Challenges in Internet of Things (IoT) Security Regarding Data Transmission and Networking

Challenges in Internet of Things (IoT) Security Regarding Data Transmission and Networking

The Internet of Things (IoT) has become an integral part of our daily lives, with billions of devices collecting and sharing data. However, this pervasive nature of data collection creates significant privacy concerns and security risks.

One such risk is the persistence of information long after devices are retired. Decommissioned devices or cloud services may harbour data, creating exposure risks that linger even after the devices are no longer in use [Data persistence]. Companies discontinuing support for IoT product lines may also strand devices without security patches, creating persistent vulnerabilities [Abandoned devices].

Securely delivering and validating firmware updates to widely distributed, occasionally connected devices remains technically challenging. Protocol translation security gaps in IoT gateways can create vulnerabilities [Update delivery]. Establishing and maintaining identity across billions of devices presents unique challenges, including device identity, certificate management, and authentication method difficulties [Identity management].

Emerging strategies for securing low-power IoT devices in edge computing networks focus on balancing strong security with the constraints of limited memory, energy, and processing power inherent to these devices.

One approach is the use of Lightweight, Edge-Level Intrusion Detection Systems (IDS). These systems utilize optimized decision-tree-based algorithms at the edge to allow real-time threat detection with minimal delay and low resource consumption [1]. Lightweight communication protocols like MQTT with security features ensure secure data transfers between edge and cloud [2].

Hardware Root of Trust and Secure Boot are another key strategy. Anchoring trust at the hardware level ensures devices boot only verified firmware, defending against low-level attacks such as bootkits or firmware worms [4].

AI and Machine Learning at the edge enable adaptive, on-device threat analysis and fast mitigation, even offline from the cloud. This allows detection of polymorphic malware and zero-day exploits by learning small shifts in normal behaviour patterns [4][3].

Frequent Secure Updates and Network Segmentation are also crucial. Regular, automated, and secure firmware updates patch vulnerabilities before exploitation. Aggressive micro-segmentation of device networks limits the attack surface and contains potential breaches [4].

Processing data locally to reduce exposure is another strength of edge computing. Local data processing reduces attack vectors and bandwidth use, improving reliability and cost efficiency [1][3].

However, many IoT devices lack secure boot or code signing validation, allowing potentially malicious updates to be installed [Update verification]. Physical access to IoT devices can expose cryptographic keys, allow modifications, or enable side-channel attacks [Physical security].

IoT ecosystems require mechanisms for temporarily delegating device control to third parties without compromising overall system security [Delegated authorization]. IoT devices often have expected lifespans of 10-15 years but may receive security updates for only 2-3 years, creating growing populations of vulnerable devices [Legacy support].

The distributed nature of IoT deployments creates significant networking security challenges, including edge security, segmentation difficulties, visibility limitations, and scale management. The Ripple20 vulnerabilities affected hundreds of millions of IoT devices in 2020 due to inadequate security validation of network stack components [Networking security].

As of 2025, an estimated 30 billion IoT devices will be deployed worldwide. Proper deactivation of devices, including credential revocation and data wiping, is often overlooked in IoT deployments [Decommissioning]. Streamlined implementations of TLS designed specifically for constrained environments reduce overhead while maintaining security [Optimized TLS profiles]. Algorithms like CHACHA20-POLY1305 provide strong security with lower computational demands than traditional approaches like AES-GCM [Compact cryptography].

The IoT landscape employs numerous communication protocols with varying security profiles, including legacy protocols and wireless protocols like Bluetooth Low Energy, Zigbee, Z-Wave, and LoRaWAN. Advanced cryptographic techniques allow devices to prove properties about their state without revealing sensitive information [Zero-knowledge attestation].

Dynamic access controls create "invisible infrastructure" where devices only see network resources they're explicitly authorized to access [Software-defined perimeters]. Autonomous device interactions require authorization frameworks that can operate without human intervention while maintaining the principle of least privilege [Machine-to-machine authorization]. IoT systems require dynamic permissions based on time, location, operational status, and other contextual factors beyond traditional role-based controls [Contextual access control].

In conclusion, securing the IoT requires a multi-faceted approach that addresses the unique challenges posed by the distributed, resource-constrained nature of these devices. By focusing on lightweight, adaptive security techniques, hardware-based trust anchors, AI-driven local threat detection, efficient secure communication protocols, routine updates, and network-level defenses, we can secure these devices in distributed environments effectively.

1. The Internet of Things (IoT) has integration in our daily lives, yet privacy concerns and security risks persist due to data collection and the retention of information on decommissioned devices or cloud services.
2. Companies discontinuing support for IoT product lines may leave devices without security patches, creating persistent vulnerabilities, a risk known as abandoned devices.
3. Secure delivery and validation of firmware updates to widely distributed IoT devices remain technically challenging, while Identity management across billions of devices presents difficulties due to device identity, certificate management, and authentication methods.
4. Emerging strategies for securing low-power IoT devices in edge computing focus on balancing strong security with the devices' limited memory, energy, and processing power.
5. Lightweight Intrusion Detection Systems (IDS) and lightweight communication protocols like MQTT with security features help ensure secure data transfers between edge and cloud.
6. Hardware Root of Trust, Secure Boot, and AI/Machine Learning at the edge enable adaptive, on-device threat analysis and fast mitigation, even offline from the cloud.
7. Frequent Secure Updates, Network Segmentation, and local data processing are crucial to reduce exposure, limit attack surfaces, and improve reliability and cost efficiency.
8. IoT ecosystems require mechanisms for secure update verification, delegated authorization, optimized TLS profiles, compact cryptography, dynamic access controls, and contextual access control to maintain overall system security effectively.

Read also: