Journal of Network and Computer Applications 149 (2020) 102481 Contents lists available at ScienceDirect Journal of Network and Computer Applications journal homepage: www.elsevier.com/locate/jnca Review A Comprehensive Survey on Attacks, Security Issues and Blockchain Solutions for IoT and IIoT Jayasree Sengupta a, ∗ , Sushmita Ruj b , Sipra Das Bit a a Indian Institute of Engineering Science and Technology, Howrah, India b CSIRO, Data61, Australia and Indian Statistical Institute, India ARTICLE INFO Keywords: IIoT Security Privacy Blockchain Smart Factory Smart Grid Supply Chain E-Healthcare VANET ABSTRACT In recent years, the growing popularity of Internet of Things (IoT) is providing a promising opportunity not only for the development of various home automation systems but also for different industrial applications. By lever- aging these benefits, automation is brought about in the industries giving rise to the Industrial Internet of Things (IIoT). IoT is prone to several cyberattacks and needs challenging approaches to achieve the desired security. Moreover, with the emergence of IIoT, the security vulnerabilities posed by it are even more devastating. There- fore, in order to provide a guideline to researchers, this survey primarily attempts to classify the attacks based on the objects of vulnerability. Subsequently, each of the individual attacks is mapped to one or more layers of the generalized IoT/IIoT architecture followed by a discussion on the countermeasures proposed in literature. Some relevant real-life attacks for each of these categories are also discussed. We further discuss the countermeasures proposed for the most relevant security threats in IIoT. A case study on two of the most important industrial IoT applications is also highlighted. Next, we explore the challenges brought by the centralized IoT/IIoT architecture and how blockchain can effectively be used towards addressing such challenges. In this context, we also discuss in detail one IoT specific Blockchain design known as Tangle, its merits and demerits. We further highlight the most relevant Blockchain-based solutions provided in recent times to counter the challenges posed by the traditional cloud-centered applications. The blockchain-related solutions provided in the context of two of the most relevant applications for each of IoT and IIoT is also discussed. Subsequently, we design a taxonomy of the security research areas in IoT/IIoT along with their corresponding solutions. Finally, several open research directions relevant to the focus of this survey are identified. 1. Introduction With the advent of a large number of low-cost powerful devices like sensors, RFIDs, etc. coupled with a variety of communication mediums, Internet of Things (IoT) has gained tremendous popularity in the last decade. IoT is a group of interconnected static and/or mobile objects such as devices equipped with communication, sensors, and actuator modules connected through the Internet. IoT is diversifying its reach as the number of connected devices is spanning across cities to build smarter systems. Such systems are formed by integrating our daily objects with smart tiny devices to create a fully automated intelligent system capable of reducing human labor. For example, several house- hold appliances, and other electronic devices can be connected together on the network, to bring humans a more intelligent life. According to a report published by Ericsson, the number of connected IoT devices in ∗ Corresponding author. E-mail addresses: jayasree202@gmail.com (J. Sengupta), sushmita.ruj@gmail.com (S. Ruj), sdasbit@yahoo.co.in (S. Das Bit). 2022 will be around 18 billion (Ericsson). In addition to this, recently the application of IoT in the industries where the worlds of production and network connectivity are integrated with Cyber Physical Systems (CPS) is referred to as Industrial IoT (IIoT) (Xu et al., 2018). IIoT aims to produce intelligent manufacturing goods and thereby establish smart factories with tight connections between customers and business part- ners. With the emergence of IIoT, Industry 4.0 forms a subset offer- ing special emphasize to manufacturing industry scenarios where the focus is on digitizing and integrating all physical processes across the entire organization (PwC, 2017). Industry 4.0 is an advancement over Industry 3.0 where the machines are equipped with sensors, wireless connectivity and connected with CPS in order to visualize the entire production flow to make intelligent decisions. Fig. 1 shows a general IoT/IIoT architecture which is com- posed of machines and equipments, networks, cloud and applications https://doi.org/10.1016/j.jnca.2019.102481 Received 18 April 2019; Received in revised form 20 September 2019; Accepted 30 October 2019 Available online 6 November 2019 1084-8045/Crown Copyright © 2019 Published by Elsevier Ltd. All rights reserved.