Security in product lifecycle of IoT devices: A survey

The Internet of Things (IoT) paradigm is considerably impacted by security challenges, which has lately demanded substantial consideration. Accordingly, certain reviews and surveys have been presented, focusing on disparate IoT-related domains, including IoT security, intrusion detection systems, and emerging technologies. However, in this article, we solely target IoT security with respect to product lifecycle stages. In that regard, we provide a comprehensive comparison of state-of-the-art surveys in an initial phase which concentrate on distinct parameters required for IoT security. Further, we present prominent solutions for addressing product lifecycle security in IoT. In this context, the contributions of this article are: (a) IoT product lifecycle security, (b) security taxonomy in IoT product lifecycle, (c) security solutions for each lifecycle phase in product lifecycle stages, and (d) open issues in these lifecycle stages that pose new research challenges. Consequently, the advancing research related to IoT security, especially with respect to product lifecycle, is explored through state-of-the-art developments in the domain of product lifecycle security.


Introduction
Internet of Things (IoT) is a future Internet's vision consisting of heterogeneous objects such as transportation systems, home appliances, factory machines, smart personal devices, or any intelligent products employed in our day-to-day life on various applications and divergent situations.Recently, researchers realized that to design an ideal IoT, all devices should be inter-connected and in the same vein, sensed data collected into vertical silos should be replaced with communication among vertically-oriented closed systems (Kubler et al., 2015a).Similarly, to make an IoT system ideally secure, vendor-specific security methods (blue arrows in Fig. 1) should be replaced with globally regulated security models used in all platforms (black arrows).For instance, it is more efficient to have a concrete identification system over all the silos rather than having a vendor-specific (e.g., Apple-specific) identification method.
With the development of IoT and the market pressure pushing device manufacturers to launch increasingly smart devices, we see intensify connectivity amongst smart devices.125 billion devices are forecasted to be connected by 2030 (Howell, 2030).However, many of these devices are deployed without considering the security (Ye et al., 2017); hence, such connectivity causes an entirely new range of security risks.As recently experienced, security and vulnerability of Fig. 2. The product lifecycle seen from an Internet of Things point of view.Information about the "thing" is used and produced during all phases of its lifecycle (Främling and Holmström, 2006).
IoT devices, represent major challenges.Threatpost (O'Donnell, 1441) estimated that over 2 million smart devices are open to hijack without any security solution.Many cyberattacks, like the Mirai Malware and the ransomware, infect a network of smart devices such as home appliances, security cameras, baby monitors, air conditioning/heating controls, and televisions.The subject related to security in IoT has thus far been overlooked by both industry and academia, to be dealt with the later stages of implementation and deployment.
In many projects, security tends to be the systematic consideration that is managed last.The reason for this could be that implementing security mechanisms even with standard technologies requires e.g.certificates, keys, access rights, and firewalls, which may demand much manual work and the involvement of diverse human operators.Many organizations lack any personnel who would know how to e.g.set up secure servers or, manage certificates.In order to also allow such organizations to provide and use lifecycle-related services, it is important to adjust the level of security according to the requirements of the service, rather than always imposing the highest possible level of security.Furthermore, the need to query and update product information during its lifetime as illustrated in Fig. 2 is not limited to organizations only.At least when the users are individuals, extensive security requirements could discourage the use of multiple services.At the same time, privacy issues become even more relevant.
In addition, IoT faces various passive and active malicious attacks compromising the security and privacy of IoT devices that may easily hinder their functionality in any lifecycle phases and nullify the benefits provided by their services.Several recent works have been accomplished to counteract attacks and security issues in order to secure the IoT devices and to find an improved approach to eliminate the risks, or minimize their influence on the security and privacy of user requirements (Yang et al., 2017).Despite a vast number of studies of such security challenges in IoT, there is scant systematic literature of the IoT security challenges, covering security solutions on the entire lifecycle.A secure lifecycle ensures that acceptable levels of security are in place from the device manufacturing phase all the way to the disposal of the device.On the other hand, Product Lifecycle (PLC) is so frequently applied in various areas and diverse industrial products so that all product features should be monitored in full over the lifecycle.IoT devices are one of significant upcoming industrial products which contains confidential data from people all over the world.Besides, the most important feature which should be monitored constantly on IoT systems is the security.Security concerns feature in all the phases of IoT devices from manufacturing to decommissioning.Thus, it is essential to investigate security challenges of IoT devices in all stages and phases of the lifecycle.

Contributions
• Initially, a comprehensive comparison has been performed to investigate discrete IoT security surveys in literature to establish the importance of the topic of lifecycle.
• The state-of-the-art security solutions are categorized based on the product lifecycle stages of Begining of Life (BoL), Middle of Life (MoL), and End of Life (EoL).
• A comparative study is conducted for the existing security solutions based upon their distinctive properties.
• Some open issues encountered while reinforcing security in each of the lifecycle stages are discussed.
The current article aims to bridge the gap in earlier study by performing a comprehensive analysis of IoT security issues and their solutions in the entire life of a device.

Article roadmap
This survey article comprehensively discusses the different security solutions available currently from th IoT product lifecycle perspective.The existing security solutions are classified according to security issues in each of the lifecycle phases in lifecycle stages of BoL, MoL, and EoL.The state-of-the-art security solutions are compared based on various security parameters and finally the article discusses the open issues related to disparate security challenges.Fig. 3 shows the article roadmap.

Article organization
The complete paper is organized as follows.First, the methodology adopted for conducting this survey is reviewed in Section 2. Section 3 presents a detailed study of existing literature over the present security surveys.Then, product lifecycle and its relationship with IoT, specifically the security of IoT is discussed in Section 4. Against such a relationship, a taxonomy of security issues and requirements are demonstrated which are categorized based on device lifecycle in Section 5.According to the lifecycle stages BoL, MoL, and EoL in the proposed taxonomy, security solutions are discussed in Sections 6, 7, and 8, respectively.Section 9 discusses the relation between IoT and other technologies by discussing the cybersecurity solutions as well.Finally, after comparing all the solutions in Section 10 and addressing the open issues with the sketch of future work in Section 11, we conclude with our key findings in Section 12.

Review methodology
Review methodology was adopted to substantiate the research gap and to highlight the motivational factor for conducting the survey.Accordingly, the systematic process of the current article is shown in Fig. 4. The review process is divided into four steps including Review Planning, Literature Search, Conducting Review, and Compiling Findings, which are explained below.

Research objective
The purpose of this article is to comprehensively review literature related to security solutions for IoT devices based on their lifecycle phases.Based on this objective, several key scenarios have been identified which require holistic consideration of IoT security.

Research questions
To achieve our research objective, a set of research questions were formulated: These questions will be investigated using literature as a basis.A thorough literature review of the security of IoT device over lifecycle reveals no study describing security challenges in the IoT environment from the lifecycle point of view.In order to fill this gap, this paper presents a literature review of security challenges and solution particularly, and in comparison with the previous security surveys, of IoT in general.

Search criteria
The keywords IoT and security are present in each research paper's abstract, although the keywords have been selected based on the related sections including literature review, background, and taxonomy.
The present study conducted contains the literature review of the qualitative and quantitative research articles during the last 10 years, from 2009 to 2019 in English language.In this article, we have included research papers from peer reviewed journals, symposiums, conferences, technical reports, lecture notes, workshops and white papers from industry.

Exploring database
The review methodology selected for this article involves searching appropriate research articles from a collection of databases such as Google Scholar, Springer, ScienceDirect, IEEE eXplore, and ACM Digital Library.

Analyzing existing surveys
Security and privacy have constituted major concerns in IoT networks, therefore extensive research has been conducted in various security and privacy domains of IoT such as key management, authentication and access control, and compromise detection.IoT is a novel topic and to clearly understand the security challenges in such an area, we examine how other surveys review the security aspects of IoT devices.Given this concern, the search started from "IoT survey" and ended in "security survey in IoT".

Finding gaps
Analysis of prior works helped us establish the research gap.None of the previous surveys consider the security of IoT devices based on their lifecycle, and they ignore the importance of security over the entire lifecycle.To fill this gap, we set out to analyze earlier solutions to build a new taxonomy of IoT security.

Conducting Review 2.3.1. Creating taxonomy
Before creating the taxonomy, it is of utmost importance to meticulously examine the appropriate phases over each lifecycle stage.On the other hand, all security challenges related to IoT devices should be identified.Once the security challenges are recognized, they can be grouped based on the device lifecycle.Such categorization leads to a proper taxonomy.

Finding solutions
Based on the defined taxonomy, the existing security solutions for each security challenge are extracted from the database.

Temporal study of the references in the article
A temporal study of the referenced articles has been performed in this section.It is crucial to evaluate the sequence of events associated with the advancement of IoT security in product lifecycle stages and the related concerns in attaining higher levels of security.Fig. 5 elaborates the publishing trend of the references investigated in the area of IoT security over the past decade from 2009 to 2019.The publishing trend indicates that the research on IoT security has been advancing rapidly over the last few years.Fig. 6 illustrates the related papers' count, demonstrating the solutions proposed in the literature for the corresponding security phase in each lifecycle stage.The evolution of the security problems in the past decade is being depicted in Fig. 7.It demonstrates which security challenges have been more prominently  targeted by researchers each year, portraying the evolution of the security challenges in the product lifecycle stages in a chronological order.

Comparative analysis
A comparative analysis is described in Section 10 to characterize security challenges and their solutions based on lifecycle of IoT devices.

Related research
When reviewing the literature, IoT-related security survey articles can be categorized into two groups: IoT general purpose surveys and IoT security surveys.They are described in detail below.

IoT surveys
There are several surveys in the area of IoT representing IoT vision (Gubbi et al., 2013;Miorandi et al., 2012;Atzori et al., 2010), architecture (Al-Fuqaha et al., 2015), elements (Gubbi et al., 2013;Al-Fuqaha et al., 2015), applications (Miorandi et al., 2012;Atzori et al., 2010), common standards (Al-Fuqaha et al., 2015), and challenges faced particularly in industry (Xu et al., 2014a).Some of them analyze all of these features for one kind of objects, such as Internet of underwater things (Domingo, 2012).Other surveys focus on protocols belonging to a specific architectural layer, e.g., application layer (Karagiannis et al., 2015).Most of the IoT generic surveys state security issues as a key set of research channel since they play a fundamental role as enablers of IoT applications (Miorandi et al., 2012).IoT surveys which specifically review security aspects in the IoT environment will be demonstrated in the following section.

IoT security surveys
To gain a comprehensive picture of what currently considered an IoT security survey, we conducted a comprehensive search through the ACM and IEEE literature databases for a security concept in the realm of IoT and collected all existing survey papers about the security in IoT and checked whether such taxonomy (device or product lifecycle) has already been proposed or not.According to our research, none of the previous surveys use lifecycle as taxonomy while most of them adopt IoT architecture layers for categorizing the existing security solutions.In addition, by means of these surveys, we can review the vision of IoT security (or security aspects in IoT) including security attacks, security architecture, security requirements, security issues or challenges, security technologies, and security solutions.
Based on the current literature, security aspects in IoT can be classified as security architecture, security model of a node, security bootstrapping, network security, and application security (Heer et al., 2011).If security and privacy were regarded as two separate aspects, security concerns can be classified to three categories including backend of systems, network, and front-end equipment, whereas privacy concerns should be considered in the device, during communication, in storage, and at the processing stage (Kumar and Patel, 2014).In addition, security concerns can be listed according to security architecture, for example, lightweight encryption and key agreement in the perceptual layer, identification and encryption in the network layer, secure cloud computing and anti-virus in the support layer, authentication and privacy in the application layer are security requirements in each layer (Suo et al., 2012).
Security challenges or issues in IoT can be divided into Identity and Authentication, Access Control, Protocol and Network security, Privacy, Trust, and Fault tolerance (Roman et al., 2013).Other security challenges can be Enforcement, Secure Middleware, Mobile Security (Sicari et al., 2015), Key Management, Security law and Regulations, and Security Requirements (Suo et al., 2012).Some researchers shorten the list and consider only user Privacy, Authentication, Authorization, and Trust Management as possible security challenges in IoT (Abomhara and Køien, 2014).Moreover, such challenges can be analyzed in each Fig. 7. Evolution of security challenges in product lifecycle: chronological order.architectural layer of IoT systems including Perception, Network, and Application (Yang et al., 2017;Gou et al., 2013).Security requirements as important security challenges are listed as Availability (avoiding DoS), Failure Prevention (preserving integrity), and Confidentiality over code, data, and System Configuration (Sadeghi et al., 2015) along with other requirements such as Authentication, Confidentiality, and Access Control (Sicari et al., 2015).On the other hand, Babar et al. (2010) consider security requirements as Resilience to attacks, Data Authentication, Access Control, Privacy, and so on.Weber (2010) also represents security and privacy requirements in IoT based on security legislation in IoT.
Once we know the requirements and challenges toward IoT security, the next step is to find the security solutions.The security solutions can be divided into IP-based security solutions and Wireless Sensor Network (WSN) security (Heer et al., 2011) or they can be presented on each layer of the IoT architecture whether through a 4-layer architecture including Perception (or physical), Network, Middleware, Application layers (Farooq et al., 2015;Granjal et al., 2015) or through 3layer architecture including Perception, Network, and Application layer (Zhao and Ge, 2013).Generally, most of the existing security technologies such as encryption, communication security, protecting sensor data, and cryptography algorithm can be employed in IoT environments (Suo et al., 2012).
Apart from common security taxonomies, some surveys analyze the security of existing IoT-specific frameworks and middleware.For instance, Ammar et al. (2018) compare the security of the eight main IoT frameworks (set of guiding rules, protocols, and standards) including AWS IoT, ARM mbed IoT, Azure IoT Suite, Brillo/Weave, Calvin, HomeKit, Kura, and SmartThings.Their comparison shows that these frameworks use the same standards for securing communications while different methodologies for other security properties (e.g., authentication and authorization).Additionally, Fremantle and Scott (2017) provide a literature review based on a matrix of security and privacy threats for IoT and review the available middleware such as FIWARE, Device Cloud, DREMS, and OpenIoT and how security is handled in these middleware approaches utilizing various security requirements.

Comparison of existing security surveys
The comparison of the current security surveys is demonstrated in Table 1.Approximately 40 conference papers and journal articles examine the security problems and solutions for the IoT environment; however we explore only 27 of them which were published in journals.Amongst the security challenges which were raised in the previous subsection, the most common and important challenges are stated in the table, along with the methodology which the authors adopted to categorize such challenges and their solutions.According to the Methodology column, the current literature explores security challenges and countermeasures from the layer-level perspective or other context so that first, the survey paper introduces an architecture or a baseline, then analyzes the security issues such as attacks/threats and/or requirements/measures based on the architecture layers (Alaba et al., 2017).However, we introduce new categories based on lifecycle which includes all possible security issues in all phases and stages of an IoT device.
Moreover, as seen in the table, none of the survey articles could cover all the security challenges, neither the security issue nor the solution.Further, such articles only define the security requirements as mentioned in the table and rarely present solutions for such requirements.In contrast, in the current review, we contribute to all of the essential security requirements by considering the solutions on the beginning and middle of life.As the last comparison criterion, we investigate whether any article applies PLC in their taxonomy or not.There are only two papers on this domain.Nguyen et al. (Nguyen et al., 2015) observe one specific security issue (key bootstrapping) in the bootstrapping phase of lifecycle.Heer et al. (Heer et al., 2011) also list a num-ber of security requirements during the bootstrapping and operational phases.As a comprehensive analysis, we introduce a new taxonomy where security challenges and their solutions are described throughout the entire lifecycle of devices, consisting of the beginning, middle, and end of life.

IoT product lifecycle security
Based on the definition presented by (Rink and Swan, 1979), Product LifeCycle (PLC) represents the product's unit sales curve, extending from its first placement in the market to its removal.In other words, PLC is a sequence of stages for a new product, progressing from introduction to growth, maturity, and decline (The product life cycle.Q).Introduction is the gradual sales hike which accompanies a new product introduction in the market; growth is considered the accelerated sales hike which leads to product acceptance in the market; maturity is the crest of sales growth with the product acceptance by potential buyers; and decline is expected as the sales decline resulting in product replacement or discontinuation (Jeong, 2010).Depending on the use case, these stages might have less or more importance.For example, in the lifecycle of wind turbines, among these stages, the introduction (or production) and decline (or disposal) are the most important phases (Weinzettel et al., 2009).Additionally, lifecycle processes contradict the targeted products, hence they can be categorized into three stages as Beginning of Life (BoL), Middle of Life (MoL), and End of Life (EoL) (Lehmhus et al., 2015) (Fig. 8).BoL is where everything related to product development is concentrated, including design, testing, and production.Once the device is produced, a longer stage, MoL, materializes to encompass the majority of marketing and sales endeavors, usage, and services.When the product is discontinued, the last stage will be commenced.Depending on the type of product and its possible problems, EOL might be scheduled to recycle, refurbish, or dispose of the product.
Lifecycle-based approaches are necessary to use for evaluation of several industrial systems (e.g., renewable energy systems (Weinzettel et al., 2009)).For instance, in order to evaluate the environmental impact related to a product from material extraction and manufacturing to the disposal, LifeCycle Assessment (LCA) was developed (Weinzettel et al., 2009).LCA identifies the most adequate strategies to improve and avert shifting of burden among various environmental impacts which occur throughout the complete value chain (Hellweg and. i Canals, 2014).Tao et al. (2014a) design one kind of an LCA system based on IoT technologies.

Product lifecycle in IoT (lifecycle and IoT)
Identically with industrial systems, IoT systems also require analysis through their lifecycles.There are different categories for device lifecycle in IoT.Heer et al. (2011) divide the lifecycle of an IoT device into three stages: Bootstrapping, Operational, and Maintenance and Rebootstrapping.As seen in Fig. 9, the last two stages will be repeated as time passes by.Cai et al. (2014) propose a framework for Product Lifecycle Management (PLM) which covers all requirements given from IoT object identification, abstracting, disposing, and invoking purposes.This framework consists of three dimensions: lifecycle (design, produce, assemble, utility, maintain, and recycle), product structure (product, components, and parts), and information dimension (real objects and data sources).Furthermore, Tao et al. (2016) define PLC as three steps: design, production (comprising manufacturing and assemble), and service (comprising utility, maintenance, and recycling).IoT services which contain service producer and consumer transaction can also be classified based on their lifecycle as deployable, deployed, and operational (Thoma et al., 2012).IoT technology has sparked a multitude of applications in many domains, including manufacturing industry, healthcare, medical, communication, automotive, and aerospace (Tao et al., 2014b).In manufacturing industry, during the PLC, sev-   (Lehmhus et al., 2015).
eral applications were presented for IoT.For instance, Yan and Huang (2008) employ an integration of IoT and RFID for the monitoring of anti-counterfeiting for supply chain products.From 2003, IoT was applied as a fundamental information system which can be used to access product information on Internet (Kärkkäinen et al., 2003).This IoT property can have applications for the entire PLC from BoL including the design phase, production phase, and supply chain tracing and tracking, through MoL, which includes operation and maintenance, all the way to EoL which includes how to recycle and dispose the product (Kiritsis et al., 2003).For this purpose, IoT architectures should be adequately adjustable to be employed in any stage or application of PLC.Therefore, an IoT messaging standard, called the O-MI (Open Messaging Interface) messaging standard, previously known as PLM and QLM (Quantum Lifecycle Management) was presented to fulfill the requirements needed to be satisfied by IoT in any closed-loop PLM (Främling and Maharjan, 2013;Främling et al., 2014).Sodhro et al. (2018) review recent works on combining PLM and IoT.They also propose an integration of IoT and PLM to solve the problems with information sharing and collaboration between several communicating parties.

PLC and security
Although most IoT solutions concentrate on real-time information, product lifecycle information requires more attention to keep track of the product during its entire lifecycle (from designing, manufacturing, distributing, operating, maintaining, and recycling) (Kubler et al., 2015a).From the IoT perspective, the device (or product) and its personal data all along the device lifecycle should be secured with upmost attention while coping with the device constraints.Through IoT, attacks can mostly be instigated from smart devices rather than computers and common sources (Yang et al., 2017).Hence, these devices are available everywhere, including all essential information stemming from various resources to perform the attacks.It means enough resources for performing DDoS attacks.These devices also collect personal information (e.g., user names, addresses, and their activities), which introduces privacy concerns for consumers.All in all, in IoT environments attacks or security challenges can derive from any unpredictable resources and all the devices are assumed as potential security risks, requiring security measures.
For investigating the possible attacks in manufacturing systems, Chhetri et al. (2018) analyze various security challenges and propose solutions associated with stages of PLC, considering three security fundamentals including confidentiality, integrity, and availability.However, by turning the environment from a manufacturing system into an IoT system, products will face less security support.For instance, IoT-based consumer products lack support in case of security and privacy violations from five different angles: borrow, rent, gift, resale, and retire.Kan et al. (Khan et al., 2018a) explore these consumer acts at different stages of IoT product lifecycle.

Security taxonomy in IoT device lifecycle
In Section 4, we observed how IoT is used to manage industrial PLC.IoT devices are considered industrial products which can be deployed for industrial or business purposes.Therefore, as with any industrial product, the lifecycle of IoT devices could also be divided into three general stages: BoL, MoL, and EoL.Each of these stages can be categorized into subcategories.During BoL, the device is manufactured then installed in the smart environment.Next, in MoL, while the device is communicating with other devices, it should be monitored in order to diagnose the possible faults, and according to the monitoring observation to update or reconfigure the device.Finally, in EoL, the device owner will be modified or at the last phase, the device is required to be withdrawn from its service.
IoT may confront more attacks and threats in the near future and right now it is important to know which security challenges we should be concern about in each stage.We can stop the challenges in later stages by designing and developing a secure system at the first stage.For example, in real-life scenarios, Secure by Design is a new practice by governments toward a safe and comprehensive IoT ecosystem for consumers.Given this concern, UK government introduces new IoT security laws for manufacturers of connected devices (Plans announced to introd).Furthermore, regular monitoring during the device running as well as device recycling also ensure that the devices still follow their security criteria which were designed.Security issues specified for each of these stages and their subcategories (i.e., phases) are shown in Fig. 10.
First of all, the device is manufactured at the factory where the original manufacturer settings are installed.Security should be conducted from onset in the device itself to present a reliable and attack-resistant infrastructure for a dynamic environment.One of the security challenges that can occur from beginning as manufacturer setting is certificate installation, in which the device certificate creates an identity for each device to be applied later during authentication and private communication between devices.Another security challenge in this phase is Physical security, also known as hardware security, securing the silicon elements of a device which might be physically accessed.A large number of physical devices are being deployed throughout IoT environments where the security-related information, for instance, removable storage media, accessing software through USBs and easily dissembling devices are believed as vital threats to security (Bertino and Islam, 2017).Once the device is manufactured, it can be deployed in the target environment where device certificates could also be installed, instead of the previous phase.Setting up and configuring the device is considered a primary process to the vendor for evaluating the security flaws, as several insecurities exist during device configuration (Alrawi et al., 2019).IoT device configuration insecurities can be exploited, for example for gaining access to end-user privilege and spying (Barnes).
To securely build an IoT ecosystem, while on-boarding the IoT devices, a strong and unique identity within each device should be established; the process known as identification.During the deployment, devices pair the security keys with other previously deployed devices, establishing a trusted channel between users and their devices.Thus, one security challenge is pairing or key agreement between devices without any prior security association.Possible object weakness should be exploited, the activity known as vulnerability assessment.All necessary mitigation measures should be considered and implemented at the very beginning since any vulnerability compromises the entire system.Furthermore, before allowing the device to operate, strict security policies should be properly formulated and implemented to configure the device (Alrawi et al., 2019) and enforced throughout their lifecycle (Babar et al., 2011).The importance of these policies underline the significance of considering Security requirements including authentication, access control, confidentiality, integrity, and availability.Device authentication ensures that only authorized devices can connect to a given service and access control limits the device access to the resources.Data confidentiality protects data from being accessed by unauthorized parties.Integrity means that information is not altered, and the source of the information is original.Availability ensures that information is accessible by authorized users.
The device is manufactured and deployed in the environment then it is ready to be used.During the operation stage (i.e., MoL), the device Fig. 9. Lifecycle of a device in IoT (Heer et al., 2011).has to be monitored continuously so that the possible malicious activity can be diagnosed, patched in subsequent software (or firmware) updates or reconfigured through application.If the device is mobile, the security should also be provided in new clusters.During the phase of Monitoring & diagnosis, the main security challenge is in managing the equilibrium between trust in the provider of service and privacy of individuals, contemplating automated complex personal information exchange (Daubert et al., 2015).Since the data in IoT are shared between devices and users, the device privacy or user's personal information should be preserved.At the same time, to apply the shared data, devices require defined trust levels.Prior to managing trust and privacy, the IoT system requires connected devices to have unique identifiers during their operation (identification).The next security challenge in this phase is compromise detection, where an uncontrollable threat might be found which is often impossible to be identified in advance, in BoL.Security requirements are the next problem in the current phase.As mentioned above, they have to be enforced throughout the device lifecycle, particularly when they are running services while communicating with other devices and servers.Such requirements can be defined similarly to those explained in the deployment phase, except they are more significant during their operation in MoL.
Once a threat or malicious activity is diagnosed, managing the software or firmware updates for devices in IoT environment is equally fundamental.The session Key update also occurs When a device joins or leaves the system for assurance of backward and forward secrecy, specifically in group key agreement.Occasionally, applications should also be reconfigured to improve the flexibility in a dynamic environment; however, it will be challenging since IoT devices have constrained memory and cannot store every possible application.To emphasize device corporability, end devices' security amidst device and service provider, called end-to-end security, is one security challenge during the device operation.It assures both devices that communication is confidential and cannot be modified in the transit (Abomhara and Køien, 2014).Additionally, in this step, mobile security is a security issue for consideration since some IoT devices move among the clusters and handling the security aspects of the device in a new cluster is challenging for the device vendor.
Finally, the last stage is EoL (or repurposing), where devices come to the end of their life while being decommissioned or facing re-ownership.During the re-ownership phase, the device is sold to another person.As a result, all personal or secret information such should be erased or updated from it before handing over the device.One important secret information on all the devices to be updated is key or certificate.Dur-ing the decommissioned phase, the device is no longer operational and must be disposed of.During removal, it is important to have all secret information such as key and certificates revoked so that no information leaks from the system.EoL including Decommissioned and Reownership is the main contribution of the current paper as none of the surveys in our review examined it.When a device (e.g., smart car) holding private information of the current owner (e.g., location data, Garage door codes, Phone contacts, and address book) is sold to a new owner, it is essential to manage the security aspects.
Five out of eight key challenges in IoT product lifecycle are associated with security issues found in the taxonomy; Network security, Data confidentiality and encryption, Objects safety and security, Information Privacy, and Naming and Identity Management (Khan et al., 2012).Common security solutions are useable in the IoT environment to some extent, although these security solutions require consideration of the specific features of IoT systems.Fig. 11 illustrates the citations of the various security solutions adopted by the earlier researchers in a hierarchical manner to secure various security challenges in various product lifecycle stages.It provides an overview of the general findings of the paper.Table 2 displays the existing studies contributing to each security challenge according to the lifecycle stages of BoL, MoL, and EoL.A detailed description of such security solutions related to each of the categories will be reviewed in the following three sections according to their order at lifecycle.

Security solutions in beginning of life (BoL)
This section discusses the proposed security solutions in BoL and categorizes them based on various lifecycle phases of Manufactured and Deployment.

Manufactured
This lifecycle phase can involve two security challenges i.e., certificate installation and physical security.The following sections present the proposed solutions for each of these security challenges.

Certificate installation
Deploying certificates in network scenarios has benefits such as no need for extra hardware, no burden on end user, and featuring a simple lifecycle management.Considering these benefits, it can be used for several purposes including mutual authentication, easily deployed with optional automatic installs and renewals, and native compatibility with applications and networks.
The certificate might be installed in beginning of life during the manufactured phase or deployed phase.The IoT device can present manufacturer-installed device certificate as part of the initial authentication process (Pularikkal et al., 2018) or can employ implicit certificates for mutual authentication between end-users and sensors by requesting security-related information and certificates from the trusted authority (Porambage et al., 2014a).However, in the IoT environment, the connection to an online Certificate Authority (CA) is usually unavailable or unstable (Chien, 2018).Therefore, the role of CAs should be assigned to distributed nodes (Won et al., 2018).On the other hand, in the absence of standard protocols for installing and updating the certificates, it is troublesome for the owners of IoT devices to manipulate the certificates for their devices.Thus, device manufacturers often install certificates on the devices on behalf of the device owners.This also increases the leakage risk of privates keys from manufacturers (Won et al., 2018).For this reason, an extra validation center, called certified accreditation center, can verify the validity of the manufacturer and the device (García-Magariño et al., 2019).A summary of solutions for certificate installation in IoT is presented in Table 3.

Physical security
The distributed nature of IoT makes it attractive to a larger attack surface and physical access to the devices.The combination of these two factors makes physical security a viable and potent threat to IoT devices.However, we expect most security attacks to take place at the software level due to its popularity and coverage of a multitude of devices, but most unusual attack happen on physical signals (Xu et al., 2014b).Thus, security should be considered right from the beginning of device design for providing an adjustable base for dynamic detection and prevention, isolation, diagnosis, and remedies counter to strong breaches (Babar et al., 2011).
In general, physical attacks are concentrated on the physical components of the IoT system and the attacker need to be physically close or in the IoT system (Andrea et al., 2015).Some physical attacks pose severe security problems where hardware devices are tampered for example by extracting sensitive information using micro-probing.These attacks can also be triggered by reverse engineering, which has several steps including chip de-packaging, layout reconstruction, and chip modification using particle beam techniques (Babar et al., 2010).On the other hand, physical attacks can occur on the infrastructure of an IoT, e.g., changing the behavior or structure of IoT devices (Nawir et al., 2016).On such a category, an attacker can cause damage to sensor nodes physically or remotely (node tampering), can prevent communication by sending noise signals over the communication channel (RF interference on RFIDs and node jamming in WSN), can control the node or the entire system by means of physically deploying a new malicious node (malicious node injection) or physically injecting codes (malicious code injection), and finally can increase the power consumption by keeping the node awake (sleep deprivation) (Andrea et al., 2015).Fig. 12 shows these two categories and their subcategories for physical attacks.
Physical security is mostly targeted in Perception layers of the IoT architecture in which RFID and WSN are two important components.From the RFID perspective, SCA (Side Channel Attack) can pose a major problem while from the WSN perspective, node and antenna design are considered important (Zhao and Ge, 2013).To address physical security in IoT, Table 4 shows the summary of approaches.For instance, Babar et al. (2011) propose an embedded security framework in which physical security is provided by employing a Trusted Platform module to manage the vulnerabilities of the hardware devices at the physical level.As a hardware-based IoT security approach, Xu et al. (2014b) adopt Computer-aided design (CAD) techniques to address IoT security constraints alongside with energy problems.
In order to discover proper countermeasures to physical attacks, critical physical assets in an environment can be identified assessing the security risks of a smart environment.For instance, Ali and Awad (2018) apply the operationally critical threat, asset, and vulnerability evaluation (OCTAVE) methodology for identification of security risks in smart homes.During the system design and operation phases, a management procedure mixture (e.g. for tracking misplaced devices) and protocols (e.g., internal memory reset, renewal of keys) can be applied as a security framework to configure the devices through a secure channel (Pecorella et al., 2016).Another secure analytical framework for IoT was proposed based on stochastic geometric and queue theory to investigate the delay performance and security performance of IoT networks (Zhang et al., 2017a).
Combining the physical layer security with upper layer security mechanisms could enhance the information security in the multi-access mobile edge computing (MA-MEC) based IoT.Physical layer security approaches involve the secure wiretap coding, resource allocation, signal processing, and multi-node cooperation, along with the physical layer key generation and authentication (Zhang et al., 2017a).

Deployment
Since not all manufacturers are willing or capable to manage security critical tasks, it is not acceptable to expect manufacturers to provide

Table 2
Security issues in each phase of lifecycle.

Identification
The multitude of physical devices and users rely on trusted services to authenticate with each other, so it is crucial for IoT to have identity authentication (Abomhara and Køien, 2014).The analysis of the five applicable Service Oriented Architecture (SOA)-based identity management, i.e., Higgins, Shibboleth, Card-Space, Liberty Alliance and OpenId demonstrates that IoT requirements are fulfilled by any of them, hence requiring advanced IDM systems (Mahalle et al., 2010).Currently, identities are used as an entity for every end-user device, allowing them to identify themselves using their own identity (Roman et al., 2011a).To apply identification in the deployment stage of IoT devices, one possible solution is to improve the installed RFID tags.For this reason, chipless RFID tags were implemented, which can be programmed to a unique code by end-users (Attaran and Rashidzadeh, 2016).Chipless tags are resistant to a harsh environment and thus they can be employed in wearable electronics.To solve the problem of data encoding in tags with no IC, two encoding strategies, resonance-based coding and frequency-shift encoding, were presented by Corchia et al. (2019).In addition, Miettinen et al. (2017) propose an identification method for new devices joining the network (e.g., home network).In the home gateway, it checks the packets coming from the new device, creates a matrix for this device based on its behaviors (column = a packet, row = feature), and uses Random Forest to classify the device either as trusted or non-trusted.If it is untrusted, it can send the packet to internet but not to other trusted nodes inside the network.Device identification can also be verified by an IoT device image which is captured and received from a user device, showing some portion of the environment around the IoT device (Berelejis et al., 2017).A summary of the identification methods in the early stage is presented in Table 5.

Key pairing (key agreement)
Key pairing as initiation step of key management, establishes keys for other security solutions, such as secure communication, authentication, and access control (Miettinen et al., 2018).For this purpose, Roman et al. (2011b) analyze the role of current key management systems in IoT and conclude that they could be employed in Internetenabled sensor (IoT) networks.For this purpose, first they find security issues of a globally connected WSN including secure channels and key management.Then, they analyze the suitability of public key cryptography (PKC) and the protocols for pre-sharing keys for negotiation of session keys amidst the sensor device and other entities externally in the internet.Finally, they analyze other KMPs for WSN (e.g., mathematicalbased KMS) for checking the usage of KMS protocols in negotiation of session keys among the remote entities.
As part of key management, key pairing is a central agreement between personal devices without any prior security association.Table 6 summarizes the current approaches for key pairing.For example, Sciancalepore et al. (2015) adduced a protocol based on key management for IoT systems using Elliptic Curve Cryptography (ECC) providing security benefits such as protection against replay attacks, fast re-keying, lightweight node authentication and robust key negotiation.During pairing, the user is typically involved in verifying the key negotiation for example by comparing the authentication string.However, it is cumbersome and error-prone to involve the user.Thus, Miettinen et al. (2014a) present a secure zero-interaction pairing well suited for wearable and other IoT devices.In this scheme, the correct devices are identified based on sustained co-presence over time by computing a fingerprint of the ambient context.

Vulnerability management
A vulnerability refers to a known weakness in a device where an attacker circumvents the security controls by manipulating any physical device.A considerable number of IoT devices available publicly with consumers are at risk of vulnerability (Williams et al., 2017).Therefore, to ensure the continued security of systems, testing for vulnerabilities is critical for a quick response.Further, vulnerability management is employed by IoT device vendors to identify vulnerabilities within their system and mitigate them prior to exploitation (Samtani et al., 2016).Vulnerability management in IoT firmware is classified into four types: static analysis, symbolic execution, fuzzing on emulators and comprehensive testing (Xie et al., 2017).
Vulnerabilities might be different, depending on the target environment.For instance, in smart homes, exploited vulnerabilities are more likely to stem from lacking security updates, insecure web application and services authentication, insecure services exposed to the internet, and insecure network communications (Costa et al., 2019).Once vulnerabilities and attack techniques are identified by some tools such as IoTVerif (Alghamdi et al., 2018), some mitigation should be proposed.Alrawi et al. (2019) present some mitigation to address vulnerabilities during device deployment in smart homes, relying on analysis of components such as mobile application, service communication channels and end-points.A summary of vulnerability identification and assessment techniques is displayed in Table 7.

Security requirements
Security requirements are measures that are employed to protect the device and device communications.The primary security goals including integrity, availability and confidentiality, are used to derive these security requirements as listed in the following sections.
Authentication: A key contributor to several documented attacks can be weak or IoT services may lack authentication (Alrawi et al., 2019).In order for the attackers to prevent insertion of a malicious activity to    the network, there is need for device identity authentication.Further, the service provider must be convinced by the devices for the storage of their information (Horrow and Sardana, 2012).Current authentication mechanisms are accessible to malicious attacks and can distort the advancement due to heterogeneity in IoT devices, topology, and protocols (Shivraj et al., 2015).Such mechanisms are usually designed for special use cases and are difficult to apply on all IoT devices in general.Moreover, most of them facilitate authentication during one stage of IoT device lifecycle, or do not consider all stages at once.For this purpose, an authentication method is designed and developed in (Neto et al., 2016) to provide authentication to all stages in a device's lifecycle (See Table 8).
Access Control (AC): While IoT sensing devices, such as RFID devices perceive corresponding information in the IoT environment, security challenges such as unauthorized access of users, or stealing and modification of information by attackers through a counterfeit of legitimate reader, could be met (Li et al., 2011).Therefore, access of users and devices should be partially covered during the IoT device deployment, through access control mechanism.Access control technologies are well-known in preventing legitimate users to access unauthorized resources and in allowing legitimate users to access only authorized resources (Liu et al., 2012).Access control can also be employed to define a security model during design and implementation, similarly to the access control mechanism proposed in (Yousefnezhad et al., 2017) which is able to regulate the access rights for two IoT-specific messaging standards (i.e., O-MI and O-DF).
According to the most recent surveys on access control approaches in IoT, access control models can be categorized into three architectures: Centralized models eg.RBAC and OrBAC; Distributed models eg.O2O, ABAC, multi-OrBAC, PolyOrBAC, UCON and CAPBAC; Hybrid models eg.Smart-OrBAC (Bouanani et al., 2019).Among these models, RBAC and ABAC cannot be directly used in IoT due to their limitations (Hasiba et al., 2018).To adopt ABAC in IoT systems, Neto et al. (2016) combine ABAC with ABC so that the later cryptographically enforces the former (see Table 9).CAPBAC also has some limitation for IoT since it does not consider the access control decision-making process (Bouanani et al., 2019).A survey on various access control protocols and architectures (i.e., AllJoyn, LMW2M, UMA, ACE, OAuth 2.0, SAML, and XACML) and their applicability in IoT is presented in (Bertin et al., 2019).
Confidentiality: The most fundamental data issue in IoT security is data confidentiality.Data confidentiality ensures that the data should be accessed by authorized entities and prevented from being invaded by unauthorized entities (Lu and Xu, 2019).Confidentiality during deployment can be threatened by many attacks such as malicious data attacks, node capture attacks, timing attacks, and replay attacks similarly to the confidentiality of the perception layer (Lu and Xu, 2019).
To ensure confidentiality, cybersecurity mechanisms such as access control, authentication, and data hidden techniques can be employed (See Table 10).
Integrity: Compromises might not be attained from the malicious devices themselves but from their malicious input, e.g., data.Data might be tampered or altered during transmission and during storing on device, by human or by mis-configuration in a computing system.Thus, it is vital to guarantee that data are accurate, consistent and reliable over its lifecycle.This process defines the data integrity.The integrity generated by device, the software running on a device, and data stored in cloud all require to be verified by integrity identification    (Chamarajnagar and Ashok, 2019) and protected by the integrity protection framework (Zhang et al., 2017b).Table 11 shows more details about such frameworks.Availability: Security of connected systems in IoT is challenging not only because it requires protection against a large attack surface but only because it requires system availability and real time response to the presence of threats.One important aspect of availability is node availability, which is considered an essential index for measuring the node performance in wireless networks.The availability of nodes is defined as the probability that the node can work normally in the network or the probability of the available state when the network reaches a steady state.Such a node state analysis method attacked by malicious programs is analyzed in (Wu et al., 2019), as well as the effects of the degree of node on its availability based on the node heterogeneity.Another approach to measure the availability in industrial IoT systems is to apply inputs of end-to-end QoS analysis, as proposed in (Mustafa et al., 2019).According to the analysis, a remote IoT device inside a busy cloud region generates less availability as compared to an IoT device connected to a less busy cloud region.Table 12 represents a summary of these methods.
Non-repudiation: Non-repudiation relates to data ownership by ensuring that no-one can deny their authenticity.In other words, it is impossible for the sender to deny its sent data and for the receiver to deny its received data (Abbas et al., 2019).Hence, non-repudiation is an important security requirement which provides available evidence through TTP to prevent an entity from denying its action taken place via message exchange (Samaila et al., 2017).Lack of effective nonrepudiation triggers lack of guarantee for each parties and it also triggers some attacks such as Repudiation Attack, Masquerading.Non-repudiation of IoT devices, similarity to other security requirements, should be established from the beginning.Oriwoh et al. (2016) believe that these requirements should be realized at the design phase since any IoT device which can enable communication is also able to include embedded security at the manufacturing.Accordingly, as seen in Table 13, they propose a resource-constrained authentication protocol, where non-repudiation is supported using PKC in a connectionless environment.In addition, a physical-layer authentication and non-repudiation system can be used that authenticates the receiver by employing signal processing and checking if the expected transmitter at the expected location is used for transmission.This method has no energy overhead due to allowing reuse of radio signals on physical layer (Trappe et al., 2015).In MoL, while the device is communicating with other devices, it should be monitored in order to diagnose the possible faults, and according to the monitoring observation to update or reconfigure the device.During the operation phase, the device needs to be monitored continuously to detect any malicious activity.

Monitoring and diagnosis
During the phase of Monitoring and diagnosis, the main security challenge is to manage the trust level between the service provider and the individual's privacy need, considering the automatic exchange of manifold personal information.For each of the security problems in this lifecycle phase, various solutions have been adduced in the literature.

Identification
Sarma and Girao (Sarma and Girão, 2009) introduce device identification for handling data privacy in 2009.They propose the use of identities as representations of all entities including persons, devices, and software as the communication endpoints (Identinet).They also suggest that digital shadows be employed that portray entities projections in a communication use or in sessions.Later in 2012, Horrow and Sardana ( 2012) presented an identity management framework designed for cloud-based IoT.This framework has several basic functions for devices including relocation, addition and deletion of devices, authentication of sender and receiver devices, hosted services identification and registration of sensors and receiver device to the cloud.
To federate the identity of users and devices in IoT, Fremantle and Benjamin (Fremantle and Aziz, 2016) propose a security model which provides secure, random, and anonymised identities that are not shared with third-parties.In their model, all accesses to device data and commands are based on explicit consent from users.In this model, each user's data are handled by a personal cloud instance providing improved security and isolation.To make federated identities alongside with user-directed access control decisions, Fremantle et al. (2014) show that using OAuth2 as part of the MQTT protocol flow and within an MQTT broker, a technology extracting from Web is more effective.Furthermore, for a cellular IoT environment, identity can be federated by reusing the SIM authentication running over the network layer (Santos et al., 2018(Santos et al., , 2019)).
Additionally, as a device identification operating for the entire lifecycle of devices, Yousefnezhad et al. (2018) propose a framework based on Measurement-based Device Identification (MeDI), which analyzes the traffic and exploits payload data as well as statistical information to identify the IoT devices.
To manage and secure access to the resources and information and also protecting devices' profiles, an association of technologies and processes, called Identity Management (IdM) is relied on (Mahalle et al., 2010).Mahalle et al. (2010) propose an IdM framework to deliver services of devices, while also providing a device management which conceals the complexity of security management from users.Furthermore, several versions of IdM such as a distributed IdM (Kravitz and Cooper, 2017), improved IdM protocol (Song et al., 2017), and IdM specific to emergency situations (Hu et al., 2011) were proposed as described in Table 14.

Trust
An important problem in the IoT environment is the lack of trust on IoT devices.Trust establishment in remote IoT devices can be achieved with the help of a security service called remote attestation, which helps verify the remote computing devices' state (Abera et al., 2016).To allow trust management, in which devices develop trust instantly with a reasonable degree of accuracy, an indispensable part of the correct operation of most IT systems, is needed (Chen et al., 2014).Due to the distributed nature of IoT, a distributed trust management system which can scale to global dimensions is designed by Alexopoulo et al. (Alexopoulos et al., 2018) using distributed ledgers.
Disparate techniques have been proposed in literature for addressing trust management in diverse IoT systems (Table 15).To support SOAbased IoT systems, an adaptive and scalable trust management protocol is proposed by Chen et al., 2014Chen et al., , 2016. .In sensor node-powered IoT applications, Tariq et al. (2019) present a Mobile Code-drive trust mechanism to define a confidence level for sensor nodes.Additionally, the trust levels of IoT devices in the network can be employed to explore the attacks.For detection of malicious nodes and on-off attacks involved in bad service provisioning, a fuzzy logic-based approach is proposed (Alshehri and Hussain, 2019) for restriction of their untrusted functionality where it gives false recommendations about other nodes.Trust and reputation policies can be adopted for detecting hijacked vehicles (García-Magariño et al., 2019).

Privacy
As IoT develops, privacy becomes a major implication, which means more than anonymity in IoT.Profiling and data mining services which involve automatic processes including data collection, their storage, sharing, and analysis process, can form a potential harm to individuals (Elkhodr et al., 2012) IoT network traffic can also be analyzed to infer sensitive details about users and their interactions even when the traffic is encrypted.Apthorpe et al. (2017) examine four IoT smart home devices to prove it.According to their results, a technological solution is needed to protect IoT device owner privacy.
Given this concern, privacy-preserving methods are applied in various IoT environments and applications (see Table 16).For instance, an efficient privacy-preserving method is proposed in (Boussada et al., 2018) for E-health systems which relies on a novel identity-based cryptography scheme, called PKE-IBE.To recognize activity and restrict user re-identification at the same time, a privacy-preserving framework is presented by Jourdan et al. (2018).Furthermore, since privacy of sensitive data is a major concern for data aggregation applications in the fogenhanced IoT environment, Guan et al. (2019) design a device-oriented anonymous scheme to preserve the privacy.
For privacy management in IoT applications, specifically, smart energy management systems, Ukil et al. (2015) propose an involuntary approach (without human-in-loop).To accomplish such an approach, this paper identifies the sensitive content in sensor data and level of privacy control required for such content.In this approach, data privacy will be preserved before the data are shared to third parties and the user will be alerted in case of privacy breach in shareable data.The same authors in (Ukil et al., 2014) had also proposed a simpler version of this privacy management schema in which the data owner can assess the privacy risk of sharing his private data.FIAM, a federated identity and access management approach building a prototype using OAuth 2.0 to enable access control to information distributed via MQTT (Santos et al., 2018(Santos et al., , 2019) ) identity federation for cellular IoT reusing the SIM authentication enabling single-sign-on Meidan et al. (2017) ProfilIoT, a device identification based on network traffic analysis using machine learning algorithms to identify IoT device type, based on characteristics of the network traffic it generates Yousefnezhad et al. (2018) MeDI, a measurement-based device identification framework monitoring the data packets coming from smart devices to protect the server from receiving and spreading false data Mahalle et al. (2010) identity management framework managing a device's security credentials and identity, and interacting with service providers on its behalf Kravitz and Cooper (2017) distributed identity management using blockchain for resilient user and device identity and attribute management Song et al. (2017) Improved Identity Management (IIDM) Protocol improving both security and performance by maximizing load balancing to service provider Hu et al. (2011) identity-based system for personal location in emergency situations confirming the identity of the user through the user authentication subsystem and the level of the emergency through the policy subsystem

Compromise detection
Compromise is a circumstance where a threat such as malware, intrusion, attack or a newly discovered incident occurs which might harm the overall system.It is impossible or difficult to identify these threats in advance.Thus, they should be analyzed during their use.Since currently most IoT vendors provide no mechanism to automatically update the devices, compromises will grow in the IoT environment.As a countermeasure for this problem, ISP networks require feasible techniques to detect IoT malicious activity (Van der Elzen and van Heugten, 2017).Compromises might have three steps (Pa et al., 2016): intrusion, in which attackers exploit the weaknesses to login to devices; infection, in which after a successful intrusion, attackers upload and execute malicious codes to the device; monetization, in which malicious codes are controlled by attackers to spread the malware to other vulnerable devices.
Due to growing popularity of IoT and weak security IoT devices have, new categories of malware have emerged such as Hajime decentralized Internet warm (Edwards and Profetis, 2016), Persirai botnet (Yeh et al., 2017), BrickerBot (Radware.Brickerbot resul), Mirai (Antonakakis et al., 2017;Kolias et al., 2017), and other botnets which explicitly target IoT devices.Since these malware affect the behaviour of IoT devices and reveal an unknown traffic pattern, one solution for An Analytic framework detecting compromised IoT devices using mobility behavior defeating them is to check whether the traffic pattern matches the normal pattern or not.To do so, Nguyen et al. (2018) presented a self-learning distributed system for detecting compromised IoT devices effectively.In this system, devices are classified and profiled based on their device type and their normal communication behavior which is used for anomaly detection.
Since IoT devices are controlled by smartphone applications and smartphones are involved with invasion of privacy and information leakage, it is necessary to detect abnormal behaviors occurring on mobile devices to achieve reliable IoT services.For this purpose, several mobile malware detection techniques exist which are summarized as follows.1. Signature-based detection which employs either static or dynamic methods to define the signature; 2. Behavior-based detection analyzes predetermined attack patterns and process behaviors by monitoring information inside a device (host-based) or gathering information via network (network-based); 3. Dynamic analysis-based detection (taint analysis) marks specific data and monitors their process to track the data flow.Tabassum et al. (2019) also present another category for intrusion detection techniques which is divided into four groups: signature-based, anomaly-based, specification-based and hybrid.
The static signature-based solution is a traditional method which is unsuited for dynamic environments and the dynamic signature-based one requires large amount of storage for finding certain patterns.Taint analysis is also highly dependent on the underlying system while an analysis system in diversified environments must be flexible enough to adopt different systems (Zhang et al., 2014).Signature-based with some extensions can be suitable for IoT environments.For instance, Sun et al. (2017) provide a technique for cloud-based malware detection presenting a reliable data privacy protection for IoT resource-constrained devices.To detect the malware, this technique proposes a signaturebased mechanism for the cloud server and a lightweight content scanning agent for the client.Behavior-based detection techniques which have recently received most attention, exploit machine learning methods to enable automated malware classification.For example, Ham et al. (2014) apply a linear support vector machine for exploring malware on Android phones.Vasseur and Seewald (2016) also proposed a dynamic anomaly detection method based on machine learning algorithms to make the network learn from its mistakes and eliminate the false positive alarms.
Malware detection tools: IoTSeeker (Qian) is an example of available tools for malware detection and/or prevention.This tool scans an IoT network to detect if they are using the default credentials or not and helps to find Mirai-based malware.After capturing malware samples, in order to analyze and examine the attacks in depth, a malware analysis environment, called IoTPOT (Pa et al., 2016), was proposed.In addition, one common solution for understanding the dynamic threat landscape without exposing critical assets is honeypot.For this purpose, an automatic and intelligent honeypot called IoTCandyJar (Luo et al., 2017) was proposed to check behaviors of different types of IoT devices by gathering responses to the honeypot's requests, specifically ones expected from attackers, leveraging machine learning techniques (See Table 17).

Security requirements
This section presents the proposed solutions for the security requirements required in operation stage (MoL).
Authentication: The authentication mechanisms for IoT are classified as: two-factor authentication, two-phase authentication, mutual authentication, group authentication, and anonymous authentication.Examples for each class are presented in Table 18.Most of these schemes are vulnerable to key theft since they employ local key management and need infrastructure support for key storage (Shivraj et al., 2015).They have no fine grained control, either, and are impractical in real-world usecases.
More authentication methods along with detailed comparison considering their weakness and strength are available in previous surveys conducted for Authentication in IoT (Ferrag et al., 2017;Saadeh et al., 2016;El-hajj et al., 2017;Atwady and Hammoudeh, 2017).For instance, Ferrag et al. ( 2017) categorize the authentication protocols for IoT systems based on the target environment including M2M communications, IoV, IoE, and IoS and represent performance and limitation of protocols based on such a category.
Access Control (AC): For providing end-to-end data protection, both in storage and in transit, a cryptographic access control based approach is proposed by Wrona (2015) which is also based upon Object Level Protection standard.An integrated approach is proposed by Mahalle et al. (2013) for authentication and control of IoT devices access known as Identity Authentication and Capability based Access Control (IACAC) model.The same authors in (Mahalle et al., 2012a) already proposed a capability based approach called IECAC leveraging ECC.More Access control approaches from the perspective of IoT are displayed in Table 19.
Confidentiality: Although confidentiality is important during deployment, it is also considered the main security issue during IoT device communication.Security solutions provided to address confidentiality during the phase of MoL are described in Table 20.
Integrity: An IoT device produces a large amount of sensitive data which are susceptible to cyber attacks including integrity attacks.Integrity attacks known as tampering attacks are extremely dangerous since they might go unnoticed till the unavailability of the physical system (Battisti et al., 2018).Data tampering attacks can be divided into two types: data modification and data injection.Among these attacks, data modification attacks (main type of data tampering attack), which disrupt the state of the applications, cause widespread damage.To detect these attacks, Aman et al. (2018) propose a detection mechanism using a random time hopping sequence and random permutations to hide validation information.
Another type of attacks targeting data integrity is data injection (or deception attack) where the tampered data is injected in the communication channel.To identify such an attack, Battisti et al. (2018) design a secure mechanism based on coding the output of the system using permutation matrices created by flipping.Further approaches to integrity protection are demonstrated in Table 21.Apart from the attack type, the level of data integrity can be scored based on the manipulation level of adversary (Bhattacharjee et al., 2017) or the data can be signed by elliptic curve based algorithms to provide end-to-end integrity protection (Bauer et al., 2016).
Availability: The availability of IoT systems can be threatened by cyber attacks such as impersonations or DoS.Thus, it is essential to investigate the effect of successful attacks on the availability factor of the IoT system.Given this concern, Kolisnyk et al. (2017) analyze the possible types of attacks and mathematically assess the availability fac-tors on smart business.Once the availability level has been measured, the availability of smart devices should be enhanced to improve their performance along with their security.Table 22 demonstrates several approaches to improve (Xiong et al., 2019), optimize (Yang and Kim, 2019), and ensure (Qaim and. Özkasap, 2018) data availability on IoT infrastructure.
Non-repudiation: In industrial IoT with a service-provisioning scheme, malicious services might be provided by untrusted service providers.Similarly, acquirement of correct services might be repudiated by dishonest service users for their own advantages or disruption purposes.To avoid these problems, non-repudiation mechanisms whether with or without TTP should be presented.However, both of these two approaches are insufficient for IoT systems due to being decentralized and having recourse-constrained devices.Given this concern, a non-repudiation model is proposed by (Xu et al., 2019) for service-provisioning scenarios using blockchain technology.The nonrepudiation issue can also be addressed along with other security requirements such as authentication and confidentiality to provide a security service.FSS (Abbas et al., 2019) is an example for these kind of services given in Table 23.2018) data tampering detection by reducing the computational complexity as well reducing the transmission energy Battisti et al. (2018) a secure control system to identify deception attack encoding the system output based on a secret pattern created by Fibonacci p-sequences Bauer et al. (2016) end-to-end integrity protection using elliptic curve based signatures Bhattacharjee et al. (2017) Bayesian inference framework for data integrity scoring under opportunistic data manipulation by an adversary

Updates
Under some circumstances, IoT devices and their secret belongings (i.e., secret keys and certificates) are required to be updated.

Key/Certificate update
All keys associated with a specified user or device should be updated to guarantee forward and backward secrecy, when devices or users join and leave the system.To efficiently handle key updates (or re-keying) during membership change inside user or device groups, a Group Key Management (GKM) scheme was proposed in (Kung and Hsiao, 2018) 2014) for an IoT system for verifying the authenticity of all the devices which take part in the group communication.This scheme has five modules including a key update which generates a public/private key pair for Group Authority (GA) and changes the private keys of other members of the group.On the other hand, certificates which specify the public key to owners also require periodic renewal, e.g., by a dynamic public key certificate (Chien, 2018).More re-keying approaches, as part of key management (Abdmeziem et al., 2015) or as a separate solution (Arif et al., 2019) are demonstrated in Table 24.

Software update
The IoT environment consists of various hardware modules including their own firmware in each module which should be up-to-date during the IoT device lifecycle (Sulkamo, 2018) since IoT devices are not secured by design (Boudguiga et al., 2017).On the other hand, vendors do not deliver software updates before attackers exploit a vulnerability found by a good node.This is the main reason for device failures in the network, as Beresford (2016) reports.Therefore, it is essential to keep track of disclosed vulnerabilities and patch them in subsequent software or firmware updates so that hackers will be unable to enroll them into botnets.
Many IoT devices like modern vehicles require firmware updates due to their vulnerabilities and outdated configuration settings.Providing such an update may highlight new issues for constrained devices (IAB).The update can occur during or after the end-of-life of a device.It can also occur on the device or on the cloud but both solutions are challenging.IoT resource-constrained devices cannot rely only on their limited resources.Obtaining updates from the cloud also makes these devices perform heavy operations (Chiang and Zhang, 2016).As a consequence, a new solution is needed to distribute the update responsibility among the IoT devices.As an example (Boudguiga et al., 2017), proposes a peer-to-peer mechanism for spreading updates between IoT devices.They apply blockchain infrastructure to improve the security of updates with the focus on availability.More approaches are described in Table 25.

Reconfiguration
The security solutions for the various problems in the Reconfiguration phase are discussed in this section.

Application reconfiguration
Similarly to sensor networks, flexibility is a key issue of application in IoT systems.Application reconfiguration is the main approach for improving the flexibility of the system.Such an approach presents    26).This approach is unapplicable in IoT systems since it does not support the dynamic addition of new knowledge.
Recently, IoT hardware reconfiguration has also become a popular since IoT applications are often constrained by the dual requirements of high performance and resource limitation (Johnson et al., 2017).For instance, energy-limited IoT applications confront the challenge of trade-off between security strength and power budget.To resolve the power constraint issue in low-power IoT applications, Samir et al. (2019) propose Dynamic Partial Reconfiguration (DPR) technology, where multiple encryption modes can be implemented with various security levels.Adversary can exploit remote DPR capability of the devices to launch hardware-related attacks on commonly used security applications.Johnson et al. (2017) demonstrate four examples of remotely-launched attacks on remote DPR, where a bitstream is transferred remotely over the network to reconfigure one or more applications embedded on the reconfigurable device.

Mobile security
IoT will potentially connect billions of devices from multiple organizations and in some environment, e.g., smart cities, these devices move from one cluster to another.When the device moves, organizations will face many concerns regarding security requirements for the network and the device itself.The IoT network requires identity checks for the mobile device when it enters the network.The IoT mobile device, on the other hand, requires a transparent identification so that it can comfortably interact with other mobile nodes, while enjoying the secure service.For instance, when a car arrives in Helsinki, the security concerns are associated with e.g. its access to city information, the access rights of other devices in Helsinki to the information related to the new car, and the trust level of new car.
For providing privacy protection and rapid identification authentication for a mobile node joining the new cluster, Miao and Wang (2012) present a cryptography-based protocol from the class of singlestep protocol.The protocol rapidly implements authentication using a valid request message and an answer authentication message.
Since device mobility is increasing in IoT applications making it difficult to communicate with them directly using their IP address (e.g., due to access restrictions or the presence of NAT), the messaging standards are designed for providing standardized and generic applicationlevel interfaces to achieve two-way communication among other things (Kubler et al., 2015b).
The mobile solution was attracted by several IoT services such as secure healthcare service.For these mobile platforms, deploying a security architecture is necessary.For this purpose, Goncalves et al. (Gonçalves et al., 2013) define a basic security architecture to support secured and authenticated interactions, enabling an easy deployment of m-health applications.Adopting mobile solutions in the same IoT environment, a novel security and privacy mechanism was proposed in (Kai et al., 2013) for protecting the patients' security and privacy in a healthcare context including trustworthiness, authentication, and cryptography credentials.
Mobile devices force the environments to integrate with the wireless network, where wireless access to networks represents security threats.Thus, an efficient and secure mobile-IPS (m-IPS) is presented in (Jeong et al., 2014) for business activities for human-centric computing which utilize mobile devices in mobile environments.
Mobility of low-level technologies such as mobile radio frequency identification (RFID) technology, used in electronic product code (EPC) information service, also causes security and privacy concerns for tags and readers.To protect the mobile RFID (or mobile reader) systems, security and privacy protection schemes were presented in (Zhu et al., 2012), (Yan and Wen, 2010), and (Niu et al., 2014) (see Table 27).

End-to-end security
To enable safe end-to-end corporability, an end-to-end security solution is required relying on protection measures implemented on the terminal hosts (Sahraoui and Bilami, 2015).As a solution for end-toend security, establishing interoperable network security between end peers, various conventional end-to-end security protocols have been recently proposed (Moosavi et al., 2016).An end-to-end security protocol safeguards the message payload from the data source until reaching the target.This type of protocol is usually implemented in the network or application layer with different levels of protection compared to the link layer, since end-to-end security is not provided by lower layer security protocols (Kothmayr et al., 2012).security architecture for mobile platforms establishing and managing a medication prescription service in mobility context using electronic Personal Health Records Kubler et al. (2015b) Quantum Lifecycle Management (QLM) messaging standard enabling real-time communications and two-way communications with nodes located behind firewall/NAT systems Kai et al. (2013) Health-IoT, a secure healthcare service establishing a trust IoT application market (IAM) by exchanging the feature of application in marketplace and behavior of applications on end-devices Jeong et al. (2014) m-IPS, a mobile intrusion prevention system Providing precise access control by checking users' temporal spatial information, profiles, and role information Zhu et al. (2012) SPMMRFID-IOT, a security and privacy model for mobile RFID systems supporting the privacy of tags and readers, tag corruption, reader corruption, multiple readers, and mutual authenticated key exchange (AKE) protocols Yan and Wen (2010) mobile RFID network architecture embedding the reader into mobile phone, no need for proxy Niu et al. (2014) a novel ultra-lightweight and privacy-preserving authentication protocol for mobile RFID using only bitwise XOR and several special constructed pseudo-random number generators, providing privacy properties (e.g., tag anonymity, tag location privacy, reader privacy, mutual authentication) and resisting attacks (e.g., replay attacks, de-synchronization attacks)

Table 28
End-to-end security in IoT.

Scheme Method Remarks
Banerjee et al. ( 2018) protocol extension for DTLS through the design of reconfigurable energy efficient cryptographic accelerators and a dedicated protocol controller Brachmann et al. (2012a) end-to-end transport security by proposing a mapping between TLS and DTLS in homogeneous networks Hummen et al. (2013a) lightweight protocol extensions for HIP DEX during handshake proposing a comprehensive session resumption mechanism to reduce handshake costs, a collaborative puzzle-based DoS protection mechanism for network heterogeneity, and a refined retransmission mechanism for processing time Sahraoui and Bilami (2015) CD-HIP, Compressed and Distributed HIP for lightweight end-to-end security combination of an efficient distribution scheme for key exchange and an optimal 6LoWPAN model for protocol header Moosavi et al. (2016) end-to-end security scheme for mobility enabled healthcare providing a secure and efficient end-user authentication and authorization, secure end-to-end communication, and robust mobility Hossain et al. (2016) biometrics-based secure communication using biometrics and pairing-based cryptography for end-to-end security between different layers Several studies have been conducted of IoT end-to-end security protocols.Among them, some research presented a lightweight IP security protocol for end-to-end security in IoT such as minimal IKEv2 (IPsec) (Kivinen, 2012), HIP HIP Diet Exchange (DEX) (Moskowitz and Hummen, 2012) and Datagram TLS (DTLS) (Rescorla and Modadugu, 2012).To improve the applicability of these protocols, recent research shifted its focus to proposing a new end-to-end protocol by adding an extension to previous protocols.For instance, due to computational costs of DTLS, Banerjee et al. (2018) and Brachmann et al. (2012a) contribute to DTLS and make it a practical solution for implementing end-to-end security on resource-constrained IoT devices.For boosting HIP-based protocols in IoT, some lightweight protocol extensions were proposed by (Hummen et al., 2013a) and (Sahraoui and Bilami, 2015).Table 28 discusses these security protocols in more detail, similarly to other end-toend security solutions, in particular platforms such as mobility enabled healthcare (Moosavi et al., 2016) and biometrics-based communication (Hossain et al., 2016).

Security solutions in end of life (EoL)
A device reaches the end of its life due to obsolescence or when transferring to a new owner.

Re-ownership
One of the fundamental problems in IoT is Ownership management.This problem triggers several security concerns, including access control of smart devices after ownership transfer, privacy preservation, and secret update.Devices in the context of IoT require an ownership which can be obtained, verified and transferred through a vast communications network in a fast and secure way (Leng et al., 2014).When a new owner purchases the device, the ownership should be transferred from the current owner, a process known as ownership transfer or reownership.Both parties involved in device re-ownership must be protected as they are both potential adversaries (Khan et al., 2018b).Once the ownership is transferred, all the rights available to the previous owner should be assigned to a new owner who should be unable to trace back previous owner's communication with others.Meanwhile, when the ownership of the old owner is revoked, the old owner should be unable to track any current communication of the new user (Aghili et al., 2019).

Key/Certificate update
If the device is transferred, a new set of initial secret keys will be needed by the new owner to access its device servers in BoL.Privacy

Table 29
Key/Certificate update during EoL in IoT.

Scheme
Method Remarks Leng et al. (2014) an outline of an ownership management system handling ownership transfer through TTP checking the ownership proof and validity of ownership transfer Mamun et al. (2018) OTP-IoT, a secure RFID ownership transfer protocol preventing MITM attack and supporting mutual authentication while enabling owners to transfer the ownership of multiple tags simultaneously Ghuli et al. (2017) decentralized re-ownership scheme using blockchain transactions to reduce the dependency on a central cloud Aghili et al. (2019) LACO, a lightweight authentication and ownership transfer protocol  leakage of the device (e.g., secret keys) is the main privacy issue in an ownership transfer protocol during the ownership transfer process from the current owner to a new owner.Re-ownership can be managed by a trusted party to simplify the operations or without trusted party when complex architectures are unfeasible.One example of ownership management based on a Trusted Third Party (TTP) structure is proposed by Leng et al. (2014), in which TTP handles both ownership establishment and ownership transfer steps (see Table 29).Although relying on TTP can guarantee the owner's privacy, it excessively burdens the trusted server.To solve the problem, a number of intermediate servers called semi-trusted parties (STP) is proposed to securely transfer the ownership of RFID tag (Mamun et al., 2018).By employing STP, during re-ownership process, tag owners only require communication to a nearest STP instead of interacting with the main server.This re-ownership method supports forward privacy secrecy because of updating the session key after each transaction, thus the new reader is unable to interpret the tag's previous transactions and the current reader is also unable to trace the tag.One approach to removing involvement of the third party in device re-ownership is to exploit blockchain technology so that the transfer of one user to another user is managed like a normal blockchain transaction, where the owner controls the ownership of the device, and can independently transfer it to any other user (Ghuli et al., 2017).Another solution is to automatically secure ownership changes.Khan et al. (2018b) adopt this type of solution to address privacy issues related to ownership of smart home devices in a system called chownIoT.This system automatically detects the ownership change using the context of IoT devices, manages the profile for authenticating owners, and encrypts the data and isolates the profile for owner privacy.
Furthermore, in order to transfer the ownership of information in e-health systems, a situation where accessibility to patient information can be revoked from one doctor and transferred to another, an ownership transfer phase is proposed in the LACO scheme (Aghili et al., 2019).In the ownership transfer phase, the server uses the identity and password of the new owner to update the HACO string (i.e., owner identity, some dynamic and static attributes about owner's situation and owner password) and encrypts it with the new owner key and sends it to the new owner, thus the old owner cannot decrypt the string.

Decommissioned
As more devices are being added to our life, the issue of devices that stop functioning and are decommissioned is growing.Decommissioning occurs at the end of one of two cycles: duty cycle or usefulness cycle (Grebler, 2017).The first one might terminate before ending the usefulness of the device.However, the latter, also known as death by old age, terminates when its service stops being useful or becomes boring for the owner/user after which devices stop being used and become unplugged.When the device is removed from the domain (decommissioning), some security services/functionalities should be managed by the server.Such services consist of deleting device-sensitive user data and state, including crypto-keying material, and passwords to resources.At the same time, the server should remove its own copies of all passwords related to the device, keying material, and user-related sensitive data (Miettinen et al., 2018).

Key/Certificate revocation
Keys must be revoked if a client is compromised or a service agreement between the client and server is canceled.This can occur by means of a key revocation message, which the trust anchor sends to the server, as part of the key management scheme (Raza et al., 2016) or as a complement to the existing key management (Bock et al., 2019).Similarly, for certificates a long validity period is an immense threat if the IoT device be compromised.Thus, Kim et al. (2016) define a validity period for certificates based on risk factors (e.g., public devices have the lowest period) and after expiration of validity, the certificate will be revoked or updated.When a certificate is revoked, its serial number and revocation date can be stored in Certificate Revocation List (CRL), which is a common method for managing certificate revocation.During communication, one can determine the validity or status of the certificate by verifying whether it is or in CRL or not.Table 30 demonstrates some models for managing the CRL.

IoT and related technologies
Data processing on IoT device can be considered same as edge computing where the data is processed on the device itself with no data transferring to other sources.Cloud and fog are other technologies related to IoT with outsourced data processing.Cloud computing is considered a trusted platform to deliver IoT services (Zarpelão et al., 2017).However, due to several challenges in cloud computing, such as the fast increment in a large number of IoT devices, the novel concept of fog computing has been proposed.Fog computing is a platform to decentralize the cloud and bring the services closer to the end system (Dizdarevic et al., 2019).

Cybersecurity in fog and cloud
Fog and cloud have their exclusive security solutions.For instance, to detect DDos attacks in cloud systems, Wahab et al. (2020) propose an optimal load distribution solution.Another cloud-based detection and defense strategy against multiple types of attacks is presented in (Wahab et al., 2019).More security mechanisms in various paradigms, such as fog computing, mobile edge computing, and mobile cloud computing are analyzed by Roman et al. (2018).Such security countermeasures seem to be applicable in the IoT platform but it is impossible to apply them directly, due to IoT features consisting of the constraint computing power of IoT devices, a large number of connected devices, and data sharing among users and devices (Zarpelão et al., 2017).

Fog and IoT security
Fog relation with IoT security is two-fold.one hand, fog can trigger new security challenges, dissimilar to cloud where cloud infrastructures are already protected by cloud operators from various attacks.Distributed inherent feature of fog induces it more vulnerable to attacks.Some fog systems are so small that they might not be resourceful the same as cloud to implement a proper protection mechanism or intelligence for detecting threats (Chiang and Zhang, 2016).Since fog was originally introduced to present new applications and services to the IoT environment, several security problems in this area have been solved already.Diro et al. (2017) employ a cryptography method, ECC, to present a secure fog-based publish-subscribe lightweight protocol for IoT.A cybersecurity framework in fog and cloud environment is presented in (Sohal et al., 2018) to identify malicious edge (or IoT) devices.For this purpose, they apply a combination of three common technologies consisting of Markov model, Intrusion Detection System (IDS), and Virtual Honeypot Device (VHD).
On the other hand, fog can address security challenges, due to its locality on the edge and proximity to the end system.For example, fog as a security layer between IoT device and cloud overcomes man-in-themiddle attack (MIMA) since abnormal activities can be identified and reduced through this layer before reaching the system (Hassija et al., 2019).Security features over fog, in general, can have higher impact on IoT networks rather than cloud.Possible impact of various security considerations such as access control, authentication, and CIA when fog computing is compromised is analyzed in (Butun et al., 2019).For instance, although fog computing acts as a gateway between IoT devices and cloud, it is impossible to access the databases of cloud from fog gateway, however, fog gateway is able to conquer the IoT devices.Thus, a compromised fog gateway trigger higher level of risk on IoT network compared to cloud.

Discussion
Overall, as a comparison of all the security techniques introduced in previous sections, Table 31 presents the security solutions according to the stage and phase of lifecycle where the related issues are resolved.The pseudonym for each security solution or the generally known name for the solution, if there is no pseudonym is mentioned as Method in the table.The relevant domains, including the smart environment, application, and sensor type, which are targeted by such security solution, are discussed in the table as Domain.Among the extracted domain, smart home and WSN attracted more attention for security analysis and implementation.
The study demonstrates that amongst security issues, security requirements in the deployment phase of BoL and application reconfiguration during the operation phase are in lower priority to be analyzed and tackled.Moreover, non-repudiation as an important security requirement, whether in BoL or MoL, offers insufficient contribution.Further, key pairing as part of key management has recently been regarded as less attractive by the researchers, still requiring more investigation.As an advantage of such a study, a solution is available for all the security problems in various network layers (i.e., physical layer, link layer, and so on) but with the exception of one paper, none of them follow the device lifecycle in their method definition and implementation.However, a security solution is efficient for IoT systems only if it can be technically secure throughout the entire device lifecycle not only during installation or operation.
The following abbreviations have been introduced here from the "Solution" column of discussion

Open issues
The previously analyzed security aspects in IoT with respect to product lifecycle, raise challenges and opportunities for further research.This section discusses the major research directions required for addressing the unique IoT challenges (Bertin et al., 2019)       Trust Management (TM) is an important consideration enhancing security in IoT devices, although posing certain challenges in its implementation at a broader level.The following objectives are rarely considered in the literature: (Yan et al., 2014): • Trust Relationship and Decision (TRD): TM should measure the trust relationships of entities in all layers (physical, network and application layer) and help them to make a wise decision for their communication.
• Data Fusion and Mining Trust (DFMT): TM should process and analyze data in a trustworthy way (considering reliability, holographic data process, privacy preserving, and accuracy) in the network layer.It should also mine user demands based on their social behaviors.
• System Security and Robustness (SSR): TM should counter attacks in all system layers to apply security and dependability (reliability and availability) • Generality (G): TM should be generic for wide use.
• Human-Computer Trust Interaction (HCTI): TM should be easily acceptable to users in the application layer.
There is no comprehensive TM approach which considers all objectives of trust.Previous TM approaches (which are not Machine learning(ML)-based) estimated the trustworthiness of a trustee by its previous behaviors while this knowledge (e.g., a trust path between trustor and trustee) may not be available locally to the trustor.So what should we do if there is no knowledge about past behavior?ML algorithms can be applied to more efficiently estimate agent trustworthiness.MetaTrust (Xin et al., 2011) is an ML framework for identifying trust relying on discriminant analysis (DA), and it controls meta information using the trustor's local knowledge.Lopez et al. (López and Maag, 2015) also apply a supervised ML technique, Support Vector Machine (SVM) for TM.Tinghuai et al. (Ma et al., 2005) exploit another ML method, Case-Based Reasoning (CBR) to achieve a context-aware technique for smart homes.Miettinen et al. (2014b) use classification for a context-aware technique for access control.Motti et al. (2012) motivate the use of ML approaches for context-aware adaptation and Wang and Ahmad (Wang Ahmadet al, 2010) propose a context-aware ML framework for Android platform.However, we cannot use these solutions in the IoT context because of IoT constraints such as existence of limited power devices and heterogeneous technologies.To address these challenges, we should use lightweight methods to make these ML solutions implementable in IoT context.For instance, Che et al. (2015) propose ML algorithms for producing a lightweight TM.Perhaps, we could apply this algorithm in IoT for the same purpose.The other open issues concerning trust management are as follows: 1. Current TM solutions for data perception trust (reliable data sensing and collection) are too heavy and complicated for wireless sensor nodes.We therefore need lightweight trust mechanisms suitable for small entities (Yan et al., 2014).2. A trust management survey (Yan et al., 2014) defines five crucial TM objectives for a trustworthy IoT: Trust Relationship and Decision (TRD), Privacy Protection (PP), System security and robustness (SSR), Generality (G), Identity Trust (IT).There are few works on PP.To obtain a TM with vertical objectives, we need to integrate PP with other TM mechanisms.The PP approach should be applied in all layers and for resource-restricted devices.3.Many previous analysis of Secure Multi-Party Computation (SMC) address the problem of secure computation among untrusted participants.Unfortunately, most of them are impractical for IoT due to computation complexity, communication costs, and flexibility.We need a new SMC method that supports the vertical TM objectives (Yan et al., 2014).4. Transmitting and computing trust between different networks is difficult (Yan et al., 2014).
5. TM should work fast and consume less energy.Previous research neglected power efficiency of TM methods in IoT (Yan et al., 2014).6.There is no previous work in realizing an automatic TM (Yan et al., 2014).7. Since there is a huge amount of raw data created by things in IoT, it is important to achieve trustworthy data fusion to reduce the cost (Yan et al., 2014).8.One important factor influencing trust is context, which includes purpose of trust, environment of trust, and risk of trust.The current TM approaches do not focus on context awareness, so the trust results are impersonalized.They cannot provide intelligent services (context-aware services) in the application layer (Yan et al., 2014).Some examples of context-aware services include a real-time traffic update or even a live video feed of a planned route for a motor vehicle user (Wikipedia. Context aware).This service is also known as "Only here, only now and only me". 9.It is necessary to determine a well-defined and commonly-accepted trust negotiation language for semantic interoperability of the IoT context (Sicari et al., 2015).
These can be categorized based on product lifecycle and various research challenges can be listed.These can be an important consideration for an industry to address while designing and manufacturing their products.The open issues can be presented in general as shown in Table 32.

Research challenges in BoL
1. Vulnerability in resource-constrained devices: The IoT devices with constrained resources (like edge devices) are particularly susceptible to attacks.It has been shown by penetration studies that even though it takes less power to implement of better practice security for edge nodes, their accessibility to harmful threats still remains immense.2. Inter-fog sharing of resources: It is one such domain requiring further research since when the requests are not processed in the fog layer because of heavy load, they are forwarded to cloud.The neighboring fog layers can do resource sharing, thus preventing the transfer of unwanted requests to cloud.3. Near real-time data analysis: The near real-time data analysis in the IoT device proximity is imperative for the successful implementation of IoT applications.Different machine learning-based approaches could be designed to analyze the data within the node and to prevent the transit of data, thus enhancing the application security.4. Security at gateway level: The security layer at the gateways is required between different layers in IoT as they grant an easy access point to intruders in system.A promising solution is to provide endto-end encryption, which will be a big challenge for securing data through gateways.The decryption of the data should only take place at the destinations and not at the gateways in the middle of protocol translation.This further requires unified standards for data transmission rather than different protocols which may require translations at the gateways leading to attack vulnerability. 5. Interoperability between protocols: The challenges related to the development of appropriate security models with context to heterogeneity of IoT systems, is an important security consideration.Indeed, the core design and development principle in IoT relies on interoperability and its benefits should be remarkable in the security domain.In this context, the recent efforts to orchestrate security approaches for Network function virtualization (NFV) and Softwaredefined networking (SDN) environments merit research to form a basis for enhanced future IoT environments.6. X.509 certificates validity: Future IoT applications may require approaches which support online verification of X.509 certificates

Table 32
The open issues overview and description.

Standards
There are several standardization effortss across multiple domains Mobility support There are not enough reliable proposals for addressing mobility support in IoT Transport protocol The connection setup and congestion control mechanisms of existing transport protocols fail in IoT scenarios as they require high buffering in connected objects.

Traffic characterisation
The data traffic generated by IoT is significantly different from those observed in the internet.Quality of Service (QoS) support It will be mandatory to define new QoS requirements for IoT Authentication Authentication in IoT requires appropriate authentication infrastructures as things have scarcity of resources compared to present computing devices.Another problem is man-in-middle attack.

Data Integrity
The password lengths supported by IoT devices may be too short to support strong protection level.

Privacy
The connected devices can collect more private information from a person without its awareness.Control on such information is hard with current technologies.

Digital Forgetting
The person's collected information can be retained for several years which can be used to retrieve any information with data mining techniques.
particularly for the Constrained Application Protocol (CoAP) certificates security mode.Further research is required on adopting these kind of mechanisms.7. Trade-off between security and energy consumption: The proposed asymmetric cryptographic solutions in IoT are flexible, making them efficient with complexity and scalability issues but they are not energy efficient.These classic asymmetric approaches (RSA, NTRU, and ECC) are subsequently investigated in several studies.The major challenge lies in establishing trade-off between security and energy consumption to achieve a desirable security level.
The solutions should reduce the energy consumption in resourceconstrained devices, while ensuring an acceptable security level.8. Support of public-keys and digital certificates: The current computing platforms of the sensing platforms pose a constraint on certificate processing.The certificate overhead problem in constrained sensing platforms has been addressed in (Hummen et al., 2013b) by discussing the various design approaches.The certificate prevalidation and session resumption are the proposed approaches where certificate pre-validation involves a security gateway to support certificate validation before handshake message forwarding to the destination and session resumption.It helps in maintaining minimal session state after session breakdown.9. Exponential increase in the number of weak links: As most IoT devices have limited computation and storage resources, and considering cost factors, the available devices in market do not support highly secure cryptography.Hence, it has led to emergence of many weak links in the network which can easily be compromised by any attacker to target the entities in the network which are presumed to be secure.

Research challenges in MoL
1. Unsecure update process for a medical device: The dosage limit on medication to be given to the patient was raised by a hacker using a Hospira drug infusion pump (Scully) in 2015.The main concern emerged from an insecure library update process and communication modules for the pumps.The question arises if the updates in the software or firmware are digitally signed or authenticated.2. Efficient and reliable consensus mechanisms: The current consensus algorithms are less efficient as they are highly resource hungry.Hence there is need to design consensus among the nodes to prevent rampant consumption of computation power.

Limitations of blockchain architecture:
This architecture is limited in the number of permissioned network nodes and in permissionless network throughput.To support high throughput with an increase in users or nodes, various consensus algorithms need to be designed.4. DTLS limitations: Datagram Transport Layer Security (DTLS) is considered a supporting protocol in the application layer using CoAP.DTLS has some limitations which allow the other approaches to be used for providing security in the application layer.The work has already been going on in the CORE working group to propose and evaluate new security approaches.DTLS limitations motivate research on alternative proposals for securing IoT communications at the application level using CoAP. 5. Adoption of ECC: Evaluation of the impact of DTLS on sensing platforms with distinct characteristics is important because if there is efficient availability of Advanced Encryption Standard (AES) in hardware in IEEE 802.15.4 sensing platforms.A significant impact can be imposed by the DTLS handshake (for authentication and key agreement) on the devices with constrained resources, in particular while consideration of ECC public-key cryptography for supporting authentication and key agreement.The support of ECC for 6LoW-PAN environments requires more research since ECC is currently incompletely viable for resource-constrained sensing devices.6. Multicast communications: Another important aspect of consideration is the inadequacy of suitable key management methods for supporting CoAP multicast communications which are secure.Multicast communications are not supported by DTLS (Garcia-Morchon et al., 2013), (Brachmann et al., 2012b), which is an essential requirement in most IoT applications.Again, more applicable group key mechanisms are required to support session key establishments among the various participating devices in secure CoAP multicast communications.7. Object security in CoAP: The employment of object security approaches compared to transport layer security is considered for securing COAP communications.The usage of new CoAP options (Granjal et al., 2013) was considered (i) to enable the identification of application of security to given CoAP message a responsible entity, (ii) to enable data transportation for authenticating and authorizing a CoAP client, and (iii) to enable security data transportation of security-related data.8. Unexpected uses of data: With the widespread use of IoT applications, an adverse effect on the private information of citizens can be inferred from presumed non-critical data which is not well known or understood.McKenna et al. (2012) provided the residents with private information such as the count of residents, daily routines, and personal habits which are inferred from electricity load data of smart meters in smart homes.These research attempts exploit unexpected use of data associated with connected sensors for smart city environments.

Research challenges in EoL
1.The tamper-proof feature of blockchain: There is a body of tamper-proof blockchain data which is never deleted leading to an accumulation of a large amount of garbage addresses and data.Hence the performance of the application becomes affected and there is a need for better ways for efficiently handling the garbage data in a blockchain.

Conclusion
There are ample research efforts for IoT security, but they are scattered.A systematic schema is required to identify the security gaps and address the security issues.The current paper has presented a detailed study of product lifecycle from the IoT perspective of security by providing the necessary background required for IoT and product lifecycle.Further, an in-depth security analysis of product lifecycle is conducted out by listing the state-of-the-art security solutions over the last decade by categorizing them based on lifecycle stages.The survey addresses and compares a broad range of techniques, methods, models, functionalities, systems, applications, and middleware solutions related to IoT, IoT security, and device lifecycle.The comparison and assessment of the available security mechanisms in product lifecycle can aid in selecting the appropriate secure techniques.Thus, the review is useful for implementing security in dynamic applications as per user requirements.

Declaration of competing interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
What are the existing state-of-the-art surveys and how are they different from the current survey?Based on what security parameters can they be compared?-This research question is answered in Section 3. RQ2 What is the role of product lifecycle in IoT environment and how does it impact the security of IoT devices?-This research question is answered in Section 4. RQ3 What is the security taxonomy which can be proposed for IoT device lifecycle based on different lifecycle phases in lifecycle stages?-This research question is answered in Section 5. RQ4 What are the distinct security solutions that exist in literature for each of the security challenges discussed in two of the major lifecycle stages of BoL and MoL? Are there any security solutions which can cover both stages?If not, which solution exist for each of the phase of these lifecycles?-This research question is answered in Sections 6, 7. RQ5 What are the distinct security solutions with respect to End of Life for a device which is a major research challenge?-Thisresearch question is answered in Section 8. RQ6 How can the existing security solutions be compared based on lifecycle perspective?-This research question is answered in Section 10.RQ7 What are the open issues identified by the current work and how do they evolve?-This research question is answered in Section 11.

Fig. 5 .
Fig. 5. Publishing trend in the domain of IoT security.

Fig. 11 .
Fig. 11.Overview of the literature for security mechanisms in IoT product lifecycle.
preserving the user privacy by considering ownership transfer of usersKhan et al. (2018b)   chownIoT, automated re-ownership of devices combining authentication, profile management, data protection, and ownership change

Table 1
Previous surveys on security aspects of IoT.

Table 4
Physical security in IoT.
providing a secure and error proof configuration for cryptographic keys of devicesZhang et al. (2017a)physical layer security for securing IoT appropriate for the secure application scenarios with low-cost and energy-limited devices

Table 5
Identification during BoL in IoT.

Table 6
Key pairing in IoT.

Table 7
Vulnerability management in IoT.

Table 8
Authentication during BoL in IoT.

Table 9
Access control during BoL in IoT.

Table 10
Confidentiality during BoL in IoT.

Table 11
Integrity during BoL in IoT.
based on fragile watermark to prevent variety of attacks on perception layer

Table 12
Availability during BoL in IoT.
Mustafa et al. (2019)heterogeneity model based on node distribution and vulnerability differences then using epidemic theory and Markov chain to establish node state transition modeMustafa et al. (2019)an approach to find end-to-end QoS and availability of service-oriented cloud running experiments on Device-to-cloud, cloud-to-cloud and inside-cloud

Table 13
Non-repudiation during BoL in IoT.

Table 14
Identification during MoL in IoT.

Table 15
Trust in IoT.

Table 16
Privacy in IoT.

Table 17
Compromise detection in IoT.

Table 18
Authentication during MoL in IoT.

Table 19
Access control during MoL in IoT.

Table 20
Confidentiality during MoL in IoT.

Table 21
Integrity during MoL in IoT.

Table 22
Availability during MoL in IoT.

Table 23
Non-repudiation during MoL in IoT.
which combines two existing GKMs, one used within user and device groups and another for communicating with multiple user groups.Additionally, a group authentication scheme is proposed byMahalle et al.  (

Table 24
Key/Certificate update during MoL in IoT.
DPKC, a dynamic public key certificate updating public/private key pair without connecting to CA for a new certificate, verifier can use the original CA-issued certificate to verify the claimed public keys Abdmeziem et al. (2015) re-keying as part of decentralized and batch-based group key management protocol reducing re-keying overhead triggered by membership changes and providing forward and backward secrecy for multicast communications Arif et al. (2019) re-keying by LT-SMM, a logical tree-based secure mobility management scheme providing secure group communication employing group deployment, mobile node joining and mobile node migration protocols

Table 25
Software update in IoT.

Table 26
Application reconfiguration in IoT.
Zhang et al. (2005)m to adapt component-based distributed applications in the dynamic environment.However, implementing application reconfiguration in IoT is challenging since identically with sensor nodes, memory-constrained devices in IoT are unable to store all possible applications in their local memories.An example of executing application reconfiguration in sensor networks is proposed byZhang et al. (2005)(see Table

Table 27
Mobile security in IoT.

Table 30
Key/Certificate revocation in IoT.
table if they are not the method name.These are being abbreviated in the discussion table to increase its readability and give more clarity to the compared approaches.KMP: Key The basic IoT requirement is that the solutions provided by the third parties and various industry partners should be integral.Such openness can be provided by the use of open standards, which can be used for all IoT devices.Industry partners should be able to integrate such open standards for their devices to enable cross platform integration of applications.4. Heterogeneity: New objects are deployed which need backward compatibility to integrate with the already deployed old objects.Hence, new AC protocols will be required to ensure this. 5. Personal data: Extensive personal data are generated by IoT systems, with end users taking charge of them.The conflicting interests of users need to be managed by IoT systems.6. Scalability: As IoT systems escalate, they should be able to handle large user groups, applications, decision points and policy enforcement.

Table 31
Classification of security issues of IoT devices based on their lifecycle.

Table 31 (
continued) Many studies (Use Smart Doorbell to Ha, 2016) (Hacking into Internet Co, 2016) demonstrate how edge nodes can be targeted for extraction of the home user's WiFi password where one attack (Use Smart Doorbell to Ha, 2016) uses light bulbs and other (Hacking into Internet Co, 2016) uses user's smart lock.The diverse nature of IoT devices and applications amplifies the impact.