A Cross-Layer Survey on Secure and Low-Latency Communications in Next-Generation IoT

The last years have been characterized by strong market exploitation of the Internet of Things (IoT) technologies in different application domains, such as Industry 4.0, smart cities, and eHealth. All the relevant solutions should properly address the security issues to ensure that sensor data and actuators are not under the control of malicious entities. Additionally, many applications should at the same time provide low-latency communications, as in the case for instance of remote control of industrial robots. Low latency and security are two of the most important challenges to be addressed for the successful deployment of IoT applications. These issues have been analyzed by several scientific papers and surveys that appeared in the last decade. However, few of them consider the two challenges jointly. Moreover, the security aspects are primarily investigated only in specific application domains or protocol levels and the latency issues are typically investigated only at low layers (e.g., physical, access). This paper addresses this shortcoming and provides a systematic review of state-of-the-art solutions for providing fast and secure IoT communications. Although the two requirements may appear to be in contrast to each other, we investigate possible integrated solutions that minimize device connection and service provisioning. We follow an approach where the proposals are reviewed by grouping them based on the reference architectural layer, i.e., access, network, and application layers. We also review the works that propose promising solutions that rely on the exploitation of the QUIC protocol at the higher levels of the protocol stack.


I. INTRODUCTION
N EXT-GENERATION communication systems are pro- moting even higher spectral and energy efficiency, lower latency, and more massive connectivity, especially to satisfy the requests of the ever-increasing numbers of deployed Internet-of-Things (IoT) devices.By 2030, sixth-generation (6G) wireless networks aim at providing performance 10-100 times better than that of fifth-generation (5G) networks, i.e., peak data rates of at least 1 Tb/s, user-experienced data rates of 1-10 Gb/s, over-the-air latency of 10-100 µs, and connectivity of up to 10 7 devices/km 2 [1].Thanks to these advancements, IoT devices are predicted to reach 25 billion by the year 2025 according to the most reliable predictions [2].The resulting IoT is seen as one of the main key enablers for vertical applications in next-generation wireless systems [3].
The huge amount of IoT devices being deployed, as well as 6G enabling technologies, will lead to several advanced services, such as multi-modal traffic management, environmental monitoring and control, virtual/augmented reality, telemedicine, autonomous driving, drone communications, etc. [4].One of the most interesting applications where next-generation communication networks will be predominant is that of Industry 4.0 [5], where traditional manufacturing processes are automated and empowered by means of Industrial IoT (IIoT)-based solutions.In particular, factory productivity will be boosted thanks to (among other functionalities) the collection and analysis of real-time data to enable (centralized and decentralized) factory control and automation [6].Illustrative examples of relevant industrial use cases are the food supply chain, transportation and logistics, and workplace safety [7].Several IIoT frameworks exist and are characterized by various characteristics, such as the pursued objectives, the devised architectural and technical solutions, the target application, and their market.A deeper analysis of the most up-to-date relevant frameworks is given in [8].
IIoT solutions are characterized by two main issues.On the one hand, communications have to be protected as very often sensitive data is carried out throughout public networks together with several data flows to which malicious nodes may also have access.As an illustrative example, IoT devices monitoring a machine in an industrial plant producing highly innovative devices with secret procedures can transmit data containing sensitive parameters describing the operations performed by the machine itself.An attacker may intercept this data and glean relevant industrial secrets.On the other hand, communications may have stringent latency requirements for proper plant functioning.As another example, remote control on industrial robots requires the human operator to instantly receive the stimuli that are generated in the industrial plant to react accordingly; additionally, plant monitoring and predictive maintenance require the exchange of data in a few milliseconds, so that the machines can properly work without any c 2024 The Authors.This work is licensed under a Creative Commons Attribution 4.0 License.
For more information, see https://creativecommons.org/licenses/by/4.0/Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
Fig. 1.Improvement of the 6G requirements with respect to those in 5G networks.A particular highlight is given on the latency aspects.
undesired stop.The two requirements may be in contrast, in the sense that adding security features to a communication typically leads to a longer delay.However, these need often to be jointly addressed.
Moreover, the advent of future 6G technologies would open innovative applications and services with much more stringent requirements than actual 5G networks, as graphically illustrated in Fig. 1.
In particular, to successfully deploy delay-sensitive realtime applications (such as mixed reality or tactile Internet) end-to-end latency should be improved, as highlighted by the red dashed ellipse, by an order of magnitude.To this end, proper delay management should be performed in all the transmission components in wireless and wireline links, as well as in the computation procedures at both client and server side [9].In this context, the impact of such stringent latency requirements on the security workflows has to be considered to guarantee sufficient service quality of service.This poses the question of a radical change in the overall architecture, as well pointed out in [10], [11].
According to [10], [11], the requirements on latency and security are then considered to be two of the most critical ones for the future successful deployment of IoT applications for the benefit of society.In particular, secure-by-design network architectures should not be obtained at the price of an increased latency [12].The focus of this survey is, therefore, the analysis of the literature dealing with security and latency requirements in IoT scenarios enabled by 5G and beyond (e.g., 6G) network architectures, such as IIoT [13].Therefore, we refer to next-generation IoT as the next-generation IoTenabled 6G technologies [14].These have been analyzed by several scientific papers and key surveys that appeared in the last decade with the intent of reviewing the reached advancements (see, e.g., [10] and references therein).However, as it is clarified in Section II, the previous literature focuses on security in specific application domains or protocol levels.Moreover, the latency issues are typically investigated only at low layers (e.g., physical, access, and network) and not together with the security aspects.With the intent to address this shortcoming, this survey provides a complete examination of the technical solutions that could address both requirements as demanded by most of the future solutions in the field.To do so we follow an approach where the proposals are reviewed by grouping them based on the reference architectural layer, i.e., access, network, and application layers.
The rest of this survey is structured as follows.In Section II, we illustrate the survey perspective through the methodological approach we have followed in our review, a summary of the state of the art in terms of surveys touching the security or low-latency issues in IoT, and the description of the reference scenario.In Section III, we focus on secure and low-latency communications at the access layer.In Section IV, we extend the analysis to the routing layer.In Section V, the application layer is considered.In Section VI, we discuss novel solutions, that recently appeared in the literature and based on QUIC protocol, for combining the two aspects.Finally, concluding remarks are given in Section VII.A list of the acronyms used throughout the manuscript is given in Table I to make easier the reading.

A. Methodological Approach of the Survey
From a bibliometric point of view, our approach is characterized by the following aspects.The main search database is IEEE Xplore, supplemented by the analysis of other databases such as Elsevier, ACM, and MDPI, where papers were selected according to keywords, impact and publication dates.In particular, the related surveys and general topics were filtered by keywords security, IoT, 5G, 6G, and low-latency.Surveys are filtered on the publication date starting from 2019.When a specific level of the protocol stack is analyzed (as explained in Section II-C, we have divided the analysis into three architectural layers), specific keywords were added, such as: • URLLC, resource allocation, physical layer security, and edge computing (access layer); • routing, clustering, and data collection (network layer); • lightweight cryptography, blockchain, Physically Unclonable Function, and certificateless (application layer).For each level of the protocol stack, only a few representative papers (published from 2019 on) are considered.These have been selected to cover all the proposed approaches that characterize the analyzed layer.In each case, we included IEEE Xplore articles with the highest impact, while for works in other sources, priority was given to the most recent considered and innovative studies.The final part of the survey, where the novel QUIC-based solutions for IoT are presented, is based on QUIC IoT as the reference search string.In this case, the literature review starts once more with the IEEE Xplore database, and then other databases from other publishers have been considered by looking at recent works in the corresponding fields.Note that the survey discussion is more focused on journal papers rather than conference ones; in particular, the former category contains almost three times the number of references than the latter one.

B. Review of Related Survey Works
Several surveys exist in the literature focusing on either security or latency issues, with specific attention to a small part of the protocol stack.Most of such surveys cover the topics separately, even if a few study the problem jointly.However, the picture is always limited to a few layers of the protocol stack.A comparative analysis of these works is presented in Table II, where the major focus has been highlighted.These are briefly summarized in the following.
Regarding security, the peculiar IoT features make it vulnerable to new threats and introduce novel challenges with respect to more traditional Internet applications [15].In [16], a deep literature review on security aspects of IoT is proposed, focusing on four main security aspects, namely: authentication, access control, data protection, and trust.
From an architectural point of view, in [17] the main approaches related to the use of honeypots and honeynets as defense mechanisms, complementary to Intrusion Detection Systems (IDSs), for IoT, IIoT, and Cyber-Physical Systems (CPSs) are surveyed.The authors of [18] introduce an optimized and simplified IoT architecture, supported by a new classification of security threats and attacks aligned to the proposed framework.The use of privacy and security in Cloud/Edge/Fog-assisted IoT architectures is of interest in several works.In [19], public encryption mechanisms for Cloud-assisted scenarios are deeply analyzed.In [20], privacy threats and corresponding countermeasures are considered for Edge-assisted scenarios.Different IoT platforms across diverse application domains are examined in [21], with particular attention given to the analysis of security threats and privacy vulnerabilities.Security requirements and challenges in Fogassisted IIoT networks are investigated in [22].The integration of blockchain technologies into Edge-assisted IIoT networks is the topic discussed in [23].Blockchain with Edge-assisted IoT networks is also considered in [24] with a focus on security and forensics management aspects.An overview of different methods and technologies to provide a secure architecture to mobile IoT is provided in [25].
From a data processing point of view, anomaly detection in IoT is the topic analyzed in [26].In particular, the authors investigate different signal processing methods to identify anomalies in sensor time series, which may be due to cyber-physical attacks.Another possible efficient approach is differential privacy, whose use is surveyed in [27].Efficient cryptographic methods are an essential ingredient to provide privacy and security in IoT resource-constrained devices.A deep analysis of the topic is given in [28].A cutting-edge research area in this field is related to the application of methods based on artificial intelligence.One of the key solutions is the use of reinforcement learning for efficient defense against attacks in IoT scenarios, as surveyed in [29], [30].
Low-latency communications have been also reviewed in several works, typically limiting the analysis to technologies working at lower levels of the protocol stack (physical, access, and network).In [4], the main technologies for IoT-enabled 6G networks are analyzed.Among all, massive Ultra-Reliable and Low-Latency Communications (URLLC) are discussed as expected to support future IoT services, e.g., the timely and highly reliable delivery of massive data for facilitating remote healthcare or automating mission-critical processes in smart factories.The application of URLLC for flying objects is wellinvestigated in [31].Another survey using an approach similar to that in [4] is [32], where the authors shed light on the main applications (IoT, virtual reality, and tactile Internet) which can benefit of URLLC.The investigation outlined in [33] focuses on a specific application, highlighting the critical role of URLLC in aligning with the evolution and requirements of the IIoT.The use of artificial intelligence to enable tactile Internet services in next-generation wireless systems is the scope of the survey in [34].
Other specific radio access technologies to achieve lowlatency communications are reviewed in other surveys; the most important are the following: [35] focuses on network slicing in 5G Radio Access Network (RAN), [36], [37] shed light on the use of Mobile Edge Computing (MEC), and [38] analyzes the use of deep learning techniques.In [39], latency issues in a wireless IoT environment are investigated at lower-intermediate levels of the protocol stack, e.g., physical, Medium Access Control (MAC), and network layers, and the main related technologies are discussed.Low latency from the routing and data collection point of view is also an interesting topic and has been analyzed in several works.For instance, in [40] clustered architectures are reviewed to achieve such a goal in IoT networks.In such a survey, security issues are also discussed.In [41], the operating modes of the Routing Protocol for Low power and lossy network (RPL), which is a reference protocol for secure and low-latency routing in IoT, is reviewed.Even if [40], [41] cover both topics as in this paper, their analysis is limited to clustering methods and, therefore, to the network level, as discussed in Section IV.

C. Reference Scenario
The reference scenario for our analysis is illustrated in Fig. 2.  It represents an IoT network populated by several (possibly heterogeneous) devices that cooperate to monitor the status of an environment of interest, e.g., an industrial plant in IIoT applications.The IoT devices are resource-and energyconstrained and have to communicate with a remote server hosting the service or application which also provides the user interface.Communications from the IoT devices to the remote server pass through an IoT gateway.
From an architectural point of view, secure low-latency communications are required at all the layers of the protocol stack, as highlighted in Fig. 3.
At the subnet layer (i.e., physical and access), the communications between the IoT devices and the gateway represent the most challenging in terms of latency and security.Herein, the appropriate setting of the physical transmission parameters and of resource allocation are the issues of major interest.Less stringent issues are encountered in the servergateway communications which are assumed to rely on a high-capacity backbone network.At the network layer, lightweight Internet Protocol (IP)-based solutions are typically investigated for secure and low-latency communications.At Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
the upper (transport and application) layers, several security solutions may be applied, whereas lightweight communications are guaranteed by means of simple protocols, such as User Datagram Protocol (UDP), Message Queue Telemetry Transport (MQTT), and Constrained Application Protocol (CoAP).
As previously highlighted, low latency and security issues have been analyzed by several scientific papers and key surveys that appeared in the last decade.However, few of the existing surveys consider the two challenges jointly.Moreover, the security aspects are primarily investigated only in specific application domains or protocol levels, whereas latency is typically investigated only at low layers (e.g., physical and access).The goal of this survey is, instead, to provide a bottom-up comprehensive overview of these aspects in IoT networks at all possible levels of the architectural stack.For each architectural level, we provide an overview of the most relevant recent solutions.In particular, we start from the problem at the access layer, e.g., from the sensors to the sink (or gateway).Then, we move to analyze the problem at the network level that requires the design of proper routing strategies.Finally, we consider the higher levels (i.e., transport and application).A similar approach is partially pursued in [42], where a few considerations on security at different levels of the protocol stack are applied, which however does not consider the requirement of low-latency communications as we do in this survey.
Moreover, as an illustrative example for the reference scenario, we analyze the emerging application of the new transport layer protocol QUIC [43], initially designed and implemented by Google for Web applications, which is gaining more and more attention in the IoT community to provide fast and secure communications.The major key features are related to the fact that it works over UDP but still adopts a connection-oriented approach with a short connection setup of only 1 RTT, which significantly reduces the overall latency.Additionally, in this short connection setup timeframe, the two end-points are able to set up secure communications thanks to preshared keys which are then replaced soon by the final ones.
The choice of QUIC as a promising IoT solution to jointly address the challenges of security and low latency in the upper layer is supported by a growing literature.Our analysis of the main databases shows a clear trend: while in 2018-2019, about 33 papers were published on this topic, the following years 2020-2021 showed a remarkable increase, with almost 60 papers available, corresponding to a growth of 81.81%.Furthermore, from 2022 to the present, the number increased to 209 papers, representing a significant increase of 243.33% compared to the previous two years.Finally, in recent years, standardization efforts for QUIC have accelerated, culminating in the publication of RFC 9000 in May 2021.QUIC standardization efforts extend beyond IoT to include areas such as multimedia communications through initiatives such as the Media Over QUIC IETF working group. 1 Even if QUIC is treated in Section VI as an emerging topic in the field of secure and low-latency IoT communications, the authors are aware that it is not the only solution.Therefore, references to other alternative approaches at the application layer are introduced in Section V. Fig. 4 shows the considered logical flow and the survey organization, together with the main considered topics.
As one can observe, several topics are recurrent among the different layers, such as trust management, analysis of network topologies, and the exploitation of different architectural solutions (Fog/Edge/MEC and Cloud).Moreover, the security mechanisms analyzed at the upper layers are also at the basis of the integration of security services at the other (lower) levels.

III. SECURE AND LOW-LATENCY ACCESS IN IOT
The network access layer is responsible for giving users reliable access to the communication medium and for defining the transmission techniques (including modulation format and channel coding) to allow users to transmit at the highest speed possible.At this level, URLLC is one of the key enablers of innovative services envisioned in 5G networks and beyond.
The major proposed approaches deal with either reducing latency or improving security, whereas very seldom these two aspects are treated jointly.These can be categorized as follows (as also highlighted in Fig. 5): 1) low-latency communications The low latency constraint in URLLC services is often formulated together with also the reliability and decoding  complexity and achieved through the optimization of the transmission parameters.The optimization may focus on setting several parameters, such as: the combination of transmission rate and transmission power [44], [45], the spreading factor in LoRa networks [46] and the retransmission parameters in Automatic Repeat-reQuest (ARQ) or Hybrid ARQ (HARQ) scenarios [47].The formulation of the mentioned constraints is found to be a major challenge in this context, especially in terms of latency that has to consider the achievable error rate [44].A key question of such transmission schemes is their effective energy efficiency, defined as the ratio between the effective capacity and the required power consumption.The authors in [48] provide a framework for such a quantity under fading environments and finite-blocklength transmissions.
Other solutions work at the medium access level, where the major advancements for latency reduction have been achieved by proposing either the compression of the messaging in some relevant medium management procedures or the optimization of radio resources allocation.To the first category belongs the paper [49], which, with reference to the Long Term Evolution (LTE), has focused on the random access protocol and proposed the key idea to send the preamble and bandwidth request messages at the same time.This significantly reduces the overall signaling time, which may be crucial in delay-sensitive applications.On the other hand, in [50] the focus is on an enhanced version of the Time Slotted Channel Hopping (TSCH) used for IIoT applications.The key idea is to aggregate more sensor packets in one payload, due to the fact that each of them is typically short.This leads to a significant latency saving, as experimented on tree topology.TSCH can be combined with multiple physical layer technologies (with proper transmission technique selection) to meet stringent latency requirements, as investigated in [51].To the second category belongs the paper [52], which addresses the joint energy-efficient subchannel assignment and power control in a scenario with massive access requests from IoT devices.Herein, maximizing the network energy efficiency is a target that guarantees that the latency constraint is fulfilled.The optimization problem is modelled as a multiagent reinforcement learning problem which is addressed with a distributed cooperative massive access approach.Another modified version of this scheduling method to minimize data gathering latency in IIoT applications is proposed in [53].A further alternative solution for massive access in IoT networks is given by NOMA, where a user receives a superimposition of the signals of all the other users and then applies proper interference cancellation strategies, thus allowing for increased throughout.In [54], the authors investigate the combined use of NOMA and short packet transmissions to enable URLL services.A similar target is pursued by the authors of [55], who combine NOMA with UAVs to establish a high-capacity IoT uplink network suitable for URLLC applications.
Since Fog/Edge communications, as well as the implementation of MEC in the RAN of 5G/6G networks, are expected to play a key role in providing services with extremely low-latency requirements, a relevant portion of the research community is also investigating URLLC in such contexts.These resources are often used to execute operations that cannot be implemented in devices with limited resources and to avoid involving cloud computing resources which would require high transmission delays.However, how and which operations are assigned may heavily influence on the final latency.Accordingly, tasks can be partitioned into sub-tasks (dependent or independent of each other) to be performed at different levels of the network and then merged.The method proposed in [56] can halve the latency with respect to traditional methods where tasks are entirely performed on some portion of the network (either Edge or Cloud).Some solutions rely on the use of reinforcement learning to offload IoT tasks to the MEC, such as in [57].The key point of this approach is to model the MEC subsystems as an acyclic graph on which the task allocation policy determines the graph state transition.
As already highlighted, in all these mentioned articles that dealt with the latency aspects no explicit security enhancements are proposed.Indeed, specific proposals can be found in works that focus on the security aspects only.An important category of solutions is the one that deals with physical layer security, which relies on exploiting the imperfections in the physical layer of the protocol stack, such as noise, interference, and the variation of channel strength in wireless channels [58], [59].An approach that is often used is to control the pilot subcarriers that are part of an Orthogonal Frequency Division Multiplexing (OFDM) transmission and which are essential for the pilot channel estimation process performed at the receiver.To make the communication secure, their position is changed in a way that is known only by the communicating entities, e.g., following a known probability distribution [60].Another approach is to adopt a self-interference (SI) assisted encrypted data transmission scheme, where artificial noise and SI cancellation at the controller are used to conceal the randomness brought by the sensors [61].This last solution has also been devised to keep the latency very low.Another category of work is the one that allocates resources to the end-user in a secure way.In [62], the authors deal with attacks that aim at tracing back along the data stream to capture the source node.Therefore, a counteract action is proposed based on an innovative scheduling algorithm, showing that privacy is preserved with reasonably bounded energy consumption and transmission delay.In [63], resource allocation under short packet transmission to attain secure URLLC in 6G-enabled IoT networks is considered and an analytical framework to evaluate reliability, based on the security rate formula under finite blocklength, is derived.Security in Cloud/Edge/Fog IoT scenarios is of crucial importance, since untrusted users may comprise the overall system performance.To this end, in [64] trust management for effective user authentication and access control in such a scenario is proposed.In [65], instead, trust management and security services in Edge-assisted (low-latency) networks are considered and a blockchain-based architecture is proposed to fulfill such requirements.

IV. SECURE AND LOW-LATENCY ROUTING IN IOT
At the network level, the main performed operation is routing the information towards a destination node, e.g., a sink or a server, possibly exploiting multi-hop communications.We can categorize routing protocols for IoT according to the portion of the network on which they operate, as shown in Fig. 6 and summarized in the following.Regarding low-latency communications with intra-network routing, the definition of dedicated and optimized network topologies, as well as data transmission scheduling mechanisms, is of paramount importance.For instance, cluster-based multi-hop topologies can limit the communication overhead and, therefore, increase the network energy efficiency and reduce the latency in data delivery [67].The same idea is also exploited in [68], where an enhanced version of the well-established Ad hoc On-demand Distance Vector (AODV) algorithm is designed for clustered network topologies to meet different priority requirements.Transmission scheduling can, instead, reduce collisions caused by multiple information flows, which is a typical IoT characteristic.An example of a paper belonging to this category is [69], where the design of a routing protocol with low latency and high reliability is proposed for IoT devices purely powered by ambient harvested energy.
From the IP-based perspective, the de facto standard for efficient data routing in resource-constrained devices is given by RPL, standardized by IETF with RFC 6550 in 2012 [70].RPL is a distance vector routing protocol, in which end devices connect to the Internet via border routers.Communications follow bidirectional IPv6 data exchange over a tree-like topology.A comprehensive survey of RPL performance, with particular attention to the impact of users' mobility patterns on (among others) the end-to-end latency, is provided in [71].Enhancing RPL to further reduce its end-to-end latency is a key solution in the literature.Existing solutions leverage different potential optimizations, i.e., limiting the RPL overhead to reduce the impact on the QoS in delay-tolerant applications, as done with HRPL [72], [73], or explicitly include the latency as a design metric, as for instance suggested by [74], where a cross-layer fuzzy-based design simultaneously based hop count, energy consumption, latency, and received power is proposed.
From the Cloud perspective, the application of the Software-Defined Networking (SDN) paradigm is also emerging in IoT networks, thus forming the so-called SDN-IoT architecture to meet stringent requirements in terms of low latency and high security.In this context, the latency minimization goal is achieved in a two-fold manner: (i) introducing artificial intelligence management techniques, as done in [75] using deep reinforcement learning, or (ii) exploiting Fog/Edge/MEC capabilities, as done in [76], [77], [78], [79].
Regarding the security perspective, the integration of mechanisms at different routing levels is typically performed jointly with the design of low-latency solutions.Optimized topologies are secured by managing trust relationships between involved nodes, i.e., by performing the classification of malicious behavior of network nodes and allowing nodes with higher trust to communicate, as suggested by [67], [80].If D2D communications are instead used, access control mechanisms can be considered to secure IoT service provisioning.An example is provided by [81], where an attribute-based access control mechanism is proposed to support secure device discovery with fine-grained access control in IoT-oriented 5G applications.Finally, at the border gateway ML is a powerful tool to manage more complex topologies, such as those induced by the use of blockchain technology and onion routing as a cryptography strategy.An illustrative paper dealing with this strategy is [82], where a ML solution is devised to effectively feed the onion algorithm.
In IP-based routing, different security strategies are possible, see, e.g., [83] and references therein.On one hand, social relationships between network nodes and corresponding trust management can be exploited to route information through a secure path towards the destination, as suggested by [84].Another relevant approach is that in [85], where trust is exploited in combination with lightweight cryptography to Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.reduce routing computational complexity and overhead, thus leading to an overall secure and low-latency scheme.On the other hand, if RPL is considered, several threats are possible [86], [87] and, therefore, various secure approaches to counter-act them, either reactive or proactive, can be applied.
In the former, malicious behavior is detected and properly mitigated by avoiding extra overhead and adding simple security mechanisms (e.g., lightweight message authentication and limitation of the forwardable messages).This is effective against topology falsification [88], excessive resource consumption [89], number of exchanged messages [90].In the latter, instead, the routing protocol is a priori modified to avoid such issues.This can be achieved by integrating trust mechanisms in RPL [91], [92], [93], or by exploiting the secure routing services of RPL itself.The latter solution can be done according to three possible modes [94]: (i) the default unsecured mode, where only the security mechanisms of the underlying datalink layer are applied (if any); (ii) the pre-installed secure mode, where RPL control messages are encrypted with default symmetric cryptography; and (iii) the authenticated secure mode, where the pre-installed cryptography is used by the nodes to join the network, whereas new keys are acquired during network operations.More recently, in [95] the authors leverage the well-known network coding technique over the pre-installed secure mode to obtain a novel secure mode, referred to as chained, which adds sender authenticity to RPL.

V. SECURE AND LOW-LATENCY IOT AT
THE UPPER LAYERS At the upper protocol levels (i.e., transport and application), the main goal is to provide end-to-end security mechanisms to provide several security services.To this end, various technologies can be employed, as highlighted in Fig. 7.
In particular, the following security services are of interest in IoT networks at upper levels of the protocol stack: • data confidentiality against eavesdropping and sniffing threats; • user/thing authentication against spoofing threats.
• data integrity against tampering threats; In fact, such networks are prone to Distributed Denial of Service (DDoS) and Man-in-the-Middle (MitM) attacks.A comprehensive survey on this topic is given in [15].
However, the use of security mechanisms to achieve the above-mentioned services typically requires a larger computational complexity caused by the higher number of performed operations, thus leading to increased communication latency.Therefore, significant attention is given by the research community to efficient mechanisms to simultaneously achieve low latency and secure communications in IoT networks.The main approaches in the literature are the following.
1) Lightweight cryptography, i.e., encryption/decryption methods based on a small footprint and/or low computational complexity [28].These schemes are employed in transport layer-supported security protocols to obtain data confidentiality and user/thing authentication.The inherent low computational complexity can empower low-latency communications.2) Physically Unclonable Function (PUF), i.e., a user/thing authentication low-cost solution at the hardware level.In this case, low latency can be achieved using rapid and efficient challenge-response mechanisms.3) Blockchain, i.e., a distributed ledger solution to user/thing authentication and data integrity.A blockchain can coordinate and store information about transactions from a large number of users/devices, as in IoT networks.In this case, the design of consensus algorithms for limiting the transaction delay can empower IoT-enabled applications with sensitive security and latency requirements.4) Certificateless communications, i.e., a message exchange method to distribute the shared secrets needed to provide data confidentiality and user/thing authentication.
Since no storing into secure and trusted third-party systems is required, this solves the so-called key escrow problem [96].In this case, low latency can be achieved by properly reducing the number of exchanged messages.Fig. 7 shows where these mechanisms are applied, i.e., which part of an IoT network employs a specific scheme.We now survey the main characteristics of these approaches that can lead to low-latency communications.
Regarding lightweight cryptography, standard cryptography methods (as in usual Web-based applications) are not always suitable in IoT scenarios, due to the resourceconstrained nature of the devices that may not be able to perform the required operations.Moreover, standard cryptographic functions may require more time to process a massive amount of data.To this end, some recent interesting approaches have appeared.A first class of approaches deals with combining simple operations to achieve the desired low complexity requirement and significant savings in memory and power needs.Examples of this approach are in [97], where lightweight hashing is proposed, or in [98], where multiple symmetric key ciphers are coordinated to optimize the decryption delay, which is one of the main sources of the end-to-end latency.A similar combination approach is pursued in [99], where a 32-bit Feistel-based block cipher is implemented in a multi-stage architecture for data protection using Radio Frequency IDentification (RFID) communications in Internet of Medical Things (IoMT) applications.The other class of approaches to lightweight secure mechanisms foresees a proper interaction with the network infrastructure, i.e., Edge and Cloud.For instance, in [100], a mechanism is proposed for industrial applications where data is stored encrypted in the Edge/Cloud and has to be retried with the so-called keyword search on demand.In [101], a multi-level lightweight security architecture is proposed, where data is split into sensitive or non-sensitive.For each class, a different block encryption method is applied, data is stored in public or private Cloud, and access is granted with different authentication levels according to the different security levels.In [102], lightweight cryptography is proposed for IIoT applications, based on pre-processing to efficiently encrypt and authenticate payload for already established secure connections, thus limiting the experienced latency.Continuing in the area of encryption, a significant and topical issue in the literature is the security of the Domain Name System (DNS) protocol.By default, DNS relies on the exchange of unencrypted queries and responses, making it vulnerable to various attacks.Consequently, the current literature focuses on the incorporation of cryptography in DNS and its adoption in various scenarios, including the IoT [103].In this context, [104] introduces a lightweight CoAP-based version of DNS that provides security modes for encrypting name resolutions, specifically designed for IoT devices.
Regarding PUF-enabled user/thing authentication, a PUF is a physical object that for a given input and conditions (challenge) provides a physically defined digital fingerprint output (response) that serves as a unique identifier.This is a digital fingerprint that serves as a unique identity for a semiconductor device due to the physical variations that occur during the fabrication process [105].This method is secure since the probability of replicating the exact challenge-response sequence is very low and the PUF is physically exchanged between the client and the server.However, PUF-based authentication systems may be subject to replay attacks, in which an eavesdropper can intercept the complete sequence and, then, replicate it, e.g., through machine learning algorithms.The low-latency requirement is achieved in the literature in two main ways.First, even if this technology is available in several hardware platforms, e.g., the Xilinx Zynq Ultrascale+, some research is also looking to an optimized system on chip design for IoT applications, see, e.g., [106].PUF prototyping with the Open Connectivity Foundation (OCF) IoT platform is instead considered in [107], [108].An alternative lowlatency solution from the communication perspective is the design of optimized challenge-response mechanisms, as in [109], where an IoMT scenario is investigated with application to COVID-19 disease.In this context, PUFs are employed to authenticate users (i.e., doctors) and sensor nodes (to avoid spoofed devices in the network) by exchanging a small amount of packets between them.The application of PUFs to IoMT applications for user/thing authentication and corresponding machine learning-based attacks is well-established in the literature, as confirmed by [110], [111].In [112], lowlatency PUF is applied to user authentication in 5G IoT applications, where IoT devices pre-register their challenges which are grouped according to the group identification they belong to.To overcome replay attacks, in [113] the challengeresponse exchange is split across multiple sub-packets, and data are properly pre-scrambled and padded in a way only known to the client and the server.Robustness against attacks is the primary concern in [114], where a secure and lightweight IoT device authentication scheme, featuring a twofactor mutual authentication mechanism employing PUFs, is introduced.
User authentication and data integrity employing blockchain is emerging as one of the more popular and more implemented solutions, especially in IIoT applications [115], [116].The main literature solutions to achieve low-latency communications are based on an efficient interaction (e.g., reduced number of message exchanges per transaction) with the network infrastructure.As an example, in [117], a decentralized, secure, and robust blockchain-based authentication scheme for IoT devices in the network Edge is designed.This scheme is shown to effectively avoid standard single-side faults, due to the distributed characteristics of the architecture.Nodes' trust and data integrity for metrological traceability in a distributed measurement system is considered in [118].The authors of [119] propose a Blockchain-based IoT platform, prioritizing low computational complexity and low latency for ensuring sensing data integrity.In [120], the latency of private blockchain for IoT applications is deeply investigated, both on small-scale (with a realistic experimental setup with Raspberry Pi 3b+ nodes) and large-scale emulated scenarios, highlighting the contribution of different network parts to the end-to-end latency.
In [121], blockchain technology is integrated with SDN to keep nodes' authentication in IIoT applications.In [122], blockchain is considered to achieve a novel contextual access token method.
Finally, regarding certificateless communications, the research has recently focused on reducing the potentially high message overhead, large computational complexity, and relatively large energy consumption, which are in contrast with IoT requirements.In particular, work in the literature differs for the specific message exchange strategy.As an example, in [123] a lightweight certificateless solution is proposed with reduced overhead, latency, and energy consumption.The rationale behind this protocol is to use two pairs of messages, one for exchanging the cryptography materials and the other to verify the authenticity of the remote party and to establish a unique session key.The effectiveness of this approach is proved on IEEE 802.15.4-compliant networks.
The considered approaches and the corresponding categories are summarized in Table V.
The above analysis has shown that several techniques exist to simultaneously provide security and low latency at the upper layers of IoT scenarios.However, as mentioned in Section II-C, QUIC has recently emerged as one of the protagonists in this area; therefore, we now describe in Section VI in more detail its application to IoT scenarios.As already mentioned, typical IoT applications leverage very lightweight protocols to achieve reduced complexity and latency, such as UDP, MQTT, and CoAP.However, when security requirements should be met, such protocols need to be integrated, at the transport layer, with Transmission Control Protocol (TCP) and Transport Layer Security (TLS).However, TCP is based on the well-known 3-way handshaking, so that terminals can exchange data only after 1 Round Trip Time (RTT).To establish a secure connection, TLS 1.2 further takes 2 RTTs, whereas TLS 1.3 takes 1 RTT, leading to an overall TLS/TCP handshake of 3 and 2 RTTs, respectively.Afterward, secure data exchange can occur.This procedure is summarized on the left-hand side of Fig. 8, where the protocol message passing for connection establishment and data exchange with TCP+TLS is shown, where ClientHelLO (CHLO) and ServerHelLO (SHLO) packets are used for key exchange based on standard Diffie-Hellman algorithm.
To reduce this delay, a possible alternative is given by QUIC, which uses UDP as the underlying transport protocol and can establish secure communication in 1 RTT by combining its operations with those of TLS 1.3.In particular, as depicted on the right-hand side of Fig. 8, with QUIC the client initializes the communications with an inchoate CHLO message used to inform the server it wants to communicate with.At this point, in the 1-RTT procedure, the server sends a REJect (REJ) packet to send the ticket needed to authenticate with the client.At this point, the client initializes the key exchange procedure (based on the Diffie-Hellman algorithm) with a complete CHLO and the server responds with a SHLO.In this phase, data can already be exchanged by means of preshared keys which are then replaced by the final ones once the complete CHLO-SHLO occurs.
This latency can be further reduced to 0 RTT if the endpoints previously established a communication, so that data can be sent before a new handshake is repeated in 0-RTT packets [43].In this version, the client skips the preliminary inchoate CHLO and uses the ticket received with the REJ packet during the previous 1-RTT to start authenticating with the server and exchanging data preliminary encrypted with the pre-shared keys.At this point, the complete CHLO-SHLO is performed and the message exchange proceeds as in the previous case.
Finally, since QUIC is based on UDP, it can alleviate typical TPC issues, such as head-of-line blocking and connection migration.
The above-described QUIC solution for secure and low latency at the transport layer is a de facto standard in Webbased scenarios [124], [125], [126].However, it has been recently considered as a promising solution also for secure and low-latency communications in IoT networks. 2n increasing body of literature explores protocols commonly employed in IoT applications, incorporating QUIC at the transport layer to leverage the advantages outlined above.For instance, the authors of [128] present a QUICbased implementation of MQTT implemented using the GO language.Through extensive experiments conducted on various wired and wireless communication scenarios, the authors demonstrate outstanding results in terms of security and communication latency.A similar experimental methodology is employed in [129], where a practical testbed was created to evaluate the performance of this MQTT version, even under non-ideal channel conditions.Performance evaluation with experimental testbeds may not offer a complete perspective due to dependencies on scenario setup, specific network conditions and device capabilities, impacting the reproducibility of results.To overcome this limitation, many studies are opting for network simulators such as ns-3, thus finding a proper trade-off.This approach is pursued in [130], where the authors use ns-3 to simulate a hybrid scenario.In this configuration, communications between the Cloud and the gateway are protected with standard TLS, while QUIC is used for communications between the gateway and IoT devices.The results not only validate the suitability of QUIC-based MQTT for IoT scenarios, but also demonstrate better performance than the standard version.These results are also confirmed in other works using the same experimental methodology, i.e., in [131], [132].
Originally designed for Web-based applications, the QUIC protocol demonstrates its adaptability not only to the publisher/subscriber model but also, in particular, to the client/server model.In recent studies, researchers have explored the use of Hypertext Transfer Protocol Version 3 (HTTP/3) with QUIC in IoT scenarios as an alternative to traditional protocols.In [133], the authors compare HTTP/3 and MQTT over QUIC using a testbed consisting of Raspberry Pi Zero devices, evaluating their performance under different network conditions and with different message payloads.Similarly, the work proposed in [134] compares the performance of HTTP-based transactions using QUIC with MQTT and CoAP, highlighting the potential offered by this protocol in lossy and disruptive environments.The literature widely recognizes the advantages of QUIC in terms of communication latency.Consequently, several studies have chosen to examine this protocol using alternative metrics.In [135], the analysis of HTTP/3 focuses on resource consumption, while [136] places more emphasis on security aspects.Moreover, the investigation in [137] focuses on the multipath QUIC extension combined with HTTP/3 to improve the throughput performance of this protocol.
Recently, the integration of other commonly used IoT protocols with QUIC was investigated.In [138], a QUICbased CoAP version is presented.With respect to other works, in this case, the seamless integration was facilitated by the native UDP support of this application protocol.Similarly, the work proposed in [139] evaluates CoAP over QUIC in an IoT testbed, demonstrating the performance improvement achieved over the standard version.In the study presented in [140], the WebSocket over QUIC protocol is examined, showing its promising performance for IoT applications.In addition, the paper introduces a scheme for session ticket reuse within small-to-medium clusters of IoT devices, with the objective of further minimizing intra-network communication latency.The works [141], [142] propose to integrate QUIC and Advanced Message Queuing Protocol (AMQP) 1.0 to improve the performance of IoT communications in various situations, from simple WiFi and 4G/LTE scenarios to satellite communications.
A different approach from previous studies is that of [143], where the authors explore the possibility of deploying QUIC directly on resource-constrained IoT devices.The investigation focuses on Quant QUIC and the evaluation focuses on several metrics including memory, computation, storage, and energy requirements.
In Table VI, a comparison between the above-discussed works dealing with QUIC in IoT scenarios is presented.The main highlighted characteristics are the considered implementation, the type of work (i.e., simulation-based or experimental), and the application protocol using QUIC as the underlying transport protocol.We believe that it is critical to emphasize these two methodological attributes, as they significantly influence the reproducibility of the results of the work done.These aspects help researchers in the field, enabling them to identify valid research that can then be compared with their QUIC-based proposals.
In summary, leveraging the QUIC protocol presents both significant advantages and disadvantages.On the positive side, QUIC brings notable features for IoT applications, including low latency, TLS1.3 integration for security, adaptability to dynamic network conditions, resilience through path As a final remark, it is worth mentioning that other transport layer solutions exist as alternatives to QUIC.In particular, one may resort to the specific optimization of the TLS protocol for resource-constrained devices.A standardized solution is given by Datagram Transport Layer Security (DTLS), a datagrambased equivalent of TLS.In this field, an interesting approach is provided in [144], where the authors propose a lightweight version of TLS, referred to as iTLS.The key idea is to dynamically generate secret keys before receiving a server response, allowing clients to send the encrypted data without additional RTT.The protocol is fully compatible with TLS 1.3 and can be easily converted to a DTLS version traffic.Results show that traffic overhead and latency can be reduced by approximately 60%, especially in harsh wireless environments.

VII. CONCLUDING REMARKS
In this paper, we have provided a systematic review of state-of-the-art solutions for providing fast and secure communications in IoT scenarios.In particular, we have focused our analysis on looking at different levels of the protocol stack and categorizing the different approaches to solve the problem according to the specific level they belong to.
Access Layer -At the network access layer, it arises that the two issues of latency and security are treated most of the time separately.Latency is often taken as a constraint that is imposed together with others, e.g., complexity and reliability especially when focusing on URLLC services.While imposing these constraints, the proposed works aim at optimizing key parameters such as the transmission rate, the transmission power, the spreading factor, and the retransmission parameters when ARQ/HARQ techniques are adopted.Another way to pave the way to low-latency IoT communications is to enhance the medium access, in particular by compressing packets or optimizing the resource allocation.The network access functionalities are often supported by the Fog/Edge/MEC Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
resources whose involvement may affect the latency.For this reason, great attention has also been devoted to the allocation of tasks and sub-tasks into which these are properly dived to different levels of the network.Finally, security is separately obtained by resorting to physical layer techniques or securing the resource allocation strategy.On the other hand, some joint effort between security and low-latency is performed in the realm of using Fog/Edge/MEC resources, that require proper trust management.At this level, the integration of physical layer security together with optimized transmission and medium access parameters, and Fog/Edge/MEC capabilities represent an interesting future direction for the research community.
Network Layer -At the network level, secure and lowlatency routing can be applied using different technologies depending on the considered network part.In this case as well, the two requirements (security and low latency) are typically considered separately.Within the IoT network, the definition of proper topologies and scheduling is the utmost solution to limit the end-to-end delay in data delivery.However, the definition of such topologies poses crucial security issues that lead to significant research activity on the management of trust relationships among the nodes in the network.When IPbased routing is used, the use of RPL is mostly investigated in the literature, with its optimization in message exchange towards low latency or security.Finally, at the network level, the availability of Fog/Edge/MEC capabilities is exploited, similarly to the network access layer, to limit the latency.At the network level, an interesting future research direction for the community would be the design of RPL-based schemes that jointly take into account security and low latency requirements.
Upper Layers -At upper levels, i.e., transport and application, different security mechanisms can be applied to inherently guarantee various security services.Since security and low latency are in contrast to each other, all the surveyed mechanisms have, therefore, the common goal to limit the latency, yet guarantee the desired security services.In this survey, we have in particular analyzed four technologies and categorized them according to the specific class of security services they want to achieve.First, the use of lightweight cryptography, possibly together with PUF-based key exchange (based on challenge-response methods), can be used for lowlatency and low-complexity data confidentiality and integrity, as well as authentication.Moreover, data integrity can be also guaranteed through the application of Blockchain technologies, whose latency may be limited by designing specific and optimized per transaction message exchange.Finally, certificateless communications are exploited to achieve data confidentiality and authentication and further reduction of the end-to-end latency by resorting to proper message exchange with reduced overhead.
Joint Secure and Low-Latency -We have finally investigated the possible use of integrated solutions to design fast secure network protocols that minimize connection establishment between different devices.In particular, we have focused on the recently appeared use of the QUIC transport layer protocol in conjunction with lightweight application layer protocols, such as MQTT, CoAP, or HTTP/3.Since QUIC provides low-latency connection establishment as in TLS 1.3, but uses UDP as the underlying protocol instead of TCP, it can be regarded as a promising solution to the problem of secure low-latency communications.The adoption of QUIC-based communication protocols to a large variety of IoT services in next-generation 6G-enabled networks would represent a key direction for the research community.

Fig. 3 .
Fig. 3. Protocol stack of the communications envisioned in the reference scenario.For each layer, the main characteristics are highlighted.

Fig. 5 .
Fig. 5. Access scenarios in IoT networks with main approaches for low latency and security highlighted.

Fig. 6 .
Fig. 6.Routing scenarios in IoT networks with main approaches for low latency and security highlighted.

Fig. 7 .
Fig. 7. Security mechanisms in IoT networks at upper layers of the protocol stack.

TABLE I LIST
OF USED ACRONYMS (IN ALPHABETICAL ORDER)

TABLE II COMPARATIVE
ANALYSIS OF SURVEYS DEALING WITH SECURITY AND LOW-LATENCY COMMUNICATIONS

TABLE III CATEGORIZATION
OF TRANSMISSION AND ACCESS METHODS FOR SECURE AND LOW-LATENCY IOT NETWORKS 1 https://datatracker.ietf.org/wg/moq/documents/ The analyzed works are summarized in Table III according to the above categorization and are briefly reviewed in the following.
• physical layer IoT security;• improved resource allocation for secure access;• trust management in Cloud/Edge/MEC access.
IP-based routing, especially needed in applications requiring to reach a remote server through the Internet.3)Cloud-based routing, where the Cloud architecture (Fog/Edge/MEC) can be exploited to efficiently route data collected by IoT devices towards a remote server.In these contexts, the major proposed approaches can be categorized as follows.Note that, unlike the discussion on the access layer in Section III joint low-latency and secure design is often performed at the network layer.joint design of secure RPL and Cloud-based architectures for securely disseminating data.The analyzed works are summarized in Table IV according to the above categorization and are briefly reviewed in the following. •