Security and Privacy for Low Power IoT Devices on 5G and Beyond Networks: Challenges and Future Directions

An examination of the existing literature has demonstrated that while additional technologies can be utilised to enhance IoT security, the proposed methods do not fully address the three principles of security being confidentiality, integrity and availability [7]. Additionally, an absence of device security standards across the industry contributes to an increased risk of loss of privacy and security. Consequently, privacy concerns, which are paramount in cyber security protection, have been absent in 5GBN IoT research, particularly in the Australian context. From this literature examination, an exhaustive list of relevant high-quality journal articles have been analysed to investigate the current field of knowledge and concerns researchers have identified. Due to the rapidly evolving landscape of IoT and cybersecurity, this paper investigated additional research areas, including industry white papers and government publications for the most recent developments. The process of article selection is highlighted in Figure 2.

An extensive analysis of existing literature has revealed that the primary method to enhance the privacy and security of personal IoT devices on 5GBN has been to utilise cutting-edge contemporary digital technologies such as blockchain, Machine Learning (ML), and Artificial Intelligence (AI). Many of the scrutinised articles focus on adding protective layers, such as ML, without fully addressing all IoT characteristics and the three basic principles of security which are confidentiality, integrity and availability concurrently [8]. While recent studies, such as those conducted by the authors in [9] and [10] explore the use of emerging technologies and threats, human-centric issues and the mechanisms that lead to data exploitation through legitimate means are not investigated. Consequently, the preliminary investigation has identified the following issues related to cyber security vulnerabilities surrounding IoT data privacy concerns.

From the preliminary investigation, this research identified several issues affecting personal IoT privacy and security.  Individual users of personal IoT devices are an unreliable and uncontrollable variable of data confidentiality. A reliance on end-users of IoT devices to apply strong password policies and ensure that device software is kept up to date is inadequate and can lead to significant security concerns [11, 12]. Although the safe handling of confidential information is paramount to ensuring the security of IoT devices on 5GBN [13], in the study by the authors of [14], half of the device manufacturers investigated did not adopt an adequate privacy policy for their devices. Further, two in the study failed to comply with their own stated policies. Data security concerns are heightened as data may not always be secure. Failures of data security are, in part, the result of the low power consumption and limited processing capacity of IoT devices. These power constraints often result in abandoned or weaker encryption methods [15]. Due to these issues, IoT on 5GBN will increasingly rely on emerging technologies, such as AI and ML, to enhance security and privacy, which are prone to cyber security threats [16]. While researchers continue to investigate the use of these innovative technologies to enhance security and privacy preservation, the resource-intensive nature results in the technologies being deployed at the edge, either in the cloud or fog. However, the absence of physical layer security and IoT device security standards are problematic and create challenges for manufacturers to ensure their devices are secure by design. As a result of the investigations, this paper has identified significant issues inhibiting the development of IoT security on futuristic networks, as summarised below:

• •

  Studies have demonstrated that individual users often fail to follow recommended security procedures for data protection.

• •

  Half of IoT device manufacturers investigated in one study did not adopt an adequate privacy policy for their devices.

• •

  IoT device characteristics contribute to data security concerns due to low power consumption and limited processing capacity.

• •

  The physical layer of IoT remains vulnerable to adversarial attack due to the limited computational processing power.

• •

  To enhance the security of data collected by personal IoT devices, the use of contemporary digital technologies is often called upon, which are vulnerable to cyber security threats.

With the key challenges identified above, this paper has identified future research directions to enhance personal IoT device security. The main contributions of this article are summarised as follows:

• •

  Identify five key areas that impact IoT security for futuristic next generation networks through a systematic literature review.

• •

  Classify the risks to security and privacy for users of personal IoT devices on next generation wireless networks.

• •

  Highlight security risks associated with an absence of IoT device security standards on futuristic networks.

The remainder of this manuscript is organised as follows: Section 2 explains the methodology used and defines the research questions and article selection process. Section III will categorically investigate each of the research areas that influence privacy and security on 5GBN, with the organisation of the review illustrated in Figure 3. Section 3.1 explores the evolution of internet privacy and how device exploitation has infiltrated personal privacy and security. Section 3.2 investigates how IoT characteristics contribute to security vulnerabilities. Section 3.3 examines the role of contemporary digital technologies in securing personal security and the risks of over-reliance on these technologies. Section 3.4 explores how human-centric issues generate security vulnerabilities for personal IoT devices and the challenges these issues create in security IoT on futuristic networks.

Section 3.5 investigates how data is collected and managed by personal IoT devices and the risks associated with the mismanagement and misuse of the data. Section 3.6 explores the role of IoT security standards in enhancing personal IoT device security. In Section 3.7, this paper investigates the need for futuristic network technologies and the potential implications for personal IoT device security. Section 4 presents the key findings and future research opportunities of this literature review. Finally, Section 5 presents the conclusion of this work.

With an area of research identified, the development of inclusion and exclusion criteria for the article analysis was developed. The development of inclusion and exclusion criteria for the research allows it to remain focused and on topic. It additionally aids with the development of database search terms to identify relevant literature. The exclusion criteria are listed below with a brief explanation for the exclusion:

• •

  Limit the years of research from 2009 until 2022. As the IoT industry is rapidly evolving [17], it is necessary for this research to limit the years of research for specific areas to no older than 2009. As highlighted by the authors of [18], they make a case that the age of IoT began between 2008 and 2009. Although the term was created much earlier, it was during this time that the number of devices surpassed the number of people. Additionally, the network technology in 2009 was Third Generation (3G) wireless technology, with 5G only entering service in 2019. With 3G being superseded and approaching the end of life, it was necessary to define a point where IoT in personal communication was beginning to enter mainstream society and the network technology available at the time is still accessible by modern devices.

• •

  4G and older technology. As the research is focused on 5GBN technology, the inclusion of redundant networking technology would add little value to the research.

• •

  Industrial IoT applications. Although related, personal and industrial IoT device security should be investigated separately.

• •

  Legislation. While security and privacy encompass areas of law, it is beyond the scope of this research to identify legal requirements for the use of IoT and network communication across multiple jurisdictions.

The list of inclusion criteria is included below and allows for the deep analysis of the research questions formulated in Section 2.2:

• •

  User-centric issues. As users of low-power IoT Devices have been identified as a significant security challenge for IoT data, it is necessary to investigate the role of individual users.

• •

  Contemporary digital technologies. With a growing reliance on contemporary technologies such as blockchain, AI and ML, the inclusion of these technologies is needed to investigate how they can enhance protection and identify potential issues from their use.

• •

  Security and privacy of data collected on IoT devices. As this research focuses on data privacy and security of IoT devices on 5GBN, it is necessary to include it in the research,

• •

  IoT characteristics. As IoT characteristics are contributing factors to their overall security, the inclusion of IoT characteristics is necessary.

• •

  5G and beyond networks. While researchers are currently investigating 5G applications, preliminary investigations of futuristic networks are already underway. The inclusion of relevant next-generation technologies will assist in identifying challenges that lie ahead.

• •

  Personal IoT device security standards. The purpose of standards is to ensure the safety of products, services, and systems through setting specifications, procedures, and guidelines [19]. An investigation of security standards for personal IoT devices will help to identify areas that need further development.

The following initial thought-provoking research questions have been investigated with the research issues identified above. In addressing these questions, the research has developed an understanding of personal IoT device security and the role users play in personal IoT device security on futuristic networks. Additionally, the research has explored what data may be collected, how it is used and how personal IoT device security is enhanced using contemporary digital technologies. Finally, the research explored gaps in existing knowledge that impact IoT security and privacy on futuristic networks. In summary, the following research questions (RQs) have been explored as a part of this study:

(RQ1): How is privacy protected on low-power personal IoT devices?
(RQ2): What is the impact of IoT characteristics on privacy for personal IoT devices?
(RQ3): What is the role of contemporary digital technologies in privacy preservation on futuristic networks?
(RQ4): How do existing standards protect confidential data originating from low-powered personal IoT devices?

To answer the research questions outlined above, a comprehensive search process was conducted to capture the relevant literature. In aligning with the inclusion and exclusion criteria outlined in Section 2.1, literature searches were kept within the period of 2009 until 2022. However, as part of the background discussion of internet privacy, which forms an integral part of IoT privacy, the research included journal articles from 1989. Google Scholar was used to identify thematic trends within articles within the periods identified. From the papers identified, the titles, keywords and abstract were collected for thematic analysis. From this search process, we were able to identify 137 articles for inclusion, of which the most related articles are shown in Table 1. The search terms used in Google Scholar are highlighted as follows:

TITLE_ABS_KEY((“IoT privacy” OR “IoT security” OR “network privacy” OR “network security” OR “internet privacy” OR “internet security” OR “IoT AI/ML” OR “IoT machine learning” OR ”IoT artificial intelligence” OR “IoT blockchain” OR “IoT security standards”) AND (“5G” OR “6G” OR “futuristic networks” OR “beyond 5G” )) AND (LIMIT_TO (PUBYEAR, 2022) OR LIMIT_TO (PUBYEAR, 2021) OR LIMIT_TO (PUBYEAR, 2020) OR LIMIT_TO (PUBYEAR, 2019) OR LIMIT_TO (PUBYEAR, 2018) OR OR LIMIT_TO (PUBYEAR, 2017) OR LIMIT_TO (PUBYEAR, 2016) OR LIMIT_TO (PUBYEAR, 2015) OR LIMIT_TO (PUBYEAR, 2014) OR LIMIT_TO (PUBYEAR, 2013) OR LIMIT_TO (PUBYEAR, 2012) OR LIMIT_TO (PUBYEAR, 2011) OR LIMIT_TO (PUBYEAR, 2010) OR LIMIT_TO (PUBYEAR, 2009)) AND (LIMIT_TO (DOCTYPE, “cp”) OR LIMIT_TO DOCTYPE, “ar”) OR LIMIT_TO DOCTYPE, “ch”) OR LIMIT_TO DOCTYPE, “bk”) ) AND (LIMIT_TO) (LANGAUGE, “English”))

One of the earliest endeavours of privacy research on computer networks was conducted in 1989 [37]. At the time, the privacy concerns specifically regarded the most common form of network communication being electronic mail, otherwise known as email. The author of the paper identified a lack of security mechanisms for online communication and proposed a range of measures, such as encryption, to enhance security and protect privacy. Privacy concerns originally identified in 1989 continued as an area of investigation for a decade, emerging as the biggest concern facing users of the internet in 1999 [38]. At the time, privacy concerns among internet users surpassed other issues such as spam, ease of use, cost and even security.

Although the concept of IoT was first introduced in 1999, around the same time as the privacy research by the authors of [38], IoT technology pre-dates many of the technologies discussed in the authors study. With the widespread use of the internet in its infancy, the new concept of IoT, and initial research of 4G network technology which would become commercially available a decade later, the privacy and security concerns of these converging technologies remained uncertain [39].

The introduction of widely used social networks and popularity of services provided by search engines such as Google in the early part of the twenty-first century heralded a new era of privacy issues for online citizens. Interactions online and between website users, their social connections online, their location and activities, were soon avenues of exploitation by both website administrators and cybercriminals. Public awareness to privacy issues arising through unregulated social networks, search and general website browsing were a driving force for the introduction of measures to allow users to protect some of their details online. However, much of the data collected in the early 2000’s originated through direct interaction with websites or through tracking of activities using Cookies. The ability of IoT to collect data without direct interaction altered the dynamics of online privacy and security.

Since the research by the authors in 1999 [38], the widespread usage of the internet has grown exponentially [40], becoming a fundamental part of society, driving global e-commerce [41], industry and social interactions [42]. With an estimated figure of approximately 5.5 billion users at the end of 2022 [43], its usage encapsulates a significant proportion of global citizens. The growth in its use has partly been driven by increased access to affordable, portable devices with internet connectivity, such as smart mobile phones and wearable devices [44]. However, while increased access to internet connected devices has allowed more people to engage online, the growth of IoT devices has resulted in most of the internet traffic having no direct human interaction [45]. While on the surface a lack of human initiated internet engagement would appear to have a negligible impact on privacy, the increased amounts of data collection by IoT devices that have the ability to collect sensitive personal information are proving problematic for privacy preservation [46]. With ever-increasing numbers of personal IoT devices, privacy preservation is becoming increasingly challenging for the average person [47, 48], and for cyber security researchers tasked with enhancing IoT security.

While network communication, privacy and security are now considerably more sophisticated than they were in 1989, the development of IoT in conjunction with emerging futuristic wireless network technology is creating not only new challenges for researchers, but also new avenues for exploitation. While online security and privacy has been an area of constant investigation, the potential for device exploitation, particularly through public surveillance which exposes users’ privacy, has been absent from research. Additionally, the vast amount of data collected by such devices is creating new security challenges for cyber security researchers.

In summary, privacy preservation through public surveillance was initially investigated by the authors of [29] in 2009. In this study, the authors primarily investigated the impacts of surveillance from cameras and the impacts they have on privacy. Their study, while addressing many concerns regarding privacy preservation from public surveillance, failed to consider the future potential of IoT devices and the risks they pose to privacy, only briefly addressing IP connected cameras. While IoT was new at the time and 3G network technology was the mainstay of wireless communication [49], failing to fully address potential privacy and security concerns originating from mass data collection could be considered an oversight. Additionally, privacy exploitation through technologies available and widely used at the time was also not vigorously investigated. One such example is the Global Positioning System (GPS) location tracking through smart devices such as mobile phones. The concept of location tracking through GPS and wireless technology was investigated in 2002 [50], demonstrating how GPS data can be transmitted across wireless networks. Nevertheless, while the research conducted by the authors of [29] does not consider IoT’s implications on privacy, their investigation lays the foundations for privacy preservation in computing networks.

The characteristics of IoT form a leading role in the cyber security and privacy challenges of personal IoT devices on 5GBN. These challenges stem from a requirement for low power consumption, which subsequently results in low computational processing power. Following these limitations at the device level, the network communication characteristics of IoT create additional challenges for IoT security. This paper will now discuss each of the characteristics in detail.

Researchers have identified five main areas of concern to privacy and security on futuristic networks [31]. They are authentication, access control, malicious behaviour, encryption, and communication. With the increased usage of personal IoT devices and a progression to evolving futuristic networks, researchers have started to investigate the use of contemporary digital technologies such as AI, ML and blockchain to enhance the security of these low-powered devices [74, 75, 76, 77]. This paper will now investigate the three most researched technologies, AI, ML and blockchain, to determine the strengths, weaknesses, and suitability of each technology in enhancing the security and privacy of low-powered personal IoT devices on 5GBN, as illustrated in Figure 5.

Today, IoT devices are present in a multitude of settings [7]. Government departments such as police and customs rely on Internet Protocol (IP) cameras to detect biometric features for crime prevention and improve efficiency in immigration processing [114]. Federal aviation safety regulators use GPS sensors to track aircraft movements to enhance safety and improve response time during emergencies [115]. Primary production has implemented IoT to improve agricultural efficiency with automated harvesting, irrigation, and the sowing of crops [116]. The automotive industry has adopted innovative technology for crash avoidance, smart parking, and autonomous navigation [117].

The improvements to efficiency and quality of life demonstrated above are some of the key benefits offered by IoT as additionally highlighted in the study undertaken by [26]. However, while these benefits are a driving factor in the adoption of IoT, the researchers have identified a sudden increase in new users and an increased number of devices acting as contributing factors due to poor cyber security protocols of IoT devices [12]. Additionally, the authors of [26] and [12] identify privacy as a significant cyber security challenge for IoT.

While beneficial for the user, IoT efficiency and automation present significant cyber security risks. As identified by the authors of [26] and [12], privacy is currently a significant challenge for IoT. The authors did not identify a principal cause of the privacy challenges; instead, they discovered that the privacy challenges originate from many sources. While neither research identified one single cause, common themes are the lack of a standard security scheme and reliance on the end-user to protect their devices with strong passwords and regular software update maintenance [12, 26]. The authors of [12] further identify the sudden increase of new users and an increased number of devices as contributing factors to poor cyber security protocols of IoT devices. The factors identified are an abundance of weak password policies and a failure to ensure device software is maintained to a current secure version.

As stated, reliance on the end-user to conduct software updates for IoT devices increases the risk of loss of privacy in addition to device and network vulnerability exploitation [11]. While not apparent to users, vulnerabilities can exist in systems and may remain undiscovered for extended periods. Vulnerability discovery often falls upon two groups of people, ethical hackers, and cybercriminals. Over time, ethical hackers will seek to discover vulnerabilities in systems. An ethical hacker is a professional that companies employ to test and detect vulnerabilities in software and systems. Successful ethical hacking allows companies to patch vulnerabilities before cybercriminals exploit them [118]. Patching is the process of releasing changes that fix, alter, repair, or improve security vulnerabilities or other bugs in software [119]. Ethical hacking offers developers, manufacturers, and managers of the device an opportunity to update to a secure version before the vulnerabilities are discovered and exploited by cybercriminals. Occasionally, cybercriminals will discover vulnerabilities prior to ethical hackers or security researchers and begin exploiting the vulnerabilities for malicious gain [120]. Malicious exploitation creates an urgency for the software to be patched, leaving end-users vulnerable to known and exploitable security vulnerabilities.

As explained by the authors of [12] and supported by the authors of [121] in their research paper, the reliance on the end-user to update their devices is unreliable and can expose the users’ device and network to cyber security harm if the update has been delayed or missed. To counter this reliance, some researchers have suggested the use of automated software updating as a means of protecting the software [121]. However, the authors of [122] identified that automated software updates can lead to undesirable outcomes. The use of outdated software, which may contain security vulnerabilities, is exacerbated by end-user’s weak password policies that may be exploited by cybercriminals [12].

To summarise, the human-centric challenges identified in this section highlight significant barriers to securing IoT device confidentiality on 5GBN. However, the challenges of IoT confidentiality are not limited to human-centric issues. The challenges identified in this section by the authors of [26] and [12] go beyond the individual devices, with exploits possible across several layers of the IoT architecture [34], which was discussed in detail in Section 3.2.3.

While the human-centric challenges to privacy and security of IoT devices offers unique problems for researchers to solve, the problems identified in the previous section can be exacerbated by security flaws in IoT devices and misuse of the data collected by them. One such example of misuse is the oversight of how the data collected may be used. The potential of privacy exploitation originating from oversights in the use of technology was illustrated by the authors of [29] in 2009. Their research demonstrated early examples of the unintended use of personal data originating from public surveillance and the impacts on privacy. In their research, they discuss Google’s Street View (GSV) and the approach used by Google to address privacy concerns from the publicly available collection of data. The solution deployed by Google to preserve privacy was the removal of data [29]. While in the case of GSV the solution preserves privacy by removing identifiable data, such as faces and number plates from vehicles, the application of this policy in IoT devices is challenging due to computational processing power limitations [123] discussed in detail in Section 3.2.

Another approach to protecting privacy investigated by the authors of [29] is the development of a privacy policy as a mechanism for privacy preservation. However, as identified by the authors of [14], the development of a privacy policy does not guarantee that it will be fully implemented. The authors of [14] illustrate this fundamental failure with the privacy policy solution discussed by the authors of [29]. The presence of a privacy policy does not guarantee privacy protection, with the authors of [14] identifying that half of all privacy policies do not adhere to their stated policies. Further to that, the collectors of confidential data rely on self-regulation for privacy safeguarding, for example, as the authors of [124] explain with the privacy management by Facebook.

Since the inception of the internet, tools have been developed that have the potential to expose an individual’s personal data. As is often the case, legislative tools designed to protect the public from exploitation often lag advances in technology. However, as demonstrated in the European Union (EU), regulators are beginning to catch up with technology with the introduction of the General Data Protection Regulations (GDPR) legislation [125]. The role of the GDPR, otherwise known as the Cookie Consent Law, is to protect internet users’ privacy online [126]. Websites that operate and are accessible to EU citizens must comply with the stringent requirements of the GDPR that guarantee a right to anonymity with harsh financial penalties in place for companies who fail to abide by the laws [126]. While the introduction of GDPR laws to enhance privacy online do introduce levels of certainty to personal data protection for EU citizens, these laws are not applicable worldwide, and as identified by the authors in [127], the GDPR framework has also been criticised for unclear responsibilities in some complex scenarios and offers only limited protections in others. Consequently, IoT on 5GBN introduces new paradigms of uncertainty for privacy online.

Cybercriminals will often attempt to exploit weaknesses in a system to gain access to confidential information [128]. While systems are often prepared for cyberattacks or have mechanisms in place to limit the impact of a cyberattack, private information can be revealed through not only a sophisticated intrusion of systems, but also through access to freely available data which has been left unsecured either by design or by accident. Examples of such data are geolocation data, flight tracking information and daily routines. While much of this type of data can be considered of little value, there have already been incidents where this data has been exploited. When exploited, it can lead to loss of privacy and security with real world consequences. A notable example occurred in 2018 when the Strava fitness tracking app unintentionally exposed sensitive US military bases in the Middle East. This was achieved by accessing the publicly available global heatmap from the Strava fitness app and analysing the GPS data [129]. This discovery prompted an investigation by the US military into the incident [129]. This data exploitation was later expanded by Norwegian broadcasting company, NRK, who uploaded the Strava data into third party software which allowed them to identify the profiles of individual European soldiers who used the Strava fitness app [130].

While the Strava incident appears to be isolated, other examples of misuse of data from IoT devices exist. In January of 2022, a Twitter account that tracks the flights of entrepreneur Elon Musk’s personal jet gained attention online [131, 132]. The account used publicly available data transmitted from the planes transponders that records the flights’ location. It was collected through a service called ADS-B Exchange which collects unfiltered flight data [132]. While the data transmitted by the transponders is mandated by the United States Federal Aviation Administration (FAA) [133], this incident demonstrates how an oversight in how data is managed can be misused. Although it would appear to be of little value, this information can be misused to cause personal harm to the person being tracked. While there is no way to validate that the flight being tracked belongs to Mr Musk, this incident serves as an example of how public data can be used in ways for which it was never intended.

With the introduction of smart speakers, smart toys, smart cameras and smart homes, the invasion of personal privacy and security extends to not only the actions people perform with a device directly but also their daily activities and conversation, particularly in the case of smart speakers and IP cameras which are always on [134]. Further to that, the data collected via such devices may not always be wilfully granted by the individuals, or secured [135]. This is of particular concern for smart toys due to children being the target market. While it would be assumed the interactions of a child with their toy would not illicit nefarious activity, the Fisher Price Bear smart toy is an example of how a toy can be targeted by cybercriminals. The Fisher Price Bear was a smart toy that allowed interactions through a variety of communication technologies. While many of the sensors were invasive of privacy alone, researchers discovered that the devices were insecure, potentially allowing cybercriminals root access to the smart toy with full access control to the nose camera and other sensors on the toy [135]. This incident may be attributed to the nature of the IoT device, however, well known devices common in many households have been known to harbour security exploits [136, 137].

Smart speakers, such as Google Home and Amazon Echo have contained exploitable vulnerabilities. Attacks on Google Home using a smart phone have been shown to demonstrate effectiveness in infiltrating the target device. These attacks commonly targeted the authentication and communication process [136], demonstrating one of the most well-known vulnerabilities of IoT devices. Another example of smart home exploitation was the first-generation Amazon Echo which contained Bluetooth, Blueborne and internal Wi- Fi network vulnerabilities [137]. Although these vulnerabilities have been patched, and the authors note that it is not yet possible to exploit the current versions of the Echo device, the insecure devices offer a treasure-trove of personal data to cybercriminals.

In summary, the security and privacy of data collected on IoT devices has many challenges. While oversights into how the data may be used in ways it was never intended may seem harmless, there are real-world consequences due to the mishandling of sensitive information. Though the number of incidents is sparse, they are serious, nonetheless. With an increase in the number of devices that use intrusive technology such as IP cameras and microphones and few safeguards to ensure the devices are secure, users of personal IoT devices are exposed to potential security incidents that arise. It is therefore important that personal IoT devices follow a set of minimum security standards on which to operate on.

When addressing IoT security standards they typically fall under the jurisdiction of relevant regulatory authorities in each country. In the United States of America (USA) the relevant authority is the Federal Communications Commission (FCC) who work in conjunction with the Federal Trade Commission (FTC), which is the body responsible for protecting American consumers. The Office of Communications (Ofcom) is the relevant authority responsible for IoT communication standards in the United Kingdom (UK) and in Australia the governing body is the Australian Communication and Media Authority (ACMA). While industry bodies such as IEEE Standards Association (IEEE-SA) are developing a standards initiative, there is also a considerable effort in open-source groups to develop standardisations [138]. Although the open-source initiative will provide valuable contributions to enhancing personal IoT device privacy and security, the governing bodies remain the deciding factor in the implementation of any rules or standards. This paper will now briefly discuss the challenges of applying standards internationally and the move towards a unified approach to device security.

In Section 3.1 this paper briefly discussed the increased growth in the adoption of IoT across a multitude of industries as well as its applications for personal use. While it is difficult to ascertain precise numbers of IoT devices, several research papers have attempted to determine the number of devices currently in use and predict the number of devices in the near future. While the authors of [4] predicted the number of connected devices to exceed 30 billion by 2025, others, such as the authors of [147] estimates over 60 billion devices will be in use by 2025 with the potential to reach 125 billion devices in 2030, representing a 12% year on year growth from 2017. Although it is difficult to estimate precise numbers of IoT devices in the future, it is possible to hypothesise potential numbers by studying trends and incorporating Moore’s Law which states that every two years the number of transistors in a dense circuit double [7].

Despite discrepancies between estimates, the need to accommodate an ever-growing influx of network-connected devices is a necessity.

The growth in the use of IoT devices has already resulted in unprecedented amounts of data and the need for innovative technologies capable of processing large volumes of information at faster speeds. As identified by the authors of [148], large IoT networks are already experiencing congestion on existing fixed and wireless networks due to an overwhelming number of connected devices communicating copious amounts of data at peak times. According to the authors of [149], network congestion is a leading cause of performance degradation and variability. Additionally, this network congestion can result in delays in transmission and packet losses [150]. While several research papers propose solutions to congestion control [148, 151, 149, 150], they are supplementary short-term solutions to an ever-growing problem. Consequently, as noted by the authors of [147], there is a need to develop innovative technologies capable of processing large volumes of information faster. As a result, research is now investigating the development of next-generation wireless technologies.

According to the authors of [152], futuristic possibilities of the next generation of wireless networks are the connected intelligence in the telecommunications networks, coupled with advanced networking and AI technologies, as mentioned by the authors of [31]. Additionally, the authors of [33] note that the anticipated increase in speed and lower latency will enable wider use of already growing technologies such as wearable IoT devices and autonomous vehicles. The authors envisage that futuristic networks will also pave the way for Three Dimensional (3D) holographic representation of individuals at virtual meetings, mixed reality, tactile internet, and implantable devices. While many potential functions of futuristic networks discussed by researchers are independent of IoT, the vast majority incorporate or are related to the IoT industry. Expanding on this, the authors of [33] illustrate that one of the key visions for 6G as a potential futuristic network is an entirely autonomous network, which is precisely how IoT operates. However, as the authors of [31] and [33] explain, there are security and privacy concerns with a futuristic 6G network and IoT that are currently being explored by researchers that will impact the security of the visions discussed.

In addition to the network congestion concerns on existing networks, there is a growing need for faster transmission of data with lower latency that was identified as early as 2015 [153]. The low latency and improved performance requirement of IoT, especially in an industrial setting, was later supported by the authors of [154] in 2017. With research continuing in improving latency and overall performance on existing 5G infrastructure [155, 156, 157], it is becoming increasingly clear that existing networks lack the capacity and performance requirements for communication of IoT data. The slower transmission and latency delays on existing networks will worsen due to congestion, as has been previously highlighted.

According to the authors of [158], the next iteration of wireless networking is expected to arrive by 2030 when the number of IoT devices is anticipated to number more than thirty billion connections. One candidate to replace an eventually ageing 5G wireless network is 6th Generation (6G) networks. The next generation of wireless network infrastructure aims to meet the increased capacity demands of wireless communication of the next decade [159]. However, 6G research is in the preliminary stages. The paper by the authors of [160] identified that existing 6G research has primarily focused on designing antenna systems suitable for the evolving network, implementing multiple-input and multiple-output (MIMO) communication, and the development of terahertz frequencies capable of transmitting more data at a faster rate. While research into the next generation of wireless technology has begun with an emphasis on 6G, existing research has so far had limited scope, with the standard functions and specifications still undefined. As a result, the true potential security and privacy risks have not yet been explored [31, 152]. However, as discussed by the authors of [31], emerging network technologies have many possibilities, including the application of advanced AI and ML. Although the strengths and weaknesses of both AI and ML were discussed in Section 3.3, their true future potential on 6G networks is yet to be tested.

The functionality and security features of blockchain and AI will feature prominently on futuristic networks such as 6G [160]. The authors identified that for 6G to meet its full automation potential, it will be dependent on the features of AI. They state that the use of AI will support intelligent edge computing, optimize resource management, and improve user detection. However, as discussed by the authors of [32], the reliance on AI to enhance the functionality of 6G will result in attacks on AI systems. As a result, the authors of [32] identify that attacks on AI systems targeting data collection will lead to privacy issues. However, while AI will confront significant threats, the use of AI will complement other technologies such as blockchain. The authors of [160] and [32] illustrate that the use of AI will allow for the identification of cyber-attacks in wireless networks. Further, AI will enable the detection and suppression of attacks on blockchain, such as a 51% attack discussed in Section 3.3, allowing for a more secure network [32].

The security implications for IoT devices on 6G networks are not limited to contemporary digital technologies, with security benefits and challenges also affecting the physical layer. As discussed in Section 3.2, the physical layer is one of the most challenging layers of IoT to protect due to the limitations of IoT devices. Futuristic networks such as 6G promise potential benefits to device security, however, personal IoT devices will continue to be vulnerable to certain types of attacks. Despite advances in contemporary digital technologies, potential characteristics of 6G, such as Terahertz (THz) technology and Visible Light Communication (VLC) technology, will remain vulnerable to certain types of adversarial activity, such as eavesdropping attacks [152]. Although the authors discussed a method to detect some forms of eavesdropping attacks on THz technology by classifying the backscatter of the intercepted channel, they note that the method does not detect all forms of eavesdropping attack. Additionally, although the authors of [152] identify that VLC systems provide heightened security benefits over radio frequency systems, eavesdropping remains a significant threat. However, while this remains a significant threat, the authors note that ML can be utilised for anomaly detection.

In summary, as the number of devices connecting to the internet increases, there is a growing urgency for developing new architectural technologies capable of sustaining the anticipated bandwidth these devices will generate at speeds faster than they currently exist. While most research has focused on 6G and the development of data communication, the full extent of privacy and security implications still need to be explored. Although AI, ML and blockchain are discussed as solutions to a litany of security concerns on futuristic networks, the physical layer of IoT infrastructure remains vulnerable to malicious activity. It is, therefore, necessary that future research address the vulnerabilities of the physical layer to further enhance IoT security on futuristic networks.