International Journal of Electrical and Computer Engineering (IJECE) Vol. 15, No. 4, August 2025, pp. 4249~4258 ISSN: 2088-8708, DOI: 10.11591/ijece.v15i4.pp4249-4258  4249 Journal homepage: http://ijece.iaescore.com Privacy and confidentiality in internet of things: a literature review Hiba Kandil, Hafssa Benaboud Intelligent Processing and Security of Systems, Faculty of Sciences, Mohammed V University in Rabat, Rabat, Morocco Article Info ABSTRACT Article history: Received Sep 7, 2024 Revised Apr 14, 2025 Accepted May 24, 2025 The internet of things (IoT) is a scalable network of interconnected smart devices that aims to improve quality of life, business growth, and efficiency across multiple sectors. Since the IoT is an expanding network, a large amount of data is generated, collected, and exchanged. However, most of this data is personal data that contains private or sensitive information, which makes it a target for several cyber threats due to poor encryption, weak authentication mechanisms, and insecure communications. Therefore, ensuring the privacy and confidentiality of sensitive information remains a critical challenge. This paper presents a comprehensive literature review focusing on privacy and confidentiality issues within the IoT ecosystem. It categorizes existing research into privacy-preserving techniques, authentication and trust mechanisms, and machine learning-based solutions. Beginning by detailing the review methodology employed to gather and analyze relevant research. The review then explores recent research work related to privacy concerns and authentication and trust mechanisms, emphasizing various approaches and solutions developed to address these challenges. The paper further delves into machine learning-based solutions that offer innovative methods for enhancing privacy and confidentiality. Keywords: Authentication Authentication and trust in internet of things Confidentiality Internet of things Privacy Trust This is an open access article under the CC BY-SA license. Corresponding Author: Hiba Kandil Intelligent Processing and Security of Systems, Faculty of Sciences, Mohammed V University in Rabat Avenue Ibn Battouta B.P. 1014 RP, Rabat, Morocco Email: hiba_kandil@um5.ac.ma 1. INTRODUCTION The internet of things (IoT) is a fast-increasing network of connected things or objects that are embedded with intelligence and operate without human intervention. These smart things help IoT systems to provide advanced services in various areas that promise human life, such as healthcare, public surveillance, advanced building management systems, smart cities, decision-making, and more. Therefore, the IoT network generates, collects, and exchanges vast amounts of personal data such as user preferences, behavioral patterns, and sensitive health-related information. This sensitive data exchanged between IoT system components is typically unprotected due to the nature of IoT systems, which facilitate anytime, anywhere interactions with heterogeneous objects. Ensuring the security of a system is fundamental to the good functioning and adoption of any system. Security involves protecting all components of a system, which are data, software, and hardware, to protect critical systems from unauthorized access, theft, alteration, and various risks. Therefore, the security requirements of an IoT system are crucial to ensure the privacy, integrity, confidentiality, trust, and availability of the heterogeneous interconnected objects. The diverse nature of IoT applications presents unique privacy and confidentiality challenges, especially as the use of IoT expands over vital sectors as healthcare, industry, and smart homes. In healthcare, for example, wearable devices and medical sensors collect sensitive health data that must be