A Survey on Layer-Wise Security Attacks in IoT: Attacks, Countermeasures, and Open-Issues

Abstract

Security is a mandatory issue in any network, where sensitive data are transferred safely in the required direction. Wireless sensor networks (WSNs) are the networks formed in hostile areas for different applications. Whatever the application, the WSNs must gather a large amount of sensitive data and send them to an authorized body, generally a sink. WSN has integrated with Internet-of-Things (IoT) via internet access in sensor nodes along with internet-connected devices. The data gathered with IoT are enormous, which are eventually collected by WSN over the Internet. Due to several resource constraints, it is challenging to design a secure sensor network, and for a secure IoT it is essential to have a secure WSN. Most of the traditional security techniques do not work well for WSN. The merger of IoT and WSN has opened new challenges in designing a secure network. In this paper, we have discussed the challenges of creating a secure WSN. This research reviews the layer-wise security protocols for WSN and IoT in the literature. There are several issues and challenges for a secure WSN and IoT, which we have addressed in this research. This research pinpoints the new research opportunities in the security issues of both WSN and IoT. This survey climaxes in abstruse psychoanalysis of the network layer attacks. Finally, various attacks on the network using Cooja, a simulator of ContikiOS, are simulated.

1. Introduction

A wireless sensor network (WSN) is a distributive network consisting of tiny sensors capable of collecting the data like temperature, humidity, pressure, voice, etc. [1]. These remote sensors have a limited energy source, storage, and short radio range. The sensors hook up together to form an ad-hoc network that reports the activities on the web, and finally, the data collected reach the sink. WSNs find applications in health monitoring, disaster management, target tracking, habitat monitoring, and many more. Sensor networks comprise tiny sensor nodes with many resource constraints like inadequacy of power and data storage. These inadequacies do not allow the use of traditional network security techniques in sensor networks. The security issues are more complicated in WSNs than wireless communication techniques due to unreliable communication channels and unattended operations. The existing security protocols are suitable for implementing traditional ad-hoc networks, whereas the sensor network is unique. These unique features of a sensor network that are different from the conventional ad-hoc network are [2]:

• A sensor network has a higher amount of sensor nodes present in the network than the traditional ad-hoc network, with limited nodes.
• Nodes in the sensor network are deployed very densely to provide better coverage of the target area.
• A sensor network has many resource constraints and is more prone to failure due to the harsh environment.
• There are no global ids of the sensing nodes; the local ids that are valid only for that sensor network are responsible for identifying the nodes.

The Internet-of-Things (IoT) has emerged as a big advance in all the technologies that follow the Internet. The market of IoT is expected to grow up to 75 billion by the year 2025. In the upcoming years, every person on the earth may have 20–25 personal IoT devices. That means IoT is going to have a substantial influence on our lives [3]. WSN has come out to be the backbone of IoT, where countless sensor nodes unite the Internet, focusing on collaborating with other sensor nodes to monitor and sense their environment. IoT can interconnect the environment and people by using WSN in the future [4], resulting in escalated environmental apprehension [5].

The sensor networks have an inherent feature of unattended nodes, due to which the physical attacks play a vital role in sensor network operation. Security undoubtedly is a crucial issue in WSN and IoT, mainly for tasked security attacks. For example, no patient wants that his confidential health reports to be revealed to the world. In [6], authors have reported such an issue caused due to data leakage from misbehaving nodes. To understand the whole security system of WSN and IoT, it is essential to know about the obstacles of sensor network security, security requirements, types of attacks, and possible defensive measures. Methodologies designed for securing WSN will also be relevant for IoT [7]. The three essential components of security attacks are prevention, detection, and mitigation [8]. This survey aims to suggest layer-wise security attacks on WSN and IoT. This survey, according to us, will be beneficial for researchers who want to form secure algorithms for IoT.

WSN comprises sensor nodes that are capable of low-level communication. Nonetheless, on the other hand, IoT contains internet-enabled sensor nodes that are internet-enabled, and hence the data sensed by IoT nodes are directed to the sink, which will also be Internet-based. Moreover, IoT networks may also need to interact with the emanating approaches of cloud computing and big data. This survey paper aims to compile the work from various research papers in the field of IoT security. This work discusses WSN and IoT protocol stacks by comparing the attacks on different stacks and possible preventive measures. Finally, the effect of various attacks on the network’s performance is quantized using the Cooja, a simulator of ContikiOS.

The rest of the manuscript is as follows. Section 2 presents the IoT history and technical issues. Section 3 examines the security characteristics in IoT and WSN. Section 4 discusses the WSN and IoT standards and protocols. Section 5 and Section 6 illustrate open issues of cybersecurity in IoT and security attacks evaluation in ContikiOS. Finally, Section 5 concludes the paper and suggests future works.

2. IoT History and Technical Issues

“Internet-of-Things” is a term coined by Kevin Ashton of Proctor and Gamble in 1999. IoT since then has progressed rapidly into a field that necessitates the interaction of objects which have embedded sensors, processors and can communicate with fellow devices to furnish the various automated services [3,9,10]. IoT is not a single technology. It is a confluence of real-time computing, actuation, embedded systems, and, most important, WSN, shown in Figure 1. In our day-to-day life, there are various IoT standalone devices such as smartphones, smartwatches, home lighting [11], etc. The upcoming future of IoT will aim to use smaller and energy-efficient sensor technology along with state-of-art communication, data analytics, and advanced actuators to collect and process data more intelligently [11,12]. IoT implementation will increase energy management at homes and industry, monitoring consumables, fitness monitoring, etc., is anticipated to become ubiquitous [13,14].

The networking infrastructure for cyber-physical systems (CPS) [9] is IoT. The technological advances in CPS can enable scalability, safety, resiliency, adaptability, and capability. CPS is modifying the way we communicate with engineered systems. CPS’s domains are aeronautics, transportation, health care, infrastructure, automation, and energy [14]. Advances in IoT will impact numerous services and applications, including intelligent transportation, smart homes, industrial IoT, smart agriculture, and retail IoT. These IoT-enabled services and applications will also prove to be an economic boom for society [14]. The sensor network is a different network, having many resource constraints, and thus the implementation of traditional Security into a sensor network is quite problematic. Similarly, structuring an IoT network has many technological issues while preparing security algorithms for IoT networks. Some of the challenges in IoT can be as follows as discussed in [15]:

• Communication: In IoT, wired and wireless communication is used, such as LPWAN, ZigBee, etc.
• Scalability: IoT network comprises many nodes, and naming addressing, and managing many such devices is challenging.
• Heterogeneity: IoT is a network of various devices from assorted families like actuators, sensors, switches, gateways, mobiles, etc. Different devices engage different algorithms, protocols, and circuitry.
• Energy Consumption: In the case of both WSN and IoT, energy is a most challenging constraint. Thus, the researchers always struggle to design the algorithm for IoT and WSN with minimum processing requirements.
• Interoperability: IoT network consists of various devices, which exchange data and collaborate among themselves. Thus, there is always a need for a predefined standard for data exchange.
• Self-Awareness: IoT devices should automate autonomously in such a way that there is minimum human intervention required.
• Data Privacy: Data Privacy is another crucial issue in IoT. The IoT network is designed for both public and private affairs. As described in [16,17], IoT devices may share the information to the sink in a public network, whereas transmitting location information can be risky in a private network.

3. Security Characteristics in IoT and WSN

IoT and WSN are special wireless networks, and they are structureless networks comprising thousands of tiny sensor nodes. The sensing nodes collect the data, and after several data conditioning techniques, the data are sent to the gateways and finally to the base station. Some of the features in IoT and WSN, which make them even more vulnerable to security attacks are listed below.

• Organization: Sensors do not possess any fixed structure, and the location of the sensors is random. The solution to the failures in the network is the self-organizing behavior of WSN and IoT network by discovering the nearest neighbour [18].
• Resource Constraints: IoT and WSN have many resource constraints like restricted communication bandwidth, storage capacity, and processing powers, which permit the utilization of whippersnapper security methods only. These security methods offer security from external attacks only [19].
• Central Control: The central system, the base station, control the sensing nodes. The data gathered by the nodes flow in the network depending upon the routing algorithm applied. The major problem in this approach is that most routing algorithms’ development is without any conquer thoughtfulness of security measures.
• Flow Control: The transmission flow is acquainted with enhancing network performance degradation by analyzing the number of transmission errors and quality of flow [20].
• Environmental Issues: Sensor nodes are deployed in an open environment, accessible to the antagonists; this may result in introducing one or many compromised nodes, which disturbs the network externally and may take the network’s total control, leading to the complete fallout of the network.

The characteristics described above point towards the security mechanism(s) requirement to optimize the security requirements of IoT and WSN and contribute to increasing the reliability and efficiency of the network.

3.1. Security Requirements

IoT and WSN pose some inherent properties of conventional wireless communication and have several exclusive features. That means that the security requirements for IoT and WSN circumscribe both traditional wireless network and sensor network requirements.

3.1.1. Data Confidentiality

In network security, there should always be data confidentiality. There is always an addressing problem in any network security system. There are many examples, such as military, where sensitive data are transferred between the nodes, the data must be transferred to the correct node and not to the neighbouring enemy node. The distribution of keys requires a secure channel and addressing for sensitive data. The IoT network also has public information like public keys and node identities. To protect the network against traffic analysis attacks, this general information should also be encrypted to some extent. Data confidentiality can be achieved by encrypting the data before broadcasting [21].

3.1.2. Data Integrity and Data Freshness

Data confidentiality makes it unable for antagonists to steal the information, but this does not assure that the data are secure. The data can be tampered with by the antagonists even after data confidentiality by changing the accurate data. A malicious node can manipulate the information within the packet, and the reviewer will then receive the new packet. The malicious nodes, but the harsh communication environment, also result in damage or loss of data. Thus, data integrity is needed to ensure that the data received are not altered [22].

Along with data confidentiality and freshness, it is essential for security purposes that the data coming from the sensors to the receiver should be fresh and recent. This means that the action taken by the base station is based on current information. For security purposes shared critical approach is applied, data freshness is a vital aspect. These shared keys keep changing in time, and the new keys must be propagated on the network; in such cases, data freshness is essential. Some time is required for propagating the new key within the network, and it is easy for the antagonists to attack the network while the process of key distribution is taking place.

3.1.3. Self-Organization

WSN is a particular type of ad-hoc network, which should be malleable enough to adapt according to the application and area where the sensor nodes are deployed. WSNs have the fundamental property of being self-healing and self-organizing according to the situation [2]. For network management, no fixed infrastructure is available in the sensor network. These inherent properties of WSNs are significant challenges for the security of the sensor network. There are several symmetric encryption techniques proposed in [23,24]. For applying public-key cryptography, a public key distribution mechanism is also required. The distributed sensor network must be self-organized for multi-hop routing to build confidence among the sensors and key management. Therefore, it implies that there may be a few unavoidable attacks if a sensor network lacks self-organization.

3.1.4. Time Synchronization

There is some form of time synchronization in all WSN and IoT networks depending upon their design.

• For power conservation, the radio of the individual sensing node is turned off.
• Sensors compute an end-to-end delay of packets, as the packets are transferred between a pair of sensor nodes.
• Group synchronization is required for the tracking application.

The authors propose synchronization protocols for security in [25] for group synchronization, pairwise synchronization, and multi-hop sender-receiver synchronization.

3.1.5. Authentication

Antagonists can reshape the packets and even change the whole packet stream by infusing additional packets into it. Thus, the receiver’s responsibility is to ensure that the data based on the decision is authentic and appropriate. In WSN and IoT networks, authentication is necessary for controlling the sensing node duty cycle, network reprogramming, etc. The authentication of data helps the receiver ensure whether the data received is from the genuine sender. When there is a two-party communication, the authenticity can be checked by sharing a secret key and message authentication code (MAC) for all data being communicated. The transmission in WSN and IoT networks is between many sensing nodes to a receiver or sink. For secure communication, there is a need for secure broadcast protocol; one such approach is given by authors in [26] named µTESLA, which provides asymmetric key cryptography. In this approach, the message key broadcasted by the sender is generated by a secret key, and the receiver will buffer the received packet until the secret key is retrieved. Once the private key is retrieved, the receiver can authenticate the received packet is from the genuine sender and not from any antagonist. The drawback of µTESLA is that for authentication, before broadcasting the secret key, some basic information must be unicast among the sensing nodes. Although several protocols provide secure communication in WSN and IoT networks, none is secure enough to provide the desired security. A comparison among such claimed secure protocols is described in

Table 1. Comparison of secure routing protocols for broadcast authentication.

Protocols	Routing	Confidentiality	Broadcast Authentication
SNEP [26]	Flat	Yes	No
LKHW [27]	Flat/Hierarchical	Yes	No
µTESLA [26]	Flat/Hierarchical	Yes	Yes
Multilevel Key Chains [28]	Flat/Hierarchical	No	Yes
LEAP Hierarchy [29]	Flat/Hierarchical	Yes	Yes

.

3.2. Security Vulnerabilities

WSN and IoT have a wireless communication medium, a deficiency of physical security and many resource limitations. These all lead WSN and IoT to be vulnerable to many external or internal security attacks. Considering external attacks, the attacker may not have access to the node directly but is capable of tampering or replacing the actual node with the malicious node to empower malicious actions and disturb the natural performance of the network. On the other hand, in internal attacks, the attacker has access to the internal protocols and thus promotes various malicious activities. There is no borderline to differentiate clearly between internal and external attacks. In this research, we give a classification of multiple attacks concerning different layers of IoT. The layered architecture of WSN and IoT, as described in [4], has five layers, namely physical layer, data link layer, network layer, transport, and application layer. Figure 2 depicts the layered architecture of IoT.

• Physical Layer Attacks: In the physical layer, which is the lowest layer in the sack, the physical characteristics of the network are stipulated. The wireless communication medium has a broadcast nature, making this layer vulnerable to node tampering, hardware hacking, jamming, and even eavesdropping.
• Data Link Layer (DLL) Attacks: The DLL facilitates the nodes with shared resource usage, error control, and data flow control. The attacks in DLL are more likely to have pertained within the medium access control (MAC) sublayer of DLL. The standard attacks in this layer are collision and jamming.
• Network Layer Attacks: This layer caters to the routing of the data packets within the network. The presence of any malicious node can hamper the normal functioning of the network and initiates attacks like hello flood, replication attack, black hole, wormhole, and selective forwarding.
• Transport Layer Attacks: This layer leads to reliable transportation in the network. Due to attacks, the connection between the nodes can be compromised, giving rise to energy drain attacks, desynchronize attacks, and data integrity attacks.
• Application Layer Attacks: The application layer interacts directly with the end-user and performs data aggregations. This layer is prone to attacks that can affect the application programs.

3.3. Security Structure

After learning about all the possible security issues in the sensor network, we will now discuss the possible defensive measures.

Table 2. Classification of attacks, with their consequences.

Security Scheme	Attacks Prohibited
JAM [30]	DoS Attack
Wormhole [31]	DoS Attack
Statistical En-Route Filtering [32]	Information Spoofing
Random Key Pre-distribution [33]	Sybil Attack
Bidirectional Verification [34]	Hello, Flood Attack,
On Communication Security [35]	Data Spoofing
TIK [36]	Wormhole Attack and Data Spoofing
Random Key Distribution [37]	Data Spoofing, Attacks in Transmitting information
REWARD [38]	Blackhole attacks
µTESLA [26]	Data Spoofing and Attacks on reply to messages
Range Based Secure Localisation [39]	Malicious anchors

enlists some of the security schemes in the literature, along with the type of attacks prohibited by them and their corresponding network architecture. In this section, the critical establishment is discussed, which is the base of the security systems in WSN and IoT, followed by the defence against DoS attacks, secure broadcasting, and defence against attacks on routing protocols.

3.3.1. Key Establishment

Key establishment is the foundation to assure that a security system exists in a WSN and IoT. The target of key establishment is to create an essential key between the sensing nodes. This security feature is versatile enough to support the addition and subtraction of the sensor nodes in the network. Symmetric-key cryptography is the base of key establishment. Figure 3 shows the taxonomy of the key establishment schemes in WSN and IoT. The key establishment in the sensor network is broadly done based on network structure and the probability of key sharing. In the network structure, the key establishment is done based on centralized and distributed key schemes. In the centralized key method, a single, centralized body, known as a key distribution centre (KDC), the keys’ distribution, generation, and regeneration. One such scheme in literature is named logical key hierarchy (LKH) [27]. In this approach, the base station works as KDC. The drawback of the KDC scheme is that the single distribution center cannot handle all sensing nodes for a dense network. If the central controlling body fails, then the whole security system of the network will be adversely affected. The other approach for a Network structure-based key establishment scheme is the distributed key scheme where different controllers handle the key distribution, generation, and regeneration. Thus, the failure of one controller is not responsible for the loss of the whole security system. The overall security system is robust in the case of a distributed key establishment scheme. Some distributed key mechanisms in the literature are LEAP [29], BROSK [40], random key scenarios [24], etc.

3.3.2. Defense against DoS Attacks

Table 3. Layer-wise cyber attacks in WSN and IoT.

Layer	Attacks	Outcomes of Network operation’s	Proposed Solutions for Mitigation
Physical Layer	Basic Jammer	Congestion, signal distortion, draining of nodes’ energy Admittance to the sensitive data.	Spread Spectrum [42], JAM [30], Swarm intelligence [43], Wormhole technique [44]
	Node Tapering	Tampering sensitive information like routing tables and cryptographic keys.	JTAG [45], Camouflaging [46]
Data Link Layer	Hardware Hacking	Nodes become vulnerable to attacks.	Error correction codes [46]
	Collision	Increasing congestion	Irregular detection of motes [47]
	Denial of sleep	Interference	TDM
	De-Synchronization	Packet Loss	6TiSCH [48]
	6LoWPAN	No end-to end security	6LowPseC [49]
Network Layer	Jamming	Congestion, signal distortion, draining of node’s energy	Multipath routing [50], Active trust routing [51], REWARD routing [52], MOADV [53], BAMBi [54]
	Replay Attack	Increase in congestion and interference, route disturbance and fake error messages, data loss, and traffic reduction	Source authorisation [42], Multipath routing [47]
	Black-hole	Routing loops, repulsing network traffic Data loss, and reduction of traffic	Source routing algorithm [55]
	Spoofed Selective Forwarding	Data loss and reduction of traffic, conciliatory of transmission routes	Identity verification, Isolation, [33], Indirect validation [47]
	Sinkhole Wormhole	Transmission of data to the wrong destinations	Multi-level clustering [56], ID-based public keys [57], Location-based key management [58]
	Sybil Attack Hello Flood	Hello Flood	ID-based public keys [56]
	Node Replication	Hello Flood	ID-based public keys [56]
	RPL rank	Disturbance in the transmission routes Collision, false transmission routes, and energy degradation	VeRA [59], TRAIL [60]
	RPL DODAG	Eavesdropping, disturbance in the transmission route.	VeRA [59], Integrity check [61]
Transport Layer	Desynchronization attack	Failed communication links and disturbed transmission routes	Authentication via header [30]
	Energy Drain	False messages can tamper with the overall functioning of the network.	Light-weighted algorithm for authentication [62]
	MQTT exploit	Draining energy resources	SMQTT [63], Enforcement of security policies [64]
Application Layer	Malicious Code Attacks	Extinguishes the capacity of the network to perform the expected Collision and energy draining	Collective secret [32]
	Attacks on Reliability Path-based DoS	Extinguishes the capacity of the network to perform the expected Collision and energy draining	One-Way hash chains [37]
	CoAP exploit	Extinguishes the capacity of the network to perform the expected Collision and energy draining	Employment of DTLS [65]
Multi-Layer	Man in the middle	Admittance to the sensitive data Rules out the capacity of the network	Key pre-distribution [23,37]
	Denial of Service	Admittance to the sensitive data Rules out the capacity of the network	Link Layer encryption [26,66]
	Eavesdropping	Admittance to the sensitive data Rules out the capacity of the network	Sensor-Wave communication [26]

enlists the layers of a sensor network and the common attacks at different layers with possible defensive measures. At the physical layer, the expected attacks on the sensor network are jamming and tampering. The possible solution for jamming is to re-route the traffic after identifying the jammed portion of the network. In [30], the authors have given a practical approach to overcome jamming. In this proposed approach, the nodes in the perimeter of the jammed portion of the network report jamming to their neighbours, which cooperate with the other nodes for forming new routing paths. The standard attacks in the link layer of the sensor network are a collision of packets, exhaustion due to low data rates, collision of the packets, and unfairness due to frame size. These attacks can be overcome by introducing error-correcting codes and increasing data rates. Flooding denial of service occurs at the transport layer, which can be defended by client puzzles given by Aura et al. in [41]. In

Table 4. Defensive measures against DOS attacks in WSN.

DoS Attacks	Possible Defense Approach
Physical tampering	Using tamper-resistant nodes
Radio Interference	Using Spread-Spectrum communication
Black-hole	Using Multiple routing paths
Misdirection	Using source authorization
Denying Channel	Using error correction codes
Flooding	Restraining total connections

, some of the elucidations against DoS attacks are abridged.

3.3.3. Secure Broadcasting and Multicasting

The communication pattern in WSN and IoT networks can be 1-to- N or N-to-1, or N-to-M, other than traditional point-to-point communication. The security issues in WSN and IoT are also due to the secret key, which is needed by the sensing nodes to decrypt the broadcast message. It has already been discussed in the previous sections that both WSN and IoT networks have severe resource constraints, so reducing the overhead broadcasting of messages is done. Broadcasting or multicasting in WSN and IoT networks are done with the help of the security key so that the messages are received by the authorized receivers only. The security, distribution, and generation are managed by various key management schemes [67].

3.3.4. Defense against Attacks on Routing Protocols

Table 3 enlists the various routing protocols that secure routing in the WSN and IoT network (the IoT-specific attacks are written in italic). SNEP [26] is a flat routing that keeps confidentiality, with good scalability, and provides point-to-point authentication. SNEP does not provide broadcast authentication. LKHW [27] is another secure routing algorithm having limited scalability but provides good confidentiality. Perrig et al. in [26] have given another routing protocol, µTESLA that has medium scalability and provides secure broadcast. In [16] multilevel key chain scheme is introduced for broadcast authentication and has good scalability. Zhu et al. in [29] introduced a hierarchical routing scheme for both point-to-point and broadcast authentication, with medium scalability.

4. WSN and IoT Standards and Protocols

In the previous sections, the security requirements for the WSN and IoT are discussed. Figure 4 depicts the various protocols following the different layers. These protocols follow IETF standardization [68] and can be layered on top of each other.

4.1. IEEE 802.15.4 for Physical Layer Communication

Wireless communication supports low-power, low data rate communication, and IEEE 802.15.4 [69] defines wireless communication’s physical and MAC layers. This IEEE standard has properties like high flexibility, low cost, and low power consumption, making it suitable for many industrial and research-based applications, health monitoring [70], and home automation systems [71]. The archetype IEEE 802.15.4 has been facilitated with time and has now become IEEE 802.15.4e. The new version supports channel hopping in time synchronization. Figure 5 shows the detailed frame structure of IEEE 802.15.4. As far as the security mechanism is concerned, it applies only to the MAC layer, not the physical layer.

• IEEE 802.15.4 (Physical Layer): This standard patronizes 16 channels in the industrial, scientific, and medical (ISM) band and 11 channels in 868/915 MHz, low-frequency band. The various modulation schemes are used to lower down the co-channel interferences [72].
• IEEE 802.15.4 (MAC Layer): This standard utilizes carrier sense multiple access-collision avoidances (CSMA- CD) and supervises the admittance to time slots and physical channels. The network topologies used here are cluster, peer-to-peer, and star [73]. The IEEE 802.15.4 MAC layer has a security model that meets the four security prerequisites, i.e., data encryption, access control, sequential freshness, and frame integrity [74]. Several security suits endure these security prerequisites, like the Advanced Encryption Standard (AES) [72]. AES has different modes of operations, namely counter mode (CTR), cypher block chaining (CBC-MAC), and authentication and encrypts block cypher mode (CCM). CTR, CBC-MAC, and CCM support the length of 32,64 and 128 bits [74].

  Table 5. Security Suits for IEEE 802.15.4.

  Security Suite	Data Encryption	Access Control	Seq. Fresh.	Frame Integration
  None	No	No	No	No
  CTR	Yes	Yes	Yes	No
  CBC-MAC-128	No	Yes	No	Yes
  CBC-MAC-64	No	Yes	No	Yes
  CBC-MAC-32	No	Yes	No	Yes
  CCM-128	Yes	Yes	Yes	Yes
  CCM-64	Yes	Yes	Yes	Yes
  CCM-32	Yes	Yes	Yes	Yes

  shows the comparison of security by a piece security suite.
• IEEE 802.15.4e (MAC Layer): This standard supports multi-hopping by using a time-synchronized mesh protocol. The devices are also synchronized to choose the correct nearest neighbour along with the channel. IEEE 802.15.4e provides security against reactive jamming and sweep [75].

4.2. B-MAC

Berkeley media access control (B-MAC) [76] is an energy-efficient protocol that uses the sleep/listening agenda. In this protocol, the communication channel is chosen randomly. Not all the time receiver is in active mode. Whenever the transmitter has data to send to the receiver, it transmits a long preamble that the receiver can hear, and then the receiver becomes ready to receive data [77]. The disadvantage of B MAC is using the long preamble by the transmitter and overhearing by the receiver. As far as security is concerned, there is no well-defined security mechanism for B-MAC. Still, like other MAC layer protocols, it is vulnerable to collision and jamming during different operations. However, B-MAC is immune to periodic jamming, as it uses a recurring cycle for listening only and not for sending.

4.3. LoWPAN

6LoWPAN stands for IPv6 over low power wireless personal area network, and it is good at offering ecumenical Internet connectivity to the low-power wireless nodes. 6LoWPAN has enabled the usage of IPv6 for low-energy wireless communication devices [72]. It has also made it possible to broadcast IPv6 over IEEE 802.15.4; this is an adaptation layer [78]. The job of the adaptation layer is to break the IPV6 into smaller sections, as IPv6 supports 1280 bytes, as compared to 127 bytes long packets in IEEE 802.15.4. The next task of the adaptation layer is to squeeze the header for the optimized usage of restricted payload space. The significant advantage of 6LoWPAN multi-hop communication and its major disadvantage is that it provides optimal routing solutions for limited resource and power communication. This limitation leads to the use of RPL.

4.4. RPL

Routing protocol for low power and lossy network (RPL) is distance vector protocol, and it backs many forms of link-layer technologies; IEEE 82.15.4 is one of them [79]. RPL is a self-healing protocol. In WSN’s, RPL specifies two elements: WSN nodes, hosts, or arbitrates routers, and the other element is local border routers (LBR) [80]. LBR supports packet transmission from the Internet to the host. RPL supports point-to-point, point-to-multipoint, and multipoint-to-point topologies.

4.5. BCP

Backpressure collection protocol (BCP) is a protocol that works in real-time experiments, and it is a low-overhead protocol and highly scalable [81]. In BCP, there is no explicit path figuring between the source and destination, but the dynamic backpressure routing is the central working concept of this protocol. In other words, it is routing without routes. The nodes compute the weights for all the neighbouring nodes when the forwarding queue is not empty. The node then forwards the packet to the neighbour node having the highest positive weight. In case none of the neighbouring nodes has a positive weight, the sending node, in that case, waits for the back-off period and then recalculates the weights. BPL works on the concept of LIFO (last-in-first-out). On the other hand, the null packets are sent to determine the virtual queue whenever the forwarding key is empty.

4.6. CTP

As the name implies, collection tree protocol (CTP) is a tree-based routing scheme, which does not guarantee 100% honest delivery, but it is a best-effort protocol. CTP provides many-to-one and one-to-many communication [82]. This protocol prevents duplication of packets. CTP uses ETX to route packets from different routes to the tree, as CTP is an address-free protocol. The ETX of a node is the sum of its parents and ETX of the link to its parents. When there are many valid routes, then the route with minimum ETX is considered for transmission. In the case of disparity in the topology, routes are updated and not periodically.

4.7. CoAP

CoAP stands for constrained application protocol and backs the application-layer communication and web transfer within IoT [83]. CoAP is an advanced HTTP version (hypertext transfer protocol) and uses Representational State Transfer (REST) architecture. The resource requirement of CoAP is lesser than HTTP, which makes it less complex than its denser cousin HTTP [83]. Figure 6 shows the protocol stack along with the message and header format of CoAP. The architecture of CoAP is consists of two parts, i.e., message layer and request-response layer.

Table 6. Summary of attacks against various communication standards and protocols and existing defensive measures.

Protocol	Significant Attacks	Proposed Defensive Measures	Comments
IEEE 802.15.4	Eavesdropping and faking Acknowledgement (ACK)frame	Message Integrity Code (MIC) [74]	MIC has built-in CBC-MAC suits, which increases the overhead and delays the frame transmission.
	Reactive jamming and sweep	IEEE802.15.4e [75]	Channel hopping and secured ACK. Do not ensure defence for wideband jamming
	Denying of data through physical and MAC header	Encrypted data payload [75]	It Covers MAC payloads, not the headers.
B-MAC	Denial of sleep attack	Broadcast attack defense, anti-replay protection and link-layer authentication [84]	Attackers are awake most of the time in the case of B-MAC protocol.
	Statistical Jamming	Reduction in preamble size [77]	Reducing the preamble size too much overcomes its function.
6LoWPAN	Authentication Attack	Framework for network access control [85]	Enables one border router and provides identification to nodes
	Eavesdropping and spoofing, Man in the middle	IPsec [86]	The end-to-end secure mechanism, the key mechanism, is pre-shared but not very flexible.
	Fragmentation attack	Timestamps are given to bidi reactional and unidirectional fragmented packets [87]. Use of split buffer scheme [88]	Redefinition of fragmented packets.
RPL	Sybil Attack	To store graphical locationof sensor nodes, a distributed hash table (DHT) is used [89]	Non-scalable and challenging to identify the node location securely.
	Wormhole Attack	The separate key for each segment of the network [89].	End-to-end delay and high jitter
	Selective forwarding attack	Lightweight Heartbeat [89]	No defence after attack detection. The delivery ratio is improved, but energy consumption increases.
	Rank attack selective forwarding altered information	RPL resilient technique [90] TRAIL [59] and VeRa [59] SVELTE [91]	Dependent on network size and do not require cryptography.Overhead is small, but the positive rate is not 100% due to false alarms
BCP	Selective forwarding, black-hole and multiple attacks	Secure backpressure algorithm [92]	The throughput performance is maintained under attacks.
	Data Modifications, False routes and data modification	VAR trust model [93]	Overhead increased
CTP	Data alteration, data loss, sinkhole and selective for warding	Kinesis [94,95]	An automated reaction scheme for attacks and abnormalities. Segmentation of neighbourhoods gives rise to redundant data.

summarises the various protocols, their significant attacks, and the aforementioned defensive methods.

5. Open Issues of Cybersecurity in IoT

IoT cybersecurity is in its early phase of development, and thus there is a need for further research and investigation in this field [96].

Table 7. Open Issues for cybersecurity in IoT.

Open Issues	Source	Layer
Wireless Communication security	Burg et.al [99]	Physical and MAC
Sensor-based threats	Sikder et.al [100]	Physical and MAC
Defence against botnet attacks	Torii botnet [101]	Application
Lack of security framework	Zhang et.al [103]	Application
Integration with cloud/fog	Butun et.al [12]	All Layers
Security of Internet of drones	Lin et.al [102]	All Layers

enlists some of the open issues in the field of cybersecurity in IoT. The issues enrolled in this survey are layer-wise but are not limited to the problems listed in Table 7.

• Wireless Communication Security: Wireless communication cannot ensure secure communication on its own [97]. Also, the protection of the physical layer cannot entirely prevent security infringement. Secure higher-order layers can provide the safety of the physical layer. A primary authentication mechanism is necessary for any wireless communication. The key size should be long enough to beat the attackers, and the key updating should be done frequently to protect the key identity from the attackers [98,99].
• Sensor-Based Threats: Authors in [100] have pinpointed the issues of sensor-based threats in the IoT network. There is a lack of Security available at the sensor nodes, which makes them vulnerable to attackers. The attackers can extract information from the sensor nodes and inject malware to the nodes without being noticed.
• Defence against Botnet: QBot botnets were discovered in 2014, eventually infected about 1 million IoT devices. Like a computer virus, QBot botnets have precursors named Mirai botnet and Torii botnet. Botnets result from weaknesses of IoT like bad user habits and lack of rigid security precautions [101].
• Integration with cloud/fog: IoT is a heterogeneous network consisting of various sensing modes. These different nodes collect massive data, which has to be stored and processed from time to time. The data communication techniques used in IoT have to be robust enough to avoid the management issues in handling the diverse data collection done by the different nodes. These situations make it difficult for cloud computing to cope effectively and efficiently with data handling and processing in IoT. The sole use of cloud computing in data handling can result in high bandwidth consumption and high communication cost. It is crucial to take care of the cloud data while handling and securing sensitive data. Due to these problems, the fog computing paradigm and cloud computing in IoT [12]. Integrating fog computing and cloud computing is a substantial open issue for designing a secure IoT network.
• Other Concerns: The Internet of Drones is a recent application of IoT in both research and industry. Authors in [102] have been concerned that drones are commonly designed without considering the basic security concepts, making it a security issue in IoT. The number of IoT vendors is increasing with the day-by-day increase in users of IoT, but the lack of a security framework for the vendors makes the IoT network more prone to cyber-attacks. Authors in [103,104] have analysed this growing concern in their research and have stressed that this security issue must be considered in the upcoming study.

6. Security Attacks Evaluation in ContikiOS

Depending upon the manoeuvring nature of IoT, they are prone to a wide variety of attacks, as discussed in the previous section. Most of the time, the nodes are deployed in the approachable region, making the network more accessible for attackers. Other than these, malicious nodes can be easily added to the network to infect it. The best way of avoiding DoS [105] is to understand the consequences and impingement of attacks on the network’s performance. A better way of designing a secure and lively sensor network is precise and profligate simulations of IoT. In this research, we use Cooja, a simulator of Contiki O.S. [106]. Cooja is very famous among researchers in the field of sensing networks. Our main objective behind using Cooja is to analyse the possibility of exploiting it to measure the impact of attacks and the development of security measures. In this research, we examine the effect of internal attacks on RPL based sensor networks.

6.1. Network Model

Let the devices in the network communicate in a multi-hop fashion and the sensor network $N=S\cup C$. $S$ is the set of sensor nodes responsible for generating and forwarding the data packets, and $C$ the set of data collecting roots. The set of one-hop neighbours is given by $N_x\subseteq N$ and node $x \in N$. The communication time slot is $t$ and $t\in \left\{1,2,3,\dots .,t_n\right\}, t_n<\infty$. All the potential links are given $L$ such that all the node pairs $x,y \in L,$ and the whole network is sculptured as a time-weighted graph $G \left(N, L\right)$. In the possible connections, $L$ let $x$ be the source node and $y$ be the destination node. Adopting the standard layered architecture of WSN and IoT, we address the following attacks in our simulation: hello flood attack, selective forwarding attack, replay attack, black hole attack, Sybil attack, and sinkhole attack.

6.2. Execution of Attacks

Let $x_a$ be the infected node, and at times t it can perform one of the following attacks.

• Hello Flood Attack: Here, $x_a$ It broadcasts the hello packet every 15 M.S. and causes the collision.
• Selective Forwarding Attack: This $x_a$ deliberately fails to forward data packets from neighbours, and a set of neighbour’s changes every 50 s.
• Replay Attack: Here $x_a$ overhears traffic from the nearest neighbour and transmission in the replay.
• Blackhole Attack: The infected node xa miscarries the packets received from its one-hop neighbour.
• Sybil Attacks: Here, x_a will copy the identity of the neighbouring node and thus, the packet to be sent to y will also be sent to x_a.
• Sinkhole Attack: The node x_a publicise that it is a sink node.

6.3. Valuation of Attacks

In this section, we discuss the effect of every attack on the performance of the network.

Table 8. Simulation parameters.

Parameters	Values
Simulator	Cooja, simulator of Contiki O.S.
Radio Environment	Unit Disk Graph (UDG)
Type of nodes	Arago system, Wismote mote
Number of nodes	300 (Contiki MAC) and 1 sink node Malicious Nodes
Physical Layer	IEEE802.15.4
MAC Layer	ContikiMAC
Network Layer	Contiki RPL
Transport Layer	UDP Simulation duration
Sending rate	One packet every 5 sec

gives all the simulation parameters. The deployment of the nodes is randomly in the Cooja. The simulation is done in two phases; in the first phase, there is no malicious activity, and in the second phase, a malicious node is included in the network. Figure 7 shows the simulation environment.

The red node is the malicious node, and the green node is the sink node. The malicious node is placed in such a way that it impacts the performance of the network. To analyse the execution of RPL in the comportment of the malicious node, we employ the following matrices:

• Packet Delivery Ratio (PDR): PDR is the ratio of packets successfully received by the sink and the number of nodes sent by the source node. Figure 8 shows the PDR vs. number of attackers. According to the graph, the attacks that reduce PDR are selective forwarding, blackhole, sinkhole, replay, and hello flood attacks. At the same time, the Sybil attack does not affect the PDR with an increase in the number of attackers.
• End-to-end Delay (E2E): E2E is the time taken by the data packet to reach the destination or sink from the source. Figure 9 shows the effect on E2E with the increase in attackers. The attacks that increase E2E are replay attacks, hello flood attacks. On the other hand, the attacks that reduce the E2E are selective forwarding, sinkhole, and blackhole. The attack that does not change either PDR or E2E is the Sybil attack.

The simulation results can be categorised into the following three categories:

• Blackhole, selective forwarding and sinkhole attacks reduce PDR and E2E delay and faster delivery as the malicious node drops data.
• Hello flood and replay attack increase E2E but decreases PDR as the total number of packets increase.
• Sybil attacks do not affect any matrix drastically, as some other matrices are required.

6.4. Endorsement for Using ContikiOS in Designing Countermeasures

The regular operation of an IoT can be relentlessly disturbed by various attacks. By encompassing the features of Cooja, we quantified and expediently measured this disturbance. This apprehension of the behaviour and impact is required for protecting the network from unwanted attacks. In this simulation environment, we have reconnoitred two different metrics, but there are many other metrics. The measurement of countermeasures will allow the researchers to build resilience towards the attacks on the network before deploying the sensor network.

7. Conclusions

IoT is growing at a very rapid pace day by day. The latest research has extended IoT applications in cyber-physical systems, cloud-based systems, intelligent communities, and many more. IoT comprises a large number of heterogeneous devices. Thus, reliability, scalability and transparency are the key issues that have to be solved. Both high and low-level architecture security needs conceptualisation. This survey deals with studying the challenges for providing secure data transfer and aggregation in sensor networks. There are various resource constraints in WSN and IoT that make it impossible the use traditional security systems. The exclusively designed protocols for secure sensor networks should make the system safe without increasing the overheads on the network. The future security protocols should be flexible enough to provide security on all the layers of the sensor network without harming the efficiency and increasing the power consumption. In addition to the survey, we have also undertaken a small simulation using Cooja, a simulator of ContikiOS that appropriates the analysis of the network’s performance in the comportment of malicious nodes/activities. Several attacks can hamper the overall performance of any sensor network; this survey tries to enlist them and compare them. In the future, we would like to create such a sensor network that has resilience towards built-in attacks, and the actual deployment shall take place after considering the possible attacks on the network to make a WSN and IoT as secure as possible.