have been taken in normal for IOT using lightweight encryption using XOR manipulation
situation, in case if some unauthorized person manage to get for anti-counterfeiting and privacy protection, for WSN user
access to this system with intention to alter it for some specific authentication and key agreement between users and remote
goals results could catastrophic as people might be relying on sensors and another lightweight encryption mechanism called
output values provided by these sensors. In case they get some elliptic curve cryptography (ECC) for authentication and
wrong results at some critical time which might generate great attribute based access control.
loss if there is some extra ordinary change in humidity.
B. Access Control
Putting all these together, Fig. 6 is showing all data in a
single graph for values of all these sensors. Showing them at a Access means how different resources are provided to
single graph help to read understand overall data trends for different users. Two terms are frequently used; data holders
different sensors. In case they get some wrong results about which are users and things while data collectors are sensors
any of the above sensors at some critical time which might and service providers. In IOT data streams have to be
generate great loss if there is extra ordinary change in processed and many queries are generated so enough data
environmental temperature, CO2, Humidity, atmospheric manipulation is needed. Every node is given a limited
pressure and humidity level. it might further make is critical computational, storage capacity and single key. Other keys are
for industry especial in the presence of industrial 4.0 if it goes manipulated so storage capacity is saved. The authentication
unnoticed due to fake readings presented through any system for emergency cases e.g. in case of accidents
compromised IoT monitoring system. availability, name and location must be provided. Nile security
architecture is also very popular which process data streams
IV. IOT SECURITY SERVICES by frequent queries using cipher encryption and decryption
keys. The authentication process for the outsourced data (in
Following services are used by IoT devices in smart city cloud computing). It involves authentication from the source
environment sharing data through sensors. and process queries for clients so data from authenticated
A. Authentication sources are processed and clients get the right.
For authentication and confidentiality they have discussed C. Trust
work proposed by various researchers. One of the proposed Trust concept is related to security and access control. The
method is custom encapsulation mechanism which includes researchers have described how devices are heterogeneous,
encryption, signature and authentication. The two way different users share friendship and belong to different
security authentication scheme is also very popular. It uses community so malicious attacks are common. Self-promoting,
Datagram Transport Layer Security (DTLS) protocol which is good mouthing and bad mouthing are trust related attacks. The
present between transport and application layers. It uses RSA trust management protocol. It is distributed, encounter-based
which is designed for IPv6 low power wireless personal area and activity based.it means that when two devices
network (6loWPAN). It provides integrity, confidentiality and communicate with each other they perform trust based
authenticity with affordable energy, end-to-end latency and evaluation with each other. The evaluation parameters are
memory overhead. The key management system has four honesty, cooperativeness and community interest. The
major categories key pool framework, mathematical reputation based trust mechanism for the IoT nodes to prevent
framework, negotiation framework and public key framework. malicious node and ensure communication for the trusted
Some of the KMS protocols are not suitable for IOT ,for nodes only. They proposed a subjective model for P2P
example key pool framework has connectivity issue, devices, in this model each node computes the trustworthiness
mathematical evaluation needs optimization to construct data of the neighbor node and ensures communication with only

235 | P a g e
www.ijacsa.thesai.org
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 9, No. 8, 2018

trustworthy node. The secure ad-hoc networks it provides peer

to peer communication and communities to surf web. It
involves following parameters to analyze; physical proximity,
fulfillment, consistency of answers, hierarchy on trusted
chains, similar properties, common goals, availability and
interactions. The phenomenon of fuzzy approach to trust
based access control (FBTAC). Trust scores are calculated by
factors like experience, knowledge and recommendations. It
consists of three layers device, request and access. Device
layer consists of all devices, request layer consists of all the
recommendations and fuzzy results and access layer involves
decision making. This fuzzy approach provides flexibility and
scalability. It is easier in utility based decision making. Fuzzy
approach based upon three layers; sensor, core and application
layers. Sensor layer consist of physical devices like sensors Fig. 7. Layered Architecture of IoT.
and RFID, the core layer consist of access network and
internet. Application layer consists of distributed networks D. Mobile Security in IOT
(e.g. P2P, grid, cloud computing). Evaluation of trust Mobile nodes move from one cluster to another so rapid
management by fuzzy set theory and semantic based language identification, authentication and privacy protection is
on layered approach and layer attributes are history, risk and required. The ad-hoc network protocol when nodes move from
efficiency. In this model user can access to the IOT devices one cluster to other. It uses request messages and answer
only if the security credentials are satisfied. A trust model by message for identification, authentication and privacy
utilizing the location, identity and authentication history. protection. This process has less overhead, more security and
There are three trust regions based on trust levels: protection. HIMALIS (Heterogeneity Inclusion and Mobility
i. High trust level Adaptation through Locator ID separator).it proposes secure
ii. Medium trust level and scalable mobility management. It provides secure inter
domain authentication, secure location update and binding
iii. Low trust level
transfer for mobility process. RFID system based upon
In high region of trust no authentication is required only Electronic Product Code (EPC). It explains the mobile threats
VID is used. In medium region users offer their PIN to login, of RFID nodes. It guarantees security and efficiency. The
in low region of trust different authentications are required security of tag and readers are also very important aspects. It
like face identification, fingerprints and iris scan. The also explains tag corruption, reader corruption, multiple
trustworthiness of nodes by their past behavior. It involves readers and mutual key exchange protocol. The location
following steps; security issues in mobile nodes. It pays attention to special
location issues in android, iPhone and windows network
i. Gathering of information about the trustworthiness of platform. the secure handshake between mobile nodes in
neighboring nodes. intelligent system is also a prime concern. Mobile node
ii. Set up collaborative service with neighboring nodes. verifies the legitimate sensor node over an insecure channel
iii. Learn about the previous operation and update. via negotiation of handshake protocol. The mobile solution for
iv. Assign a quality recommendation score to each node. healthcare services. It provides security and privacy
mechanism for the security of the patients. The RFID tag
Attack resistant model is proposed by researchers for identification and IOT infrastructure is combined. Efficient
distributed approach. It provides trust in self-organized nodes and secure mobile intrusion detection system for business
and attack resistance in distributed nodes. The WSN nodes applications using human centric computing is in placee. The
and provides identity based network to the devices. It prevents mobile information collection through IOT gateway via smart
attacks from the malicious nodes. The identity management devices. Quantum Lifecycle Management System messaging
systems for nodes which move from host to host so they need standard to provide two way communications between
location and identification to separate from host addressing. firewalls is also very interesting idea for security. Mobile
Following techniques have been used, to achieve trust, so for Sensor Data Processing Engine (MOSDEN) is another
social networking, fuzzy approach, identity based networking technique. It collects and processes sensor data without
and cooperative approach. Following issues are still open in programming efforts .it uses plug-in based IOT platforms for
Trust management. mobile devices. Other techniques are discussed by different
i. Introduction of semantic based language for the researchers like video dissemination for IOT devices,
negotiation of trust. interaction of smart things via Bluetooth and use NFC via
mobile devices via Web of Things.
ii. Proper identity management system.
iii. Development of trust management system for data 1) Proposed Solutions: As there is no complete solution
stream control. related to internet security, same is the case with IoT up till
now there is no single major solution regarding security and
privacy of IoT devices, infect IoT devices are more prone to

236 | P a g e
www.ijacsa.thesai.org
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 9, No. 8, 2018

hackers and attackers due to the fact that IoT communication develop technique to convert this data into information.
is primarily a sensor based communication which further Data mining techniques are used to extract knowledge
make it more independent when devices start communicating from sensors data. Another main challenge while
to other devices without waiting for permission from human extracting knowledge is making decisions while
minimizing the false positive and false negative and
or without interference of human. Another thing make them
guarantee safety.
more prone to attacks because most of the these devices are
standalone and if their firmware is not updated at regular  Robustness: In IoT applications sensing, actuations
intervals it will increase chances of attacks so to avoid this and communication is needed. Each node must be
there should be regular firmware updates on all these aware of other node’s location and synchronized clock.
standalone devices as suggested by manufacturers. Apart from Clock drifts because nodes to have different times
resulting in application failure. So for the collections of
all above suggestion the most reliable approach for IoT
solutions to create robust systems.
security which is suggested by most of the researchers is to
divide security into different levels and it will help to stop  Openness: It means that system is continuously
attackers directly accessing devices most commonly known changing and devices have to communicate with each
technique is called the layered approach, Fig. 7 is showing a other in this system efficiently. Many sensors and
layered model suggested to avoid direct security attacks on actuators use control and feedback mechanism via
IoT devices. controllers.

To elaborate the notion of smart world and its smart  Security: The fundamental problem in IoT is
components there are many research communities focused on protection from security attacks. Security attacks create
IoT, mobile computing, wireless sensor networks and cyber- problem due to limited capacity of devices. There must
physical system. Research in these areas relies on machine preemptive security measures to protect from these
learning, real-time computing, security, privacy and signal attacks.
processing. Fig. 8 is showing authentication procedure through  Privacy: To solve the privacy problems of IoT the
Sequence diagram for QR Based authentication. Our living style privacy policies of the each system must be specified
and working habits will be changed significantly with the and enforced accordingly.
inclusion of these new technological trends. IoT in many
different angles cover including architecture, massive scaling,  Humans in the Loop: Many IoT applications involve
dealing with big data, focusing on security, privacy. humans in the process. Although humans in the loop
have many advantages but modeling human behavior is
difficult due to physiological, psychological and
behavioral aspects
E. Proposed Layered Security Approach
Fig. 9 shows proposed block diagram for data collection
and its security during transmission of IoT data.

Fig. 8. Sequence Diagram for QR based Authentication.

 Massive Scaling: there is a prediction for trillions of

devices on the Internet which is going to be a big
challenge to deal with security and privacy aspects on
such a large scale.
 Architecture and Dependences: connectivity such a
massive scale devices on internet require a well-
defined architecture that allows communication,
control, and useable apps.
 Creating Knowledge and Big Data: IoT require huge
amount of raw data to be collected so there is need to Fig. 9. Proposed Sensors Network Model.

237 | P a g e
www.ijacsa.thesai.org
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 9, No. 8, 2018

Which will be taking sensors for temperature, atmospheric [6] Giffinger, R., Fertner, C., Kramar, H., Kalasek, R., PichlerMilanoviü,
pressure ,humidity, CO2 detector, Smoke detector, CO N., & Meijers, E. (2007). Smart Cities: Ranking of European Medium-
Sized Cities. Vienna, Austria: Centre of Regional Science (SRF), Vienna
detectors, these sensors will be transmitting data to any of the University of Technology. Available at
near available access points which will be transmitted that http://www.smartcities.eu/download/smart_cities_final_report.pdf.
data to remote laptop/desktop or on mobile phone. This data [7] Giffinger, R., & Gudrun, H. (2010). Smart cities ranking: An effective
will be will further stored in knowledgebase as record for instrument for the positioning of cities? ACE: Architecture, City and
future references and decision making and this analyzed data Environment, 4(12), 7-25. Available at
will be used for decision making to enable actuators which http://upcommons.upc.edu/revistes/bitstream/2099/8550/7/A
CE_12_SA_10.pdf.
will be further sending updated data to remote computers.
[8] Smart cities: ranking of European medium-sized cities. Centre of
Based on nature of communication devices the IoT provides Regional Science (SRF), Vienna University of Technology, Vienna,
more number of vulnerable points for security breaches to Austria, from http://www.smart-
occur, it is very critical to have multi-layers of security. This cities.eu/download/smart_cities_final_report.pdf
is because if one of the layers is breached then you must have [9] Shahbaz Pervez, Faheem Babar, Gasim Alandjani, “An Efficient Cloud
other mechanisms to fall back on. Model with integrated Services by addressing Major Security
Challenges., Journal of World Scientific Engineering Assembly and
V. DISCUSSION AND FUTURE WORK Society Transactions on Computers Print ISSN: 1109-2750, E-ISSN:
2224-2872.
This paper discusses different security issues which [10] Leydesdorff, L., & Deakin, M. (2011). The triple-helix model of smart
residents of smart cities are facing and it also provide solution cities: a neo-evolutionary perspective. Journal of Urban Technology,
for all these challenges. Future work related to these security 18(2), 53–63.
issues can be done by registering all the end-user devices in a [11] Paskaleva, K. A. (2009). Enabling the smart city: the progress of city e-
central data base and all the data stored should be in encrypted governance in Europe. International Journal of Innovation and Regional
Development, 1(4), 405–422.
form which at one end can increase retrieval time but at the
other end it will make sure security of data for all the users [12] Al-Hader, M., & Rodzi, A. (2009). The smart city infrastructure
development and monitoring. Theoretical & Empirical Researches in
who will be using different services provided by smart city Urban Management, 2, 11.
administration. [13] Zygiaris, S. (2013). Smart city reference model: assisting planners to
conceptualize the building of smart city innovation ecosystems. Journal
ACKNOWLEDGMENT of the Knowledge Economy, 4(2), 217–231.
I really appreciate cooperation from management of Royal [14] Industry 4.0: the fourth industrial revolution – guide to industry 4.0
Commission Yanbu and colleagues of University College for http://www.i-scoop.eu/industry-4-0/
facilitating me in setting up lab work. [15] Z. Khan, S. Kiani, K. Soomro, "A Framework for Cloud-based
Context-Aware Information Services for Citizens in Smart Cities",
REFERENCES Journal of Cloud Computing: Advances, Systems and Applications, vol.
[1] Nasser H. Abosaq, Gasim Alandjani, Shahbaz Pervez. “IoT Services 3, No. 1, pp. 14, 2014.
Impact as a Driving Force on Future Technologies by Addressing [16] M Handte et. Al (2016), “An Internet-of-Things Enabled Connected
Missing Dots”. International Journal of Internet of Things and Web Navigation System for Urban Bus Riders”, IEEE Internet of Things
Services, 1, 31-37, April-2016. Journal, Volume 3, Issue 5.
[2] M. Jahn, Ferry Pramudianto, A.-A. Al-Akkad, “Hydra middleware for [17] Shahbaz Pervez, Nasser Abosaq, Gasim Alandjani, Adeel Akram,
developing pervasive systems: A case study in the e-health domain”, “Internet of Things (IoT) as beginning for Jail-Less Community in
January 2009. Smart Society”, “IEEE International Conference on Electrical,
[3] Vakali, A., Angelis, L., & Giatsoglou, M. (2013). Sensors talk and Electronics, Computers, Communication, Mechanical and Computing
humans sense towards a reciprocal collective awareness smart city 28-29 January 2018 at Tamil Nado India.
framework. IEEE International Conference on Communications
Workshops (ICC). AUTHOR’S PROFILE
[4] Kourtit, K. et al. (2013). 11 An advanced triple helix network Gasim Alandjani received his PhD Computer Engineering
framework for smart cities performance. Smart Cities: Governing, degree from New Mexico State University (USA), He has
Modelling and Analysing the Transition 196. 27 years’ experience of teaching and research including
[5] Pardo, T., Taewoo, N. (2011). Conceptualizing smart city with management experience as Dean, Makkah College of
dimensions of technology, people, and institutions. Proceedings of the Technology-2003-2009, Deputy Managing Director of Yanbu Industrial
12th Annual International Conference on Digital Government Research College 2010-2012, managing Director of Yanbu Industrial College 2012-
(pp. 282–291). ACM, New York. 2013. Currently, he is working as senior faculty Member in ICT Department
at Yanbu University College Royal Commission Yanbu, Kingdom of Saudi
Arabia.

238 | P a g e
www.ijacsa.thesai.org
View publication stats