Security and Privacy for Cloud-Based IoT: Challenges, Countermeasures, and Future Directions

The Internet of Things is increasingly becoming a ubiquitous computing service, requiring huge volumes of data storage and processing. Unfortunately, due to the unique characteristics of resource constraints, self-organization, and short-range communication in IoT, it always resorts to the cloud for outsourced storage and computation, which has brought about a series of new challenging security and privacy threats. In this article, we introduce the architecture and unique security and privacy requirements for the next generation mobile technologies on cloud-based IoT, identify the inappropriateness of most existing work, and address the challenging issues of secure packet forwarding and efficient privacy preserving authentication by proposing new efficient privacy preserving data aggregation without public key homomorphic encryption. Finally, several interesting open problems are suggested with promising ideas to trigger more research efforts in this emerging area.