A Multicriteria Decision Making Taxonomy of IOT Security Challenging Factors

Internet of things (IoT) is leading a new digital age. IoT is regarded as the significant frontier that can improve almost all aspect of our lives. Currently, the IoT technology faces several challenges to academic researchers and industry practitioners, mainly that related with security of data. The objective of this study is to develop a prioritization-based taxonomy of the challenging factors that could hinders the security of IoT. By conducting the literature review and questionnaire survey studies 21 challenging factors were identified that are reported in existing literature and in real-world practices. Moreover, the identified challenging factors are mapped in the core domain of IoT (i.e. smart city, smart home, smart wearable’s and smart health care); and apply the fuzzy- AHP approach to rank the identified challenging factors with respect to their criticality for security of IoT technology. The application of fuzzy-AHP is novel in this research area as it is successfully applied in other domains of information technology to address the multi-criterion decision making problems. This study is contributing by providing a prioritization-based taxonomy of the IoT security challenging factors that could help the practitioners and research community to revise and develop the new strategies for the secure IoT.

improving energy distribution, trash collection and air quality urban cities are equipped with smart IoT sensors [8]. It is envisioned that internet will be connected with more than 75.44 billion devices worldwide according to Statista research department and will generate more than 79.4 zettabytes of data by 2025 predicted by IDC (International Data Corporation).
Despite the evident significance of IoT and its applications in our daily life practices, the IoT devices are also prone to various security threats because of the existence of several vulnerabilities as Wireless Sensor Networks (WSNs), Machine-to-Machine (M2M) or Cyber-Physical System (CPS) have now advanced and are considered as an integral components for IoT paradigm [9], [10]. Thus, there needs to secure the entire architecture of IoT and its domains i.e. smart home, smart city, industrial automation, smart health from the attackers which may counterfeit the services provided by IoT. Since, IoT paradigm consists of several interconnected devices and heterogeneous devices that may prone to various conventional security issues related to computer networks. Furthermore, IoT devices are embedded with constrained resources that pose further challenges to IoT security since smart devices have very limited power to be employed with cryptographic algorithms [11].
Based on the given discussion, this study is conducted with the aim to develop a taxonomy of the factors that could negatively impact the security of IoT. The taxonomy will be based on the challenging factors identified during the literature survey and industrial study conducted with the experts.
The key objective of the industrial study is to know the perceptions and opinions of the experts having experiences in IoT implementation in real-world environment. However, it is challenging to priorities multiple factors based on the experts' opinions that could bring vagueness and uncertainties. Quantitative prediction is challenging for humans (IoT practitioners), as they could more perfectly convey the feelings verbally (qualitatively). Therefore, in this study, we use the fuzzy AHP approach to translate the qualitative prediction of the IoT experts into quantitative prioritization values. It is a well-known approach that usually use for rating the human based multi criteria decision making problems. Fuzzy AHP approach has previously been used in different other studies.
For example, Singh and Prasher [12] evaluate the quality of services in different hospitals and rank the healthcare service quality attributes using Fuzzy AHP. That prioritization was eventually used for listing the best hospitals based on the quality of the services. In another study, Wang et al. [13] used fuzzy AHP approach to select the most common sustainability problems for both society and business in order to provide a framework for management and strategic planning. They mention that the framework work as a decision-making tool for the organizational management while they work on sustainability related issue. Similarly, Yucesan and Kahraman [14] identified, categorized and priorities various safety and financial risks in hydroelectric plant. They use fuzzy AHP approach to list down the risks based on their significance and present as a robust framework. Therefore, the use of fuzzy AHP approach in the above most recent articles motivated us to follow its concepts and develop the taxonomy of IoT challenging factors and their categories. This taxonomy will provide a robust framework that will assists the IoT practitioners to focus of the most critical areas towards the secure IoT. RQ1: ''What are the important challenging factors towards the secure IoT paradigm reported in the literature and realworld practices?'' RQ2: ''What would be the prioritization based taxonomy of the investigated challenging factors?''

II. BACKGROUND AND MOTIVATIONS
Although the evident significance of IoT is undeniable, but the security and privacy issues existing in IoT devices is crucial that needs to be addressed. However, researchers have made a tremendous effort in order to cope with these challenges for the IoT environment. Some of them targets the layer-level security issue, whereas other approaches aim at providing end-to-end security for IoT. In recent years, several studies have been conducted in order to provide the blueprint of existing security and privacy threats for IoT paradigm. Alaba et al. [15] have discussed the threats on IoT in term of hardware, network, and application components and categorized the security threats of communication, architecture, application and data level. Granjal et al. [16] have identified and analyzed the existing security threats of various protocol designed for IoT. Whereas, several other studies likewise [17]- [20] have addressed and evaluated the key management and cryptographic algorithms that is suitable for IoT paradigm. Sicari et al. [21] have identified researchers' effort in order to address the confidentiality, privacy, access control and security with middleware for IoT systems. They also discussed various trust management, authentication, privacy, data security, and network issues. To ensure the privacy for IoT authors Tso et al. [22] have discussed the secure multiparty computation in order to preserve the privacy of end users by considering the attribute-based access control and credit checking techniques. Zhou et al. [23] identified several security issues and their existing solutions for cloud based IoT such as identity and location privacy, layer removing or adding, node compromising. Zhang et al. [24] discussed the security vulnerabilities in IoT devices such as authentication and authorization, privacy, light weight cryptographic techniques.
Several survey studies have also been conducted in order to highlight the existing security threats in various other domains of IoT such as, smart home, smart city, smart health and industrial automation [25], [26]. Kranenburg and Bassi [27] discussed several security threats existing in resource-constrained devices for smart homes. Kolzov et al. [28] identified the various security and privacy issues at different architectural level of smart home. Zaidan et al. [29] conducted a survey study concerning to smart home smart homes and found the security critical devices such as smart lock. Roman et al. [30], discussed that data and identity management, user privacy are the main challenges faced by smart-homes. Yao et al. [31] identified various privacy and security challenges such as identity theft, social engineering attacks, points of entry for a cyber-attack, and social network-based threats, such as, grooming and cyber-bullying.
Similarly, researches have highlighted and addressed various security and privacy threats in smart cities. Chen and Chen [32] discussed the current evolution of smart cities and identify the existing security and privacy issues pertaining to data centric. Eckhoff and Wagner [33] surveyed and highlights the nine specific technology that need privacy protection models in smart city contest. Jeong and Park [34] discussed the security and privacy threats in current smart application and highlighted the requirements for building secure and stable smart city. Several studies have been conducted in order to highlight and address the security in healthcare internet of things and industrial automation. To the best of our knowledge, there is a lack of empirical investigations on the challenging factors of IOT security. Thus this study address this gap by exploring and analyzing the IoT security challenging factors.

III. RESEARCH DESIGN
To address the objective of this research, firstly, we have conducted literature review study and investigate the challenging factors of IoT paradigm. Secondly, the empirical study was conducted aiming to get the insight of industry practitioners concerning to the identified challenges. Finally, the fuzzy-AHP approach has been applied to determine the priority level of each investigated challenge with respect to their criticality for IoT paradigm. The adopted research approaches are diagrammatically presented in Figure 1 and briefly discussed in the sub-sequent sections: The literature study was conducted to explore the challenging factors that could negatively impact the implementation of IoT paradigm in real-world environment. To ''conduct the literature survey, the snowball data sampling technique was adopted in which the literature were explored by applying the forward and backward snowballing. Forward snowballing refers to explore the related literature in which a particular study is used; and the backward snowballing refers to the literature cited in a particular study [35]. The sample size of the selected studies steadily increases as more references and citations are explored [35]. The relevant literature studies are listed in order to extract the factors that provide the concrete description about IoT and its security challenges. Moreover, those studies are also considered, where the factors are not explicitly discussed [36], [37], but presented the relevant IoT lesson learned and experience reports. Identifying and extracting factors from such reports are more challenging because it required complete and in-depth review [36], [37]. The literature studies are searched using the Google Scholar search engine. It provides a simple interface to broadly search the scholarly articles available on different other common digital libraries like, Springer Link, IEEE Xplore, ACM Digital Library etc. It gives us confidence that no relevant digital library has been missed. The Google Scholar search engine is explored using the keywords of the study and identify the relevant published articles. The studies selection process is mainly performed by the first three authors. However, the disagreements between investigators at any point have been settled based on the discussion and overview of all the authors. We finally shortlisted 92 studies (references list) using both forward and back snowballing technique. The studies are considered to structure this article, as well address the research questions discussed at the end of section-1.'' The first three ''authors reviewed the selected studies and develop the list of the success factors that could negatively impact the security aspect of IoT. The second review of the studies is done by the fourth and fifth authors in order to refine the results of the first review and report the missing information. Moreover, three external reviewers are invited to evaluate the interpersonal biases in the review process. The external reviewers are requested to randomly select 10 articles VOLUME 9, 2021 and conduct the review process as performed by the authors. The interpersonal biases between the external reviewers and the authors have been assessed by performing the Kendalls coefficient of concordance (W) test. Kendalls coefficient of concordance (W) is a well-known statistical approach used to identify the level of agreement between a group of people that evaluate a set consist of n objects [38]. The range of the W assessment score is from 0 to1, where W = 0 is showing complete disagreement level between the people and W = 1 refer to complete agreement [38]. The results given in Table 1

B. EMPIRICAL DATA COLLECTIONS
The identified list of challenging factors and their mapping in the core domain of IoT were further validated with industry experts via questionnaire survey approach. Questionnaire survey is an effective way to collect the data from dispersed population. Wright [39] mention that the questionnaire survey approach assists to reach the targeted population which is significant to collect the potential data.

1) SURVEY INSTRUMENT DEVELOPMENT
To collect the data from the experts, a survey instrument was developed. The survey instrument was broadly categorized in two section A and B. Section A contains the queries that related to the bibliographic information of survey respondents. Section-B of the survey instrument was further divided in two sections; which included close-ended and open-ended. In close ended, the identified challenges were mentioned and request the survey participants to rank them according to their understanding using the five-point Likert scale ''strongly agree'', ''agree'', ''neutral'', ''disagree'', and ''strongly disagree'' [40]. Finstad [41] underlined that the neutral option help to collect the unbiased data, as without neutral option, the respondents are bound to make the decision one-sided [41]- [43].

2) PILOT ASSESSMENT OF SURVEY INSTRUMENT
At first step, the questionnaire was developed with the discussion of study authors and research advisor. The pilot assessment is important to check the suitability and understandability of the variables mentioned in the questionnaire [42], [44]- [46]. In pilot assessment process, a total of three experts were participated in which once expert was invited from ''City University Hong-Kong'', two belongs to industry practices (''Virtual force'' and ''QSoft-Vietnam'').
The participants were requested to analyze the questionnaire with respect to suitability of study objective and understandability of the survey participants. They analyze the whole questionnaire and suggest some modification. The major modification is regarding to the design of the questionnaire, they suggest to put all the variable in tabular form. Secondly, they suggested to add some additional questions concerning to get the strong bibliographic information of the survey participants. All the highlighted points were addressed and the updated questionnaire was used in data collection process. Appendix-A presents a sample of used questionnaire.

3) ETHICS APPROVAL
The ethical approval was obtained from research advisor committee of computer science department. Once the permission is granted, we have stated the data collection process by sending the online link of questionnaire survey to the targeted population. The collected responses were hosted at Google Drive (drive.google.com). The survey participants were requested to mark the survey questions bestowing to their knowledge. All the respondents contributed to the data collection process voluntarily and anonymous. The respondents can exist from the survey at any stage.

4) DATA SOURCES
The purpose of ''this survey was to validate the findings of literature study (i.e. challenging factor). Though, to validate the findings of literature study, the opinions of experts are important. To target the most potential population of survey study at the geographically distributed development environment, the snowball sampling strategy [42] was applied. The snowball sampling is an efficient and cost-effective way to collect the data from a physically distributed population. In snowball sampling, the participants are requested to share the survey questionnaire to their contact researchers or practitioners. The snowball sampling is an effective way to collect the data from a large and dispersed targeted population [41], [47]. Various methods were used to target the population, including personal Email, organizational Email, LinkedIn and Research-Gate. The data were collected during September-2020-to November-2020. A total of 64 responses were collected in the form of an Excel sheet. First two authors of this study manually reviewed all the responses. During the manual review, we found 14 incomplete responses. Though, while discussing with the research supervisor, we decided to not include the incomplete responses in the data analysis process. Finally, a total of 50 complete responses were entertained for future data analysis.''

5) SURVEY DATA ANALYSIS
The ''frequency analysis method is applied to analyze the collected responses statistically; the frequency analysis method is an effective way to analyze the descriptive data [48]. The frequency of occurrence and the percentage of each success factor are reported in tables. The frequency approach is useful to compare the views and values within groups of variables and across the groups of variables. To check the significance of each success factor, according to the survey respondents, the views of all the respondents are calculated and presented in the form of tables. Moreover, to check the relative importance of each success factor, the frequency of occurrence of one factor is compared with other factors. The same method is used by other researchers in several other research domains [49]- [51].''

C. FUZZY SET THEORY AND AHP
We have adopted a fuzzy analytical hierarchy process to prioritize the identified challenges of COSD process. The fundamental concepts of fuzzy sets and AHP are discussed in the section.

1) FUZZY SET
''Fuzzy set theory is an extension of classical set theory that was initially introduced by Zadeh et al. [52] to deal with uncertainties and vagueness in the real-world problems; and manage these ambiguities as a multi-criteria decisionmaking problem. The primary contribution of fuzzy set theory is to represent the vague data [53]. In the fuzzy set, a membership function is characterized which maps to objects between 0 and 1. The definitions and preliminary of the fuzzy set theory are discussed in the following sections:'' Definition: A triangular fuzzy number (TFN) F is denoted by a set (fl, fm, fu), as shown in Figure 2. The given where, f l , f m and f u is the crisp numbers denoting the lowest, most promising, and highest possible values respectively. The algebraic operations for the two TFNs i.e. Ť 1 , Ť 2 are given in Table 2.

2) FUZZY AHP
The analytic hierarchy process (AHP) ''is one of the most powerful methods used multi-criteria decision-making problems. The main advantages of AHP are the relative ease with which it handles multiple criteria, easier to understand, and it can effectively handle both qualitative and quantitative data. The following main step of AHP method: Step1: ''Decompose the complex decision problem into the hierarchical structure ( Figure 5  However, the classical AHP has several benefits, but it has some limitation due to usability of AHP in Crisp environment, judgmental scale is unbalanced, and absence of uncertainty, selection of judgment is subjective. Therefore, fuzzy AHP, a fuzzy extension of AHP, was introduced to solve more accurately for the real-time and uncertain problem [54]. The FAHP can capture the uncertain imprecise judgment of different experts by handling the linguistic variables. Various researchers have followed the Fuzzy AHP methods in a variety of domains [55]. In our study, we have utilized the fuzzy AHP developed by Chang [56], which provides more accurate and consistent results as compared to other fuzzy AHP techniques. In a prioritization problem, let X = {x 1 , x 2 , . . . , x n } represent the elements of main categories as an object set and U = {u 1 , u 2 , . . . , u n } represent the elements of each category as a goal set. By Chang [56] methodology, each object is considered, and extent analysis for each goal (gi) is executed, respectively. Thus, for each object, there are (m) extent analysis values that can be obtained with the following Equation (2) and (3): where, all F j gi, (j = 1, 2, . . . , m) are fuzzy triangular numbers (TFNs).
The following are the key steps of Chang's extent analysis method [56]: Step 1: The value of a fuzzy synthetic extent concerning the i th object can be defined using Eq. 4: To achieve the expression , the fuzzy addi- and finally, calculate the inverse of the vector with the help of Eq. (7): Step 2: As F a and F b are two triangular fuzzy number then the degree of possibility of The Equation 8 can be also similarly specified as below: Here, d represents the ordinate of the highest intersection point between D, µF a and µ Fb (Figure 4). The values of V 1 (F a ≥ F b ) and V 2 (F a ≥ F b ) are mandatory for calculating the value of P 1 and P 2 .
Step 3: Calculate the overall degree of possibility of a convex fuzzy number and the other convex fuzzy numbers F i (i = 1, 2, . . . , k) can be defined as follow: Assuming that, for k = 1, 2, . . . , n; k = i. With the help of Eq. 12, calculate the weight vector using Eq. 11.
Step 4: Via normalization, the normalized weight vectors are in equation 13, and the result will be a non-fuzzy number which represents the priority weight of the criteria: where W is a non-fuzzy number.
Step 5: Checking consistency ratio: The pairwise matrices should always be consistent in fuzzy AHP [57]. Therefore, it is necessary to check the consistency ratio of each pair-wise comparison matrices. To do so, the graded mean integration approach is utilized for defuzzifying the matrix. A triangular fuzzy number, denoted as P = (l, m, u), can be defuzzified to a crisp number as follows: After the defuzzification of each value in the matrix, consistency ratio (CR) of the matrix can easily be calculated and checked whether CR is smaller than 0.10 or not. For this, two basic parameters, i.e. Consistency Index (CI) and Consistency Ratio (CR) are used. The value of CI and CR can be calculated using Equations 14 and 15.
where, λ max : the largest eigenvalue of the comparison matrix, n: the number of items being compared in the matrix and RI: the random index and its value can be opted from Table 3.
To have a consistent matrix, the computed value of CR should less than 0.10. If the value of CR is found to be greater than 0.10, the decision-maker must again conduct the pairwise judgments.''

IV. STUDY FINDINGS
This section contains the results and analysis of this study.

A. IDENTIFIED LIST OF CHALLENGES
By conducting the literature review, the potentiation challenging factors were identified. The identified list of challenging factors is presented in Table 4, and are briefly discussed below:

1) SMART CITY
Cities are being deployed with IoT-enabled smart devices in order to enhance i.e. vehicle to everything (V2X) connectivity, smart trash collection, crime management and other community services. These cities are integrated with information and communication technology (ICT) and various sensing devices in order to optimize the efficiency of smart city [58]. However, these devices are connected to internet that may prone to several security and privacy threats [58]. Following are the key challenges for smart city as reported in the literature.

2) BOTNET ATTACKS ON SMART CITIES
Smart city comprises of IoT-based smart devices that are more vulnerable to several security threats as these devices are designed with less security measures compared to mobile phones and computers. Thus, IoT botnet such as Mirai botnet, which targets several smart devices i.e. routers, surveillance cameras, printers, webcams causing DDoS attack in heterogenous IoT devices [59], [60]. Therefore, security experts should develop a comprehensive defense model in order to prevent such novel attacks [61].

3) DISCLOSURE OF PRIVACY
In order to achieve several objectives of smart city such as city planning, healthcare services, efficient transportation system and virtual reality, privacy plays an important role [62]. To avoid privacy leakage of sensitive information the unsecured communication between VR devices and information shared with third party, and data stored in IoT devices should be measured at each phase [63], [64].

4) AI INFLUENCE ON SMART CITY SECURITY
AI indispensable role cannot be ignored in current technological era. The rapid growth in artificial intelligence may permit attacker to build and train models in order to reveal sensitive information. For example, service providers and devices manufacturer may use machine learning and data mining models in order to extract and analyze device owner's information [65]. Though, hackers are getting intelligent in VOLUME 9, 2021 term of understanding machine-learning algorithms used in devices. Therefore, attacker could adopt targeted approach in order to deteriorate the training effect and reliability of algorithm [66].

5) INTRUSION DETECTION
Smart city could be secured if it has capability to detect mysterious activity on time. Conventional approaches such as intrusion detection system (IDS) is used to detect three aspects i.e. specification-based detection, misuse detection, anomaly detection [67]. However, such approaches fails to meet the requirements of IoT (heterogeneous) and complex smart city network because IoT devices comprised of low battery and computation power. Thus, there need to develop a lightweight intrusion detection model and intrusion prediction system (IPS) [68] for heterogeneous network in order to predict and prevent various attacks.

6) ROUGH NODE DETECTION
Smart cities comprised of several heterogenous IoT devices in order to achieve various objectives. However, malicious IoT node could be connected to IoT system in order to collect and exchange data from other devices. Rough node could cause user's privacy leakage and could send data to neighboring node to interrupt their behavior. Ma et al. [69] has proposed an approach that could detect rough node in Wi-Fi based network. However, these approaches are not enough in order to achieve the smart cities security.

7) BIG DATA POSE SECURITY THREAT
Increasing number of IoT devices connected to smart city will generate huge amount of data. However, these devices do not have potential to store and process data, therefore data generated by these devices need to be sent to cloud in order to process and analyze [70]. Thus, IoT devices do not have enough capability to encrypt and decrypt data that pose the integrity and authenticity of data as critical challenge [71].

8) SMART HOME
Conventional homes have been transformed to smart homes by permitting end users to control the digital home appliances i.e. lightning, air conditioner, locks, baby monitor that are directly connected to smart phones through internet, promising to ease the human life. However, these smart devices i.e. digital appliances, locks, air conditioner connected to public and private network introduce several security and privacy attacks. Recently, hackers have compromised household devices in order to carry out spam email attacks. We have reviewed the through literature and extracted several security and privacy threats as discussed below.

9) CONFIDENTIALITY, INTEGRITY, AVAILABILITY (CIA)
IoT-enabled smart devices must ensure that personal information should be kept private from unauthorized access. Generally, cryptographic algorithms are used to ensure data privacy from unauthorized access. Due to low power and computation of IoT devices there is a risk of malicious attacks and leakage of personal information, as advanced cryptographic techniques could not be employed [72]. On the other hand, integrity ensures that information should be secured during communication and should not be accessed by unauthorized nodes. Therefore, to ensure integrity several hash functions and digital signature techniques could be used, but still these techniques are not sufficient in order to maintain integrity [73]. Furthermore, these devices send data over the network and some malicious nodes may access the information that can deteriorates the users or device availability. Thus, this forged information may trigger a fire in the device that could lead to bring financial or life lose [74].

10) SECURE-AUTO CONFIGURATION
The smart world anticipated that several smart home appliances will be interconnected to home network. However, these devices need to be configured to home network repetitively and may prone to different security attacks. This could be tedious task for householder in order to manage these devices manually so external expert need to be called to control several security threats. Therefore, there is need to implement a secure auto-configuration approach in order to achieve the smart home security [75], [76].

11) IoT SOFTWARE AND FIRMWARE UPDATES
Several mobiles and desktop operating systems are regularly updating and configuring security threats automatically. However, IoT devices consisting of software and hardware are less in numbers and due to heterogeneous nature, firmware is not updated frequently that causes a variety of security threats [77]. Thus, firmware of IoT devices for smart homes need to be updated automatically in order to cope with novel security vulnerability, as there is lack of technical support [78]. Furthermore, in order to prevent tempering and to ensure the integrity and authenticity of updates, there is a need to implement a certificate based digital signature scheme [79].

12) DoS/DDoS
Smart home network could be compromised by attacker and permit them to send RTS (Request to send)/CTS (clear to send) messages in bulk. Thus, smart devices should be capable enough to stop these devices from receiving messages in bulk and deplete their resources [80]. Several approaches have been introduced such as rate limiting [81], null0 routing [82] in order to prevent Dos/DDoS, but these are not sufficient to achieve the security of smart homes.

13) INTERDEPENDENCE BEHAVIOR OF DEVICES
Various smart home devices connected each other in a network in order to achieve a particular objective, For example if the temperature or air condition increase and reach to threshold level detected by sensor then smart plug turn on the air conditioner or open the window if it is off. Though, system itself might not be hacked by attacker but they could change the behavior of other connected devices in order to breach physical security. This interdependence behavior of IoT smart devices is a critical challenge to achieve certain security level [83], [84].

14) TRESPASS
Several smart home devices could be compromised and permit attacker to trespass into home, which could be dangerous for life and property. For example, smart door lock could be hacked by malicious code or could accessed by unauthorized user [85]. Thus, attacker can trespass into the home without smashing door. However, various techniques could be used such as changing password frequently [86], but this could not be enough in order to achieve smart home security.

15) FALSIFICATION
Smart home devices communicate with application server in order to achieve services. Attacker could compromise the gateway routing table and could collect packets that will permit them to get confidential information [87]. However, SSL (secure socket layer) technique [88] is used, an attacker can bypass the forged certificate. Though, this technique is not enough to secure the smart home.

16) SMART HEALTHCARE
IoT devices are being developed in order to achieve smart healthcare objectives as these devices are widely used for monitoring and assessment of patient's health. Personal Medical Devices (PMD) are small sensing devices that are either planted internally or externally to patient's body in order to monitor patient's body condition. However, smart medical sensors are more prone to security threats. These devices require strong measure in order to ensure the security, privacy, integrity, confidentiality of patient's health record.

17) DEVICE HIJACKING
Smart medical IoT devices could be tampered by attackers that could be harmful for patient's health. Medical devices could also be hacked in order to steal personal information. A report revealed by TrapX [89], which interprets that most of smart medical devices are vulnerable to hijacking in different organizations i.e. blood gas analyzer and insulin pump etc. [90]. However, few researches have been conducted in order to prevent hijacking of sensors [90]. Though, there need to be developed a model in order to secure medical devices being hijacked.

18) DATA MODIFICATION
Medical devices planted internally or externally on patients' body could be intercepted by malicious nodes. However, these devices transmit data to cloud or to caregiver who could further analyze medical information in order to provide prescription, if data is altered by attackers it could be dangerous for patients' health [91]. Thus, data collected by (PMD) should be secured by attackers.

19) SECURE LOCALIZATION
Smart medical sensors support patient's movement in order to get the exact location of patient in emergency case. Location tracking system transmit location information using radio frequency, ultrasound, geo-positioning system or by some other techniques [92]. However, location could be altered by attackers if he/she could receive radio signal and analyze them, if the location information altered by attacker this could impede emergency services [93]. Thus, there is a need to develop secure location based algorithms in order to prevent location privacy.

20) TRUST MANAGEMENT
Trust is the main challenge for IoT industry while developing medical devices and sensors. In Behrouz et al. [94] define the trust as ''the degree to which a node should be trustworthy, secure, or reliable during any interaction with the node''. Patient could be very conscious in order to use medical devices as these devices contain their sensitive information about particular disease and could be revealed by attackers [95]. Therefore, trust management approach is needed in order to detect the degree of trust of a device.

21) FORWARD AND BACKWARD SECRECY
Smart IoT devices are evolving day by day as new invention comes into existence. Therefore, old medical devices or sensors replaced by innovative one if old one is failed to work properly. Thus, old medical device should not be able to read transmitted message if it is linked with new network [96]. It could be stolen by attackers so he/she could use for malicious purpose [97]. Similarly, new deployed device should not read the previous information [97]. A robust approach needs to address such issues.

22) SMART WEARABLE IoT
Smart devices can be worn on human body in order to monitor and analyze person's activities. These devices include smart watches, smart glasses, wristbands or jewelry items. Wearable devices are defined by six main characteristics, which are un-monopolizing, unrestrictive, observable, controllable, attentive and communicative [3]. However, these resourceconstrained devices pose several security threats, which could reveal personal private information.

23) UNSECURE COMMUNICATION VIA BLUETOOTH OR ZigBee
In order to monitor and send collected data from several sensors to smart phone, smart wearable devices transmit data via short-range wireless communication technology such as Bluetooth, ZigBee [98]. However, attacker could exploit the bug in the devices to get access to locally stored data [98]. For example, attacker could use sniffers to extract unauthorized data while smart devices broadcast secret information to phone [99]. Thus, there could be a loss of secret information or life. VOLUME 9, 2021

24) STOLEN DEVICE MAY COMPROMISE SECURITY
Wearable IoT devices carrying personal secret information could be stolen or lost. The stolen or lost smart devices could compromise the confidentiality, integrity and availability if it has fallen into attacker's hand [100]. These smart devices come without any built-in security mechanism and store data without any encryption [100]. Thus, personal data and secret information could be revealed.

25) LACK OF AUTHENTICATION AND AUTHORIZATION
Smart devices come without any built-in security mechanism and these devices store data locally without any encryption method [101]. Beside this, there need to ensure data integrity, confidently and other security services as HP study [102] revealed that 30 percent of smart watches are vulnerable of security issues. Furthermore, strong cryptographic algorithm could not be implemented because these devices are resource constrained [103]. The list of investigated challenging factors are enlisted in Table 4.
As the aim of this study is to develop a prioritization based taxonomy of the identified IoT challenging factors. Though, to develop the hierarchy structure of the research problem of this study, we mapped the identified list of challenges into core domain of IoT i.e. ''smart home'', ''smart city'', ''smart healthcare'' and ''IoT wearable's''. All the authors of this study participated and classified the identified list of challenges in the core domains of IoT using the coding scheme [104]. All the steps of coding scheme i.e., ''code,'' ''sub-categories,'' ''categories'' and ''theory'' were carefully performed. The mapped challenging factors against each knowledge area is given in Figure 5.

B. RESULTS OF EMPIRICAL STUDY
The main objective of this empirical study is to get opinions of industrial experts in terms to get their insight regarding the identified challenge and their core categories. The collected responses were summarized into three core categorize that include positive ''agree, and strongly agree'', negative (disagree and strongly disagree) and neutral. The responses of positive category refers to the survey respondents who are agree with as the identified challenges have negative influence on IoT paradigm. The results of negative category shows that the identified challenges do not have negative influence on IoT paradigm. Moreover, the neutral category shows that participants are not sure about the effect of identified challenge on IoT. The summarized detail of survey respondents is given in Table 5.
The responses of survey participants are analyzed using the frequency analysis approach and the summarized results are presented in Table 5. The results shows that C7 (Confidentiality, Integrity, Availability (CIA), 94%) is declared as the highest scored challenging factor for secure IoT. IoT-enabled smart devices must ensure that personal information should be kept private from unauthorized access. Generally, cryptographic algorithms are used to ensure data privacy from unauthorized access. Due to low power and computation of IoT devices there is a risk of malicious attacks and leakage of personal information, as advanced cryptographic techniques could not be employed [73]. On the other  hand, integrity ensures that information should be secured during communication and should not be accessed by unauthorized nodes [74]. We further noted that C1 (Botnet attacks on Smart Cities, 90%) and C2 (Disclosure of Privacy, 80%) are declared as the second and third most important challenges for secure IoT.  The results of negative category renders that C11 (Interdependence behavior of devices, 36%) is declared as the highest reported challenging factor in negative category. This indicated that 36% of the survey participants are not agree with the negative impact of C11. We also noted that C8 (Secure-auto configuration, 24%) and C9 (IoT Software and Firmware updates, 24%) are declared as the 2 nd highest reported challenges in negative category.

C. APPLICATION OF FUZZY ANALYTICAL HIERARCHY PROCESS (FAHP) FOR PRIORITIZING THE COSD CHALLENGES
To determine the priorities of identified challenges and their categories, we applied the fuzzy-AHP approach. All the adopted steps of fuzzy-AHP are performed in the sub-sequent sections: Step-1 (Proposed Hierarchy Structure of Identified Challenges and Their Categories): In order to perform the fuzzy-AHP, firstly, we have develop a hierarchy structure of the challenges by following the Figure 3. The hierarchy structure is based on the mapping of identified challenges in the core areas of IoT (section3.3). The key objective of the study problem is mentioned on top level and the sub-categories and their respective challenges are presented on level-2 and level-3, respectively ( Figure 6). The developed hierarchy helps to perform the fuzzy-AHP analysis which is presented in the following steps.
Step-2 (Conducting the Pairwise Comparison): The purpose ''of this study is to prioritize the identified challenging factors and their categories concerning their significance for the secure IoT. To perform the pairwise comparison (for fuzzy-AHP analysis), we have developed a questionnaire and contacted respondents of the first survey. A total of 28 responses were received from the survey participants. All the responses were manually reviewed to check for incomplete data. We found that all the 28 responses were complete. A sample of the pairwise questionnaire survey (second survey) is given in Appendix-B. Small sample size can be one potential issue with application of fuzzy-AHP analysis. However, a number of existing studies have used similar dataset to perform the AHP analysis [105]- [108]. For example, Shameem et al. [109] conducted an AHP analysis to prioritize the influencing factors of distributed agile software development based on the responses collected from five experts. Similarly, Cheng and Li [107] prioritize the success factors of construction partnering by considering the data collected from nine experts. Lam and Zhao [108] conducted a survey study with eight experts to investigate the influencing factors of teaching quality. Moreover, Cheng and Li [107] conducted an AHP analysis for the selection of intelligent buildings system by considering the responses collected from nine experts. Therefore, we have performed FAHP analysis by considering the data collected from 31 experts which is acceptable sample size for generalizing the results of this study.'' The data collected via the ''fuzzy-AHP survey were transformed in geometric mean to evaluate the pairwise comparison of the COSD challenges and their respective categories. The geometric mean is useful to transform the expert's judgments into TFN numbers; the formula used to apply the geometric mean is given below:'' Geometric mean = n √ a1x a2 × a3 . . . . . . . . . an a = Weight of each response n = Number of responses (17) Linguistic variable against their triangular fuzzy Likert scales is given in Table 6. To develop the pairwise comparison matrixes of the investigated challenges and their categories; the triangular fuzzy conversion scale (Table 6), proposed by Bozbura et al. [110] was adopted.''

Step-3 (Calculating the Local Priority Weight of Each Success Factor and Their Respective Categories: A Numerical Example):
The priority vector of each main category of challenges is listed in Table 7. Local Priority Weight (LPW) of all the main categories of the factors were calculated using Equation 3. First, the synthetic extent values of four categories, i.e. Organizational Management, process, technology, and coordination in were determined, and the priority weight of each category was calculated using Equation 4. We have provided the calculation of priority weight for all the categories of the challenges as,  Therefore, ''the weight vector was determined as W = (1, 0.030019, 0.69836, 0.36405) ( Table 8). When these values were normalized, the importance of attributes were calculated as W = (0.4789, 0.01435, 0.3337). The given results reveal that organizational management is the most significant category as it has highest priority weight as compared to the other categories of the challenge factors.'' Step-4 (Test the Consistency of the Pair-Wise Matrix): In this section, ''we presented a step-by-step calculation of the procedure followed to check whether a given pairwise matrix is consistent or not. For this, we have considered the Table of Categories (Table 9). A triangular fuzzy number of the pair-wise comparison matrix of the main categories are defuzzified to crisp number using Equation 14 and obtained the corresponding Fuzzy Crisp Matrix (FCM) as shown in Table 9:'' The largest Eigen vector (λ max ) ''value of the FCM matrix is calculated by calculating the column sum of each column of FCM matrix (Table 9) and then divide each element of FCM matrix by column sum. Moreover, the priority weight is calculated by taking the average of each row, as shown in Table 10.'' where, Cj = sum of the columns of Matrix [C] (Table 7), W = weight vector (  Based on ''the calculation, the largest Eigen value (λmax) of the matrix FCM is 4.1067. The dimension of FCM is 4. Therefore n = 4 and the Random Consistency Index (RI) is 0.9 for n = 4 (Table 3). Therefore, equation 15 and 16 are used to calculate the consistency index and consistency ration as follows: The calculated value of CR is 0.039503<0.10; therefore, the pairwise comparison matrix developed for the categories of success factors is consistent and acceptable. Similarly, the consistency ratio for all the categories are checked, and the results along with pairwise comparison are given in Table 11 to 14.'' Phase 5 Determining the Ranking of the Success Factors: The summarized weights and their corresponding rankings are given in Table15. The local rank (LR) of each challenging factor was calculated considering the determined weight of each challenge within their respective category. For example, the first category (smart city) contains six challenges and out of them C3 (AI influence on smart city security, LW = 0.420) is standout as the highest priority challenge for IoT paradigm. We further noted that C1 (Botnet attacks on Smart Cities, LW = 0.378) and C5 (Rough Node Detection, LW = 0.201) are standout second and third most significant challenging factors within Smart City category, respectively. By using the same method the local ranks of each challenging factors and their corresponding categories were determined (Table 15). The local ranks indicates the priority order of a challenging factor within their respective categories. The local ranking server as a knowledge base for real-world experts to consider the highest ranked challenges with respect to their job designation and interest.
Moreover, to get the impact of each identified challenge on overall IoT paradigm, we determined the global weight (GW). Using the GW, the global ranks for each challenging factor was determined. The global rank was determined by multiplying the local weigh of a factors with its category weight. For example, the GW of C1 = LW of C1 × category weigh (i.e. Smart City); GW of C1 = 0.378 × 0.37938 = GW = 0.1434. Based on the rankings of all the challenging factors it is found that C1 is standout at the 2 nd most priority challenging factor compared with all the other 20 challenges. Likewise, the global ranks for each challenging factor was determined and the results are given in Table 15. The results shows that C3 (AI influence on smart city security, GW = 0.1593) is declared as the top ranked challenging factor for the secure IoT. The results shows that C15 (Data modification GW = 0.0943) and C18 (Forward and backward secrecy, GW = 0.0881) are declared as the third and fourth most priority challenge factor for secure IoT.      and the determined ranks ( Figure 7). The developed taxonomy present the impact of each particular challenge within their category and globally (compared with all the identified challenges). For example, C3 (AI influence on smart city security), C1 (Botnet attacks on Smart Cities) and C15 (Data Modification) are declared as the 1 st , 2 nd and 3 rd most priority challenges. We noticed that C3 (AI influence on smart city security) and C1 (Botnet attacks on Smart Cities) are belongs to 'Smart City' category and their local ranks also stand similar with global ranks; but, C15 (Data Modification) belongs to 'Smart Healthcare' and it is stand as 1 st with respect to local ranking and 3 rd in global ranking. Similarly, C18 (Forward and backward secrecy) declared as 2 nd ranked in with respect to local ranking and 4 th by considering the global ranking. The prioritization based taxonomy presents the impact of each enlisted challenge with respect their impact within the category and fore overall study objective. We believe that the developed prioritization based taxonomy will help to both academic researchers and industry experts to consider the most important set of challenges and their categories for the progression of secure IoT paradigm.

V. DISCUSSION AND SUMMARY
The basic objective of this study is to explore, classify and to prioritize the factors that could negatively impact the security and privacy in IoT paradigm. The objective of this study is meet in three different steps, firstly, the literature review study was performed to explore the challenging factor, reported by the researchers. Secondly, the findings of the literature study was further verified with experts via questionnaire survey study. Finally, the identified challenges were prioritized by applying the fuzzy-AHP approach. To address the objective of this study, three research questions has been developed, and the summary is presenting below: A. RQ1 (What ARE THE IMPORTANT CHALLENGING  FACTORS TOWARDS THE SECURE IoT PARADIGM  REPORTED IN THE LITERATURE  In first phase of this study, we have performed the literature review and explore the factors that could hinder the security and privacy of IoT. During literature review, we have identified a list of 21 challenges that are critical for the for IoT paradigm. As the ultimate aim of this study is to develop a prioritization based taxonomy of the IoT challenging factors. Though, the identified challenges were further mapped in the core domain of IoT i.e. smart city, smart home, smart healthcare and smart wearable's. The key objective of mapping the investigated challenges into core domain of IoT is to develop a hierarchy structure in which the main objective of the study is presented on level-1, the alternative (core domains) and sub-alternatives (challenges) are presented at level-2 and 3, respectively. In order to verify the identified challenges and their mapping process, we further conducted the questionnaire survey study with experts. During questionnaire survey study, a total of 50 complete response were collected. The collected responses were analyzed using the frequency analysis method and the results indicated that the enlisted IoT challenging factors and their categories are related to the real-world industry practices. The final step of this study is to perform the fuzzy-AHP process aiming to prioritize the investigated challenging factors and their respective core categories with respect to their criticality to IoT security and privacy. To perform the fuzzy-AHP, we have performed the pairwise comparison approach with the experts aiming to get their opinions regarding identified challenges. By carefully applying all the steps of fuzzy-AHP, we have calculated the priority ranks of each challenging factor.
For example, C3 (AI influence on smart city security), C1 (Botnet attacks on Smart Cities) and C15 (Data Modification) are declared as the 1st, 2nd and 3rd most priority challenges. We noticed that C3 (AI influence on smart city security) and C1 (Botnet attacks on Smart Cities) are belongs to 'Smart City' category and their local ranks also stand similar with global ranks; but, C15 (Data Modification) belongs to 'Smart Healthcare' and it is stand as 1st with respect to local ranking and 3rd in global ranking. Similarly, C18 (Forward and backward secrecy) declared as 2nd ranked in with respect to local ranking and 4th by considering the global ranking. The prioritization based taxonomy presents the impact of each enlisted challenge with respect their impact within the category and fore overall study objective.''

VI. THREATS TO VALIDITY
The literature survey data ''were collected using the informal review approach and there is chance of missing some relevant data because of not formally conducting the review process. It might be threat to the internal validity of the study findings. We tried to eliminate this threat by following the snowballing data sampling approach in order to identify the most related published studies for the literature survey. Moreover, the same data collection approach has been adopted in different other research studies to identify and classify the factors [109], [111]. The empirical data were collected from 50 survey participants because of lack of resources, time and physical approach to the targeted population. The given data sample might be small to validate the identified challenging factors and their conceptual mapping. However, we consider the data samples of different other published software engineering studies, where the data were collected from 54 [112], 81 [113] and 35 [114] survey respondents. Construct validity refers to know the extent at which the survey study measures the targeted variables based on the survey scale. In this study, the survey questionnaire was developed based on the identified challenges (variables) and it was evaluated by collecting and analyzing the data from the experts. The survey results revealed that most of the respondents were agree to consider the identified challenges are critical for the security and privacy of IoT. There is possible threat of statistical conclusion validity, because the content of the survey questionnaire has been developed by the authors based on the literature findings. However, the pilot evaluation study was conducted with the software engineering experts in order to ensure the structure of the survey instrument, sampling procedure and survey assessment scale.''

VII. STUDY IMPLICATION
The findings of the study provides the state-of-the-art and state-of-the practices factors that could influence the IoT paradigm concerning to security and privacy. The literature review study was conducted to explore the list of challenges that could hinders the security and privacy of IoT paradigm; VOLUME 9, 2021 and the questionnaire survey study present the impact of identified challenges and their core categories. The investigated list of challenging factors serve as a body of knowledge for academic researchers and industry experts with respect to the factor hinder the security and privacy of IoT paradigm.
Moreover, using the fuzzy-AHP approach, the identified list of challenges and their core categories are ranked with respect to their criticality for the security and privacy of IoT paradigm. The study provides a prioritization based taxonomy considering the challenges, their core categories and local and global ranks. The developed taxonomy serve as a framework for industry experts to focus on the most critical areas for secure IOT.

VIII. CONCLUSION AND FUTURE DIRECTIONS
Currently, the Internet of things (IoT) is an increasingly adopting phenomena. IoT providing the ways to ease the human life by sharing data in seamless manner. The current available smart devices are promising level of comfort, efficiency, and automation for users. Thus, present is witnessed the vast use of smart devices in cities, industries, agriculture and healthcare sectors. However, Smart resource facing the critical problem and the security and privacy is one of them.
Considering the significance of security and privacy parameters in IoT, we are motivated to explore and analyses the factors that could have negative impact on security and privacy of IoT. Therefore, via literature review, a total of 21 challenging factors has been identified. The identified list of challenges were further classified in the core domain of IoT that include i.e. smart city, smart home, smart wearable's and smart health care. Moreover, the questionnaire survey study was conducted with the experts aiming to get the perceptions of experts concerning to the identified list of challenges form literature review and their mapping in core categories of IoT. The questionnaire survey results shows that the identified list of challenges and their categories are related with real-world practices.
Furthermore, the fuzzy-AHP approach has been applied to fix the multicriteria decision making problems. Based on the expert's opinions in pairwise comparisons, all the steps of fuzzy-AHP has been applied and local and global ranks for each challenging factors was determined. The results indicated that C3 (AI influence on smart city security), C1 (Botnet attacks on Smart Cities), C15 (Data Modification), C18 (Forward and backward secrecy) and C21 (Lack of authentication and authorization) are declared as the top five ranked challenging factors for secure IoT. Using the list of identified challenges, their mapping in core IoT domains and the fuzzy-AHP analysis; this study contributed by providing a prioritization based taxonomy that will assists the practitioners and researchers to consider the high impact challenging factors concerning to the secure IoT.
In future, we will expand this study by conducting the multivocal literature review and will identify the success factors and additional challenges of secure IoT. In addition, we will conduct case studies with experts to collect the best practices for secure IoT. Based on the empirical findings, we will develop the guidelines that will assists the industry experts for the progression of secure IoT paradigm.