Identifying the common threats and vulnerabilities in the Internet of Things (IoT) and offering security policies for confronting them

the objective of this research is to identify the common threats and vulnerabilities in IoT and offering security policies to cope with them.

the methodology of this research is applied based on its objective, and descriptive-surveying based on data collection. The statistical population includes all exerts and professors of IoT in universities of Tehran with 50 members. The sampling method was convenience non-random. The sample volume detected was similar to the statistical population. The research tool was the researcher-made questionnaire from the systematic study of thematic literature. The validity of the questionnaires was obtained by referring to the experts of the IoT field. The reliability of the tool was 0.88 using Cronbach’s alpha coefficient for the questionnaire. Data was analyzed using descriptive and inferential statistics by SPSS software.

Although various standards have been developed in the field of security and confidentiality in IoT, the security needs of IoT and even its risks have not been still identified and analyzed. In addition, it needs confidentiality mechanisms, accuracy, authentication, and access control precisely. According to the findings of the tests of this research, vulnerabilities can be classified and cited in 21 groups.

the results of tests show that various experts based on their landscapes and activity fields determined a varied set of security policies to cope with Internet threats in the IoT field. However, the most important security policies against the security threats in IoT include mutual and efficient authentication, access control, secure architecture configuration, encryption of communications and data, chronology, and monitoring by concluding the provided ideas.