Reference Architectures for the IoT: A Survey Raghdah Saemaldahr (B ) , Bijayita Thapa, Kristopher Maikoo, and Eduardo B. Fernandez Florida Atlantic University, Boca Raton, FL 33431, USA {rsaemaldahr2018,bthapa,kmaikoo2019,fernande}@fau.edu Abstract. The Internet of Things (IoT) has become one of the essential technolo- gies of the past few decades. Its popularity has increased based on its importance and application. It offers a solution to many issues affecting humanity in vital fields. IoT uses sensors and actuators to perform operations that complement higher-level applications. Building IoT applications requires using an architec- tural structure to support the application functions. Architectural modeling using patterns and Reference Architectures (RAs) applies abstraction, which helps in reducing the complexity of IoT systems. Because of this complexity, security is an important problem in IoT applications. An RA is the basis to build a security reference architecture (SRA). We survey the most important IoT RAs, showing their features and drawbacks and compare them accordingly. From the survey we find that the RA representations are imprecise and not very detailed. We define the features for a better RA that will be used as a basis for a SRA after enumerating its possible vulnerabilities and threats and then placing appropriate defenses. Keywords: Internet of Things · Reference Architecture · Security patterns · Security 1 Introduction IoT implies the connection to the internet of smart devices; these devices usually have sensors and actuators, can complement applications, and extend their capabilities. There are challenges that affect IoT deployment and architecture, of which the key concern is security; a serious problem in IoT because of its heterogeneity and the large number of devices involved [20]. The IoT software can be manipulated by external entities and in addition to its own threats, IoT also inherits security threats from its underlying cloud infrastructure. Therefore, to design a secure IoT system and utilize its full potential, we must have a good understanding of its architecture and its possible security threats. Architectural modeling using patterns and Reference Architectures (RAs) applies abstraction, which helps in reducing the complexity of IoT systems by defining their components at a higher level [2, 11]. We need a generic yet detailed Reference Archi- tecture (RA) that is pattern-based, to be used in the design phase of the system to have a better understanding of it and to be able to address its corresponding issues. This would pave the way to the goal of building a Security Reference Architecture (SRA) for the IoT ecosystem. We surveyed the literature and found that there are several survey papers on © The Author(s), under exclusive license to Springer Nature Switzerland AG 2021 F. Saeed et al. (Eds.): IRICT 2020, LNDECT 72, pp. 635–646, 2021. https://doi.org/10.1007/978-3-030-70713-2_58