Full Text:   <241>

Summary:  <38>

Suppl. Mater.: 

CLC number: TP393

On-line Access: 2023-05-06

Received: 2022-08-31

Revision Accepted: 2023-05-06

Crosschecked: 2022-12-13

Cited: 0

Clicked: 397

Citations:  Bibtex RefMan EndNote GB/T7714


Waseem IQBAL


-   Go to

Article info.
Open peer comments

Frontiers of Information Technology & Electronic Engineering  2023 Vol.24 No.4 P.481-508


Privacy and security federated reference architecture for Internet of Things

Author(s):  Musab KAMAL, Imran RASHID, Waseem IQBAL, Muhammad Haroon SIDDIQUI, Sohaib KHAN, Ijaz AHMAD

Affiliation(s):  Department of Information Security, National University of Sciences and Technology, Islamabad 44000, Pakistan; more

Corresponding email(s):   waseem.iqbal@mcs.edu.pk

Key Words:  Architecturally significant requirement (ASR), Architecture trade-off analysis method (ATAM), Internet architecture board, Internet of Things (IoT), Privacy enhancing technologies, Privacy validation chain

Share this article to: More |Next Article >>>

Musab KAMAL, Imran RASHID, Waseem IQBAL, Muhammad Haroon SIDDIQUI, Sohaib KHAN, Ijaz AHMAD. Privacy and security federated reference architecture for Internet of Things[J]. Frontiers of Information Technology & Electronic Engineering, 2023, 24(4): 481-508.

@article{title="Privacy and security federated reference architecture for Internet of Things",
author="Musab KAMAL, Imran RASHID, Waseem IQBAL, Muhammad Haroon SIDDIQUI, Sohaib KHAN, Ijaz AHMAD",
journal="Frontiers of Information Technology & Electronic Engineering",
publisher="Zhejiang University Press & Springer",

%0 Journal Article
%T Privacy and security federated reference architecture for Internet of Things
%A Musab KAMAL
%A Waseem IQBAL
%A Muhammad Haroon SIDDIQUI
%A Sohaib KHAN
%J Frontiers of Information Technology & Electronic Engineering
%V 24
%N 4
%P 481-508
%@ 2095-9184
%D 2023
%I Zhejiang University Press & Springer
%DOI 10.1631/FITEE.2200368

T1 - Privacy and security federated reference architecture for Internet of Things
A1 - Musab KAMAL
A1 - Imran RASHID
A1 - Waseem IQBAL
A1 - Muhammad Haroon SIDDIQUI
A1 - Sohaib KHAN
A1 - Ijaz AHMAD
J0 - Frontiers of Information Technology & Electronic Engineering
VL - 24
IS - 4
SP - 481
EP - 508
%@ 2095-9184
Y1 - 2023
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/FITEE.2200368

Physical objects are getting connected to the Internet at an exceptional rate, making the idea of the internet of Things (IoT) a reality. The IoT ecosystem is evident everywhere in the form of smart homes, health care systems, wearables, connected vehicles, and industries. This has given rise to risks associated with the privacy and security of systems. Security issues and cyber attacks on IoT devices may potentially hinder the growth of IoT products due to deficiencies in the architecture. To counter these issues, we need to implement privacy and security right from the building blocks of IoT. The IoT architecture has evolved over the years, improving the stack of architecture with new solutions such as scalability, management, interoperability, and extensibility. This emphasizes the need to standardize and organize the IoT reference architecture in federation with privacy and security concerns. In this study, we examine and analyze 12 existing IoT reference architectures to identify their shortcomings on the basis of the requirements addressed in the standards. We propose an architecture, the privacy-federated IoT security reference architecture (PF-IoT-SRA), which interprets all the involved privacy metrics and counters major threats and attacks in the IoT communication environment. It is a step toward the standardization of the domain architecture. We effectively validate our proposed reference architecture using the architecture trade-off analysis method (ATAM), an industry-recognized scenario-based approach.


Musab KAMAL1, Imran RASHID1, Waseem IQBAL1, Muhammad Haroon SIDDIQUI1,
Sohaib KHAN1, Ijaz AHMAD2


Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article


[1]Alaba FA, Othman M, Hashem IAT, et al., 2017. Internet of Things security: a survey. J Netw Comput Appl, 88:10-28.

[2]Al-Fuqaha A, Guizani M, Mohammadi M, et al., 2015. Internet of Things: a survey on enabling technologies, protocols, and applications. IEEE Commun Surv Tutor, 17(4):2347-2376.

[3]Al-Qaseemi SA, Almulhim HA, Almulhim MF, et al., 2016. IoT architecture challenges and issues: lack of standardization. Future Technologies Conf, p.731-738.

[4]Alshohoumi F, Sarrab M, AlHamadani A, et al., 2019. Systematic review of existing IoT architectures security and privacy issues and concerns. Int J Adv Comput Sci Appl, 10(7):232-251.

[5]Bassi A, Bauer M, Fiedler M, et al., 2013. Enabling Things to Talk. Springer Berlin Heidelberg.

[6]Cisco, 2014. Internet of Things Reference Model. https://www.cisco.com [Accessed on Aug. 10, 2021].

[7]Chen KJ, Zhang S, Li ZK, et al., 2018. Internet-of-Things security and vulnerabilities: taxonomy, challenges, and practice. J Hardw Syst Secur, 2(2):97-110.

[8]Chen LM, Nugent CD, Wang H, 2012. A knowledge-driven approach to activity recognition in smart homes. IEEE Trans Knowl Data Eng, 24(6):961-974.

[9]Chen SZ, Xu H, Liu DK, et al., 2014. A vision of IoT: applications, challenges, and opportunities with China perspective. IEEE Int Things J, 1(4):349-359.

[10]Dhelim S, Ning HS, Farha F, et al., 2021. IoT-enabled social relationships meet artificial social intelligence. IEEE Int Things J, 8(24):17817-17828.

[11]Domanska J, Gelenbe E, Czachorski T, et al., 2018. Research and innovation action for the security of the Internet of Things: the SerIoT project. 1st Int ISCIS Security Workshop, p.101-118.

[12]dos Santos MG, Ameyed D, Petrillo F, et al., 2020. Internet of Things architectures: a comparative study. https://arxiv.org/abs/2004.12936

[13]Fallmann S, Chen LM, 2019. Computational sleep behavior analysis: a survey. IEEE Access, 7:142421-142440.

[14]Farha F, Ning HS, Ali K, et al., 2021. SRAM-PUF-based entities authentication scheme for resource-constrained IoT devices. IEEE Int Things J, 8(7):5904-5913.

[15]Fremantle P, 2015. A Reference Architecture for the Internet of Things. WSO2 White Paper 02-04.

[16]Frustaci M, Pace P, Aloi G, et al., 2018. Evaluating critical security issues of the IoT world: present and future challenges. IEEE Int Things J, 5(4):2483-2495.

[17]Gerber A, Kansal S, 2017. Simplify the Development of Your IoT Solutions with IoT Architectures. https://www.ibm.com/developerworks/library/iot-lp201-iot-architectures/index.html [Accessed on Mar. 22, 2021].

[18]Hu PF, Ning HS, Chen LM, et al., 2019. An open Internet of Things system architecture based on software-defined device. IEEE Int Things J, 6(2):2583-2592.

[19]Iqbal W, Abbas H, Daneshmand M, et al., 2020. An in-depth analysis of IoT security requirements, challenges, and their countermeasures via software-defined security. IEEE Int Things J, 7(10):10250-10276.

[20]ISO/IEC, 2014. Study Report on IoT Reference Architectures/Frameworks. Kate Grant AHG, SWG5, JTC1.

[21]Javed B, Iqbal MW, Abbas H, 2017. Internet of Things (IoT) design considerations for developers and manufacturers. IEEE Int Conf on Communications Workshops, p.834-839.

[22]Karale A, 2021. The challenges of IoT addressing security, ethics, privacy, and laws. Int Things, 15:100420.

[23]Kraijak S, Tuwanut P, 2015. A survey on IoT architectures, protocols, applications, security, privacy, real-world implementation and future trends. 11th Int Conf on Wireless Communications, Networking and Mobile Computing, p.1-6.

[24]Li C, Palanisamy B, 2019. Privacy in Internet of Things: from principles to technologies. IEEE Int Things J, 6(1):488-505.

[25]McKinney D, 2015. Intel IoT Platform Architecture Specification White Paper.

[26]Microsoft, 2018. Microsoft Azure IoT Reference Architecture V 2.1 26/09/2018. https://download.microsoft.com/Microsoft_Azure_IoT_Reference_Architecture [Accessed on June 10, 2021].

[27]Mongo, 2019. IoT Reference Architecture. https://www.mongodb.com/collateral/iot-reference-architecture [Accessed on June 10, 2021].

[28]O’Donnell L, 2019. Researchers Allege ‘Systemic’ Privacy, Security Flaws in Popular IoT Devices. https://threatpost.com/researchers-allegesystemic-privacy-security-flaws-in-popular-iotdevices/141244 [Accessed on Mar. 17, 2021].

[29]Okeyo G, Chen LM, Wang H, et al., 2011. Ontology-based learning framework for activity assistance in an adaptive smart home. In: Chen LM, Nugent CD, Biswas J, et al. (Eds.), Activity Recognition in Pervasive Intelligent Environments. Atlantis Press, Paris, France, p.237-263.

[30]Pan QQ, Wu J, Bashir AK, et al., 2022. Joint protection of energy security and information privacy for energy harvesting: an incentive federated learning approach. IEEE Trans Ind Inform, 18(5):3473-3483.

[31]Pierleoni P, Concetti R, Belli A, et al., 2019. Amazon, Google and Microsoft solutions for IoT: architectures and a performance comparison. IEEE Access, 8:5455-5470.

[32]Psychoula I, Singh D, Chen LM, et al., 2018a. Users’ privacy concerns in IoT based applications. IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), p.1887-1894.

[33]Psychoula I, Merdivan E, Singh D, et al., 2018b. A deep learning approach for privacy preservation in assisted living. IEEE Int Conf on Pervasive Computing and Communications Workshops, p.710-715.

[34]Psychoula I, Chen LM, Yao XX, et al., 2019. A privacy aware architecture for IoT enabled systems. IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), p.178-183.

[35]Psychoula I, Chen LM, Amft O, 2020. Privacy risk awareness in wearables and the Internet of Things. IEEE Perv Comput, 19(3):60-66.

[36]Solapure SS, Kenchannavar H, 2016. Internet of Things: a survey related to various recent architectures and platforms available. Int Conf on Advances in Computing, Communications and Informatics, p.2296-2301.

[37]Torkaman A, Seyyedi MA, 2016. Analyzing IoT reference architecture models. Int J Comput Sci Softw Eng, 5(8):154.

[38]Yao XX, Farha F, Li RY, et al., 2021. Security and privacy issues of physical objects in the IoT: challenges and opportunities. Dig Commun Netw, 7(3):373-384.

[39]Zhou W, Jia Y, Peng AN, et al., 2019. The effect of IoT new features on security and privacy: new threats, existing solutions, and challenges yet to be solved. IEEE Int Things J, 6(2):1606-1616.

Open peer comments: Debate/Discuss/Question/Opinion


Please provide your name, email address and a comment

Journal of Zhejiang University-SCIENCE, 38 Zheda Road, Hangzhou 310027, China
Tel: +86-571-87952783; E-mail: cjzhang@zju.edu.cn
Copyright © 2000 - 2023 Journal of Zhejiang University-SCIENCE