Emerging IoT domains, current standings and open research challenges: a review

IoNT architecture

With the advent of technology, the ever-increasing density of transistors on a chip, and the recent trend towards having a complete System-on-a-Chip (SoC), have seen a significant reduction in the size of electronic components and embedded systems. During early 1990s, many significant research players shifted their focus towards miniature electronic components, a design ambition that could allow the fabricating nanoscale devices. The first concept of nanoscale technology was SmartDust, presented to DARPA in early 1997 (Kahn, Katz & Pister, 2000). Initially, SmartDust was proposed to operate on radio frequency identification. However, it soon was practiced in full-swing in sensor networks to achieve sensor devices at a micrometer level (Kahn, Katz & Pister, 2000). These nanodevices went through different transformations, from design to communication challenges, power consumption, and susceptibility to the harsh environment (Warneke et al., 2001; Cook, Lanzisera & Pister, 2006).

Figure 3 indicates an IoNT network architecture where onboard sensors and intermolecular communications relay the external gateway information. Atakan, Galmes & Akan (2012) also presented a similar model based on molecular array communication. This novel network paradigm based on nanodevice intercommunication necessitates a number of components to create an IoNT architectural model. Some of these components are crucial IoNT architecture design, where their significance is given as:

IoNT domains

IoNT is divided into two domains: the Internet of Nano-Things Multimedia (IoMNT) and the Internet of Bio-Nano Things (IoBNT). The architecture of the nanodevices is dependent on the capabilities provided by nanotechnology (El-Din & Manjaiah, 2017). According to Jornet & Akyildiz (2012), IoMNT is defined as the connectivity of pervasively deployed multimedia nano-devices with existing communication networks and eventually the Internet establishes a novel communication paradigm that is further referred to as the Internet of Multimedia Nano-Things. According to this concept, nanocomponents must be combined into a single device that can execute common tasks, as illustrated by Fig. 4. The combination of System-on-Chip (SoC) with bio-sensors has the potential to provide a shared technical environment for the IoNT domains. As a result, it is critical to look at some of the common integrated nano components for both the IoBNT and IoMNT domains. Following that, certain architectural features of typical IoNT components may be defined as follows:

Communication and energy conservation challenges in IoNT

To design the communication architecture in the IoNT domain, the researchers are focused on the high-frequency THz band. Due to their limited energy and processing capabilities, nano-sensors and nano-routers may not be able to function at such high frequencies directly; nevertheless, the usage of mico-gateways to compensate for data-rate and bandwidth is quite possible in future IoNT systems. In that regard, Jornet & Akyildiz (2011) investigated the Terra Hertz (THz) band for electromagnetic (EM) communication in these nanodevices. They also proposed graphene-based technology for nano-networks. In their research, channel capacity and interference were observed over a range of THz frequencies. It is suggested to be a suitable communication channel for nanoscale communication due to its very high channel capacity to support high data rates. However, THz frequency’s strong absorption dependency on vapour molecules severely attenuates the signals and introduces noise, thus making this frequency band very challenging for nano-networks communication. As the higher onboard power consumption may require a larger battery size, researchers investigate an alternate strategy to conserve and harvest energy for these nanodevices. In their research on energy harvesting in nanodevices, Jornet (2012) presented a highly opportunistic model based on nano piezo-electric-based energy generators working in THz frequency bands and accounts for temporal variations energy needs in the said band. The research provides a comprehensive energy consumption model in self-powered nanodevices working in nano-arrays, theoretically harvesting enough energy to transmit the packets with minimum loss. However, analytical models in this domain and a concrete proof-of-concept are yet to be achieved.

Another interesting application of IoNT may stem from plugging printed electronics circuits (Subramanian et al., 2005) to the internet. Manufacturers have been investing a great deal of effort in this technology, which may overcome some of the IoNT challenges. Chang, Facchetti & Reuss (2017) extensively reviewed the modern organic electronic printed technologies, which provide ample opportunities to utilize these brand-new solid-state fabrication techniques that we can utilize in IIoT and IoNT applications. These techniques can be implemented in health care, nano, and Industrial applications where onboard computing power and the real-estate of the device matter a lot.

In a similar vein, Ali & Abu-Elkheir (2015) presented a promising ubiquitous health care system model where IoNT devices form nano-network to run health care applications. Their research highlights some of the applications and architectural requirements needed for IoNT based health care applications. The transmission order of molecules provides independence and reduces the need for time synchronization to communicate. The proposed model MARCO was compared with several other molecular communication-based models providing higher communication rates. However, these communication rates are still in the order of Kilobits per second (Kbps). The lack of bandwidth and slower data rates opens research opportunities to investigate other communication technologies for higher throughput and low energy consumption. Miniaturization is a challenge in the IoNT domain, as there is always a trade-off between power consumption and the need for local processing capabilities. The node-level processing is directly proportional to the power consumption, where a high computational node will undoubtedly consume more power. Akyildiz & Jornet (2010) proposed different communication models for these nanoscale devices, especially in the health care industry where molecular communication and electromagnetic communications may appear as the only source of communication between these devices and a gateway device outside the human body.

Power consumption is a critical factor in all of these challenges. Nanodevices, in general, do not broadcast all of the time. To save energy, they only run one at a time and send only critical information based on aggregated events. Routing protocols are critical in designing the communication strategy that enhances network performance while conserving power. Balghusoon & Mahfoudh (2020) presented a state-of-the-art routing protocol for IoNT. The research provided insight into the WNSN and IoNT paradigms, as well as an examination of numerous contemporary routing protocols that are suitable for the features and functionality of nano-communication.

It is interesting to know that power consumption is always somehow translated in terms of battery cells’ real estate to provide power. The higher the power consumption, the larger the battery size, which further limits the actual fabrication of these nanodevices. Many studies have been conducted to wirelessly power these nanodevices as well as into energy harvesting capabilities to keep the device size minimal and enhance the lifetime (Movassaghi et al., 2014; Sarkar et al., 2014; Huang et al., 2012; Fotopoulou & Flynn, 2006). It is of paramount importance to balance how much processing capabilities and artificial intelligence are needed in the cloud or on the local node itself. These requirements tend to change abruptly from applications to application. A modular, self-adapting model is needed to realize these devices truly. In some recent research, alternate communication bands are rigorously investigated for nano-networks.

Finally, it is clear that traditional communication protocols may not be able to support nano-networks in terms of data throughput, scalability, and self-healing capacities. As a result, developing communication protocols for this domain is still considered a work in progress. Recent research in communication protocols, on the other hand, can be applied in the IoNT domain. In that regard, spectrum allocation, service discovery, channel sharing, intelligent routing and self-configurability are some of the most important open research challenges that are yet to be addressed.

Security and privacy challenges in IoNT

IoNT is being integrated into the majority of our daily lives, including health care applications, wearable sensors, and large-scale industrial infrastructures. These devices’ management and monitoring methods have been digitised and linked to the Internet, raising several security and privacy concerns. Because critical data is widely accessible over the Internet, hackers may quickly compromise it. Victims may suffer harm as a result of this, including theft, espionage, and data tampering. To secure sensitive data gathered by nanosensors, new security and privacy approaches are necessary. Dressler & Fischer (2015) believes that IoNT domain is prone to security attacks that can directly compromise not only the private data, but may also result in life-threatening situations by controlling the nanosensors such as implants, drug delivery, and wearable devices to name a few (Guo, Wei & Li, 2020). Some of the prominent security challenges and optimization goals for IoNT networks are discussed in Table 1.

Security and privacy still stand as key open challenges for IoNT and wireless body area networks (WBAN). Healthcare data is vulnerable to passive attack and calls for stringent data protection and security procedures. The data must be protected as close to its origin so encryption systems are necessary for safeguarding applications focused on healthcare. To this end, several researchers have suggested lightweight encryption schemes to guarantee data protection and versatility for WBAN applications. The researchers in Jabeen et al. (2020) proposed a lightweight genetic-based data encryption technique that is bandwidth and power efficient. Similarly, a lightweight access control technology was proposed by Ullah et al. (2021), which focused on a signature-based access control system to ensure less computational cost, hence making it resource efficient.

IoNT ecosystem is vulnerable to a very large threat surface with multi-dimensional attack vectors. The current IoT standards are unable to address the dynamic security, privacy, and data regulation needs in IoNT domain, thus, requires a ground-up security control mechanism that is robust and scalable.

SIoT paradigms

The social integration with internet of things (IoT) requires stringent implementation actions that could extend from the existing IoT solutions. IoT at its core is a conjunction of heterogenous devices and enterprise services that lacks standardization and trust boundary compliance. It is therefore crucial to understand the significance of various SIoT perspectives that are needed to understand the device as well as human behavior in this ecosystem. In this article, the SIoT implementation is investigated based on the following perspectives.

Data protection and privacy

SIoT environment is an example of pervasive computing based on need-based human data. Typically, devices including (sensors, mobile phones, passive internet devices, etc.) are used for data acquisition, that may take many forms. In broad context, SIoT networks must regulate the reactive and pro-active nature of the data. This is crucial to maintain the data protection and privacy in the entire process, that is, data in motion, as well as data at rest. The data acquisition can invoke data-crawling and learning methods to pro-actively analyze the situation-based learning. Whereas the reactive data acquisition may require a real-time query. Therefore, in SIoT context, data acquisition must comply with security, data protection and privacy compliance.

In order to establish SIoT as an ecosystem, these holistic perspectives must be studied in the context of a framework. This will allow IoT enabled smart devices to interact with humans, social networks following an architectural neutral framework, that could integrate current enterprise solutions, applications and various IoT based services to social networks. The SIoT framework requires an insight into the fundamental building blocks, that are given in Fig. 9.

It is critical to comprehend these crucial building blocks, which are outlined below.

The SIoT taxonomy

The SIoT taxonomy is now presented based on the aforementioned paradigms and building blocks. The SIoT taxonomy as illustrated by Fig. 10 is used to investigate the literature in this domain.

Although various IoT architectures have been proposed in the past, there still lacks a complete architecture for SIoT domains. Most IoT architectures are based on layered approach that abstracts the hardware, network, and applications. Due to the heterogenous nature of IoT devices, underlying technology, network stack and end enterprise implementations, there lacks a standardized architecture in this domain (Al-Fuqaha et al., 2015). In recent years, middlewares have been proposed to abstract the communication and network layers to interface between smart devices and enterprise applications/services. Ideally, SIoT architectures must support layered architecture with components and service abstractions managed by middlewares. In addition, the middlewares can also enable the trust management and privacy governance while integrating SO to SNs. Table 6 compares several proposed SIoT architectures in detail.

The most significant goal is to realize a social network of smart things that can interact naturally with each other by understanding each other’s trust and privacy requirements to form virtual groups. These virtual groups or societies are scalable, share information and resources, inference on each other’s network-based intelligence, and collectively perform a task if required. Kranz, Roalter & Michahelles (2010) first presented the idea of realizing future pervasive computing where human users and technical systems collaboratively provide service to each other. They demonstrated a cognitive-aware office model where everyday things were made smart using RFID.

Atzori, Iera & Morabito (2011) first referred to this concept as a unique evolution of “Smart things” to “Social Things”. They put forward a concept where devices or, in this case, referred to as simply objects form different types of associations that are based on co-parental, co-work, a co-objective, or social grouping of one or all the above. The researchers believe a handful of smart objects, including mobile devices, RFID fobs, smartwatches, from multiple vendors capable of performing various tasks (similar or completely different), can be put to work in the same location. This strategy will allow a human-like social gathering of smart objects which is sometimes location-based, continuous or sporadic. This social object relationship model with similar capabilities forms the basis of social network and could be compared to the human social networking model given in Fig. 11.

Moreover, Atzori et al. (2012) further extended their social object framework concept to outline the overall concept and architecture of SIoT by characterizing the underlying networks, objects, and functional requirements. Their idea revolved around a flexible network with virtually no boundary and a hierarchical level of trustworthiness that governs the relationship between these objects. The researchers also claimed that humans’ interaction patterns could be directly applied to objects in a pervasive environment where these behaviours or patterns can be mapped and programmed to their respective services or actions. A four-layered service model was also proposed to model these behaviours from the early stages of device provisioning, service discovery, and relationship to service provisioning. This research was a comprehensive way forward where the application examples highlighted the need and future adaptation of SIoT networks.

Ortiz et al. (2014) investigated the integration of human interactions with IoT networks in order to create social conscience-based networks. They built a user-roles-based relationship between smart objects and social networks in the suggested research, which may also infer SN-based intelligence for communication. Furthermore, the proposed architecture included a consumer-product connection based on trust to facilitate D2D, H2H, and H2D interactions. This study is an important step in decoupling the fundamental building blocks, user roles, and integration strategies for future SIoT networks. However, no precise implementation strategy was offered, which may have established an appropriate platform for implementation.

Kim, Fan & Mosse (2017) presented a client-server architecture for SIoT applications . The three-tiered architecture is built on a client application for D2D communication, a server component for human and SN interaction, and databases for accessing user data. The client application begins device access and access rules to manage end-user communication, whereas the server client provides general access among all components. This architecture may appear to be suitable from the standpoint of communication; nevertheless, user roles, trust, and privacy must rigorously conform with the SNs and data rules of the relevant network. Furthermore, this approach lacked a defined plan for scaling and integrating with multiple devices and networks.

Ganti, Ye & Lei (2011) proposed the concept of trustworthy sensing-enabled devices that collect and exchange data for communal processing and measurement of pertinent information. Smart objects such as GPS sensors and mobile phones were employed in their examples to collectively exchange data, which was then aggregated and displayed to make informed decisions. The study shed light on the worth of data supplied by items. Because the majority of the data flowing from these nodes contains user or private data, it alluded to the need for a trust, privacy, and governance paradigm.

Gulati & Kaur (2019) proposed a four-layer semantic-oriented platform architecture for SIoT as a reference model, with four layers: objects, communication, SIoT management, and application. The lowest layer is the layer of objects, which refers to the objects that are placed on the SIoT and communicate via local networks and sensors. Protocols, gateways, and technologies needed to communicate amongst objects are included in the communication layer. The SIoT management layer relates to SIoT platforms and services that comprise key components such as identification management, object profile, proprietary control, discovery of services, composition of services, trust management and relationship management that communicate through the API to the app layer. Although a thorough SIoT architecture is presented, which allows information flow at every layer, implementation details and interface with current solutions and platforms are still lacking.

Kortuem et al. (2009), on the other hand, concentrated on the categorization of privacy-based characteristics for SIoT designs. In their study, smart objects were characterised by their activity, process, and policy-awareness, which allows for the deployment of smart objects based on trust and privacy needs in various application situations. This categorization provided information on the behaviours, context, process, and regulations that control a specific device in a given application situation. It is extremely probable that these smart devices will create virtual groupings that are either:

• Activity-aware to perform a specific task.

• Policy-aware to follow domain-based/role-based rules to accumulate data over a long period.

• Process-aware and to perform context-aware tasks (which will also become a behavioral quality of future SIoT).

The strict data privacy, policy-awareness and trust compliance requires a thorough investigation of trust roles and trust management (TM) strategies for real-world applications. This trust-based relationship is investigated in the following section.

Trust roles and trust management

The challenges of trust are among the most important in present IoT technology which address the interaction between objects. Lack of confidence in things that collaborate socially causes issues such as loss of privacy, safety, security, access, and information manipulation by unauthorized people or objects (Kowshalya & Valarmathi, 2017; Nitti, Girau & Atzori, 2013). Every object in the SIoT technology stacks must have a high confidence level in its adjacent objects in order to have a trustworthy communication. A trust-based connection also facilitates to identify trustworthy and malicious objects based on the confidence levels.

Data privacy and confidentiality are one of the most critical design challenges for SIOT TM architecture. It is important to consider the heterogenous nature of these objects, that inherits a host of vulnerabilities and security shortcoming at object level. A security strategy is therefore necessary for limiting network access from assaults in the access control system. Therefore, it is crucial to design an intelligent TM control to prevent unauthorized access to objects and its associated data within SIoT networks. The identification of trust types between smart objects holds a significant importance in designing TM solutions. Table 7 presents a few trust type relationships reported in the literature.

According to the literature, trust types differ depending on the application and context. It is extremely unlikely that a single trust type profile could cover all object-specific tasks and confidence levels. As a result, an intelligent and dynamic TM architecture that adjusts to the deployment scenario is required. However, TM architecture, which correlates to trust, privacy, and data security, remains one of the most critical open issues in the SIoT domain. These research questions, as well as possible solutions, are explored in the section that follows.

Open trust management challenges in SIoT domain

The integration of smart objects, humans, and the SNs poses data leakage and security risks. In addition, it is imperative to ensure the trust management and confidentiality to comply with the data protection policies. Unlike other IoT domains where security policies are mostly devised for intra-network communications, SIoT ecosystem focus mainly on data protection and privacy. In this regard, some of the most critical open research challenges in SIoT domain include:

• Trust, Privacy and Security.

• Trustworthiness Management.

• Context-aware collaborative computing.

Much research has been undertaken on trustworthiness management in social and peer-to-peer (P2P) networks, with the vast majority centered on the concepts of reputation-based methods maintained either locally, centrally, or disseminated throughout the network. As a result, a computation model is required that quantifies a probabilistic estimation average, which aids in determining if a participant’s reputation has increased or decreased as a result of malicious information sharing with its peers (Golbeck, 2005; Nitti et al., 2017; Sun et al., 2019).

Nitti, Girau & Atzori (2013) and Nitti et al. (2017) investigated trustworthiness management in SIoT by thoroughly researching two approaches for developing scalable, dependable social behaviour in smart devices. The study focuses on supervisory control, which first allows the system to provide a certain service to an object with which it interacts. The instances of allowing or denying requests then aid in the learning and training of the model to develop direct or indirect interactions based on the requester and its characteristics (scored based on its actions and intentions). The subjective trustworthiness model focuses on the social viewpoint, how humans interact with their friends, and how they maintain the relationship level structure. The trustworthiness is based on the same principles as word-of-mouth in a human interaction setting, resulting in a trustworthy relationship that follows the hierarchy of friends or friends of friends.

On the other hand, the proposed model substantially resembled the P2P method. Each node and its related action information were saved in a Distributed Hash Table, which is accessible to the entire network but can only be managed by Pre-Trust Objects (PTO). In its most basic form, any node can request a PTO to inquire about another node’s reputation and trustworthiness. A credibility system prevents hostile nodes from delivering misleading or negative feedback. However, the proposed scheme could not provide a complete trustworthiness management model that could be directly applied to SIoT.

Morever, Nitti, Atzori & Cvijikj (2014) proposed a concept of social network construction for smart objects in which service discovery, network navigability, trust, and connection selection are all dependent on the relationship created between objects. According to the study, objects inherit certain human characteristics and use these as a behavioural feature while seeking for new friends. They believe that a first relationship or search for comparable service (in the context of smart objects) fits the sociological model.

In another study, Zhang et al. (2018) proposed a contract-based access control framework for managing access control provision for IoT networks. The distributed blockchain-based access control mechanism overcomes the single point of failures and provides authorization and validation for subject-object pairs. The proposed scheme enhances network trustworthiness by blocking access to all rogue IoT devices. In addition, the distributed architecture can scale seamlessly in an SIoT deployment scenario. Furthermore, the dynamic access policy assignments can allow for fine-grained controls per application or device-roles basis. Similarly, an attribute-based access control framework was proposed for smart cities environment, that could be implemented in SIoT domains. In Zhang et al. (2020), the researchers proposed a distributed access-control framework that combines blockchain and attribute-based access control (ABAC) model. The proposed strategy incurs less deployment costs in terms of operational complexities and can be used for SIoT environments that have a very large-scale network and data flow.

An et al. (2015) proposed a crowdsourcing task assignment model based on credible interactions between users. The proposed model investigates user interaction, relationship cognition to generate credibility ranks, including service quality factor (SQF) and link reliability factors (LRF). The rank metrics are then utilized to build a crowdsourcing community of smart objects. As shown in Fig. 12, the proposed strategy focuses on cognitive modelling of social relationships, application recommendation systems, and a credible route detection system to train the cognitive task assignment to end objects.

Along the same lines, Liu et al. (2019) proposed a real-life application scenario of SIoT and mobile crowdsourcing application for location-based networks in their study. Offline event marketing has grown in popularity among local and global, small and large-scale companies all over the world. Many models support an offline event marketing presence based on First-come-First-Served (FCFS) or Nearest First (NF). Using the concept of marketability, the researchers recommended using location-based social networks such as Facebook and FourSquare to maximize an offline event visitor’s likelihood scenario by inferring intelligence from ideally selected participants. The suggested cost-model accounted for customer loyalty, distance from the event, and the recommendation index, and it was tested to real-world datasets to demonstrate efficiency and increase in participant selection. The proposed model may adapt to a niche application scenario; however, it cannot be scaled up and implemented as a TM solution for SIoT domains.

Similarly, SIoT data security and privacy concerns are yet to be addressed. It is vital to understand the threat vectors that are linked to the entire IoT threat surface. In this regard, Rizvi et al. (2018) presented a holistic view security and data privacy aspects of IoT networks. In their research, a security taxonomy is presented that aligns open security challenges with IoT technology and components at various architecture layers. The article first identifies various IoT architectures and associated threats at every layer. This is crucial to analyze the open threat surface vulnerability and associated threat vectors that could weaken the entire security for IoT systems. In addition, the researchers defined the trustworthiness of the IoT systems by investigating overall system privacy, data availability and reliability. Finally, the importance of compliance and governance establishes the need for security practise standardisation, which could aid in risk mitigation and network security, as well as data privacy in IoT networks.

Along the same veins, in Rizvi et al. (2020a) the researchers investigated the attack surfaces by decoupling into various zones, that could help to mitigate the security risks in IoT networks. The researchers proposed a threat model to identify the system weakness and associated vulnerabilities at every layer of the architecture. This mapping of vulnerabilities is crucial in identifying the threat levels during the design, implementation, as well as integration of IoT systems. Various IoT domains including personal, health-care, transportation, and industrial IoT were studied to investigate a 1:1 mapping of device vulnerabilities to threats/vulnerabilities. The proposed model provides a visual representation of IoT network security vulnerabilities in context of trust zones and attack points.

Similarly, in Rizvi et al. (2020b), the researchers proposed a threat modeling approach at the device level to address the security issues. The proposed work investigated various IoT domains by modelling device vulnerabilities based on NICT CVSS scores. In addition, the researchers highlighted the security control measures to mitigate security threats for IoT domains.

Ali, Ishak & Bhatti (2021b) provided a similar approach to investigate the threat vectors and threat surfaces by aligning them to various IoT architectures. The proposed technique modelled an Industrial IoT device for various attack vectors at every layer. In addition, a holistic security view was provided by zoning various components and its associate data. Finally, the threat vectors were categorized into risk metrics using NICT-CVSS scores.

These techniques are crucial in identifying the overall system weaknesses for IoT domains. In general, the security of any system is evaluated by its weakest link, therefore, threat modeling is critical in identification of threat surface landscape. The security and privacy can only be improved by strict compliance and governance, that requires ground up modelling from top to bottom, and from inside out. In addition, social IoT networks are prone to additional vulnerabilities due to the vast amount of data flowing through IoT networks. The data is particularly vulnerable to attack both at rest, and in transition. Therefore, security, privacy, trust, and compliance must be investigated in parallel to be able to govern secure future IoT networks.

Mitigating security challenges in SIoT

In addition to the security, privacy and trustworthiness challenges in this domain, the real-world implementation may still require additional insights and conclusive solutions. Some of these challenges and possible solutions are presented in Table 8.