Security and Privacy for Green IoT-Based Agriculture: Review, Blockchain Solutions, and Challenges

This paper presents research challenges on security and privacy issues in the field of green IoT-based agriculture. We start by describing a four-tier green IoT-based agriculture architecture and summarizing the existing surveys that deal with smart agriculture. Then, we provide a classification of threat models against green IoT-based agriculture into five categories, including, attacks against privacy, authentication, confidentiality, availability, and integrity properties. Moreover, we provide a taxonomy and a side-by-side comparison of the state-of-the-art methods toward secure and privacy-preserving technologies for IoT applications and how they will be adapted for green IoT-based agriculture. In addition, we analyze the privacy-oriented blockchain-based solutions as well as consensus algorithms for IoT applications and how they will be adapted for green IoT-based agriculture. Based on the current survey, we highlight open research challenges and discuss possible future research directions in the security and privacy of green IoT-based agriculture.


I. INTRODUCTION
The Internet of Things (IoT) has been applied in many areas, such as smart farming [1], smart home [2], wearables [3], smart city [4], connected health [5], connected car [6], connected drones [7], among other areas. The IoT allows physical objects to communicate together, share information and coordinate decisions. The IoT transforms traditional objects into intelligent objects by exploiting its enabling technologies such as communication technologies, Internet protocols, application, and sensor networks [8], [9].
The global smart agriculture market is expected to reach $15.3 billion by the end of 2025 compared to $5 billion in the year 2016 [10]. Smart agriculture will become an important IoT application area in agri-products exporting countries. Recently, the IoT application has been deployed for smart The associate editor coordinating the review of this manuscript and approving it for publication was Jun Wu . agriculture using wireless sensor networks (WSNs) such as irrigation sensor network [11], prediction of frost events [12], precision soil farming [13], blind entity identification [14], smart farming [15], and precision agriculture [16].
To develop a green IoT-based agriculture solution, there are six main challenges, including, hardware, data analytics, maintenance, mobility, infrastructure, data security, and privacy [17]. The hardware challenges concern the choice of sensors and meters for IoT devices. Therefore, there are various kinds of sensors types that can be used in IoT application (e.g., temperature sensor, proximity sensor, pressure sensor, water quality sensor, chemical sensor, gas sensor, humidity sensor...etc.). The data analytics challenge concern the application of predictive algorithms and machine learning (e.g., deep learning approaches) in IoT data to obtain a nutritive solution for smart agriculture. The maintenance challenge concerns regular sensors checks of all IoT devices since they can be easily damaged in the agriculture field. The mobility VOLUME 8, 2020 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see http://creativecommons.org/licenses/by/4.0/ challenge concerns the type of wireless communication (e.g., 4G, 5G, WiFi, 6LowPan, LoRa) that can connect sensors distributed over a large area in the agriculture field. The infrastructure challenges concern the installation and development of IoT networking architecture using new technologies such as fog computing, cloud computing, network virtualization...etc. The main problem in the development of green IoT-based agriculture is not located at the physical support but mainly in reassuring both security and privacy. With the adaption of green IoT-based agriculture, an adversary may find more ways to penetrate into the system (e.g., via a false data injection attack), raising new security and privacy issues and asking for more secure communications in the smart agriculture filed. According to Cha et al. [18], privacy-enhancing technologies in IoT application can be classified into seven categories, including, enforcement, control over data, personal data protection, anonymization or pseudonymization, partial data disclosure, anonymous authorization, and holistic privacy preservation. Therefore, security requirements [19] in IoT application can be classified into authentication, confidentiality, non-repudiation, integrity, and access control. These security and privacy requirements should be achieved by the security protocols for green IoT-based agriculture.
There are related survey papers [9], [20]- [23] that focused on various aspects of IoT-based agriculture, as presented in Tab. 1. Brewster et al. [20] presented a review on developing IoT-based large-scale pilots in agriculture. Ray [21] presented a systematic survey that covers the IoT deployment for improved farming. Recently, the surveys [22], [23] discussed the fundamental structures of IoT and its impact in the field of green IoT-based agriculture. However, these surveys are very limited regarding research challenges on security and privacy.
In the literature, there are different related surveys that deal with IoT security. As shown in Table 2, we classify the IoT security surveys with respect to the following criteria: • Threat model: It indicates whether the survey considered the threats against the IoT network.
• Security & Privacy: It indicates whether the survey focused considered the security and privacy countermeasures to protect the IoT network.
• Blockchain: It indicate whether the survey considered bloackanin-based solution for IoT security.
• Target IoT application: It indicates whether the survey focused on specific or general IoT applications. Most of the IoT security surveys [24]- [31] describe the required security and privacy countermeasures and target without focusing on any particular application. Some of them restrict their covered countermeasures to IoT security taxonomy [26], IoT frameworks [27], [30], security communication protocols [24], [25], or trust-based solutions [31]. Some of the surveys describe the threat models that could comprise the security of IoT networks [26], [28], [29], [31]- [33]. Recently, blockchain-based solutions for IoT security have attracted more attention in [29], [34]- [36]. Kouicem et al. [35] present their security solutions and blockchainbased security solutions with respect to five IoT applications: Smart Grid, EHealth, Transportation, Smart city, and Manufacturing. Other surveys focused on industrial IoT [32], Smart Grid [37], or Smart Home [34]. To the best of our knowledge, our survey is the first that thoroughly covers threats models, secuirty and privacy countermeasures, blockchainbased solutions for IoT security, and focuses only on Green IoT-based agriculture applications.
Our contributions in this work are: • We present a four-tier green IoT-based agriculture architecture.
• We present the threat models against green IoT-based agriculture and provide a classification into five categories, including, attacks against privacy, authentication, confidentiality, availability, and integrity properties.
• We review the security and privacy solutions for IoT applications and how they will be adapted for green IoTbased agriculture.
• We analyze the privacy-oriented blockchain-based solutions for IoT applications and how they will be adapted for green IoT-based agriculture.
• We provide the consensus algorithms for blockchainbased solutions and how they will be adapted for green IoT-based agriculture.
• We emphasize the security and privacy challenges solutions for green IoT-based agriculture. The rest of this paper is organized as follows. Section II presents the four-tier green IoT-based agriculture architecture. In Section III, we present the threat models against green IoT-based agriculture and provide a classification into five categories. In Section IV, we provide the new trends of security and privacy solutions for green IoT-based agriculture. In Section V, we clearly highlight the pros and cons of the existing privacy-oriented blockchain-based solutions. Then, we discuss the security and privacy challenges solutions in Section VI. Lastly, Section VII presents conclusions. 32032 VOLUME 8, 2020

II. GREEN IoT-BASED AGRICULTURE
Smart agriculture based on IoT technology has enabled farmers to improve crop yields, optimize irrigation efficiency, and reduce farming costs. It is an intelligent agricultural solution combining agriculture with modern information technology. The IoT technology has contributed to the emergence of the three aspects: • Precision agriculture : is a technology which uses advanced technology to improve crop yield, among them, Wireless Sensor Network (WSN) is the main driver for the development of it [40]. It effectively reduces the potential risks in the production process and helps farmers making accurate and controlled farming practices by deploying a large number of low-power, multi-function, wireless communication sensors in environments (such as fields and open poultry and livestock breeding) and collecting relevant data in agricultural production (such as environment data, crop growth data, livestock health data [41]- [44]). The main modern information technology used in precision agriculture is ''3S'' technology, including Remote Sensing (RS), Geographic Information System (GIS) and Global Positioning System (GPS). The most remarkable application of GPS in precision agriculture is agricultural drones, they are used in the agriculture industry to enhance the different farming practices [45]. The ground and aerial drones are used for assessment of crop health, crop monitoring, planting, crop spraying, and field analysis. Furthermore, with the integration of IoT and ''3S'' technology in open poultry and livestock breeding, it is possible to collection information about the location and health of cattle by attaching sensors to them, which allows to identify sick cattle and isolated them. The farmers can also reduce time and effort needed to locate their animals [46]. Generally, Precision agriculture constructs an expert decision system for agriculture production management to replace the subjective traditional agricultural production management method, thereby, (1) reasonable using of pesticides to reduce environmental pollution; (2) improving the efficiency of agricultural irrigation and reducing the waste of resources; (3) Planting crops in an environment suitable for their growth, improving the land usage; (4) analyzing the growth law of crops and livestock, maintaining their best growth state and greatly improving the output and quality of agricultural products.
• Facility agriculture : is an industrialized agricultural production mode that aims at good quality and high yield, belongs to a high-input, high-output, capitalintensive, technology-intensive and labor-intensive industry [47]. It provides a crop production protection facility created by engineering technology to achieve the goal that agricultural production is not restricted by environmental factors and automatic and efficient; frees traditional agriculture from the shackles of nature; breaks the seasonal characteristics of traditional agricultural products; meets the multi-level consumption demand derived from social development [48]. Facility agriculture can be divided into facility horticulture and farming in terms of types, they mainly use biotechnology, engineering, meteorological environment, IoT, computer technology and other technologies. Its core lies in the prediction model and decision management control system based on the historical data collected by IoT sensors. Facility agriculture has become a mainstay industry in some developed countries such as America, Netherlands and Japan, the most prominent example is the intelligent greenhouse. IoT sensors can be used to automatically monitor and control the internal climate parameters of the greenhouse [49]. The sensors collect and transmit real-time data to the farmer. If the values of parameters deviate from normal condition, some actions like automatic irrigation can be performed without, which helps in reducing the labor cost as no human intervention is needed. Aquaculture, poultry and livestock farming are similar with it, the difference is different environment factors require deployment of different IoT sensors and set up specific computer control cultivation schemes. The current development goal of facility agriculture is intelligent plant factory, it enables continuous and efficient crop production under fully enclosed and intelligent control conditions. Moreover, it frees crop growth from geographical constraints, shortens the production cycle of agricultural products and improves product quality and yield. It is one of the symbols of the combination of agriculture and industry, and also the development direction of agriculture in the future.
• Contract farming : is a new model of agricultural production and management. With the advancement of Urbanization in the world, the gap between rural and urban development is gradually widening. According to the statistics, 80% of the extreme poor and 75% of the moderate poor live in rural areas [50]. Relatively backward agricultural infrastructure, hidden dangers in the quality and safety of agricultural products and information isolation in agricultural products trading are the main reasons. To solve these problems, contract farming emerges as the times require. It outsources the production demand of some agricultural products to farmers in advance through customers, reduces the planting and breeding risks of growers and avoid blind production, is an effective market-oriented production and marketing model [51]. Contract farming includes supply chain management of agricultural products, traceability of agricultural products safety, agricultural products trading system, agricultural products logistics and the like. The IoT technology has been used in tracking the food supply chain (i.e., farm-to-fork traceability) [52]. For example, it has been employed to provide information about the product to the final consumer [53]. An IoT framework is proposed in [] to assess the freshness of fruits in e-commerce deliveries. In [54], IoT is used to monitor food safety throughout the product life cycle, in order to help consumers in making better purchase decisions. In [55], an early-warning system, which monitors food safety and warns about deterioration of product quality, is proposed. An IoT-based monitoring system is developed in [56] to provide geo-location information about food storage and transportation. Fig. 1 illustrates the four-tier green IoT-based agriculture architecture, which is based on the following four layers: 1) Agriculture sensors layer; 2) Fog layer; 3) Core layer; 4) and Cloud layer. The layers are discussed as follows:

A. AGRICULTURE SENSORS LAYER
This layer consists of IoT-enabled devices (e.g., sensor nodes, smartphones, ...etc.) equipped with Global Positioning System for creating different types IoTs for smart agriculture, including, IoTs for field agriculture, IoTs for the greenhouse, IoTs for the photovoltaic farm, IoTs for the solar insecticidal lamp, and others. Therefore, the integration and adaptation of IoT devices into various levels of agriculture aim to provide two goals. The first goal is to provide the reliability of manufacture as well as the distribution of the nutrient solution. The second goal is to provide better control in term of consumption, which gives the costs low and reduces losses in term of solution. In addition to the economic impact, the environmental impact will be significantly reduced. The farmer in the green IoT-based agriculture uses a digital control system (e.g., Supervisory Control And Data Acquisition (SCADA)) for process control to meet agriculture control requirements.
To integrate IoTs for greenhouse, we propose the sensor and meters nodes for each equipment as follows: • IoT devices for the water pumping system which takes into consideration the surfaces to be irrigated, the pressures to be expected, and the flow rates of drippers.
• Water meters for water storage in order to show real-time updates.
• IoT devices adapted for each filtering equipment (e.g., sand filter) which takes into consideration the physical properties of water as well as drippers.
• Fertilizers meters for the storage and injectors of fertilizers (e.g., NPK fertilizers) in order to provide real-time updates.
• IoT devices for controlling the pH and electrical conductivity to meet the desired value in term of nutrient solution.
• Small solar panels with IoT sensors for controlling moisture levels and temperature.
These IoT devices and meters communicate via 5G cellular and satellite communication networks with the fog computing layer.

B. FOG COMPUTING LAYER
Since some agriculture IoT data need to be processed closer to IoT devices and meters, the fog computing layer is proposed especially for this task, which can significantly reduce the processing time. This layer is also termed as Edge computing layer. The fog nodes receive agriculture IoT data via geodistributed devices that are managed in a distributed network, including, access points, gateway, router, and switch. The fog computing layer provides several advantages, such as reduces the traffic overhead and reinforcement of agriculture IoT data security [57]. Therefore, there are three hierarchical architectures [58] that can be used for fog computing layer in the green IoT-based agriculture. The first hierarchical architecture is three-tier (including, Tier 1-Things/End Devices, Tier 2-Fog, Tier 2-Cloud), which is the basic architecture of fog computing. The second hierarchical architecture is fourtier combined fog-cloud architecture [59]. The last hierarchical architecture is based on Software-Defined Networking (SDN) [60].
For example in the IoT use case in greenhouse, the nutrient solution can be processed and calculated at the fog computing layer. This nutrient solution uses the IoT data (e.g., the composition of water, temperature, and humidity) captured from the agriculture sensors layer.

C. CORE NETWORK LAYER
The core layer is responsible for the transport of data over green IoT-based agriculture from fog computing layer to cloud computing layer. This layer is also termed as the foundation or backbone network. To ensure that packets are securely routed over the network, the core layer includes high-speed cables (e.g., fiber optic cables) and highend switches (e.g., Cisco switches 12000) [61]. In addition, the core network layer is responsible for routing by delivering a strategies-based network interconnection such as strategy of QoS, strategy of control broadcast and multicast...etc.

D. CLOUD COMPUTING LAYER
This layer is a centralized system consists of data centers and traditional cloud servers, which they have sufficient computing resources and sufficient storage. The cloud computing layer is responsible for delivering storage, data access, and synchronization [62].

III. THREAT MODELS
Generally, the classification of attacks for IoT application is done using the following two criteria: 1) Internal or external and 2) Passive or active, as discussed in [19]. Therefore, according to the property that the attack trying to compromise nodes in green IoT-based agriculture (i.e., IoT devices, Fog nodes, and Cloud nodes), we classify the threat models into the following five main categories, attacks against privacy, authentication, confidentiality, availability, and integrity properties, as presented in Fig. 2.

A. ATTACKS AGAINST PRIVACY
This category of attacks is based on learning the precise location and identity of IoT devices at agriculture sensors layer to get privacy data and compromise the privacy of the system. In green IoT-based agriculture, the IoT data (e.g., the composition of water, temperature, and humidity) is collected multiple times per hour by IoT devices and smart meters at agriculture sensors layer to obtain fine-grained information about the plants status and improve nutrient solution efficiency. The detailed analysis of this IoT data may easily reveal farmers' physical activities and the nutrient solution adopted. For example, in pH settings, if the pH rises excessively indicates that the farmer will increase the ammonium supply, and if the pH falls indicates that the farmer will reduce the ammonium supply. Using this information, an adversary can plan physical attacks (e.g., sending a drone) to disrupt pH settings. Obviously, this private information (i.e. pH settings) must be protected from unauthorized access.

B. ATTACKS AGAINST AUTHENTICATION
This category of attacks forges identities to impersonate as authorized nodes (i.e., IoT device, fog node, or cloud node) in order to gain access to the green IoT-based agriculture. For example, an adversary may lunch the following identitybased attacks for forge identities, namely, replay attack, masquerade attack, spoofing attack, and impersonation attack.
• A replay attack takes place in the form of man-inthe-middle attack (MITM). Its objectives in the green IoT-based agriculture are to intercepting data packets between IoT devices or an IoT device with an access point at agriculture sensors layer and then relaying them to their destinations without modification. The authentication protocols for securing IoT networks use three techniques against replay attacks, namely, pairingbased cryptography, hash functions, and timestamp in the encrypted data, as discussed in [19].
• A masquerade attack aims to masquerade as a legitimate node to log into the server at agriculture sensors layer (i.e., log into the access point) or fog computing layer (i.e., log into the fog node). The authentication protocols for securing IoT networks use three techniques against masquerade attacks, namely, 1) behavioral features-based biometric (e.g., keystroke, signature, gait, or voice), 2) human physiological-based biometric (e.g., fingerprint palm, electrocardiogram, eyes, or face), 3) hashing functions, 4) Elliptic curve cryptosystem, and 5) pairing-based cryptography [63].

C. ATTACKS AGAINST CONFIDENTIALITY
This category of attacks attempts to adversarially eavesdrop the network traffic between IoT devices or an IoT device with an access point at agriculture sensors layer so as to mislead the green IoT-based agriculture to compromise the confidentiality and make wrong decisions/actions. For example, an adversary may lunch the following Eavesdroppingbased attacks to compromise the confidentiality, including, tracing attack, brute force attack, and known-key attack.
• A tracing attack aims to collect enough privacy information from IoT devices at agriculture sensors layer to link data with a particular real identity. To resist this attack, security solutions based on random numbers in commitments and proofs ought to be developed [64].
• A brute force attack aims to produce a list of all possible passwords that can be used by IoT devices at agriculture sensors layer, then to exhaust them one by one until the correct password can be identified [65].
• A known-key attack aims to generate new session keys based on compromising past session keys. To resist this attack, security solutions that integrate random nonce in session key ought to be developed.

D. ATTACKS AGAINST AVAILABILITY
This category takes the form of Denial of Service (DoS) attacks. Its goals are to make the services in green IoT-based agriculture (e.g., authentication for IoT devices) are unavailable either by (1) flooding servers with a huge amount of data to make it busy and unable to provide a service to IoT devices; (2) updating with false data injection attacks; or (3) attack on accurate localization for UAV with a malicious 5G station.

E. ATTACKS AGAINST INTEGRITY
This category of attacks implies an unauthorized party to accessing and modifying private information (e.g. pH settings). Under this category, we can find the following attacks: forgery attack, man-in-the-middle (MITM) attack, biometric template attack, and trojan horse attack. To resist this attack, the data aggregation schemes based on homomorphic encryption and hash functions ought to be developed. Table 3 summarizes research for security and privacy solutions for IoT applications and how they will be adapted for green IoT-based agriculture.

A. PRIVACY-PRESERVING SOLUTIONS 1) PRIVACY-PRESERVING DATA AGGREGATION
During running the aggregation at the network edge in green IoT-based agriculture, the fog devices cannot see each green product data. The privacy-preserving data aggregation solution is very important to protect each green IoT device's data.
To resist against inject false data, Lu et al. [70] proposed a lightweight privacy-preserving data aggregation solution, named LDPA, for IoT applications, which can be applied in green IoT-based agriculture. The LDPA combines three cryptographic techniques, namely, the homomorphic Paillier encryption Chinese Remainder Theorem, and one-way hash chain. The Chinese remainder theorem is used by the control center for computing the mean and variance after collecting, aggregating, and forwarding IoT devices' data from the network edge to the control center. The homomorphic Paillier encryption is used for encryption the report of each sensing data from each IoT device. The one-way hash chain technique is used for achieving lightweight authentication among IoT devices. Therefore, the LDPA solution can resist against the false data injection since the one-way hash chain technique as well as the time slot are adapted in authentication phase between the fog device and IoT device. In addition, the LDPA solution can achieve differential privacy since some noises are added in the aggregated data.
Guan et al. [75] introduced an anonymous and privacypreserving data aggregation protocol, named APPA, for IoT application. The system model considers Fog-enhanced IoT, which contains three layers, namely, the lower layer (smart devices), middle layer (Fog nodes), and Upper layer (Cloud Computing). To archives anonymity and unforgeability, the APPA protocol uses two cryptographic techniques, namely, signature-of-knowledge and paillier cryptosystem. The APPA protocol can resist eavesdropping attack and false data injection attack, but the availability is not considered.

2) LOCATION PRIVACY
Location-based services (LBS) in green IoT-based agriculture will have a very important area for research with the rapid development of smart agriculture. Therefore, an adversary can track IoT devices in smart agriculture, which may cause problems of loss of privacy. Sun et al. [69] proposed a location privacy algorithm for IoT application, which can be adapted for green IoT-based agriculture. To protect location privacy, the study uses a dummy location privacy algorithm, which consists of finding an optimal set of dummy locations using a greedy approach. The proposed algorithm can resist two attacks categories, namely, inference attacks and colluding attacks, but the data integrity and authentication are not considered.

3) CONTENT-ORIENTED PROTECTION
The content-oriented protection solution is very important against the violation of a farmer's privacy when different IoT data are collected and combined from agriculture sensors layer. Gai et al. [72] proposed a dynamic privacy protection model, named DPP, for ensuring mobile device user privacy in IoT application. The idea of DPP model is based on the classification of the privacy protection levels. Specifically, the DPP model uses three main phases, including, (1) security classifications for the definition of the privacy weight; (2) content-oriented data pairs identification of contentoriented data pairs based on the security classifications; and (3) the input data table. The evaluation performance in term of plan generation and timing constraints show that the DPP's average time consumption is 1.2% shorter than other related works.

4) ANONYMITY
One of the important security properties in green IoT-based agriculture is strong anonymity, which means that except for the fog nodes, the agriculture IoT data identity cannot be revealed. The CPAL solution proposed by Lai et al. [66] archives user anonymity in IoT application using the hybrid linear combination encryption. The CPAL solution defined the privacy-preservation with three levels, including, authorized anonymous user linking, anonymity, and authentication. Therefore, the CPAL solution can be adapted for green IoT-based agriculture by applying the hybrid linear combination encryption between the IoT devices communications at agriculture sensors layer. In addition, the CPAL solution is robust against impersonation attack and DoS attack.

5) PRIVACY-PRESERVING TRUST EVALUATION
Privacy-preserving trust evaluation is an important role to ensures trust relationships among green IoT-based agriculture entities. Yan et al. [68] proposed two schemes of privacypreserving trust evaluation that can be adapted for green TABLE 3. Summary of security and privacy solutions for IoT applications and how they will be adapted for green IoT-based agriculture.
32038 VOLUME 8, 2020 IoT-based agriculture. These two schemes use additive homomorphic encryption for providing trust evaluation. The first scheme considers that authorized proxy is a fully trusted and collusion does not exist between evaluation party and authorized proxy. The second scheme considers that authorized proxy is not fully trusted and evaluation party and authorized proxy don't collude. In both schemes, there is a trust evaluation phase, which after receiving the encrypted evidence, a node decrypts data and then evaluates the trust of the result using a trust evaluation algorithm.

6) PERSONALIZED PRIVACY
Personalized privacy consists of providing trapdoor indistinguishability and index indistinguishability. The work by Li et al. [78] proposed a searchable encryption scheme for personalized privacy in IoT application, which can be adapted for green IoT-based agriculture. The proposed scheme considers an IoT network model that includes three entities, i.e., the data owner, cloud server, and data user. The cloud server is used to stores and retrieves the encrypted file features, which it received the encrypted file features from the data owner. Based on the specific keyword, the data user queries the encrypted file features. The proposed scheme is proven using two challenge-response games that it satisfies trapdoor indistinguishability and index indistinguishability under chosen keyword-file feature level pair attack. Therefore, the proposed scheme can be adapted for green IoT-based agriculture by adapting a searchable encryption scheme using the following five functions: 1) Setup for performing the security parameters; 2) KeyGen for generating the private and public keys; 3) Store for creating the index table and user authorization; 4) Trapdoor for creating the trapdoor query; and 5) Search. The Setup and Store functions are run by the fog node. The KeyGen function is run by the fog node and the IoT device. The Trapdoor function is run by the IoT device. The Search function is performed interactively between the IoT device and the cloud server.

B. DATA INTEGRITY SOLUTIONS
To protect data integrity and authentication for IoT applications, Song et al. [2] proposed a privacy-preserving protocol that uses message authentication codes (MAC). The MAC solution is added to the original IoT data, which the sender can verify that the IoT data has not tampered during communication. This solution can be applied in green IoT-based agriculture (i.e., between a group of IoT devices and fog device) in order to protect the integrity of the green IoT device's data. Wang et al. [71] proposed a lightweight label-based access control scheme, named LACS, for IoT-based 5G network, which can be adapted for green IoT-based agriculture. The LACS scheme uses two parts, including, the prover (caching fog node) and the verifier (caching server). The user authentication is achieved using verifying data integrity. The label-based authentication is used against two attacks, namely, disturbing attack and ignoring attack. The performance evaluation shows that the MD5 is more efficient than the SHA-1 in the IoT environment that uses LACS scheme.
The work by Li et al. [80] can provide content integrity verification for named data networking, which can be adapted for communication among agriculture IoT nodes in green IoT-based agriculture. Specifically, the authors proposed a lightweight integrity verification architecture, named LIVE, for ensuring secure content access. The LIVE architecture uses the following three security levels: (1) Non-Cacheable; (2) 1-Cacheable; (3) All-Cacheable. To produce tokens for signature generation, the LIVE architecture uses a hash tree based signature algorithm (Merkle Hash Tree algorithm).

C. AUTHENTICATION SOLUTIONS 1) RFID AUTHENTICATION
Radio Frequency Identification (RFID) is a technology used for capturing and automatically identifying information in electronic tags. With the adaptation of RFID technology into green IoT-based agriculture, the crops will better be controlled and herd better monitored. Therefore, an unauthorized party can manage the RFID-tag, which the smart agriculture system will be compromised. Gope et al. [73] proposed an anonymous lightweight RFID authentication solution for IoT application. Specifically, the network model considered by the study is based on four entities, including, two servers (i.e., an authenticated cloud and a backend database), a reader, and an RFID-tag. Based on unlinkable pseudo-identity, emergency key, and hash function, the proposed solution can resist against the following five attacks: replay attack, forgery attack, cloning attack, DoS attack, and location tracking attack. In addition, this solution can achieve five security properties, namely, mutual authentication, tag anonymity, availability, and scalability, but false data injection attack, as well as DDoS attack, are not considered. VOLUME 8, 2020 2) DELEGATED AUTHENTICATION Since agriculture IoT data can be transported via untrusted public devices, the security solutions need to provide the delegated authentication. The work by Zhang et al. [77] proposed a semi-outsourcing privacy-preserving scheme, named SOPP, for the IoT data collection. The SOPP scheme considers three components, including, data center, public (untrusted) clouds, and IoT devices. To decreases the throughput and achieves a longer battery duration, the SOPP scheme applied elliptic curve cryptography as a one-way (non-interactive) authentication between untrusted public clouds and IoT devices. To block invalid access, the authentication is delegated to public clouds. The data center uses data decryption to provides data integrity.

D. ACCESS CONTROL SOLUTIONS
To supporting privacy-preserving in green IoT-based agriculture, an efficient access control scheme can be adapted. The work by Fan et al. [76] designed an access control protocol for fog-enabled IoT. The study considered cloud-fog computing that contains five entities, including, a cloud service provider, a group of fog nodes, a group of data owners, a certificate authority, and a group of IoT devices. For providing revocation and data confidentiality with verifiability, ciphertextpolicy attribute-based encryption is adapted when an IoT device with an identifier submits a data access request.
The the blockchain technology [39] can be used for providing an access control in green IoT-based agriculture. Ouaddah et al. [81] proposed an access control framework, named FairAccess, for IoT application. The FairAccess framework uses the blockchain technology to get, grant, delegate, and revoke access. Zhang et al. [74] consider an IoT system with a large number of storage devices, servers, user devices, IoT gateways. Specifically, the study proposed an access control framework based on the Ethereum smart contract platform. This platform contains five main elements, including, smart contract, account/address, blockchain, transaction and message, and mining. To manage the policies and implement access control, the proposed framework provides functions or application binary interfaces (e.g., add new access control policy, updates the policy, returns the access result and penalty...etc.). The evaluation performance on two Raspberry Pi 3 Model B shows that the proposed framework may not be able to reflect the overhead in real-world IoT system.

E. DATA CONFIDENTIALITY SOLUTIONS
Data security in green IoT-based agriculture also includes confidentiality, which can be achieved by cipher-text based access control technique. Yao et al. [67] proposed a lightweight attribute-based encryption scheme for IoT application, which can be adapted for green IoT-based agriculture.
To provide data confidentiality with integrity, the proposed scheme uses an elliptic curve integrated encryption scheme (ECDH). Specifically, the ECDH scheme is used for generating a sharing secret from two groups, including, the MAC key and encryption key. The performance evaluation in term of overhead (the total size of the private key, public key, and cipher-text) shows that the proposed scheme is much shorter than other related cryptographic methods that use decisional bilinear Diffie-Hellman exponent. In addition, the proposed scheme is robust against chosen plaintext and attribute-set attack.

V. PRIVACY-PRESERVING OVER BLOCKCHAIN
The blockchain technology can be effectively applied in almost all domains of IoT, including, green IoT-based agriculture [39], [82]- [85]. The application of blockchain technology for IoT is applied to provide privacy-preserving. To be specific, the blockchain is used for encrypted data sharing. Therefore, the blockchain can be used in green IoT-based agriculture as a distributed digital ledger containing all messages. This distributed ledger is replicated and stored in different IoT nodes at agriculture sensors layer, as presented in Fig. 6. Table 4 summarizes research for privacyoriented blockchain-based solutions for IoT applications and how they will be adapted for green IoT-based agriculture. According to the characteristic of each privacy-oriented blockchain-based solution, we classify the blockchain-based solutions for green IoT-based agriculture into six categories, including, 1) Blockchain-based machine learning solution; 2) Blockchain-based distributed key management solution; 3) Blockchain-based access control solution; 4) Blockchainbased reputation and trust solution; 5) Blockchain-based authentication and identification solution, and 6) Blockchainbased secure SDN solution, as presented in Fig. 5.

A. BLOCKCHAIN-BASED SOLUTIONS 1) BLOCKCHAIN-BASED PKI SOLUTION
Jiang et al. [79] proposed a thin-client Authentication scheme, named PTAS, for IoT application. The PTAS scheme is applied in blockchain-based public key infrastructure (PKI). The PKI infrastructure is used to secure communication between IoT devices, which a certificate authority distribute certificates (a public key (PK) and identity (ID)) to IoT devices. To solve the problem of the single point of failure, the PTAS scheme is adapted in blockchain-based PKI. Specifically, the PTAS scheme uses the method of private information retrieval, which the identity of the user can be hidden in k indistinguishable identities. In addition, the PTAS scheme is robust against three attacks, namely, Sybil attack, eclipse attack, and 51% attack.

2) BLOCKCHAIN-BASED MACHINE LEARNING SOLUTION
The work by Shen et al. [91] proposed a privacy-preserving scheme, named secureSVM, for IoT application. The secureSVM scheme considers the data privacy of training support vector machine classifier (SVM) using blockchainbased encrypted IoT data. To protect the privacy of IoT data, the secureSVM scheme employs a public-key cryptosystem,  Paillier, which is an additive homomorphic cryptosystem. The secureSVM scheme is robust against two threat models, including, known ciphertext model and known background model. The secureSVM scheme can be adapted for green IoT-based agriculture. The blockchain-based IoT platform can be installed at the agriculture sensors layer and IoT data analysts at fog computing layer. The adaptation is summarized by the following steps: • Step 1: Agriculture sensor nodes use sensing and transmitting valuable data through wireless; • Step 2: Each access point collect data from the agriculture sensor nodes; • Step 3: Each access point encrypts data using partially homomorphic encryption; • Step 4: Each access point records the encrypted data on the blockchain; • Step 5: Each access point uses the built-in consensus mechanism for validating the data; • Step 6: Fog nodes communicate with an access point to obtain parameters of the training SVM classifier.

3) BLOCKCHAIN-BASED DISTRIBUTED KEY MANAGEMENT SOLUTION
The blockchain is used in key management architecture for eliminating the drawback of introducing a third party. Ma et al. [92] introduced a blockchain-based distributed key management architecture, named BDKMA, for IoT application. To achieve hierarchical access control, the BDKMA architecture uses security access managers for operating the blockchain. Specifically, the BDKMA architecture is based on the idea of authorization assignment mode and group access pattern. The BDKMA architecture can be applied to the network model composed of a device layer, a fog layer, and a cloud layer. The adaptation of BDKMA architecture in green IoT-based agriculture is summarized by the following steps: • Step 1: Each agriculture sensor nodes selects its private key and generates the public key, encryption key, and secret access key; • Step 2: Each agriculture sensor nodes packages encrypted secret access key and then signs and broadcasts the transaction to access point; • Step 3: Each access point at agriculture sensors layer collects the transactions of the agriculture sensor nodes; • Step 4: Each access point uses the built-in consensus mechanism for validating the data; VOLUME 8, 2020 TABLE 4. Summary of privacy-oriented blockchain-based solutions for IoT applications and how they will be adapted for green IoT-based agriculture.

•
Step 5: An agriculture sensor node obtain access permission from access point using an access query transaction; • Step 6: An agriculture sensor node periodically update the access keys and sends a key update transaction to the access point;

4) BLOCKCHAIN-BASED ACCESS CONTROL SOLUTION
To provide scalable access management in IoT application, Novo [87] proposed a distributed access control architecture using blockchain technology. The access control policies are enforced by the blockchain platform. The adaptation of proposed architecture in green IoT-based agriculture can bring the following six advantages to access control: transparency, scalability, lightweight, concurrency, accessibility, and mobility. The adaptation of proposed architecture is summarized in the following steps: • Step 1: Fog node deploys the smart contract into the blockchain network at fog computing layer; • Step 2: To be registered as a manager, each access point at agriculture sensors layer request the address of the smart contract; • Step 3: To transfer the management control of an agriculture sensor device, an access point at agriculture sensors layer requests the agriculture sensor device's address and the blockchain address of the smart contract; • Step 4: An access point at agriculture sensors layer enforces the policy creating a transaction towards the smart contract; • Step 5: An access point at agriculture sensors layer adds an existing policy. Ding et al. [94] proposed a attribute-based access control scheme for IoT application, which can be adapted for greenhouse. According to the identity or ability of each IoT devices, attribute authorities describe a set of attributes to each IoT devices. The blockchain is used to record the distribution of these attributes. The adaptation of this attribute-based access control scheme for blockchain-based greenhouse is summarized in the following steps: • Step 1: Greenhouse miner generates a pair of public and secret key for each IoT devices; • Step 2: Greenhouse miner sends both keys in a secure channel based on identity-based cryptography; • Step 3: Each IoT devices uses an address along with its ID and then generate a corresponding address based on the hash algorithm; • Step 4: IoT device inside greenhouse generates new block and broadcasts to the other consortium nodes using the practical Byzantine fault tolerance; • Step 5: When IoT device wants to send to another device, they use identity-based authentication and key agreement (AKA) protocol. Dorri et al. [34] introduced a smart home tier based on the blockchain technology, which can be adapted for greenhouse. The network model of the blockchain-based greenhouse is composed of the following components: transactions, local blockchain, greenhouse miner, and local storage. The adaptation of blockchain-based greenhouse is summarized in the following steps: • Step 1: Greenhouse miner generates a key with an IoT device; • Step 2: Greenhouse miner shares the key and stores it in the genesis transaction; • Step 3: Greenhouse miner defines the policy header and adds it to the first block; • Step 4: Each IoT device inside greenhouse communicate with another internal device using the permission from the miner; • Step 5: Each IoT device inside greenhouse can store data on the cloud storage using the permission from the miner; • Step 6: When IoT device wants to send to another external device, a Virtual Private Network (VPN) connection is used to routes the packets to the shared miner.

5) BLOCKCHAIN-BASED REPUTATION AND TRUST SOLUTION
Dedeoglu et al. [93] proposed a reputation and trust mechanism for blockchain-based IoT applications, which can be adapted for greenhouse. The proposed model verifying transactions based on three key layers, namely the application layer, the blockchain layer, and the data layer. The adaptation of blockchain-based greenhouse for trust architecture is summarized in the following steps: • Step 1: IoT device inside greenhouse generates blocks in periodic intervals. The generation is based on the public key and the signature of the data source; • Step 2: IoT device sends the blocks to greenhouse miner at agriculture sensors layer; • Step 3: Greenhouse miner validates the blocks based on the number of validator node and the reputation of the block generating node.
To realize reliable storage and sharing of IoT information in green IoT-based agriculture, the work by Si et al. [95] is a security mechanism that can be adapted for smart agriculture. The proposed mechanism is based on blockchain technology, which is applied in three layers, including, the application layer, the transport layer, and the sensing layer. The application layer is mainly used by the cloud service. The data blockchain part is installed in the fog computing layer. In addition, the proposed mechanism uses a double-chain model with tamper-proof of data in the data blockchain.
Zhou et al. [88] proposed a threshold secure multi-party computing protocol, TSMPC, for blockchain-based threshold IoT system. The TSMPC protocol extends Shamir's (t, n)-secret sharing (SSS) [97]. Specifically, the TSMPC protocol is applied between a leader and n server, which can be adapted for green IoT-based agriculture. The network model is composed of n servers, the leader's device, and a leader. The performance evaluation on the Ethereum blockchain shows that a block can record transactions of at most 62,360 bytes. Therefore, the adaptation of a threshold secure multi-party computing protocol for green IoT-based agriculture is summarized in the following steps: • Step 1: A fog computing node generates an initialize transaction with a verification key and sends it to the blockchain network; • Step 2: IoT sensor node at agriculture sensors layer verify the transaction's verification key; • Step 3: An access point at agriculture sensors layer verifies core shares, which can obtain a reward from the fog computing node.

6) BLOCKCHAIN-BASED AUTHENTICATION AND IDENTIFICATION SOLUTION
To ensure authentication and robust identification of IoT devices in IoT application, Hammi et al. [89] proposed an original decentralized system, called bubbles of trust, which can be applied for green IoT-based agriculture. Based on the blockchain technology, the bubbles of trust system create secure virtual zones (bubbles), which can protect the availability and data integrity. The bubbles of trust system is resistant against four attacks, namely, Sybil attack, spoofing attack, DoS/DDoS attack, and replay attack. Therefore, the adaptation of bubbles of trust system for green IoT-based agriculture consists of creating secure virtual zones VOLUME 8, 2020 inside the agriculture sensors layer, where devices can communicate securely. Specifically, each device at agriculture sensors layer must communicate only with devices of its zone. The communications between devices are considered as transactions and must be validated by this blockchain network.

7) BLOCKCHAIN-BASED SECURE SDN SOLUTION
To facilitate software and hardware updates for green IoT-based agriculture, software-defined networking (SDN) is used, which allows easy control and management in a central location. To detect any false injection data, a blockchainbased secure SDN architecture is adapted. Derhab et al. [96] proposed two security components, namely, 1) Blockchainbased integrity checking system (BICS) 2) Intrusion detection system (IDS). These two systems are combined for SDN-architecture, which can be adapted for green IoT-based agriculture. The adaptation is summarized in the following steps: • Step 1: Integrate the SDN controller into the cloud computing layer; • Step 2: Integrate a Virtual Switch (vSwitch) into the fog computing layer • Step 3: Integrate an IDS system into the access point at agriculture sensors layer. To detect cyber attacks, the IDS system combines two machine learning classifiers, namely, K-Nearest Neighbors and random subspace learning; • Step 4: The SDN controller creates blocks and shares it via the blockchain; • Step 5: The Firewall check the rules from vSwitch and blockchain. To provides scalability within the current IoT application, the SDN and blockchains technology are combined by the work Sharma et al. [86]. Specifically, the work proposed a secure SDN architecture, named DistBlockNet, which is based on the blockchain technology. The DistBlockNet architecture interconnects a distributed blockchain network with the controllers. Each local network includes Shelter modules, OrchApp, and Controller. To maintains the updated flow rules table information, the distributed blockchain network uses the request/response and controller/verification nodes. The performance evaluation shows that DistBlockNet architecture is robust against DDoS/DoS attacks and cache poising/ARP spoofing. The adaptation of DistBlockNet architecture in green IoT-based agriculture is summarized by the following steps: • Step 1: Integrate Shelter and OrchApp modules into the cloud computing layer; • Step 2: Integrate the distributed blockchain network into the fog computing layer; • Step 3: Interconnect the distributed blockchain network with the controllers at fog computing layer; • Step 4: IoT sensor node at agriculture sensors layer sends data to the controllers.

B. CONSENSUS ALGORITHMS FOR BLOCKCHAIN-BASED SOLUTIONS
A consensus algorithm can be defined as the mechanism by which a Blockchain network achieves consensus. The public blockchains (i.e., decentralized) are built as distributed systems and, since they do not depend on a central authority, the distributed nodes must agree on the validity of transactions using a consensus algorithm. Table 5 summarizes consensus algorithms for Blockchain-based solutions and how they will be adapted for green IoT-based agriculture.

1) PROOF-OF-WORK (PoW)
The PoW is a consensus algorithm introduced by Bitcoin and widely used by other cryptocurrencies. This consensus is called ''Mining'', which the nodes in the IoT network are called ''Miners'' [98]. Specifically, the PoW algorithm is presented as a response to a mathematical problem, which requires considerable work, but is usually easily checked once the answer is obtained. A miner node continuously tests a variety of unique values (known as nonce) until an appropriate value is produced [123]. The minor node that solves the puzzle extracts the succeeding block, then adds it to the blockchain network and confirms the transactions, and receives the compensation for the block. The PoW can be adapted by a Blockchain-based solution for green IoT-based agriculture, which each access point at agriculture sensors layer is selected as miners in order to calculate the hash values for validating blocks. This adaptation ensures that access points are encouraged to maintain the blockchain network, as they are compensated for their efforts. The disadvantage of the PoW algorithm for green IoT-based agriculture is that computational resources require a lot of energy to validate the blocks.

2) PROOF-OF-STAKE (PoS)
The PoS is a distributed consensus algorithm (used by Peercoin [99] and Nxt [100]) that requires the user to prove that they have a specific quantity of currency to validate any additional blocks in the blockchain network and to be awarded the reward. Compared to the PoW algorithm, the PoS is not computationally costly for validators, but it is vulnerable to nothing-at-stake problem. The PoS can be adapted by a Blockchain-based solution for green IoT-based agriculture, which all IoT nodes in agriculture sensors layer are selected as the validators.

3) DELEGATED PROOF-OF-STAKE (DPoS)
The DPoS is a consensus algorithm (used by BitShares [101] and Steemit [102]) that restricts the number of nodes in a blockchain network to a small number of entities chosen VOLUME 8, 2020 by token owners. These delegates are responsible for the following three paid tasks: 1) implementing changes to the blockchain network, 2) recording transactions, and 3) ensuring the integrity of the registry. The DPoS algorithm can be adapted by a Blockchain-based solution for green IoT-based agriculture, which each access point at agriculture sensors layer is selected as a delegate. This adaptation ensures that access points provide an efficient, fast, decentralized consensus algorithm.

4) DELAYED PROOF-OF-WORK (DPoW)
The DPoW is a consensus algorithm designed by the Komodo project [103], which is a modified version of the Proof of Work consensus algorithm. The DPoW algorithm is based on the idea of notary nodes, which are used to record data to the blockchain network (e.g., Bitcoin). The DPoW can be adapted by a Blockchain-based solution for green IoT-based agriculture, which all fog nodes in fog computing layer are selected as notary nodes and all IoT nodes in agriculture sensors layer are selected as as normal nodes. This adaptation ensures that it is impossible to reorganize notarized blocks, which makes blockchains more secure and resistant to attacks 51%.

5) PROOF-OF-ACTIVITY (PoAC)
The PoAC algorithm (used by Decred [109]) is an extension of the Bitcoin protocol, which is based on combining Proof of Work component with a Proof of Stake type of system. The PoAC can be adapted by a Blockchain-based solution for green IoT-based agriculture as follows [124]. 1) Each fog node (miner) at fog computing layer uses his hashing power to generate an empty block header.
2) The fog node broadcasts her block header to IoT devices at agriculture sensors layer.
3) All IoT devices at agriculture sensors layer derive N pseudorandom stakeholders using the hash of the block header. 4) Every stakeholder at agriculture sensors layer checks whether the empty block header that the fog node broadcasted is valid.

6) PROOF-OF-AUTHORITY (PoA)
The PoA is a reputation-based consensus algorithm (used by POA.Network [106] and VeChain [107]) for private blockchain networks. The PoA consensus algorithm is based on the value of identity, which means that the validators use their own reputation to validate the blocks. The PoA can be adapted by a Blockchain-based solution for green IoT-based agriculture, which all fog nodes in fog computing layer are selected as validators. This adaptation ensures a limited number of block validators, which provides a highly scalable system.

7) PROOF-OF-IMPORTANCE (PoI)
The PoI is a consensus algorithm proposed by NEM [113]. The PoI can be adapted by a Blockchain-based solution for green IoT-based agriculture, which each IoT devices at agriculture sensors layer are assigned an importance score. The IoT devices with high scores of importance have a higher chance of harvesting a block. The transaction graph topology can be used as an input into the importance of an IoT device.

8) PROOF-OF-WEIGHT (PoWE)
The PoWe is proposed by Gilad et al. [110], which is based on the Algorand consensus model. The Algorand uses a Byzantine agreement protocol to reach consensus on the blockchain network. The users are selected randomly using verifiable random functions. Algorand users use a protocol to communicate, which assigns a weight to each user according to the tokens they hold. The users' weights are used to chooses committee members randomly among all users. The PoWe can be adapted by a Blockchain-based solution for green IoT-based agriculture, which an Algorand protocol assigns a weight to each farmer according to the tokens they hold. This adaptation ensures resistance to Sybil attacks and achieves scalability but reducing the incentive since it's very difficult to be rewarded.

9) PROOF-OF-BURN (PoB)
The PoB algorithm (used by Slimcoin [111]) is similar to a proof of work algorithm but with reduced energy consumption rates. The PoB network block validation process does not require the use of powerful computing resources and does not depend on powerful extraction equipment. Instead, Coins are deliberately burned and this is a way to ''invest'' resources in the blockchain, so that candidate miners are not required to invest physical resources. By burning Coins, users are able to demonstrate their engagement with the network, which can obtain the right to mine and validate transactions [125]. The PoB can be adapted by a Blockchain-based solution for green IoT-based agriculture, which each fog node at fog computing layer sends coins to a burn address.

10) PROOF-OF-CAPACITY (PoC)
The PoC is very similar to the PoW algorithm, which the storage is used instead of computation. The PoC (used by Burstcoin [104]) allows the mining nodes to use the free space on their hard disk. The PoC can be adapted by a Blockchainbased solution for green IoT-based agriculture, where each fog nodes at fog computing layer are selected as miners since they have high storage compared to nodes at agriculture sensors layer. To validating the blocs and winning the mining reward, the fog nodes involve a two-step process, including, plotting and mining.

11) PROOF OF ELAPSED TIME (POET)
The POET is a consensus algorithm frequently applied on the permissioned blockchain networks to decide on mining authorizations. The POET is based on the idea of ''Elapsed Time'', where each node involved in the system is expected to wait for a randomly selected period of time, and the first node to complete the designated waiting time wins the new block. The POET can be adapted by a Blockchain-based solution for green IoT-based agriculture, which each IoT device at agriculture sensors layer generates a random wait time and sleeps for a fixed period of time. For more details about the PoET algorithm, we refer the reader to the Hyperledger Sawtooth project [112].

12) PROOF-OF-REPUTATION (PoR)
The PoR algorithm (used by GoChain [115]) is similar to PoA algorithm, which it is based on the reputations of the IoT nodes. An IoT node in the green IoT-based agriculture must have a reputation important enough to be voted as an authoritative node. Once an authoritative node is voted, he can sign and validate blocks in the blockchain network.

13) PRACTICAL BYZANTINE FAULT TOLERANCE (PBFT)
The PBFT (Practical Byzantine Fault Tolerance) algorithm is the first to be able to tolerate ''Byzantine'' faults, which is proposed by Miguel Castro and Barbara Liskov in 1999 [126]. This algorithm provides reliability and robustness properties in a synchronous environment and requires N = 3f +1 replicas to tolerate simultaneous Byzantine faults. The PBFT algorithm can be effectively applied in almost all domains of IoT, including, Internet of Energy [118], Internet of Drones [120], Internet of Vehicles [127], ...etc. Therefore, the PBFT algorithm can be adapted by a Blockchainbased solution for green IoT-based agriculture, as presented in Fig. 6. Specifically, when a farmer buyer node wants to buy a product from agri-products sellers, they send its request to the fog node. This fog node creates a PRE-PREPARE message to propose to the other replicas the scheduling of the bloc. The correct replicas respond to the PRE-PREPARE with a PREPARE message, which is sent to all replicas (i.e., neighbor nodes). Once the neighbor nodes have received 2f PREPARE and the associated PRE-PREPARE, then they agree on the order of the farmer buyer node's request. At the end, the neighbor nodes send a VALIDATION message to all replicas. Once a replica has received 2f + 1 VALIDATION, then it executes the request and responds to both farmer buyer node and agri-products seller. If the client does not receive a response after a specified time period, he forwards the request to all replicas. When a replica receives a request, it starts view-change. Note that there are more variations of PBFT algorithm such as Aardvark [128], Zyzzyva [129], HQ [130], Q/U [131], and Abstract [132].

14) DELEGATED BYZANTINE FAULT TOLERANCE (dBFT)
The dBFT algorithm is a consensus method (used by Neo [116]) where all users elect nodes, called bookkeepers, who are responsible for adding new blocks to the blockchain. This elected node group can be updated regularly. The vote is weighted by the amount of cryptocurrency owned. Each bookkeeper is randomly selected to propose a block. This node is called a speaker. The bookkeepers become speakers in turn by random drawing. The speaker checks the signatures and the validity of transactions and then collects them in a block. The speaker proposes his block to all the other bookkeepers. Afterward, the bookkeepers verify the block and then each one vote in favor or against the block. The consensus is reached when at least 66% of bookkeepers vote in favor of the block and it is then added to the blockchain. The dBFT algorithm can be adapted for green IoT-based agriculture by applying a voting system in agriculture sensors layer to choose delegates and speaker among IoT devices.

15) STELLAR CONSENSUS PROTOCOL (SCP)
The SCP protocol (used by Stellar Consensus [114]) is based on federated Byzantine agreement (FBA). The nodes exchange a series of votes to confirm and accept a value. For this purpose, the SCP protocol determines a minimum quorum. The ''quorum'' is a set of nodes that are sufficient to reach an agreement. Each node chooses one or more quorum slices and includes in each slice the nodes in which it has confidence. Each quorum slice will then produce interactions with each other. To reach an agreement, the SCP protocol uses the idea of quorum intersection. A federated Byzantine agreement system enjoys quorum intersection if any two of its quorums share a node. The SCP protocol can be adapted for green IoT-based agriculture by applying a voting system in agriculture sensors layer to choose quorum and quorum slice among IoT devices and then use quorum intersection to guarantee agreement.

16) OTHER CONSENSUS ALGORITHMS
There are other consensus algorithms that can be adapted by a Blockchain-based solution for green IoT-based agriculture. We cite the following nine consensus algorithms: Byteball consensus [133]

VI. CHALLENGES
To complete our overview, we outline research challenges that could improve the security and privacy solutions for IoT-based agriculture, summarized in the following recommendations:

A. MACHINE LEARNING TECHNIQUES FOR INTRUSION DETECTION SYSTEMS
Intrusion detection systems (IDSs) are implemented along with other security systems such as authentication and access control techniques using encryption mechanisms to protect systems against cyber attacks. Using data mining and machine learning techniques (e.g., Deep learning, Random forests, Support Vector Machine, Naive Bayes, ...etc), IDSs can differentiate between normal and malicious actions. The implementation of IDSs for IoT-based agriculture as a software application will able to identify security incidents. Therefore, the question we ask here is : how to choose the right machine learning technique among different types (i.e., reinforcement learning, unsupervised learning, or supervised learning)? We believe that a comparative study of machine learning techniques for cyber security intrusion detection is needed for IoT-based agriculture.

B. DATASET FOR INTRUSION DETECTION IN IoT-BASED AGRICULTURE SCENARIOS
The datasets for cyber security are so important in intrusion detection, which are used for testing the performance of IDSs. Actually, most and recent IDSs are tested with KDD 1999 [142], NSL-KDD [143], CICIDS2017 [144], Bot-IoT [145], and CSE-CIC-IDS2018 [146]. These datasets are not simulated for IoT-based agriculture scenarios. A possible research direction in this topic could be related to developing a new dataset to build a network intrusion detector under IoT-based agriculture environment.

C. SCALABILITY ANALYSIS OF BLOCKCHAIN-BASED SOLUTIONS
To solve security and privacy problems (e.g., access control, reputation, trust, ...etc), we have seen that a blockchain-based solution brings advantages for IoT application. The application of a blockchain-based solution for IoT-based agriculture requires a study on the characteristics of the implementation. Therefore, there are many characteristics should be taken under consideration when a blockchain-based solution is proposed for IoT-based agriculture, such as scalability issues when the number of participating nodes at agriculture sensors layer is increased. Thus, one of the challenges that should receive more attention in the future is to provide a scalability analysis of blockchain-based solutions for IoT-based agriculture.

D. HOW TO PICK THE BEST CONSENSUS ALGORITHM
The performance of a blockchain-based solution for IoT-based agriculture is related to the effectiveness of the consensus algorithm. Therefore, since IoT devices at agriculture sensors layer are not always able to satisfy the high computational and energy requirements when addressing the validation of blocks and the storage of blockchain, consensusefficient issues arise as follows: • If the PoW algorithm is used, how to integrate a miner in each greenhouse for processing incoming and outgoing transactions?
• If the stellar consensus algorithm is used, how to design a voting system in agriculture sensors layer to choose quorum and quorum slice among IoT devices and then use quorum intersection to guarantee agreement?
• If the dBFT algorithm is used, how to design a voting system in agriculture sensors layer to choose bookkeepers and speaker among IoT devices?

E. DESIGN OF PRACTICAL AND COMPATIBLE CRYPTOGRAPHIC PROTOCOLS
In some cases of green IoT-based agriculture, it is not necessary to use blockchain to solve security and privacy problems (e.g., identity anonymity), which there are many other better solutions such as practical and compatible cryptographic solution. Therefore, a new cryptographic solution is proposed recently by Yang et al. [147] for the automatic dependent surveillance-broadcast, which they use the format-preserving encryption (FPE) and lightweight broadcast authentication protocol (TESLA) to achieve the identity anonymity. However, resource and power-constrained IoT devices at agriculture sensors layer are not always capable of meeting the substantial computational and power consumption in the processing of new cryptographic solution. Therefore, the design of practical and compatible cryptographic protocols is one of the significant research challenges in green IoT-based agriculture.

F. RESILIENCY AGAINST SPECIFIC ATTACKS IN THE CONTEXT OF LOW-RESOURCE IoT DEVICES
The threat models discussed in the environment of IoT-based agriculture and the key security problem is different in distinct smart agriculture applications. Sometimes, the specific problem does not exist in an IoT application, and it is meaningless to take combined attacks into consideration. The methods to solve attacks can be integrated together to solve problems in an application. To propose a scheme against a kind of attack in a smart agriculture application, the attack should be specific and defined at the beginning. The most important question that may arise is how to develop a new security strategy that can resist combined attacks while considering the practicability of deploying the solution, particularly in the context of low-resource IoT devices at agriculture sensors layer.
G. COUNTER MEASURES AGAINST 5G NETWORK SLICING THREATS 5G networks will be facilitators of IoT based agriculture applications, especially in the sensors layer (See Figure 1). 5G adopt network slicing as a means of partitioning the physical and network resources to optimally group the different traffic, isolate from other tenants and configure the network resources. The logical partitioning of network slicing divides and separates a single common physical network into various virtual, complete E2E networks and offers complete isolation for these virtual networks from each other in terms of access, transport, device and core network. The main advantage of Network Slicing is that now MNOs can configure and apply tailor-made customization of their network resources to accommodate different users and different traffic classes, and hence differentiated services. Security of Network Slicing plays a significant role for the control and the coordination among different slices and for function of the related mechanisms that are responsible for the inter-network slices communication and the coordination between user and control plane. A security leakage that is related to the inter-slice communication functionality can lead to disruption of the inter-slice communication. Moreover, authentication for the identification of the privileged users in order to prevent impersonation attacks against slices seems to be critical for the proper control of the network resources. Furthermore, the provision of differentiated services is also related to the provision of different security level of services among the slices. However, this must not affect the security level of another slice. In addition, DoS attacks focus on the possible exhaustion of network resources to lead in unavailability of network provisioned services [148]. These attacks must be dealt with a multi layered security framework that includes traditional methods, e.g. IDS and field specific solutions, e.g. slice isolation.

H. DEPLOYING IoT IN AGRICULTURE
As we mentioned in Section II, IoT in agriculture can be envisioned in different layers and from different perspectives. In this subsection, we try to summarize and emphasize the different conditions that exist in an agricultural environment that make the deployment of IoT challenging.
When talking about the WSNs, the specific characteristics of the environment, in which the nodes will be deployed, should be taken into account. Crops, or other obstacles in farmlands whose positions may change over time, cause considerable interference in the communication between nodes. These moving obstacles affect the connection quality of links, changing the channel conditions over time, affecting the deployment, packet routing algorithms, failure diagnosis methods, and other aspects of WSNs. Environmental factors such as temperature, rainfall, humidity, high solar radiation along with changing shading by plant leaves, as well as noise produced by building structures, such as greenhouses, further increase Spatio-temporal climatic variation, greatly affecting the communication among nodes that are deployed in such harsh environment. This changing environment imposes requirements and calls for novel duty-cycle control, sampling and scheduling, data reconstructions, as well as data storage and query, intelligent control, and other solutions [38], [149].
Although in theory or in simulated environments all these challenges have been already studied and analyzed when it comes to the actual deployment of IoT in the agricultural sector this task is very demanding and challenging. The modules that are used in order to sense and report any situation need to be accurate enough, properly shielded against environmental factors which can either lead to false reporting or destruction of the sensors permanently [150]. In addition, the replacement of power source to distributed sensor nodes that are spread in wide areas can be a very difficult task, if not impossible and must be taken into consideration during the design of such systems.
In terms of communication among nodes, since many different technologies can be combined, from GSM to WPAN and P2P, interoperability is the main challenge when designing or deploying such systems, especially in agriculture where high temperature and high humidity affect it in a negative way. Also when different communication methods are used in the same area (e.g. Bluetooth, ZigBee, and WiFi) interference is a parameter that needs to be also considered [151].
Since the sensors devices are deployed in an open field, which cannot be monitored by people all the time, the system can easily be attacked physically. In addition, sensors devices are not densely deployed in agricultural applications and they are more complex in terms of hardware components. Finally the area where sensor devices are located is not monitored so well compared to the one deployed inside a city and it is easy to add malicious nodes (e.g., Malicious 4G stations) that can overhear the information that is exchanged or perform several attacks like DDoS or MITM.

VII. CONCLUSION
In this paper, we surveyed the state-of-the-art of existing security and privacy solutions for green IoT-based agriculture. We provided an overview of a four-tier green IoT-based agriculture architecture. Through extensive research and analysis that was conducted, we were able to classify the threat models against green IoT-based agriculture into five categories, including, attacks against privacy, authentication, confidentiality, availability, and integrity properties. In addition, we analyzed the privacy-oriented blockchainbased solutions as well as consensus algorithms for green IoT-based agriculture. There still exist several challenging research areas, such as machine learning techniques, datasets for intrusion detection, scalability analysis of blockchainbased solutions, how to pick the best consensus algorithm, and the design of practical and compatible cryptographic protocols, which should be further investigated in the near future.