Recent Security Trends in Internet of Things: A Comprehensive Survey

The Internet of Things (IoT) aims to transform everyday physical objects into an interconnected ecosystem with digital data accessible anywhere and anytime. “Things” in IoT are embedded with sensing, processing, and actuating capabilities and cooperate in providing smart and innovative services autonomously. The rapid spread of IoT services arises different security vulnerabilities that need to be carefully addressed. Several emerging and promising technologies and techniques are introduced to improve the security of IoT. This paper aims to provide an up-to-date vision of the current research topics related to IoT security. Initially, we introduce common elements and protocols of IoT to demystify the origins of threats in IoT. Then, we propose a taxonomy of IoT attacks and analyze the security vulnerabilities of IoT at different layers. Subsequently, we provide a comparison of recent security schemes based on emerging solutions including fog computing, edge computing, software-defined networking (SDN), blockchain, lightweight cryptography, homomorphic and searchable encryption, and machine learning. Finally, security challenges are discussed and future directions are highlighted for future interested researchers.


I. INTRODUCTION
The Internet of Things (IoT) refers to a growing network of everyday physical objects connected to the Internet. The ultimate goal of IoT is the transformation of Internet-enabled devices to an interconnected ecosystem with digital data accessible anywhere and anytime.
The IoT devices ranging from small wearable objects to large machines, equipped with sensors and actuators, smartly perceive their surroundings and perform actions autonomously [1], [2]. According to Cisco, 50 billion of devices are currently estimated to be connected to the Internet [3]. These devices are inherently resource-constrained, they have limited memory space, low processing capacity, and computation power.
Different enabling technologies such as cloud computing evolve as essential components for the emergence of IoT paradigm [4], as shown in Figure 1. In near future, the IoT data will be produced from billions of devices using The associate editor coordinating the review of this manuscript and approving it for publication was Gautam Srivastava . device-to-device (D2D) interactions where devices will be connected to each other and exchange a massive amount of data through the Internet. The number of connected IoT devices is predicted to grow to 1 trillion by 2025. According to this prediction, the IoT will offer potential economic revenue of $11 trillion per year by 2025 [5]. Consequently, this growth will face several security issues that must be addressed.
The security of IoT has attracted significant attention in the academic field. A large number of researchers discussed the security of IoT systems [6]- [20]. Most of the existing surveys investigated relevant security aspects such as attacks, requirements, and challenges in IoT. However, various emerging technologies and techniques have been recently adopted as promising solutions to improve IoT security.
The main goal of this paper is to provide an up-to-date review of the current research topics related to IoT security. Specifically, several security schemes based on different emerging technologies and techniques, namely fog computing, edge computing, SDN, blockchain, lightweight cryptography, homomorphic and searchable encryption, and machine learning are evaluated. In addition, a comparison of the studied schemes in terms of security and performance is provided. Accordingly, the key contributions of this work are the following.
-Introduce common elements, protocols, and applications of IoT systems. -Provide a taxonomy of IoT attacks to identify the security vulnerabilities of IoT systems. -Present emerging solutions that address the IoT security issues and provide a comparison of recent research works based on these solutions. -Discuss security challenges and future directions for the IoT systems. Figure 2 shows the organization of the paper. In Section 2, we explore relevant studies that address IoT security. In Section 3, we present three-layered IoT architecture and introduce common elements, protocols, and applications of IoT. The security threats of each layer of IoT are analyzed in Section 4. Emerging security solutions used in IoT are discussed in Section 5. In Section 6, we report the security challenges and highlight future directions for IoT security. We conclude our study and provide future work in Section 7.

II. RELATED SURVEYS
This section explores recent relevant studies that cover different aspects of IoT security. The main security aspects discussed in the reviewed surveys are summarized in Table 1.
Adat and Gupta [6] presented the history, statistics and architecture of IoT. They discussed the security features according to IoT layers and provided a taxonomy of security issues and challenges in IoT systems. Moreover, they analyzed existing defense mechanisms including intrusion detection systems.
Kouicem et al. [7] pinpointed the security requirements and challenges in different IoT applications such as smart grids, smart cities, healthcare, transportation, and manufacturing. They classified the security solutions into classical and new approaches. The classical approaches cover confidentiality, privacy, and availability, while new solutions include SDN-based and blockchain-based schemes. The authors also focused on context-awareness and safety related to IoT security.
Lu and Xu [8] discussed the security issues at four-layered IoT architecture and provided a taxonomy of different attacks. They described the security measures for WSNs and RFIDs and classified the security schemes into three categories: host identity protocol-based schemes, datagram transport layer security-based schemes, and capability-based access control schemes.
Noor [9] presented the security attacks and challenges at perception, network, and application layers of IoT. They reviewed a large number of proposed security schemes that address authentication, encryption, trust management, and secure routing. The authors also highlighted the simulation tools involved in the reviewed schemes.
Tewari and Gupta [10] addressed the security issues of three-layered IoT architecture. They described the security designs of IoT protocols and discussed the security challenges of enabling technologies such as cloud and RFID. Moreover, the authors presented key factors that must be achieved to provide a trustworthy IoT network and highlighted the impact of IoT in different fields.
Harbi et al. [11] analyzed several security attacks that may be launched in IoT systems. They provided a taxonomy of security requirements including data security, communication security, and device security. Furthermore, the authors described many security schemes proposed for various IoT applications and pinpointed major security challenges.
Hassija et al. [12] discussed the security issues of various IoT applications and highlighted possible attacks on IoT layers. They reviewed proposed solutions based on blockchain, fog computing, edge computing, and machine learning to secure IoT environments.
Meneghello et al. [13] classified the security requirements for IoT into three levels, namely information level, access level, and functional level. They reported the vulnerabilities and possible attacks at different IoT layers. They presented the security mechanisms designed to satisfy security in IoT and focused on security designs of popular IoT communication protocols.
Neshenko et al. [14] focused on IoT vulnerabilities in the context of various dimensions. They provided a comprehensive taxonomy of IoT vulnerabilities including layers (security of each IoT layer), attacks (performed on exploited vulnerabilities), countermeasures (available techniques to mitigate vulnerabilities), security impact (impact of vulnerabilities on security requirements), and situational awareness capabilities (available techniques to capture malicious activities).
Hamad et al. [15] discussed common security attacks that target IoT systems. They identified the security requirements to overcome such attacks in different IoT applications. They reviewed proposed schemes that address security services such as access control, integrity, authentication, confidentiality, and privacy.
Mahbub [16] identified the security concerns of various IoT applications. They introduced threat modeling frameworks that can be used in the security designing of IoT systems. They reported the security attacks at sensing, network, middleware, and application layers. Moreover, the authors presented security techniques using cryptography, fog computing, edge computing, and machine learning to solve IoT attacks.
Mrabet et al. [17] proposed new IoT architecture that includes five layers; perception, network, transport, application, and cloud layer. They analyzed the security threats at different IoT architectural layers and discussed open challenges to secure IoT systems.  Malhotra et al. [18] presented a taxonomy of IoT security attacks, anomalies, and vulnerabilities. They focused on learning-based techniques to provide intelligent intrusion detection IoT systems. In addition, the authors highlighted critical issues that need to be addressed to secure IoT environments.
Thakor et al. [19] focused on evaluating lightweight cryptographic algorithms for constrained IoT devices. They classified the lightweight cryptographic algorithms into two main classes; symmetric and asymmetric, and analyzed the hardware and software performance metrics of symmetric lightweight cryptographic algorithms. Furthermore, they discussed several challenges to provide a trade-off between cost, performance, and security.
Jayalaxmi et al. [20] explored the security issues and attacks at different layers of industrial IoT (IIoT). They presented several frameworks that provide various security requirements for smart factory systems. Moreover, they investigated intrusion detection techniques proposed for IIoT devices. Table 2 presents the contributions of the aforementioned studies and our survey. According to Table 2, the state-of-theart surveys covered several research topics in IoT. However, our survey extends the previous researches by introducing emerging solutions that promise to enhance the IoT security. In addition, it provides an objective comparison of recent security schemes based on the emerging solutions by considering relevant key parameters.

III. OVERVIEW OF IOT
This section provides a brief overview of IoT systems. It aims to present characteristics of IoT elements, protocols, and applications to understand the origins of security risks and set a common ground for the security threats that will be discussed in the next section.

A. IOT ARCHITECTURE
The architecture of IoT is not standardized; typical IoT architecture has three layers: perception, network, and application [21], as shown in Figure 3.

1) PERCEPTION LAYER
The perception layer includes different physical IoT devices; it is responsible for interaction among devices and collection of IoT data. Data collection is performed using smart devices such as radio frequency identification (RFID) tags and sensors. RFID technology is a major element of IoT due to its identification, tracking, and monitoring of objects [22]. An RFID system consists of a radio signal transponder (tag) that stores a unique identity of an object and a tag reader that identifies the object through radio waves. The tag reader transfers the identification number to a computer to track and monitor the object as shown in Figure 4.
Wireless sensors play an essential role in IoT by providing sensing and communicating services [23]. A Wireless sensor network (WSN) consists of a large number of intelligent sensors deployed in remote environments to sense and collect   data such as temperature, humidity, vibration, etc. Sensed data are transmitted through one or multi-hop to a gateway/base station as depicted in Figure 5.

2) NETWORK LAYER
The network layer processes the collected data provided by the perception layer and stores or sends the data to the application layer. It is the most important layer of IoT architecture because it integrates various communication technologies that enable the connectivity of IoT devices. The widely used    ZigBee is a wireless communication technology designed for short-range communications [24]. It can be used in smart homes, smart meters, and smart healthcare. The ZigBee protocol stack includes physical (PHY) and medium access control (MAC) layers based on IEEE 802.15.4 standard [25], a network (NWK) layer, and an application (APP) layer. A ZigBee network can have a star, tree, or mesh topology and each network has a coordinator node (trusted node) that manages the network and maintains security between devices. In a star network, end-devices are directly connected to the coordinator while in tree or mesh networks, intermediate routers are used to extend the network, as shown in Figure 6. The NWK layer provides data routing using cluster-tree and modified ad hoc on-demand distance vector (AODV) algorithms [26]. A ZigBee device can only communicate with another ZigBee device, and thus, it has limited interoperability.
BLE is a short-range communication technology that reduces energy consumption compared to classic Bluetooth [27]. It is widely used in IoT vehicular systems. BLE has a protocol stack composed of PHY layer, MAC layer, logical link control and adaptation protocol (L2CAP), and attribute protocol (ATT). The BLE adopts a star topology including master and slave devices as demonstrated in Figure 7. Each slave node is associated with a single master node. The master node is responsible to initiate the communication and provide the scheduling table according to time division multiple access (TDMA).
6LoWPAN combines the latest version of Internet protocol (IPv6) and low power wireless personal area network (LoW-PAN) [28]. It enables IoT devices with limited capabilities to transmit data through wireless channels using IPv6. It is suitable for resource-constrained devices because it reduces transmission cost, supports mobility, etc. The most common use cases of 6LoWPAN are smart home, smart agriculture, and industrial IoT. Compared to ZigBee, a 6LoWPAN device can communicate with another 6LoWPAN device or IEEE 802.15.4 device. It can also communicate with an IP-based network such as Wi-Fi as presented in Figure 8. The specification of 6LoWPAN defines a complete protocol stack that consists of PHY and MAC layers based on IEEE 802.15.4 standard, the NWK layer, the transport layer, and APP layer [29]. The routing within the 6LoW-PAN network uses routing protocol for low-power and lossy networks (RPL) [30]. RPL supports point-to-point, pointto-multipoint, and multipoint-to-point communications. It is based on the direct acyclic graph (DAG). From DAG, RPL creates a destination-oriented direct acyclic graph (DODAG) tree that contains one root from the leaf node to the root.
LoRaWAN is a long-range communication protocol designed for low-power and scalable IoT applications [31]. As depicted in Figure 9, a LoRaWAN network consists of end-devices, gateways, and a single server in a star or starof-star topology. The end devices can communicate to one or more gateways using the ALOHA scheme through one-hop  links. The gateways are connected to the network server via Internet protocol. The communications are bidirectional and initiated by the end device. Table 4 provides a comparison of the studied IoT wireless technologies. This comparison helps to select the suitable protocol for a defined IoT system.

3) APPLICATION LAYER
The application layer receives the data from the network layer and provides the required services to IoT users. It supports a large variety of applications such as smart home, smart retail, smart grids, etc. The most common application protocols are constrained application protocol (CoAP) and message queuing telemetry transport (MQTT).
Since IoT devices are resource-constrained, HTTP protocol is not suitable for low-power devices due to its complexity. CoAP was designed to include features of HTTP dedicated to IoT devices. As demonstrated in Figure 10, CoAP is a messaging protocol based on representational state transfer (REST) architecture [32]. It has four message types: confirmable, non-confirmable, acknowledgment and reset. It provides features that are not available on HTTP such as push notification (i.e., the server sends a notification to the device) and resource discovery (i.e., the server can store the list of devices).
MQTT is a lightweight messaging protocol that provides the connectivity of networks and users with applications. It is based on publish/subscribe architecture where the system consists of three main components: publishers, subscribers, and a broker as presented in Figure 11. In the context of IoT, publishers are embedded devices that send data to the broker and subscribers are applications servers.
A comparison of IoT application layer protocols is provided in Table 5.

B. IOT APPLICATIONS
The IoT provides a large number of applications to enhance people's daily lives and activities. Figure 12 shows potential examples of IoT applications.

1) SMART HOME
Encompasses a collection of smart devices (e.g., smart lock, baby monitor, fire detector) deployed at home and locally communicate over wireless channels. Home devices can be remotely accessed through a home gateway.

2) SMART HEALTHCARE
Enables collection, transmission, and storage of patients' physiological information. For instance, a patient's heart rate can be collected by medical sensors and transmitted to a hospital server for diagnosis and tracking purposes.

3) SMART TRANSPORTATION
Includes a large number of smart vehicles which can communicate with each other (vehicle-to-vehicle), to the outside station (vehicle-to-infrastructure), and to pedestrians (vehicleto-pedestrian) over wireless networks. A smart vehicle can detect current traffic status, manage speed, and exchange data to provide efficient and safe driving.

4) SMART AGRICULTURE
Allows remote control of temperature, humidity, irrigation, soil moisture, and micro-climate conditions to provide high production/quality and prevent financial losses. In an intelligent farming system, sensors can be attached to animals to track livestock behaviors and health conditions.

5) SMART INDUSTRY
Known as industrial IoT (IIoT) uses machine-to-machine technology to automate the process of manufacturing with insignificant human intervention. The IIoT aims to better control the production process, data, and issues to provide efficient and reliable final products.

6) SMART RETAIL
Permits the tracking of products in warehouses or during traveling. Sensors can be attached to a retail item to track the product status. Various smart shopping systems were developed to provide intelligent services for customers and thus gain more clients.

7) SMART GRID
Is a common application of IoT that measures, monitors, and manages electricity consumption. It enables efficient and reliable electricity management, provides energy-saving, and reduces powers grids issues/failures.

C. LESSONS LEARNED
IoT systems are empowered with diverse elements and protocols which allow to continually expand possible attacks and introduce several vulnerabilities. IoT integrates the Internet with the physical world to provide various intelligent applications, from smart homes to smart grids. Consequently, the IoT devices can be targeted by adversaries to launch potential attacks. Therefore, it is very necessary to analyze the attack surfaces of IoT systems to satisfy the desired level of security.

IV. SECURITY THREATS OF IOT
In this section, we provide a taxonomy of IoT attacks based on levels, purposes, and countermeasures as shown in Figure 13. Then, we focus on the security vulnerabilities of IoT at the three layers.
Levels: Examine the security issues of IoT at the three layers. Perception layer threats address the security attacks within major elements of IoT such as WSNs and RFID. Network layer threats analyze vulnerabilities of the aforementioned communication protocols. Application layer threats include attacks related to IoT software and end-user devices.
Purposes: Evaluate the impacts of security attacks on IoT systems. The main purposes of IoT attacks are the following: • Access to communication.
• Reveal or alter data. • Disable required services. • Drain device resources. Countermeasures: Consist of the security requirements to mitigate the identified purposes of IoT attacks. This class includes communication security, data security, and device security. IoT communications can be secured by providing authentication, access control, and non-repudiation. To protect data, relevant security requirements such as confidentiality, privacy, and integrity must be considered. Other fundamental requirements including trust and availability of IoT devices are needed in different environments. For more details about these security requirements, the reader is referred to our previous survey [11].

A. PERCEPTION LAYER THREATS
The limited resources and heterogeneous nature of IoT devices make them vulnerable to various security attacks.
WSNs are generally deployed in harsh and unattended environments, and thus, they are prone to several attacks. Common security attacks of WSNs are sinkhole, blackhole, wormhole, sybil, denial of service (DoS), node capture, and node injection attack [11]. Brief descriptions of these security attacks are provided in Table 6.
Similar to the WSN, the RFID networks are susceptible to different types of attacks including spoofing, cloning, and sniffing attacks (See Table 6).
The IoT inherits the security threats of WSNs and RFID because they are vital elements of IoT networks.

B. NETWORK LAYER THREATS
ZigBee protocol implements security mechanisms including advanced encryption standards with cipher block chaining message authentication code (AES-CCM) and message integrity code (MIC) to provide confidentiality, authentication, and integrity. The ZigBee security is based on three keys: a link key (for unicast communications), a network key (for broadcast communications), and a master key (for link key and network key generation). As mentioned in [33], the master key is installed in the device during the manufacturing process. The link key can be generated using key transport or key establishment methods, while the network key can be acquired using the key transport method.
As the master key is stored on the device, an attacker can read it from the memory after the node capture attack's success. Another possible attack presented in [34] that aims to drain the energy of ZigBee nodes. The authors in [35] evaluated the vulnerability of the ZigBee network against sinkhole attack. In [36], the authors showed that three ZigBee-based smart light systems are susceptible to several types of attacks VOLUME 9, 2021 such as denial of service (DoS), network key extraction, and code injection attacks.
BLE protocol provides confidentiality and authentication using the 128-bits AES-CCM algorithm as ZigBee. The symmetric key is generated using the pairing procedure. First, the IoT devices exchange necessary information for authentication. Second, they generate and exchange temporary keys based on a pairing method. Finally, the device may exchange and store common keys to be used for further communications.
The pairing methods have several security issues including eavesdropping, man-in-the-middle (MTM), and brute force attacks as presented in [37] and [38]. Latter, a new pairing procedure has been designed based on elliptic curve diffie hellman (ECDH). However, the authors in [39], [40] demonstrated that it has similar problems. In [41], the authors presented other types of attack such as data leakage and DoS attack that can be performed in a BLE-based smart door lock system. 6LoWPAN protocol enables resource-constrained devices to connect to the Internet using IPv6 addresses. It uses IPv6 header compression and packet fragmentation to reduce transmission overhead. However, it does not provide confidentiality, authentication, or integrity preservation. An adversary can inject fake fragments with the header of a legitimate fragment; the receiver node uses the injected fragment in packet reassembly causing the construction of a corrupted packet. Consequently, the buffer space of the receiver node will be reserved and not be able to receive further fragments [42]. Consecutive repetitions of fragment injection attack lead to a DoS attack [43].
RPL defines three security modes: unsecured, preinstalled, and authenticated in the packet header. The unsecured mode is adopted when security is provided by the MAC layer. In preinstalled mode, preinstalled keys are used to join the RPL network. The authenticated mode is not fully defined by the specification of RPL. If security is not provided at any layer, an attacker can perform different types of attacks in the RPL network. A sinkhole, blackhole, flooding, Sybil, and DoS attacks against RPL networks are presented in [43]- [45].
The security of 6LoWPAN relies on securing communications at the MAC layer or APP layer. The security of the MAC layer is provided using AES-CCM and MIC. However, the specification of IEEE 802.15.4 does not define the key management procedure.
LoRaWAN protocol adopts 128-bits AES algorithm and MIC to guarantee data confidentiality and integrity. When an IoT device is allowed to join the LoRaWAN network, the network server sends two session keys, namely network session key and application session key, to the end device. These keys are used for data encryption/decryption and MIC. The main security weakness of the LoRaWAN protocol is related to key management; an intruder can access session keys using a side channels attack since they are stored on the end device. Moreover, the end devices share the same session keys to secure multicast communications. This enables the intruder to read the keys from one node and thus reveal communications of other devices [46]. The authors in [47] demonstrated that the LoRaWAN network is vulnerable to DoS and MTM attacks. Table 7 summarizes the security threats of IoT communication protocols.

C. APPLICATION LAYER THREATS
CoAP is the application layer protocol that enables resource-constrained devices to achieve RESTful interactions. Since CoAP is built on UDP transport protocol, datagram TLS (DTLS) was proposed to provide confidentiality, authentication, and integrity preservation in CoAP protocol [48]. However, the limitations of DTLS can be considered as security threats of CoAP protocol [49].
Secure socket layer (SSL) was introduced to secure data transfer using the MQTT protocol. SSL uses an asymmetric cryptographic technique to encrypt/decrypt the data. However, it is stills prone to MTM attack [50]. An extension of MQTT called secure MQTT (SMQTT) was proposed to provide security during data transfer [51]. The publishers and subscribers register to the broker and get a secret key. This key is used for data encryption and decryption performed by publishers and subscribers, respectively. However, the key generation and encryption algorithms are not standardized.
In IoT, software vulnerabilities and users devices can be exploited by attackers. An adversary can impersonate or manipulate legal users to gain access to IoT systems by injecting malicious software. The lack of user authentication has led to several IoT attacks such as Bashlite and Mirai attacks [52].

D. LESSONS LEARNED
IoT devices are inherently resource-constrained and generally deployed in unattended environments. In addition, they usually communicate with each other through wireless channels. Consequently, an intruder can remotely control the interconnected objects or intercept private information from the communications. Therefore, there is a need to explore the security vulnerabilities of IoT systems to increase awareness about the consequences of potential threats and possible attacks.

V. EMERGING SECURITY SOLUTIONS
In this section, we discuss the emerging computing technologies and techniques proposed in the literature to increase the level of security in IoT. We also provide a comparison of recent research works based on these technologies and techniques in terms of attack level (i.e., IoT layer targeted by the adversary), countermeasures (i.e., data security, communication security, and device security), and performance (i.e., computation cost, communication cost, and storage cost). The selected comparison parameters are usually considered to design security mechanisms suitable for IoT systems. A summary of the proposed security schemes for IoT is provided in Table 8.

A. FOG COMPUTING-BASED SOLUTIONS
Fog computing has been introduced as a new paradigm to extend (not to replace) the computational resources of Cloud computing. It provides storage, computation, and networking/communication at the edge of the network [108].
Fog computing architecture consists of fog nodes deployed close to IoT devices and connected to the cloud server as shown in Figure 14. The fog architecture helps to reduce the amount of data exchanged between the IoT devices and the cloud infrastructure.
Fog computing supports mobility, location awareness, low latency, heterogeneity, scalability and thus can be perfectly adopted into real-time or latency-sensitive IoT applications.
Since IoT devices have limited resources, fog nodes can provide various security requirements to secure IoT environments. To achieve authentication, Alrawais et al. [53] focused on securing communications in fog-assisted IoT environments using ciphertext-policy attribute-based encryption (CP-ABE). They analyzed the security of the proposed scheme against different attacks and provided a comparison with a certificate-based method. Gope [54], the authors proposed three lightweight authentication schemes for device-to-device communications that can be used in various IoT applications. The proposed schemes ensure mutual authentication and key agreement and they are efficient in terms of computation cost.
To ensure privacy-preserving, Hu et al. [55] presented a face identification and resolution framework based on fog computing for IoT. The framework is mainly comprised of user devices, fog nodes, and cloud servers. The authors adopted several cryptographic techniques to preserve the personal information of users. Lu et al. [56] addressed privacy-preserving of data aggregation in heterogeneous IoT environments. The aggregated data is filtered by fog nodes, and thus the scheme can resist false data injection attack. Moreover, the proposed scheme can also resist differential attacks. Yang et al. [57] proposed privacy-preserving scheme for IoT location-awareness applications. The authors used bilinear pairing and asymmetric scalar-product preserving encryption to secure the location of mobile devices. Guan et al. [58] employed pseudonym certificates to preserve the privacy of sensitive data during data aggregation in fog-enhanced IoT systems. The data aggregation is performed by fog nodes, while the pseudonym certificates are generated and updated by two certification authorities. The authors evaluated the proposed scheme in terms of computation complexity and communication overhead.
[59] adopted one-time pad (OTP) and random number generators (RNG) to encrypt the collected data in WSN in the context of IoT. The security of OTP is based on the strength of RNG. The proposed scheme is computationally efficient because it requires lightweight operations to perform the data encryption. In [109], the authors enhanced the security of medical data in healthcare IoT applications using fog VOLUME 9, 2021 computing. The proposed architecture allows patients' data to be analyzed and secured by fog-based gateways, it also supports the MQTT protocol and M2M communications. The authors provided a comparison to cloud-based architecture to highlight the benefits of fog computing. However, they did not define the encryption technique used for medical data security. Zhang [60] proposed a key management scheme based on contributory broadcast encryption where fog nodes negotiate a public key with an end-user device. This latter sends an encrypted session key to the fog nodes to achieve confidentiality of further communications. The authors in [61] investigated the IoT data encryption using the CP-ABE technique that involves four algorithms, namely, setup, key generation, encryption, and decryption. They defined a formal security model using game theory and analyzed their proposed scheme based on this model. Table 9 compares the IoT security schemes based on fog computing. It is observed that fog computing can improve the security of IoT systems at perception and network layers. The fog-based security schemes satisfy major requirements such as authentication (i.e., communication security), privacy, and confidentiality (i.e., data security). Moreover, they have acceptable computation cost and communication overhead. However, most of the surveyed articles did not consider the storage cost which is an important parameter for resource-constrained IoT devices.

B. EDGE COMPUTING-BASED SOLUTIONS
Edge computing is another extension of Cloud computing that provides promising services to edge IoT devices including sensors, actuators, and RFID tags. Both fog computing and edge computing offer the same functionalities to carry out computation tasks closer to IoT devices. The main difference between cloud, fog, and edge computing is the location of computational resources [110]. Edge computing architecture consists of smart IoT devices, edge devices, fog nodes, and cloud server as presented in Figure 15. In an edge-enabled IoT application, the data is processed within the device itself without being transferred to fog nodes or cloud server [111]. This enhances the performance of the network in terms of communication overhead, decreases the latency of data processing, and improves the security of the IoT application.
Mobile edge computing (MEC) is a type of edge computing that extends the capabilities of cloud computing to deploy processing and storage services close to IoT mobile users [112].
Several researchers adopted the edge layer to increase the security of IoT systems by providing crucial security requirements such as access control, authentication, and privacypreserving [113].
Cui et al. [62] introduced edge computing to achieve an effective access control for IoT networks. They proposed a proxy-aided CP-ABE scheme where partial decryption computations are maintained by edge devices. The proposed scheme significantly reduces the computational cost compared to CP-ABE schemes.
Hsu et al. [63] designed an efficient framework to strengthen the security of resource-limited IoT devices using edge computing. The proposed framework is based on an edge device called a security agent which is responsible for performing cryptographic computations to secure communications among IoT devices.
Wazid et al. [64] focused on device authentication and key management for securing communication in an edge-based IoT environment. The proposed scheme is based on a lightweight cryptographic hash function and thus, it is efficient in terms of computation cost. In addition, it resists known security attacks.
Razaque et al. [65] addressed the detection of digital crimes in industry 4.0 and identification of criminals and evidence of crimes. The proposed scheme is based on edge-cloud computing and consists of a detection model and validation model to increase the efficiency and security of industrial forensics. Li et al. [66] investigated the integration of IoT, mobile edge computing, and cloud computing technologies to guarantee data privacy. Their system architecture includes user devices, edge servers, and a public cloud center. The edge servers are located at the edge of the network (i.e., IoT user devices) and perform data aggregation to provide privacy preservation. Table 10 compares the IoT security schemes based on edge computing. The integration of edge computing and IoT technologies enhances the performance of IoT systems in terms of communication overhead by providing data processing and aggregation at the edge layer. Consequently, the security of IoT collected data is improved.

C. SOFTWARE-DEFINED NETWORKING-BASED SOLUTIONS
Software-defined networking (SDN) is an emerging computing concept that facilitates network management by separating routing decisions of network elements (e.g., routers, switches, and gateways) and forwarding process.
In SDN architecture, the network control operations like forwarding tables and ACL rules are handled by a centralized component called SDN controller, while data forwarding is managed by the network elements as depicted in Figure 16 [7].
The SDN can be an effective solution for achieving several security requirements in IoT systems. In [67], the authors proposed a role-based SDN architecture for IoT environments. Their network model includes three controllers, and thus the communication traffic is distributed. The proposed distributed architecture provides different security properties. Wang et al. [68] proposed an identity-based SDN network to overcome the IoT security threats. The generated identity of the IoT device is based on its IPv6 address and secured using data encryption operation.
To provide authentication in heterogeneous IoT networks, Salman et al. [69] presented an identity-based authentication scheme. The proposed scheme has three main components; things, gateway, and SDN controller that is responsible for security management. The formal security verification showed that it is secure against masquerade, man-in-themiddle, and replay attacks.
The authors in [70] introduced the SDN in IIoT to secure real-time data transmission. The proposed encryption method requires lightweight operations such as substitution and permutation to provide data confidentiality.
To protect the IoT devices from malicious attacks and mitigate the damage upon an attack, the authors in [71] focused on monitoring anomalous behaviors of IoT devices using SDN gateway with an associated controller. The use of SDN improves the accuracy of attacks detection and enhance the resilience of mitigation action. Bhunia and Gurusamy [72] proposed SDN-based framework. The SDN controller analyzes the communication traffic and determines if it is normal or not. If an attack is detected, it applies rate limiting to reduce the impact of a suspicious attack. The authors considered three different attack scenarios to evaluate the performance of the proposed scheme. Table 11 compares the IoT security schemes based on SDN. It is noticed that SDN technology can provide security for the IoT environments because security mechanisms can be implemented easily by exploiting the SDN controller capabilities. However, the additional functions of the SDN controller can decrease the network efficiency due to the high communication overhead caused by the control traffic between the SDN controller and the IoT devices.

D. BLOCKCHAIN-BASED SOLUTIONS
Blockchain is a disruptive technology that has revolutionized the world of cryptocurrency. It is a distributed ledger/database that contains transactions of nodes in a peer-to-peer (P2P) network. A set of transactions are grouped into a single block and validated in a distributed way using a consensus algorithm.
The consensus process is executed by some nodes in the network called miners. Common consensus algorithms include proof of work (PoW), proof of stake (PoS), and practical byzantine fault tolerance (PBFT). There are two main types of blockchain, namely public (permissionless) and private (permissioned) [114]. Due to its prominent features such as decentralization, immutability, transparency, blockchain technology can be applied in several IoT applications. To achieve authentication, Hammi et al. [73] proposed a decentralized mechanism called bubbles of trust based on a public blockchain that implements smart contracts. They considered a network with a large number of heterogeneous smart things where each device can communicate only with devices of its zone (i.e., the bubble). Lin et al. [74] designed an anonymous authentication scheme using blockchain technology and group signature. The proposed scheme enables users to remotely access smart home devices through a gateway node. To verify a transaction, the gateway node executes a smart contract and all valid transactions are added to the blockchain by consensus nodes. Hong [75] proposed a decentralized authentication system for sensor networks in the context of IoT. The network architecture consists of two main components; sink node and sensor node, and is organized into levels. Each sensor node should prove its legitimacy to top-level root using the blockchain's Merkle tree. Khalid et al. [76] adopted the public blockchain to provide a secure environment for IoT smart city scenarios. The proposed mechanism consists of three main phases that include, the initialization phase, device authentication phase, and device-to-device communication phase. In the latter phase, two devices either from the same group or different, communicate with each other after the mutual authentication. Cui et al. [77] presented a hybrid blockchain-based authentication mechanism for remote users in WSN-enabled IoT. The proposed scheme includes a base station, cluster head node, ordinary node, and end-user device. It relies on private blockchain for ordinary node authentication and public blockchain for cluster head node authentication and remote user authentication. The user is identified using its certificate distributed by a certificate authority (CA).
To provide secure access control to IoT devices and data, Dorri et al. [78] proposed a blockchain-based architecture for IoT smart home systems. They employed a local blockchain that stores all transactions and is managed by the home miner. To establish a secure trusted system in IoT, the authors in [79] investigated the use of blockchain with a reputation mechanism. They introduced a credit-based blockchain to build trust between a service provider and service consumers. The proposed system allows users to consume services by providing obligations as specified by the service provider. These obligations are stored on the blockchain and verified based on the users' reputation information. In [80], the authors evaluated the trustworthiness of sensor data using blockchain technology. Their network architecture consists of a large number of sensors and multiple gateways that maintain the blockchain. The transactions of data including its collection and communication are stored on the blockchain. The block validation is based on a reputation model. Table 12 compares the IoT security schemes based on blockchain. We notice that we did not consider the computation cost of the mining process because it is well known that it is computationally expensive and requires significant resources. In addition, it depends on the used blockchain (e.g., 14 seconds for Ethereum blockchain). Therefore, we only focused on operations performed on IoT nodes. Most of the reviewed papers have high communication overhead because they employed local blockchains that are not distributed causing in providing high network traffic between the blockchain and the IoT nodes. Therefore, they should be improved to meet the decentralization property of blockchain technology.

E. LIGHTWEIGHT CRYPTOGRAPHY-BASED SOLUTIONS
Cryptography is an effective tool to guarantee confidentiality, integrity, and authentication. However, most IoT devices have challenging characteristics such as processing, memory, and battery power. Thus, traditional cryptographic algorithms are not suitable for resource-constrained IoT devices. Recently, lightweight cryptographic primitives were proposed to secure IoT systems. As presented in Figure 18, lightweight cryptographic algorithms can be classified into four main classes: block ciphers, stream ciphers, hash functions and elliptic curve cryptography (ECC) [115].
In block ciphers, a block of plaintext is encrypted at a time, while stream ciphers encrypt/decrypt a single bit or byte of plaintext/ciphertext.
Hash functions are used to provide data integrity by generating a fixed-length message from an arbitrary-length message. ECC is a lightweight asymmetric cryptographic technique that provides the same level of security as rivestshamir-adleman (RSA) algorithm with a smaller key size.
Several recent research works [81]- [94] adopt lightweight cryptographic techniques to achieve key security requirements including confidentiality, privacy, integrity, and authentication.
Usman et al. [81] presented a lightweight encryption scheme for the IoT. It is a symmetric key block cipher algorithm based on substitution-permutation and feistel networks. The substitution-permutation architecture satisfies Shannon's confusion and diffusion properties. In the feistel architecture, encryption and decryption operations are almost the same. The proposed scheme guarantees data confidentiality and integrity. Shahzadi et al. [82] focused on securing IoT remote health monitoring systems. They addressed the limitations of Rivest Cipher (RC5) block cipher algorithm and proposed an improved scheme based on a 2D chaotic map. This latter is used for the symmetric key schedule during the encryption and decryption process.
Sharafi et al. [83] proposed an enhanced block cipher based on chaotic cryptography for WSNs. They adopted the substitution-permutation network to provide high confusion and diffusion. The proposed scheme is more secure than benchmark algorithms such as RC5 and Skipjack. It is also more efficient than Block Cipher based on Chaotic (BCC) algorithm.
Noura et al. [84] proposed a lightweight stream cipher method for real-time IoT applications. Their scheme is based on dynamic key-dependent where a dynamic key is used for one-time data encryption. It is more efficient in terms of encryption time than the AES algorithm since it requires one iteration to provide the ciphertext.
Liu et al. [85] investigated the privacy-preserving in dynamic and real-time IoT environments. They proposed two algorithms to protect the private data of resource-constrained IoT devices. They also introduced the edge computing concept to improve the efficiency of their framework. The proposed algorithms are based on the RC4 stream cipher algorithm and chaotic logistic map.
Wazid et al. [86] presented a lightweight user authentication mechanism in the context of hierarchical IoT. The proposed scheme is based on a cryptographic hash function and symmetric cryptography. In this scheme, the user can access the information of IoT devices after authentication and session key establishment through a central controller.
Sharma and Kalra [87] designed a secure user authentication approach for cloud-based IoT applications. The proposed scheme is based on a lightweight hash function where the remote user and the cloud server are mutually authenticated and share a session key to secure future communications.
Shen et al. [88] proposed two authentication and key establishment protocols for wireless body area networks (WBANs). The two protocols are based on a hash function, elliptic curve cryptography, and symmetric cryptography that provides high security with low computation cost.
Wu et al. [89] presented an efficient user authentication scheme for wireless medical sensor networks in IoT. Their scheme uses two factors: user identity and password, and it is based on a cryptographic hash function. The formal security verification showed that the proposed method achieves secure mutual authentication and session key agreement.
Gupta et al. [90] proposed a lightweight authentication and key agreement protocol based on hash function for healthcare IoT. Their network consists of wearable devices, a user device, and a server. Before sending the medical data collected by the wearable device, this latter must authenticate the user device using a lightweight cryptographic hash function.
Harbi et al. [91] proposed an enhanced ECC-based authentication and session key agreement scheme for WSNs in IoT systems. Their network architecture is organized into clusters to reduce the energy consumption of sensors. The security analysis demonstrated that their scheme resists known attacks and provides major requirements.
Deebak et al. [92] proposed a remote user authentication framework based on ECC, cryptographic hash function, and symmetric cryptography for smart healthcare IoT systems.
The proposed scheme involves the user's biometrics to resist the user impersonation attack.
Lee et al. [93] proposed an improved user authentication scheme for IoT networks. The proposed scheme is lightweight and suitable for constrained IoT environments. However, the remote user directly authenticates and negotiates a session key with the IoT device without involving a gateway node.
Sadhukhan et al. [94] proposed a three-factor user authentication and session key agreement scheme in IoT applications. The proposed scheme is based on ECC, cryptographic hash function, and symmetric cryptography to provide mutual authentication and session key agreement. However, it does not preserve user anonymity and untraceability. Table 13 compares the IoT security schemes based on lightweight cryptography. It is obvious that most of the surveyed articles are computationally effective because they require lightweight operations to provide the corresponding security requirements. However, they are based on a centralized architecture, and thus, they are limited in terms of scalability, availability, and security. Some of the proposed methods are less efficient in terms of computation and storage cost because they combined lightweight cryptography with traditional symmetric cryptography. Hence, they should be improved to provide security while being suitable for constrained IoT devices.

F. HOMOMORPHIC AND SEARCHABLE ENCRYPTION-BASED SOLUTIONS
The number of IoT devices is increasing to enable the creation of more intelligent applications. These devices generate a massive amount of data that needs to be gathered and analyzed. Cloud computing provides computation and storage services for IoT collected data. These data can be highly sensitive and thus need to be protected from unauthorized access. To provide privacy preservation, the collected data are encrypted then stored in the public cloud.
Homomorphic encryption (HE) allows calculations on encrypted data without revealing the original data. There are two basic types of homomorphic encryption: partially and fully homomorphic methods [116].
Searchable encryption (SE) enables a secure search over encrypted data stored on a cloud server. The SE techniques include symmetric SE, asymmetric SE, and attribute-based SE [117].
Shafagh et al. [95] presented data protection scheme based on partially homomorphic encryption (PHE). The proposed scheme is specifically tailored for IoT mobile systems where the cloud stores only encrypted data. It supports encrypted data processing (i.e., sum and average) and encrypted data sharing (i.e., re-encryption). The security analysis showed that the proposed scheme is secure against passive attacks tar-geted at data on the cloud and prevents access of unauthorized users.
Zouari et al. [96] introduced fully additive encryption and fully additive secret sharing to secure aggregation of collected data of heterogeneous IoT devices. They applied their scheme to a smart grid scenario to show its efficiency and resilience.
Lu [97] employed BGN homomorphic encryption to preserve the privacy of user range query in fog-enhanced IoT. The proposed scheme includes three components; IoT devices, fog device, and user that generates BGN public and private keys to secure the transmitted range query. It achieves privacy-preserving and provides efficient communication overhead.
In [98], the authors addressed the limitations of public-key encryption with keyword search (PEKS) technique (i.e., low search efficiency) and proposed a certificateless searchable scheme with multiple keywords for cloud-based IIoT systems. They defined the security model based on game theory and demonstrated that their scheme resists chosen keyword attack.
Li et al. [99] proposed a searchable encryption scheme to securely retrieve the encrypted data stored on a cloud server in IoT environments. The proposed scheme consists of five phases, namely, setup, key generation, storage, trapdoor, and search. The authors only considered the computation cost of the storage phase, trapdoor phase, and search phase, while communication overhead and storage cost are not evaluated.
Wang et al. [100] suggested the use of attribute-based searchable encryption with equality test for ciphertexts outsourcing in IoT. The equality test enables data users to search ciphertexts without decryption, and thus decreasing the storage cost of IoT devices. The proposed scheme is secure against chosen plaintext attack and chosen keyword attack.
Zhang et al. [101] focused on the encrypted data search problem in IIoT and proposed an improved scheme based on a certificateless public key searchable encryption. The cloud server retrieves the ciphertext via trapdoor information. The security analysis using the random oracle model showed that the improved scheme satisfies the ciphertext indistinguishability, trapdoor indistinguishability, and user unforgeability. Table 14 compares the IoT security schemes based on homomorphic and searchable encryption. It is clearly observed that the reviewed research papers enhance IoT security by effectively providing privacy-preserving at network and application layers. However, they require complex calculations to satisfy the desired level of security.

G. MACHINE LEARNING-BASED SOLUTIONS
Machine learning (ML) is a promising technology that offers embedded intelligence to IoT devices to cope with different security issues. It is a subset of artificial intelligence (AI) that can be used to develop intelligent security systems for IoT networks.
The ML algorithms are classified into five classes: supervised, unsupervised, semi-supervised, reinforcement, and deep learning as shown in Figure 19.   Various types of attacks launched on IoT systems such as DoS attack can be detected and mitigated using ML techniques. The ML algorithms can also be used to detect anomalies and intrusions in IoT networks.
Supervised learning algorithms such as support vector machines (SVM), decision tree (DT), and naive bayes (NB) are used to secure IoT systems. However, they require large storage and time for data training.  K-means clustering and hierarchical clustering are two common algorithms of unsupervised learning that do not require data training. The unsupervised algorithms are less efficient than supervised approaches.
Semi-supervised learning was introduced to reduce the datasets needed for training. Nevertheless, it does not provide detection accuracy compared to supervised learning.
Reinforcement learning techniques do not need a rich training dataset but require the knowledge of state transition function.
Deep learning techniques have been employed to address the limitations of other ML techniques [118], [119]. Major deep learning algorithms such as convolutional neural network (CNN), recurrent neural network (RNN), deep belief network (DBN), deep Q-network (DQN) can be used to improve security in IoT systems.
The schemes presented in [102]- [107] were recently proposed to detect various IoT attacks and anomalies using different ML algorithms.
Canedo and Skjellum [102] adopted artificial neural networks to secure IoT systems. They used device ID, sensed value, and timestamp of data transmission as input neurons to train the neural network. They also added invalid data to the database to enable the neural network to detect malicious data. After the training phase, the validity of the IoT device reading is verified within the proposed model.
Nobakht et al. [103] proposed an intrusion detection and mitigation framework for IoT smart homes. They addressed potential attacks (e.g., DoS attack) on smart home devices. The proposed scheme examines the network traffic to identify malicious activities and take appropriate countermeasures (i.e., block or redirect the malicious traffic). It requires a set of labeled data for the training phase which is executed in an offline mode. The SVMs algorithm is used for data classification.
Lee et al. [104] focused on the abnormal behavior profiling of IoT sensors that collect four different types of data (i.e., temperature, humidity, light, and voltage). The authors used k-Means and SVM algorithms to detect sensed data compromise in two cases; if one data was modified or all data were modified. The k-Means algorithm provided better detection accuracy than the SVM algorithm.
Doshi et al. [105] investigated the DoS attacks launched on IoT smart home devices. They employed five machine learning algorithms, namely, K-nearest neighbors, SVM, DT, VOLUME 9, 2021 Random Forest, and Neural Networks to detect the DoS attacks. All five algorithms had a high detection accuracy.
Alrashdi et al. [106] presented a network-based anomaly detection scheme for IoT smart city applications. The proposed scheme consists of a training phase and a testing phase where data classification is performed using the Random Forest algorithm. It achieves high classification accuracy with a low false positive rate.
Bagaa et al. [107] designed a security framework to address external and internal attacks in IoT systems. The proposed scheme uses the tempo-spatial correlation between different sensor data based on the SVM algorithm to detect anomaly behaviors (i.e., uncommon sensor data values). Table 15 compares the IoT security schemes based on machine learning algorithms. These algorithms cannot be applied directly on IoT devices because they involve data training and testing or classification that require large processing capabilities and storage cost. Therefore, most of the surveyed articles employed other emerging technologies like fog computing and SDN to meet the resource-constrained, heterogeneous, and distributed features of the IoT. However, the performance evaluation in terms of communication overhead and storage cost should be considered to show the efficiency of the proposed schemes.

H. LESSONS LEARNED
Securing IoT systems is a complex and challenging task. An effective security solution must not only secure each device independently but provide end-to-end security with low computation complexity, communication overhead, and storage cost based on the target environment. Several promising technologies and techniques were discussed in this section. A comparison of recent research works in terms of major parameters was also provided. This comparison shows that the effectiveness of IoT security schemes does not only depend on the countermeasure mechanisms used against attacks but also performance costs. The proposed security schemes may be improved in terms of performance and robustness by addressing the limitations of the adopted emerging technologies and techniques.

VI. SECURITY CHALLENGES AND FUTURE DIRECTIONS
Although the studied emerging technologies have been introduced to provide improved security in different IoT systems, they impose several security challenges that are not properly solved. Table 16 summarizes the main security purposes and challenges of the studied emerging solutions.
-Most IoT devices are resource-constrained, thus security-enhancing solutions must be computationally efficient. Unfortunately, some emerging technologies and approaches such as blockchain, homomorphic encryption, searchable encryption, and machine learning algorithms require high processing and storage capabilities. Therefore, it is challenging to trade-off between security and performance in IoT infrastructure.
-The IoT takes advantage of fog computing to achieve different security requirements. Fog nodes cooperate to provide real-time and latency-sensitive services to IoT users. However, a fog node does not have any information about other nodes; it is challenging to ensure that all joining fog nodes are trusted. In fact, users have several fog nodes available to cooperate for guaranteeing IoT services. Thus, it is imperative to select trustworthy fog nodes. -The integration of edge computing and IoT technology improves the performance and security of different IoT applications. However, the edge layer is highly susceptible to attacks and can be easily compromised by adversaries. Common edge computing threats include location-based attack and battery draining attack since edge devices are typically resource-constrained. Moreover, the deployment of edge nodes at the edge of the network (i.e., at a local level) makes recovery mechanisms challenging. -The IoT is rapidly spreading in different domains. Consequently, physical objects of daily life are progressively integrated into various environments, and thus, the scalability of systems needs to be ensured. However, centralized SDN architecture cannot deal with a large number of IoT devices. In addition, SDN-based solutions are not efficient in high dynamic IoT environments such as vehicular networks. Hence, it is necessary to enforce the scalability property in SDN networks. -As IoT devices are tremendously increasing, a massive amount of data including sensitive data are generated and exchanged via the Internet. Blockchain technology efficiently tackles the scalability issue due to its distributed architecture. However, it does not ensure the privacy of transactions and it is prone to data leakage. In fog computing-based architecture, fog nodes are responsible for forwarding data to the cloud. If fog nodes are not trustworthy or compromised by an adversary, they can disclose personal information. Furthermore, various threats can be launched against machine learning algorithms during the training process, and thus exposing sensitive data used by the classifiers. -The security of data transmission can be achieved using encryption techniques. The encryption of transmitted data prevents intruders from revealing the content of messages. This approach can be applied when the communication parties share encryption/decryption keys. In symmetric encryption (i.e., block ciphers, stream ciphers, and hash functions), the key must be pre-distributed or securely communicated. However, in scalable IoT environments, key management including distribution, agreement, update, and revocation remains a meaningful task.
Shortly, the IoT will be extended to the Internet of everything (IoE), the security of future IoT systems will be vital. Several research efforts are required to face the integration of  IoT and emerging technologies to guarantee a resilient and desirable level of security.
-Since fog/edge computing is an extension of cloud computing, fog/edge nodes are still prone to various types of attacks. If the fog/edge layer is compromised, then the entire IoT system may be compromised. Machine learning algorithms can be adopted to enhance the security of the fog/edge layer. -Consensus algorithms of blockchain technology are highly resource hungry, it is recommended to design more efficient and lightweight consensus algorithms suitable for resource-constrained IoT devices. -The immutability feature of blockchain allows invalid data to be permanently stored, hence, there is a need to explore techniques and methods to handle the permanent storage of invalid data in blockchains. -IoT devices are more susceptible to attacks due to user's carefulness, an attacker can easily access the devices. Proper guidelines need to be well defined to increase user's awareness about the consequences of possible attacks. Further, the IoT devices should perform self-management mechanisms to defend and recover from possible damages. -Data reliability is highly required for critical IoT applications such as healthcare systems. Machine learning and artificial intelligence techniques can be used to analyze and classify the collected data by the IoT devices.
-Implementing machine learning algorithms at the fog layer can improve energy efficiency and enhance the scalability of lightweight IoT devices. -Because machine learning algorithms are susceptible to many threats that can decrease the accuracy of the classifiers, blockchain technology can enhance the reliability of training data by providing decentralization and transparency. -Data transmission between different IoT layers must be secure; the data should be only revealed at the intended destination. Security mechanisms must be applied at the three IoT layers to provide end-to-end security. -As IoT wireless technologies have different vulnerabilities, a new generation of communication such as 5G and 6G can be used to enhance the reliability, scalability, and cost-effectiveness of IoT systems.

VII. CONCLUSION
In this paper, we provided a new taxonomy of IoT security attacks based on levels, purposes, and countermeasures. Then, we discussed emerging security solutions for IoT based on different technologies and techniques including fog computing, edge computing, SDN, blockchain, lightweight cryptography, homomorphic and searchable encryption, and machine learning. Furthermore, a comparative study of security schemes based on these emerging technologies and techniques in terms of security and performance was provided. Finally, we presented the security challenges related to VOLUME 9, 2021 these emerging solutions and highlighted future directions to enhance the security of IoT. This paper will help researchers to have an idea about the current state-of-the-art of security in IoT to address their respective interests.