Security and Privacy in Solar Insecticidal Lamps Internet of Things: Requirements and Challenges

Qingsong Zhao , Lei Shu ,,, Kailiang Li , Mohamed Amine Ferrag ,,, Ximeng Liu ,,, and Yanbin Li

Abstract—Solar insecticidal lamps (SIL) can effectively control pests and reduce the use of pesticides.Combining SIL and Internet of Things (IoT) has formed a new type of agricultural IoT,known as SIL-IoT, which can improve the effectiveness of migratory phototropic pest control.However, since the SIL is connected to the Internet, it is vulnerable to various security issues.These issues can lead to serious consequences, such as tampering with the parameters of SIL, illegally starting and stopping SIL,etc.In this paper, we describe the overall security requirements of SIL-IoT and present an extensive survey of security and privacy solutions for SIL-IoT.We investigate the background and logical architecture of SIL-IoT, discuss SIL-IoT security scenarios, and analyze potential attacks.Starting from the security requirements of SIL-IoT we divide them into six categories, namely privacy, authentication, confidentiality, access control, availability,and integrity.Next, we describe the SIL-IoT privacy and security solutions, as well as the blockchain-based solutions.Based on the current survey, we finally discuss the challenges and future research directions of SIL-IoT.

I.INTRODUCTION

SOLAR insecticidal lamps (SIL) is a physical control tool that utilizes the phototaxis behavior of migratory pests to lure pests to pounce on the lamp so as to kill them.SIL converts solar radiation energy into electrical energy by means of solar panels and stores the generated electrical energy in the battery for nighttime lighting and high-voltage electricity.The light is set to the wavelength preferred by the pests, and the pests are attracted to the lamp source, and then killed by a high-voltage pulse current, and the pests are dropped and collected.

As an integral component of agricultural informatization,the concept and technology of the Internet of Things (IoT)have been gradually applied to many fields of smart agriculture.Combining IoT with SIL has formed a new type of agricultural IoT, known as SIL-IoT.The SIL-IoT node is shown in Fig.1.The SIL-IoT nodes report pest information, the status of SIL components, and other information to users by wireless communication modules such as ZigBee or LoRa.Users can also remotely control and manage the SIL-IoT nodes, such as adjusting working hours, real-time insecticidal counting, and determining the current status of pests, etc.In addition, SIL-IoT can also be connected to weather, soil, temperature, and other sensors to achieve agricultural growth monitoring, as well as a pest disaster early warning system and a precise pesticide application decision-making system[1].

Fig.1.SIL-IoT node.

The system architecture of SIL-IoT can generally be divided into four layers, as shown in Fig.2, which are the perception layer, transport layer, edge layer, and application layer,arranged from bottom to top [2].The perception layer consists of various sensor nodes that sense information related to SIL nodes, gather relevant data, and activate actuators according to the received data.The main role of the transmission layer is to facilitate mutual communication between nodes and between nodes and base stations by wireless communication devices.

Considering the use cost of SIL nodes and the fact that SIL is usually deployed in rural areas, SIL-IoT generally does not rely on cellular mobile networks for data transmission.Instead, it utilizes ZigBee and other low-cost and ad hoc network communication methods.The edge layer is located close to end users and engages in local data processing and decision-making, mainly including some data with low calculation load and high real-time requirements, thereby reducing the calculation load on the application layer and also reducing network communication.Security monitoring functions and fault detection and diagnosis can be added at the edge layer for real-time monitoring of abnormal events [3].The application layer mainly stores, analyzes, and makes decisions based on the collected data, and then feeds back the data processing results to the relevant actuators in the form of control instructions.

SIL improves the control effect of migratory phototropic pests through the combination of SIL with IoT, but as SIL is connected to the Internet, it greatly increases the risk of being attacked.Once a problem occurs, it can often cause serious consequences.For example:

1) The parameters of SIL are tampered with, such as pest situation parameters, resulting in farmers being unable to accurately assess the pest situation, thus leading to deviations in pesticide usage, which in turn affects the quality and yield of crops.

2) SIL is illegally started and stopped.If the SIL is turned on for no reason during the day, it will cause the invalid discharge of the battery.Once the battery has over-discharge protection, SIL will no longer work, which will affect the performance of SIL insecticide work at night.

3) SIL sensors are impersonated, reporting invalid monitoring data.

On the other side, the physical safety of SIL is easy to be compromised.SIL is often deployed in places with less human traffic and special monitoring, and it is easy for the whole lamps and parts of SIL to be stolen or destroyed [4].Therefore, the security of SIL-IoT is a key factor for the healthy and widespread deployment of SIL.As an application type of IoT,SIL-IoT has a wide range of security categories.From the perspective of target tasks, the security requirements of SIL-IoT should include confidentiality, availability, integrity, privacypreserving, access control, etc.[5]–[7].

1) Effectively solve the privacy-preserving of SIL nodes and users, and properly handle private data;

2) Each subject of SIL-IoT can be securely authenticated,and various services are effectively authorized;

3) Ensure that SIL nodes collect various types of data that can be transmitted between multi-layer architecture while satisfying data confidentiality and integrity.

4) The system and data realize access control, which not only meets the needs of nodes and users but also properly addresses security issues and channel disputes.

5) Always ensures the availability of a large number of devices, services, and related data in SIL-IoT, and tries to avoid interruptions of services.

Some efforts have surveyed IoT security and IoT-based smart agriculture from the perspectives of IoT architecture[8]–[13] and security requirements [3], [14]–[18].Sicariet al.[14] propose that in order to realize IoT to provide innovative services in various application fields, it is necessary to achieve data confidentiality, authentication, network access control,privacy between users and things, security and privacy policies implementation.Kouicemet al.[15] investigate IoT application security solutions.Different types of IoT application security requirements and challenges are categorized,then IoT solutions for confidentiality based on traditional cryptography, privacy, and availability are discussed, and IoT security solutions for the emerging technology blockchain are also reviewed.Houet al.[19] discuss IoT security from the perspective of data, propose a typical IoT architecture with a data lifecycle, and explore IoT security with three-dimensional approaches such as one-stop, multi-stop, and end-application dimensions.Ferraget al.[16] define an attack model for the privacy, authentication, confidentiality, availability,and integrity of agricultural IoT, discuss how to apply security and privacy-preserving techniques to agricultural IoT, and analyze privacy-oriented blockchain-based solutions.Guptaet al.[17] discuss cybersecurity issues in smart farming, provide an overview of security and privacy in multi-layer smart farming architecture, and analyze different attack scenarios in smart farming and their impact on the food supply chain.Yanget al.[3] aim at the information security problems of smart agriculture, and summarize and discuss six security and privacy solutions, namely authentication and access control,privacy-preserving, blockchain-based data integrity solutions,cryptography and key management, physical countermeasures, and intrusion detection systems.Omolaraet al.[18] discuss the current and emerging issues in IoT security,blockchain technology solutions, and the impact of distributed denial-of-service (DDoS) attacks.

The layers of SIL-IoT architecture are isolated from each other such that it is not enough to discuss the security of SILIoT solely from SIL-IoT architecture.Therefore, this paper clarifies the security of SIL-IoT from the overall security requirements of SIL-IoT.Security requirements specifically include privacy, authentication, confidentiality, access control,availability, and integrity, etc.[5]–[7].The comparison between the existing security requirements survey papers and our work is shown in Table I.Our work obviously covers more and more detailed security requirements, privacy and security solutions, and blockchain-based solutions, and only focuses on the privacy and security of SIL-IoT.The specific contributions of this paper are shown below.

1) It describes the risk of attacks and possible security incidents on SIL-IoT, emphasizing the importance of security research in this critical area.

Fig.2.SIL-IoT system architecture.

TABLE I THE COMPARISON BETWEEN THE RELATED SURVEY PAPERS AND OUR WORK

2) It analyzes common security attacks against SIL-IoT and their relationship with security requirements.

3) It describes the security requirements of SIL-IoT and classifies them into six categories, namely authentication, confidentiality, availability, integrity, privacy-preserving, and access control.

4) It describes the solutions for SIL-IoT privacy and security, as well as the blockchain-based solutions for SIL-IoT.

5) It proposes the challenges and future research directions of SIL-IoT privacy and security, including SIL physical security, artificial intelligence (AI) for SIL-IoT, SIL-IoT fault diagnosis, attacks against SIL-IoT, and missing data prediction for SIL-IoT communication.

The rest of this paper is organized as follows.Section II presents the types of attacks against SIL-IoT.In Section III,we discuss the privacy and security issues in SIL-IoT.Section IV describes the SIL-IoT privacy and security solutions.Section V provides the blockchain-based solution for SIL-IoT.Section VI presents challenges and future research directions while we conclude this paper in Section VII.

II.TYPES OF ATTACKS AGAINST SIL-IOT

Embedded devices of SIL-IoT do not have the computing resources and storage resources required to implement complex encryption and security policies and lack built-in security mechanisms similar to those found in servers and computers, such that SIL-IoT is more and more vulnerable to security attacks.Network attacks are becoming one of the most serious threats to SIL-IoT security.The attack methods faced in SIL-IoT are similar to those of the Internet, but they are also unique due to the widespread access of SIL devices, the use of IoT, and other factors.In general, the types of attacks against SIL-IoT are specified as follows:

1)DoS/DDoS: Servers, networks, and even SIL-IoT nodes are flooded with useless traffic, making it impossible to contact legitimate users in the network, thereby preventing legitimate users from accessing these resources.For a large number of resource-constrained SIL nodes in SIL-IoT or unmanned aerial vehicle (UAV) SIL [4], which is an auxiliary device for SIL node, DoS/DDoS is very effective and deadly.SIL is a device that relies heavily on solar energy charging.Both hacker intrusions and random failures of SIL will cause the rapid depletion of SIL battery power, which also serves as a resource for SIL.Depletion of battery attack does not necessarily degrade service until the moment the SIL breaks down.

2)Physical Attack: It is a non-technical security challenge.A large number of SIL devices in SIL-IoT deployed in a distributed manner in the wild or even uninhabited areas are vulnerable to attack because they cannot be supervised in realtime and protected at a high level, and they are physically damaged or stolen.

3)Eavesdropping: In SIL-IoT, SIL-IoT nodes usually communicate through IoT.However, IoT has the characteristic of openness, and attackers can easily eavesdrop on SIL-IoT nodes using eavesdropping software or other methods to obtain messages transmitted in IoT [20], [21].For example,collecting enough privacy information from the SIL-IoT perception layer devices and linking the information with the real identity of a specific SIL-IoT device [22].As a typical passive attack method, an eavesdropping attack is difficult to be detected by both parties of the communication.

4)Replay Attack: Passively capturing data units and retransmitting them in the original order, so as to trick the system and make the system believe that the data units are also from the previous legitimate user.Replay attacks are generally used in the identity authentication to achieve the purpose of successfully passing the authentication.

5)Man-in-the-Middle: Attackers use botnets, man-in-themiddle, and DoS/DDoS to attack remotely connected SIL-IoT devices.Once an attacker has intercepted real communication,the date can be tampered with and sniffed without the knowledge of both parties involved in the communication.

6)Side-Channel Attack: Bypassing access control and stealing data, it does not take advantage of the weaknesses in the system, but rather obtains information directly from the system.The purpose of a side-channel attack is to obtain sensitive information by analyzing side-channel information sent by SIL-IoT objects, e.g., power analysis and time analysis.

7)Discharge Attack:High voltage pulse discharge near SIL-IoT devices can cause SIL-IoT devices to work abnormally, and even damage the hardware, so the discharge can be used as a way to attack the availability of SIL-IoT [23], [24].

8)Unauthorized Access: External unauthorized users attempt to illegally access SIL-IoT system services and data,or attempt to access SIL-IoT system services and data that are not within the scope of their authorization, although they belong to internal authorized users or devices.

9)Other Attacks: Attacks using certain features of SIL-IoT,such as software vulnerabilities of SIL-IoT, or hidden backdoors of SIL-IoT.

In general, the types of attacks on transmitted data are eavesdropping, man-in-the-middle, side-channel attack, replay Attack, and unauthorized access, and the types of attacks on physical components are replay attack, discharge attack, physical attack, DoS/DDoS, and unauthorized access.The relationship between the attacks and security requirements is shown in Fig.3.

Fig.3.The relationship between the attacks and security requirements.

III.PRIVACY AND SECURITY ISSUES IN SIL-IOT

This section analyzes in depth the security requirements of SIL-IoT, including privacy, authentication, confidentiality,access control, availability, and integrity.

A. Privacy

Privacy-preserving is to protect sensitive data that an entity or collective entities do not want to be known by outsiders.Sensitive data includes the precise location, the identities of SIL-IoT devices, battery consumption, etc.If such sensitive data is disclosed through unauthorized access or an insider, it can result in potential threats.For example, an adversary can obtain the precise location of SIL-IoT sensor node through network monitoring.Because of the characteristics of deployment in the wild and the absence of supervision in SIL-IoT devices, adversaries could steal or destroy the sensor nodes.

B. Authentication

IoT in SIL-IoT adopts node multi-hop transmission to the base station with open communication links, and consequently with a large number of security threats, which require authentication to ensure the legitimacy of access.Authentication is divided into entity authentication and data source authentication [25].Entity authentication can ensure the authenticity of SIL nodes and the identity information of users accessing SIL-IoT.The SIL nodes and the edge layer should authenticate each other for SIL-IoT use cases, similarly, the edge layer should also authenticate the application when sending data to the application.Data source authentication realizes the function of assuring the receiver that the message comes from the source it requires and preventing illegal nodes from sending malicious messages.

Authorization means that SIL nodes or users with resource access rights have permission to read or write data, run programs and executors, etc., in the SIL-IoT environment, and no one can obtain any information or administrative access without authorization.Authentication is a prerequisite for authorization, and in most cases, proper authentication is not possible without authorization.Authentication and authorization usually boil down to the problem of generating and managing encryption keys [26].Attackers often exploit vulnerabilities in authentication and access authorization systems.For example,an attacker can bypass authentication and authorization mechanisms to maliciously manipulate actuators.Secondly, the attacker invades the gateway node and collects SIL sensing data in real time, which are possible under normal circumstances only when the user and SIL authenticate each other.

C. Confidentiality

Confidentiality refers to the use of encryption and decryption technologies to ensure that confidential information is not leaked to unauthorized entities, which can effectively prevent SIL-IoT users and devices from being subjected to passive attacks.Confidentiality emphasizes that data is used within the scope of authorization, and the data collected by a SIL-IoT node will not be transmitted to other unauthorized nodes connected to it.In addition, confidentiality should ensure that the data is secure throughout the entire transmission process.Data security is the primary requirement in the process of SIL-IoT usage.The leakage and abuse of data, such as the number of nodes, SIL deployment status, and insecticide information,which are related to users’ commercial confidentiality, may cause serious financial losses and emotional effects on the users, which in turn affects the promotion and usage of SILIoT.If the data management of SIL-IoT is entrusted to a thirdparty data management platform, driven by interests, the platform service provider may share the data with other companies without the users’ consent, resulting in data leakage.

Reference [27] divides possible confidentiality threats in the agricultural IoT into four separate categories:

1) Deliberate theft of data through smart applications and platforms that do not meet confidentiality standards;

2) Internal data theft by stakeholders, harming the interests of the users;

3) Unethical data sales, thereby reducing user profits or harming user interests;

4) Unattended access to sensitive and confidential data that is harmful to sustainable agriculture and public safety.

D. Access Control

Access control is an important security mechanism in SILIoT, which ensures that unauthorized users cannot read or modify data and resources by controlling access to the appropriate type of resources for users with specific privileges.At the same time, it guarantees that legitimate users can normally access the resources.Once SIL-IoT access control is broken, it will result in serious consequences such as privacy data leakage and privilege abuse.For example, the gateway(edge layer) is a key location for SIL-IoT because all data goes through it and external users can access the gateway through cloud connections using authentication and access control.However, if the gateway with weak or insufficient access control, hackers can gain access to user passwords in various ways, such as brute force attack or dictionary attack[28], to access the gateway and modify the insecticide data or control system information, thereby affecting SIL pest control efforts and data quality.SIL-IoT has a more complex organizational structure than the Internet, including applications,protocols, hardware, clouds, and a series of links that require access control.It can not simply control the relationship between users and resources as access control for traditional applications of the Internet.Ouaddahet al.[29] summarize the principles that IoT access control should follow: collaboration, adaptive policies, fine-grained, ease of use, distributed autonomous system, heterogeneity, lightweight, and scalability.

E. Availability

Availability is the accessibility and availability that SIL-IoT resources should have according to system performance requirements when SIL-IoT receives a request from an authorized user.For example, SIL-IoT is considered available if SIL-IoT can always provide services whenever users need them.In a SIL-IoT scenario, the real-time availability of data is crucial and the loss caused by availability violation is huge,which may be financial or security loss.SIL-IoT is subject to malicious DoS/DDoS, where an adversary can jam the communication channel, causing SIL-IoT sensors to work out of order, flooding cloud servers with a large amount of data to make them busy and unable to provide services to SIL-IoT devices, etc.Hackers inject viruses into SIL-IoT to enable them to have remote access to SIL-IoT.They can disable SIL during critical solar charging or insecticidal time of SIL, or use it to ask for ransom, which may lead to the loss of large crops, and cause a huge reputation loss to the device manufacturer.

SIL-IoT availability includes SIL-IoT device availability and SIL-IoT data availability.SIL-IoT results from WSNs with insecticidal and solar charging capabilities.WSNs are ad-hoc networks where various failures may occur during actual operation, resulting in SIL-IoT device unavailability[2].According to different characteristics, faults are divided into four types, which are behavior-based faults, time-based faults, component-based faults, and impact area-based faults[30].

References [23], [24] proposes that the high voltage pulse discharge released by SIL will affect the normal operation of ZigBee-based devices, which is also a way to attack WSNs.Due to the high value of SIL and imperfect management, there are more and more cases of SIL being stolen and destroyed,which greatly reduces the effect of pest control and seriously impairs the availability of SIL-IoT devices [4].SIL-IoT devices are used in complex and even harsh environments such as outdoors, and various environmental factors will seriously affect the availability of IoT devices.SIL-IoT devices are deployed in the wild and are prone to mechanical and electrical failures, which will lead to data loss and abnormalities.In addition, SIL-IoT is powered by solar energy, and in the case of an unstable power supply, the data collected by the devices will be discontinuous, resulting in data loss and abnormality.

F. Integrity

SIL-IoT integrity refers to ensuring that data comes from the correct sender and that it is not tampered with unintentionally or maliciously during transmission and storage, or that it can be detected quickly after tampering.Integrity protection is effective against active attacks and is of great significance in ensuring the proper operation and information security management of SIL-IoT.SIL-IoT nodes are connected with WSNs and rely on the edge layer or application layer to make decisions at the source.Introducing forged or tampered data into SIL-IoT will cause SIL-IoT node insecticides to fail to work normally, thus affecting normal crop growth.In an information management system based on SIL-IoT, application layer users can usually only view information, and authorized users can manage information with corresponding authority.Once unauthorized users invade, the data will be exposed to the risk of being tampered with, which can lead to data integrity problems.

IV.SIL-IOT PRIVACY AND SECURITY SOLUTIONS

So far, there have been many solutions aimed at solving IoT privacy and security, which are also directly applicable to SIL-IoT or can be applied to SIL-IoT after modification.In this section, we will review and discuss these solutions from the perspective of security requirements, that is, privacy-preserving solutions, authentication solutions, confidentiality solutions, access control solutions, availability solutions, and integrity solutions, and illustrate these security solutions in Fig.4.Table II presents the security and privacy solutions for SIL-IOT.

Fig.4.SIL-IoT privacy and security solutions.

A. Privacy-Preserving Solutions

The primary goal of privacy-preserving techniques is to ensure that the following requirements are met [15].

1)Anonymity: A third entity can not distinguish data identity from other identities in the system.That is to say, the real identity of the user is private from any external unauthorized entities.

2)Unlinkability: It is impossible to identify data identities from the data they provide, namely, no third party can validate whether any two or more messages from different sessions came from the same entity.

3)Untraceability: It is difficult in tracking activities and information generated by an entity’s behavior in the system.

Anonymity: In order to solve witness update, which is the main bottleneck of anonymous credentials, [31] presents a lightweight anonymous entity authentication scheme with outsourceable witness update for IoT devices, based on the dynamic accumulator.Furtherly are discussed an improved scheme by introducing the concept of self-blinding, where the computation by the prover works is done inG1instead of an asymmetric bilinear map.Since the computation ofG1of an asymmetric bilinear map is an order of magnitude faster than that of bilinear map, the prover can be weak IoT devices.But they do not further optimize the construction.The authors in[32] tackle the problem of implementing privacy-preserving IoT target-driven applications with a fully decentralized anonymous authentication protocol.The nodes can interact and become participants in the cyber-physical system while keeping completely anonymous.Adapted anonymous credentials, secret sharing, and threshold cryptography are used together to construct the anonymous authentication protocol.However, this work does not implement and evaluate the algorithm, as well as refresh the signature key of the system and the corresponding sharing mechanism.

Unlinkability:The contribution in [33] is a new authentication and key agreement scheme for IoT systems where unlinkability in the IoT environment is based on bilinear pairings.The proposed protocol is unforgeable under the adaptively chosen message attack and indistinguishable from the session key under the random oracle model, according to the formal security proof.Under the extended Canetti-Krawczyk (eCK)model, the session key exchange has semantic security.There is a disadvantage as this scheme is impractical and insecure due to its vulnerability to sensor node impersonation attacks.In [35], a lightweight and unlinkable authentication scheme is presented for distributed IoT devices.Dynamic pseudo-identity is created by both user identity and dynamic parameters,where the parameters are based on a freshly generated random variable, such that the user identity is hidden.In addition,all other parameters are processed by random numbers or current time stamps and then sent to public channels.It indicates that between two separate sessions of the access control process, no related information is leaked through the parameters.Hence, this solution can achieve both unlinkability and anonymity.However, the protocol is not resistant to network attacks such as synchronization attack, replay attack, and manin-the-middle attack.Untraceability: Reference [44] puts forward an anonymous authentication scheme for a new distributed IoT system architecture, where the scheme has many notable properties including sensor untraceability.In the process of the authentication scheme, there are three phases: the registration phase, the inter-cluster movement phase, and the inter-network movement phase.On the one hand, in order to achieve user untraceability and anonymity, both the shadow identity and one-timealias identity with transaction sequence number are used.On the other hand, in the first and second phases, the anonymous authentication scheme is unable to repeat the sending parameter in the request messages.It could achieve a satisfactory privacy-preserving against an eavesdropper, including sensor untraceability and anonymity.At the same time, critical data in this scheme may be subject to eavesdropping, malicious modification, and unauthorized access.Likewise, recently Harnet al.[39] focus on a mixed broadcast network that achieves untraceability by a simple cryptographic algorithm.In this solution, the proposed scheme offers message sender untraceability.Specifically, each publicly available value is a combination of values and pairwise keys, which is not distinguished from other values.There are collusion attacks onn-1 server collusion, but not onn-2 servers.The algorithm is one of the fastest in terms of operational complexity, so it is welladapted to wireless resource-constrained IoT.However, this scheme is only explained in theory, and its feasibility has not been verified in practice.

B. Authentication Solutions

The special properties of IoT devices make traditional authentication schemes infeasible and inapplicable.Therefore,researchers have proposed many strong authentication protocols for IoT authentication.The existing authentication protocols can be classified based on various characteristics selected by the protocols.For example, they can be categorized by authentication procedure, there are one-way authentication,two-way authentication, and three-way authentication.Additionally, by authentication architecture, there are distributed and centralized, by authentication factor, with identity and context, etc.[45].Schmittet al.[46] combine end-to-end secure communication with WSNs to design an optimized two-way authentication solution for micro-device two-way authentication in the context of limited IoT resources.They utilize elliptic curve cryptography (ECC) to encrypt messaging and authentication.The literature [36] proposes a lightweight cloud IoT three-way authentication scheme, where a remote gateway in the cloud completes mutual authentication between IoT nodes and the user’s smart devices.This scheme uses three-factor user authentication to prevent device theft attacks.The work in [33] proposes an authentication and key negotiation scheme to achieve unlinkability in IoT environments based on bilinear pairings.Formal proof shows that the scheme is adaptively secure and the key exchange process is semantically secure.

IoT enables internet communication between embedded devices through information and communication technology.The authors [25] propose a mutual authentication protocol for secure communication between embedded devices and cloud servers.There are two main technologies, including ECC and hyper text transfer protocol (HTTP) cookies.The formal proof of the security of the authentication protocol shows that it is robust against all security threats.The Automated Validation of Internet security protocols and applications (AVISPA) tool is used to formally verify the protocol.A more practical approach, such as [37], proposes a lightweight IoT authentication mechanism, where the data from IoT sensors can be accessed remotely by an authenticated user, employing a oneway cryptographic hash function along with bitwise XOR operations.At the user’s end, a fuzzy extractor is used for local biometric verification.The authors leverage real-or-random (ROR) model to analyze the security of the extractor and the AVISPA tool to formally verify security in addition to the informal security analysis.

Seitzet al.[47] proposes a delegated authorization access framework for protected resources under IoT resource-constrained conditions.With the consent of the resource owner,third-party applications can obtain access to protected resources, and the access tokens are generated and authorized by the authorization server.Vu?ini?et al.[48], [49] propose an IoT end-to-end security architecture, which includes an authorization server that provides access secrets to clients, so that the clients can request resources from resource-constrained constrained application protocol (CoAP) node.To satisfy IoT cross-device, context-based, and automated operations, Tianet al.[50] propose a new semantic-based intelligent authorization scheme, which can automatically collect security-related information from IoT App’s description, code,and annotations to generate authorized user interfaces.

C. Confidentiality Solutions

It is necessary to adopt an existing partial confidentiality mechanism to protect the data exchanged between SIL-IoT objects from attackers so that only legitimate users can view the original text of encrypted data.However, limited by the computational power and resources of IoT nodes [51], [52],there is a significant degradation in system performance when running the protection mechanism.There are currently many lightweight cryptographic algorithms that are well suited for resource-constrained IoT nodes [53]–[56].Reference [40] proposes a lightweight encryption scheme to protect the confidentiality of sensitive data in IoT devices, and the design basis is one-time pad encryption.One-time pad encryption is rarely used in practice because it requires the encryption key length to be the same as the plaintext length.The scheme encrypts messages through the additional characteristics of the wireless channel, achieves modularity at the physical layer, and defends against multiple eavesdroppers.

Generally, solutions for achieving confidentiality can be divided into two main categories, namely symmetric encryption and public key encryption solutions.Symmetric encryption algorithms, such as advanced encryption standard (AES)and rivest cipher 4 (RC4), have very high implementation efficiency, but it is necessary to solve the problem that each entity has to share the key with other entities, that is, the key management problem.IoT devices need to exchange confidential data in a dynamic environment, and they must maintain shared keys with continuously changing other devices in order to achieve data confidentiality.Most of the proposed key management schemes are designed for WSNs environments,which cannot satisfy the demand for the IoT.Sicariet al.[57]integrate two key management solutions designed for WSNs[58], [59] to propose a middleware-based IoT architecture.

The key management of traditional public key encryption adopts the method of issuing a public key certificate to a user.However, because the public key encryption key management scheme is very computationally intensive, it is not suitable for IoT devices.Heet al.[60] applied zero knowledge proofs based on the discrete logarithm problem to elliptic curve.Since ECC has high operating efficiency, zero-knowledge proofs can be implemented on IoT devices.Second, they also implemented Wiselib, a portable and open-source algorithm library.

Identity-based encryption (IBE) utilizes strings related to user identities, such as phone numbers, email addresses, etc.,as the user’s public keys, thus avoiding expensive public key certificates.Chen [61] proposes a lightweight IBE-based encryption scheme on the basis of ECC, bilinear maps, and hash functions for securing the communication between radiofrequency identification (RFID) tag devices, with the advantages of simple implementation and significantly reduced computational overhead.Attribute-based encryption (ABE)enables access to encrypted data by introducing a policy access structure.Compared with IBE, ABE can implement more complex access control for decryption operations.Toutaiet al.[62] propose a scheme to implement ciphertext policy ABE on IoT nodes and analyze the security and efficiency of the scheme.Through the cooperation of heterogeneous nodes,the expensive exponentiation operation is delegated to powerful nodes.

D. Access Control Solutions

SIL-IoT access control mainly focuses on three aspects:model, control architecture, and mechanism and process.The traditional access control models include discretionary access control (DAC) [63], mandatory access control (MAC) [64],and their extensions.Currently, the most popular model in information systems is role-based access control (RBAC)[65], which includes subjects, objects, and security access policies, along with two processes of authentication and authorization.When a user accesses IoT, he uses a password or a digital certificate to submit an access application to the system.The system authenticates the application and assigns the corresponding role to the user after the verification is successful.After the access policy compares the user’s access purpose with the intended purpose, the user can access the resources corresponding to its authority.Other models are attributed based access control (ABAC) [66], usage control(UCON) [67], capability based access control (CapBAC),[68], organizational-based access control (OrBAC) [69], etc.Xuet al.[70] propose a federation-based CapBAC (FedCAC)framework for effective access control of devices, services,and information in large-scale IoT, and also propose an identity-based capability token management strategy that includes registration, propagation, and revocation of access authorization.Reference [71] designs an access control policy for the Web of Things (WoT) using the RBAC model and constructs a secure and scalable Web-enabled things architecture that enables the use of WoT services to control who can access and how to continue or terminate access.

Researchers have researched the control architectures of IoT access control for adapting to lightweight and heterogeneous IoT.Architecture types that serve as the basis for access control include policy-based architecture, token-based architecture, and hybrid architecture.The widely adopted policybased architecture type is the extensible access control markup language (XACML) [72], which is the de facto standard for the specification and implementation of access control policy.Denniss and Bradley [73] propose a token-based architecture protocol named OAuth.The resource owner in OAuth encodes the authorization as an access token, and the obtained token client can access the resource hosted on HTTP servers.Riveraet al.[74] leverage user-managed access (UMA) to provide unified access control for a hybrid architecture consisting of IoT devices and intelligent agents.Modeling intelligent agent in IoT device is an effective way to achieve a more powerful and intelligent IoT, and the interconnection of the agents implies the ability to address issues such as network communication access control of sensitive data.

Mechanisms and processes include interaction protocols and data formats in access control.Message queue telemetry transport (MQTT) [75] is a lightweight messaging protocol for IoT access control, applied to bandwidth-limited remote communication.MQTT is based on the publish-subscribe paradigm,where a publisher sends a message to a broker, and in turn, the broker distributes the message to interested subscribers.Constrained application protocol (CoAP) [49] is one of the most commonly used access control protocols for devices based on the client-server model.CoAP performs asynchronous message exchange using UDP and thus has a low header overhead.In terms of data formats in access control, a lot of work combines Java object notation (JSON), XACML, security assertion markup language (SAML), and other data formats to propose IoT authorization frameworks to achieve fine-grained and flexible access control for IoT devices.Seitzet al.[76]propose an encoding of assertions in JSON to support IoT device access control in a generic authorization framework.The decision-making process can be based on local parameters of the IoT device, and the framework is based on current Internet and access control standards, IoT devices decide locally on access control, etc.

E. Availability Solutions

When a SIL-IoT device fails, various algorithms are required to diagnose the fault at the node and the backend to guarantee the availability of SIL-IoT.SIL-IoT fault diagnosis includes four steps, namely detection, isolation, identification,and recovery [77].To improve the availability of SIL-IoT,when a fault occurs, generally SIL-IoT will adopt a fault tolerance mechanism to isolate the fault and ensure the normal operation of SIL-IoT [78].The existing fault diagnosis methods include statistical methods, probability methods, hierarchical routing methods, machine learning methods, topology control methods, and mobile base station methods [2].

The high voltage pulse discharge released by SIL affects the normal operation of SIL-IoT devices, so [23], [24] recommend that the installation distance between SIL and ZigBeebased device should be at least 25 cm.Huanget al.[4]redesign SIL-IoT from two aspects for preventing SIL from being stolen and destroyed.Inside SIL, anti-theft and antidestructive sensors are added, and the optimized design is discussed at three levels: hardware, software algorithm, and shape structure design.Outside of SIL, the UAV SIL is proposed as an auxiliary equipment of SIL for emergency use such as deployment, tracking, and inspection after theft or destruction.

To improve data availability, Karmitsaet al.[38] combine the clustering algorithm and linear regression method to propose a data availability optimization strategy for clustering linear regression.Chhabraet al.[79] incorporate association rules mining and K-means approach to propose a data availability optimization scheme.Reference [80] proposes a 3D convolutional neural network to build a generator network,which can capture the spatio-temporal characteristic of data and achieve data availability optimization.

In [15], the countermeasures against IoT DoS/DDoS are classified into IP traceback and AI techniques.IP traceback can detect DoS and IP flooding attacks in real-time, which is adapted from traditional TCP/IP protocol in IoT.Malehet al.[81] improve the weakness of exchanging cookies during the handshake against DoS attacks, which has better performance in terms of handshake time processing and energy consumption, and which ensures important properties related to communication security protocols.

Paudelet al.[82] propose a novel graph-based outliner detection in the Internet of Things (GODIT) technique to detect DoS attacks.The technology requires only source IP and destination IP to create a data/traffic graph of the network,which is more efficient compared to other DoS detection methods that require a larger amount of data/traffic.AI techniques are considered to be one of the most powerful techniques for designing an efficient Intrusion detection system(IDS).In [83], the performance of two artificial neural networks (ANN) was evaluated to verify which one is more suitable for IDS in the IoT environment.The conclusion is that it is feasible to use artificial neural network multilayer perceptron in IDS for IoT.

F. Integrity Solutions

The SIL-IoT protection and verification approach can be applied to the data generated by the devices [34], [84], the software running on the devices [85], and the stored data (e.g.,in the cloud platform) [86]–[88].Since some mechanisms to achieve integrity are costly and cannot be applied to sensors at the perception layer, Zhanget al.[84] propose a lightweight fragile watermark-based integrity protection scheme to solve resource-constrained sensors at the perception layer for data integrity security.The scheme uses secure Hash algorithms(SHA)-1 to generate a position random watermark, which embeds the watermark into the position dynamically calculated by the sensing data time.

Reference [34] uses a random time hopping sequence and a random permutation mechanism to hide authentication information and proposes an effective and simple solution to achieve the detection of data tampering in IoT systems.In addition, they employ physically unclonable functions to block physical attacks on IoT devices.Control-flow attestation (C-FLAT) implements security guarantees for running software by using control-flow integrity on the device [85].Specifically, C-FLAT first calculates the correct control flow graph, next calculates the runtime control flow information,and then sends this information to the authentication server,which uses remote authentication for verification.If there is an illegal control flow jump, the authentication server can sense the threat and block it.

The classification of storage data integrity includes technologies, protocols, standards [89] and storage architectures of storage server [90].The technologies involved are redundant arrays of inexpensive disks (RAID) [86] and checksum [87].The classification by protocol includes provable data possession (PDP) [88] and proofs of retrievability (PoR) [91], etc.Atenieseet al.[88] design a PDP scheme using rivest-Shamir-Adleman (RSA) signature.A sampling random set of blocks is used to generate probabilistic proofs of possession on the server blocks, and the client uses metadata to verify the proof.However, this method cannot handle dynamic data storage,and this problem has been resolved in [92].The difference between the PoR [91] protocol and the PDP protocol is that PoR verifies all data blocks by storing all redundantly encoded client data, while PDP verifies most data blocks by only verifying a few blocks.In view of the unsatisfactory efficiency of the PDP protocol in multi-copy data integrity verification, Zhanget al.[93] design a new data structure Merkle hash tree with rank to realize PDP support full dynamic data update and efficient integrity verification.

V.BLOCKCHAIN-BASED SOLUTIONS

The current centralized architecture constrains the scalability of the huge IoT network, and blockchain, which adopts a decentralized model, can effectively achieve IoT environment security and handle scalability very effectively.In this section,we will explain how blockchain improves the countermeasures to the security requirements of SIL-IoT.The blockchainbased solutions for SIL-IOT are presented in Table III.

TABLE III BLOCKHAIN-BASED SOLUTIONS FOR SIL-IOT

Blockchain maintains a reliable database collectively through decentralization.There are many database nodes distributed in the blockchain network, with nodes freely connected, all with reciprocal privileges, and each node has a high degree of autonomy.Blockchain is trustless, that is, there is no trusted third party to achieve mutual trust between users but it is based on algorithmic and technical endorsements.User-touser transaction of the blockchain is accomplished through smart contracts.A smart contract is a set of commitments defined in digital form, and contract participants execute the protocols corresponding to the commitments [100].As a representative of emerging technologies, blockchain can effectively deal with the security challenges faced by SIL-IoT[101], [102].For example, when one or more nodes of SILIoT are attacked by DDoS, the distributed structure of the blockchain ensures that the entire SIL-IoT system is still reliable and secure.Secondly, the secure sharing of information between SIL and other devices can be achieved through the tamper-proof function of blockchain.Thirdly, the smart contract reduces the trust cost of SIL-IoT because the execution of the smart contract does not require a trusted third party, and if the conditions of the smart contract are met, the corresponding terms will be enforced and automatically executed.

Blockchain can provide privacy, authentication, confidentiality, access control, availability, and integrity protection for SIL-IoT [94]–[99].Lvet al.[94] implement a privacy-preserving publish/subscribe model for IoT by blockchain, which does not require centralized trust settings and can avoid a single point of failure so that publishers can control data access and subscribers can selectively receive data.The implementation method adopted is the primitive of public key encryption with an equality test (PKEwET).

To solve the shortcoming that IoT cannot achieve an effective centralized authentication system, Hammiet al.[95] propose a blockchain-based decentralized bubble of trust system,where a newly created secure virtual area can ensure that IoT devices communicate in a completely secure way.To address the leakage of sensitive information in IoT caused by the lack of confidentiality, [96] proposes a decentralized outsourcing computation scheme and applies it to IoT, where servers in IoT can perform any number of homomorphic multiplications and additions without access to any plaintext data of IoT devices.In [97], the authors propose a blockchain-based IoT access control framework under the IoT specification.In addition, via the blockchain, they implement a decentralized access control manager for a fully decentralized pseudonymous and privacy-preserving authorization management framework.Chenet al.[98] propose a blockchain-based DDoS attack defense method for IoT devices, which first extracts the network traffic characteristics of edge nodes and analyzes and detects them, and then implements DDoS attack defense through the smart contract mechanism of the blockchain network if abnormal behavior is found.Liuet al.[99] proposes a blockchain-based data integrity service framework, without relying on any third party auditor (TPA), and data owners and data consumers have reliable data integrity verification capabilities.Fig.5 presents blockchain-based solutions for SIL-IoT privacy and security.

VI.CHALLENGES AND FUTURE RESEARCH DIRECTIONS

This section discusses research challenges and future research directions for improving security and privacy in SIL-IoT.They are divided into five subsections as follows.

A. Physical Security of SIL

To enhance the anti-theft and anti-destructive mechanisms of SIL, the physical security of the SIL needs to carry out from the perspectives of hardware, software, and structural design.In terms of hardware, voltage and current sensors are added to the key positions of the SIL to monitor the operating status of the device, and GPS and other positioning technologies are used to locate the position of the SIL.The SIL is monitored for theft and destruction through additional equipment, such as video surveillance and infrared sensors.Abnormal behavior of the SIL is detected through circuit design and system design of the SIL.Circuit design is an anomaly detection method by cables or embedded chips, and system design can detect the physical interaction of the SIL with its surroundings [103].

Fig.5.Blockchain-based solutions for SIL-IoT privacy and security.

In terms of software, corresponding functions are added to predict and identify the stolen and destroyed behavior of SIL.According to the historical data of theft and destruction of SIL, the theft and destruction of a certain SIL node are analyzed, and a prediction model is built by intelligent methods on the basis of information such as node location, the location of the node after the theft, and traceability direction.At present, the identification of SIL theft and destruction mostly adopts a combination of technical analysis and manual methods, which has problems such as low accuracy and long time required, etc.How to accurately and quickly identify the theft and destruction of SIL is an important work in the next step.

In terms of structural design, SIL adopts a power cabinet with a higher safety factor and a reinforced anti-theft structure.The structure of SIL should be optimized in an effort to reduce the cost of SIL and reduce the possibility of theft and loss after being destroyed.Additionally, it is necessary to pay attention to extending the life of the anti-theft monitoring system and ensure the uninterrupted operation of the anti-theft system.

B. AI for SIL-IoT Security

SIL-IoT is characterized by openness, extensiveness, and resource constraints, and the implementation of privacy-preserving and security is relatively complex.AI, such as machine learning (ML) and deep learning (DL), can provide new powerful capabilities to meet the security requirements of SIL-IoT to compensate for the shortcomings of traditional solutions [104], [105].However, AI also brings new potential challenges to SIL-IoT in terms of data, algorithms, and architecture.For example, ML and DL technologies handle different types of data in SIL-IoT, and they should use the least labeled data in the learning process, and resource-constrained SIL-IoT devices must reduce computational and storage overhead.Again, in order to implement AI to solve SIL-IoT privacy and security issues, data sets specifically targeting SILIoT need to be collected.

C. Fault Diagnosis of SIL-IoT

SIL is generally deployed in the wild with harsh natural environments, and fault diagnosis in SIL-IoT scenarios is quite challenging.For example, how to realize the fault diagnosis of SIL under the condition that there is a certain difference in energy collection per unit time of SIL-IoT solar panels.SIL high-voltage discharge insecticide can interfere with data transmission, which can affect the normal work of fault diagnosis.How to design a fault diagnosis strategy to prevent misjudgment and ensure the normal work of SIL.SIL insecticide needs to consume a lot of power, and resulting low power will cause various failures of WSNs.How to guarantee the fault diagnosis under low power conditions.

D. Attacks Against SIL-IoT

The variety and number of attacks against SIL-IoT are unprecedented, and there is a lack of standardized methods to identify and respond to them.SIL-IoT is usually deployed in the wild, difficult to supervise, and vulnerable to hacker attacks.Secondly, SIL-IoT belongs to the energy-harvesting IoT.Whether the data collection and transmission of SIL and the insecticidal work of SIL can continue to work is highly dependent on the battery power.Hackers can often use attack methods that consume SIL’s power, such as depletion of battery attack and DDoS, to achieve the purpose of the attack.One alternative defense is to alternate between solar panels and wind turbine generator systems to charge the batteries.

E. Missing Data Prediction for SIL-IoT Communication

For the problem of periodic loss of communication data caused by external electromagnetic interference (such as SIL high-voltage discharge insecticide), network penetration attack, and misoperation, etc., the prediction method of SILIoT communication missing data should be studied to realize the recovery of SIL-IoT missing communication data and ensure the integrity of communication data.

VII.CONCLUSION

SIL-IoT is a new type of agricultural IoT, which is a combination of SIL and IoT.In this paper, we survey the attacks,security, solutions, and challenges of SIL-IoT from the perspective of overall security requirements.We first discuss the importance of SIL-IoT security, and the security requirements of SIL-IoT, specifically including privacy, authentication,confidentiality, access control, availability, and integrity.We then discuss the relationship between attacks against SIL-IoT and security requirements.We also discuss in detail the security requirements of SIL-IoT and related solutions and review the impact of blockchain, an emerging technology, on solving SIL-IoT security requirements.Finally, we summarize some challenging research areas that still exist, such as the physical security of SIL, AI for SIL-IoT security, fault diagnosis of SIL-IoT, attacks against SIL-IoT, and missing data prediction for SIL-IoT communication.