978-1-7281-9437-0/20/$31.00 ©2020 IEEE Study of Security and Privacy Issues in Internet of Things Muhammad Hassam Khalid Study Group, Australia hassamkhalid@yahoo.com Mohsin Murtaza Study Group, Australia mmurtaza@studygroup.com Mostafa Habbal Study Group, Australia mhabbal@studygroup.com Abstract—With the advancement of technology and the internet, almost every device is connected to internet. Internet of Things (IoT) can be explained as an extension of the internet in which smart devices are interconnected with each other. While each smart device has unique identifiers, which makes every device unique. Now, IoT has helped in developing smart architectures whether its home, healthcare, financial institutions or industries. There are smart devices everywhere. These smart devices can also communicate to each other in a network and they work together thus eliminating the need for human interaction. IoT is relatively new and is still developing rapidly. So, there are numerous privacy concerns in IoT. IoT can be divided into different architectural layers depending where the IoT is being used. The IoT model discussed in this research report is Service Oriented Architecture (SOA) which is divided into three layers, application, Network and perception layer. In 2020, during the COVID pandemic the reliability on IoT has increased as people are working from home and many of the tasks has been automated using IoT. The number of security attacks on IoT has also been increased in 2020 alone, which has affected many IoT devices. The objective of this research report is to discuss a number of security and privacy challenges in IoT based on the three SOA layers, the objective of this report also covers discussion on the above mentioned three layers, different technologies used in each layer for communication and different attacks and methods which target each specific layer also discussing different security attacks on IoT which occur ed in 2020 during the COVID pandemic phase. This topic is chosen because Internet of Things is becoming important and is impacting everything around us. It is expected that the total number of IoT devices will cross 20 Billion in 2020 and will have an impact of more than $11 Trillion by 2025. Thus, the security of IoT is to be discussed. Index Terms—IoT, blockchain, architecture, security I. INTRODUCTION IoT is relatively a new field in IoT. But, IoT is expanding unlike any other IoT sector. Any device which can be connected to the internet and to other devices is Internet of things, these connected devices can also communicate with each other [1]. Internet of things is a big network of devices and to the people who share data with each other [2]. A research company surveyed that the number of IoT devices will reach to 21 Billion by 2021 [3]. IoT enables to develop architectures like smart homes which includes IoT devices like air conditioner, motion detection cameras, smart door locks, smart fridge, TV. IoT is also mostly used in healthcare and in industries which monitors the work being done. IoT will continue to grow because of the characteristics like low cost, small and protocols like IPv6 which allows billions of devices to connect to the internet each with unique address [4]. Since, IoT is a new field, it comes with problems which this sector still faces. Problems like security and privacy issues as well as no specific architecture model. There are many IoT architectural models which vendors use to make devices. Thus, each model has their weaknesses and it makes harder to secure all the IoT devices. The IoT model discussed in this research report is Service Oriented Architecture (SOA) which is divided into three layers, application, Network and perception layer and security issues and attacks which focus on each of the layer. II. METHODOLOGY AND DATA The methodology used for this research paper is the combination of two research methods which are problem- oriented method and qualitative method. A. Problem-Oriented Method This method includes two parts, understanding the problem statement and understanding the background of the problem in depth. This methodology helps in defining the starting point of the research. Once the problem statement is understood defining the scope of the research becomes easier. Understanding the background of the problem domain helps in determining the base of the problem [5]. In this report the problem-oriented method was used to understand the problem statement which is the security and privacy issues in IoT and understanding the background of the problem which is layers and different technologies of IoT being targeted by bad actors. B. Qualitative Method This method includes gathering information from different sources, filtering the collected data and using that information for support for the research [6]. In this research report, qualitative method was used to collect the relevant information from a number of papers as support for the research. III. INTERNET OF THINGS A. Architecture The SOA (Service Oriented Architecture) of IoT based on three layers: • Application Layer • Network layer 2020 5th International Conference on Innovative Technologies in Intelligent Systems and Industrial Applications (CITISIA) | 978-1-7281-9437-0/20/$31.00 ©2020 IEEE | DOI: 10.1109/CITISIA50690.2020.9371828