Security requirements for the Internet of Things: a systematic approach

Shantanu Pal, Michael Hitchens, Tahiry Rabehaja, Subhas Mukhopadhyay*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

75 Citations (Scopus)
38 Downloads (Pure)


There has been a tremendous growth in the number of smart devices and their applications (e.g., smart sensors, wearable devices, smart phones, smart cars, etc.) in use in our everyday lives. This is accompanied by a new form of interconnection between the physical and digital worlds, commonly known as the Internet of Things (IoT). This is a paradigm shift, where anything and everything can be interconnected via a communication medium. In such systems, security is a prime concern and protecting the resources (e.g., applications and services) from unauthorized access needs appropriately designed security and privacy solutions. Building secure systems for the IoT can only be achieved through a thorough understanding of the particular needs of such systems. The state of the art is lacking a systematic analysis of the security requirements for the IoT. Motivated by this, in this paper, we present a systematic approach to understand the security requirements for the IoT, which will help designing secure IoT systems for the future. In developing these requirements, we provide different scenarios and outline potential threats and attacks within the IoT. Based on the characteristics of the IoT, we group the possible threats and attacks into five areas, namely communications, device/services, users, mobility and integration of resources. We then examine the existing security requirements for IoT presented in the literature and detail our approach for security requirements for the IoT. We argue that by adhering to the proposed requirements, an IoT system can be designed securely by achieving much of the promised benefits of scalability, usability, connectivity, and flexibility in a practical and comprehensive manner.

Original languageEnglish
Article number5897
Pages (from-to)1-35
Number of pages35
Issue number20
Publication statusPublished - 2 Oct 2020

Bibliographical note

Copyright the Author(s) 2020. Version archived for private and non-commercial use with the permission of the author/s and according to publisher conditions. For further rights please contact the publisher.


  • Access control
  • Internet of Things
  • Security requirements
  • Threats and attacks


Dive into the research topics of 'Security requirements for the Internet of Things: a systematic approach'. Together they form a unique fingerprint.

Cite this