Table 9 Security mechanisms/protocols and threat mapping with referenced studies.
Exemplar Study | SIoT Layer | Key Security Mechanisms / Protocols | Primary Security Goal | Example Threats |
|---|---|---|---|---|
Perception Layer | AES-CCM, ECC/ECDH, PUF-based keying, PKI, HMAC-SHA-256, secure boot / TrustZone-M | Authentication, data confidentiality, device integrity/identity | Device spoofing, physical tampering, key extraction | |
Network Layer | IEEE 802.15.4 security (AES-CCM*), 6LoWPAN, RPL (secure modes), IPsec/ESP (IPv6), Thread, LoRaWAN 1.1 security | Secure data transmission, routing integrity, link-layer confidentiality | Eavesdropping, wormhole, Sybil, link replay | |
Transport Layer | TLS 1.3, DTLS 1.3, QUIC/HTTP/3 (where applicable) | Encrypted transport, session security, forward secrecy | Replay, man-in-the-middle, downgrade | |
Middleware / Service Layer | OAuth 2.0, OpenID Connect, ACE-OAuth profiles, UMA 2.0, XACML (ABAC), Macaroons, Zero-knowledge proofs | Access control, delegated authorization, privacy-preserving authorization | Privilege escalation, token theft/misuse, profile inference | |
Application Layer | OSCORE+COSE/CWT, CoAP+DTLS, MQTT/MQTT-SN over TLS, LwM2M Security (DTLS/OSCORE), OPC UA Security, DDS Security, XMPP+TLS, JWT | End-to-end/object security for application data, secure messaging, session integrity | Spoofed messages, data leakage, injection/replay | |
Social Layer | Blockchain smart contracts, Verifiable Credentials / DIDs, reputation systems (Beta, EigenTrust, Subjective Logic), Sybil-resistant graph methods (e.g., SybilRank/Guard), game-theoretic trust models | Trust management, reputation validation, social relationship integrity, Sybil resistance | Bad-mouthing, ballot-stuffing, fake relationship creation, collusion |
