Revisión sobre la gestión de la seguridad en Internet de las Cosas

Mónica Peña Casanova

Authors

Mónica Peña Casanova Universidad de Ciencias Informáticas

Keywords:

Internet of Things, security management, security p

Abstract

Security in Internet of Things environments faces critical challenges due to the exponential growth of devices, technological heterogeneity, and the constant evolution of threats. The objective of this article is to analyze protection mechanisms, reference frameworks, and management models applied to IoT through a systematic literature review. A search was conducted in the IEEE Xplore, ACM Digital Library, ScienceDirect, SpringerLink, and MDPI databases for the period from 2022 to 2025, including 40 publications in this work after a four-phase screening process according to predefined inclusion and exclusion criteria. The qualitative descriptive-comparative analysis identified priority subdomains in IoT security management: privacy, authentication and authorization, trust management, policy control, intrusion detection, encryption, blockchain, Zero Trust architectures, and regulatory compliance. The findings reveal that the most effective approaches integrate multiple layers of protection, combining lightweight attribute-based authentication, machine learning-based detection, and decentralized governance. Concluding that the integration of technical, methodological, and regulatory approaches provides greater resilience and traceability, although significant challenges of scalability, interoperability, and standardization persist. Furthermore, important gaps are identified in large-scale practical implementation and evaluation in real production environments.

References

Peoples, C., Moore, A., Zoualfaghari, M., Kulkarni, P., & Abu-Tair, M. (2022). Chapter 24— Customizable service level agreement (SLA) generator platform using FCAPS management to enhance Quality of Experience (QoE) on Internet of Things (IoT). In J. R.Vacca (Ed.), Smart Cities Policies and Financing (pp. 335–351). Elsevier. https://doi.org/10.1016/B978-0-12-819130-9.00032-2

Mekrache,A., Ksentini,A., & Verikoukis,C. (2024). Machine Learning in FCAPS: Toward Enhanced Beyond 5G Network Management. IEEE Communications Surveys & Tutorials, 26(4), 2769–2797. https://doi.org/10.1109/COMST.2024.3395414

Aiche, A., Tardif, P.-M., & Erritali, M. (2024). Modeling Trust in IoT Systems for Drinking- Water Management. Future Internet, 16(8), 273. https://doi.org/10.3390/fi16080273

Santos, C. E. M., Correia Filho, P. T. de J., Canciglieri Junior, O., & Schaefer, J. L. (2025). The role of integrated information management systems in the relationship between product lifecycle management and Industry 4.0 technologies and market performance. Sustainability, 17(12), 5260. https://doi.org/10.3390/su17125260

Zhou, H., Gao, H., Ma, Z., & Lai, G. (2025). Blockchain-based trusted data management with privacy preservation for secure IoT systems. Sensors, 25(14), 4344. https://doi.org/10.3390/s25144344

Dallel, O., Ayed, S. B., & Tahar, J. B. H. (2024). Blockchain-based authorization mechanism for educational social Internet of Things. IEEE Access, 12, 42888–42907. https://doi.org/10.1109/ACCESS.2024.3379300

Rana, M., Mamun, Q., & Islam, R. (2023). Enhancing IoT Security: An Innovative Key Management System for Lightweight Block Ciphers. Sensors, 23(18), 7678. https://doi.org/10.3390/s23187678

Jayaweera, R., Agrawal, H., & Karie, N. M. (2025). Federated Security for Privacy Preservation of Healthcare Data in Edge-Cloud Environments. Sensors, 25(16), 5108. https://doi.org/10.3390/s25165108

Jang, H., Choi, J., Son, S., Kwon, D., & Park, Y. (2025). Provably Secure and Privacy-Preserving Authentication Scheme for IoT-Based Smart Farm Monitoring Environment. Electronics, 14(14), 2783. https://doi.org/10.3390/electronics14142783

Choudhary, A. (2024). Internet of Things: a comprehensive overview, architectures, applications, simulation tools, challenges and future directions. Discover Internet of Things, 4(1), 31. https://doi.org/10.1007/s43926-024-00084-3

Bojič Burgos, J., & Pustišek, M. (2024). Decentralized IoT Data Authentication with Signature Aggregation. Sensors, 24(3), 1037. https://doi.org/10.3390/s24031037 Dirin, A., Oliver, I., & Laine, T. H. (2023). A Security Framework for Increasing Data and Device Integrity in Internet of Things Systems. Sensors, 23(17), 7532. https://doi.org/10.3390/s23177532

Harada, R., Tanaka, K., Suzuki, Y., & Nakamura, H. (2022). Quick suppression of DDoS attacks by frame priority control in IoT backhaul with construction of Mirai-based attacks. IEEE Access, 10, 22392–22399. https://doi.org/10.1109/ACCESS.2022.3153067

Affinito, A., Zinno, S., Stanco, G., Botta, A., & Ventre, G. (2023). The evolution of Mirai botnet scans over a six-year period. Journal of Information Security and Applications, 79, 103629. https://doi.org/10.1016/j.jisa.2023.103629

Wang, S. (2025). Network security protection model of electric power information system based on hierarchical weight pruning algorithm optimizing OD-CNN algorithm. Journal of Cyber Security and Mobility, 14(3), 673–700. https://doi.org/10.13052/jcsm2245- 1439.1437

Rouf, M. A., Silvia, A. R., Roy, M. K., Das, S. K., & Chaity, S. K. (2025). Proposing a framework to prevent Distributed Denial of Service (DDoS) attacks on IoT devices. Proceedings of the 3rd International Conference on Computing Advancements (ICCA ’24), 1066–1073. Association for Computing Machinery. https://doi.org/10.1145/3723178.3723319

Rodríguez, E., Valls, P., Otero, B., Costa, J. J., Verdú, J., Pajuelo, M. A., & Canal, R. (2022). Transfer-Learning-Based Intrusion Detection Framework in IoT Networks. Sensors, 22(15), 5621. https://doi.org/10.3390/s22155621

Orellana, C., Cereceda-Balic, F., Solar, M., & Astudillo, H. (2024). Enabling Design of Secure IoT Systems with Trade-Off-Aware Architectural Tactics. Sensors, 24(22), 7314. https://doi.org/10.3390/s24227314

Salehi Shahraki, A., Lauer, H., Grobler, M., Sakzad, A., & Rudolph, C. (2023). Access Control, Key Management, and Trust for Emerging Wireless Body Area Networks. Sensors, 23(24), 9856. https://doi.org/10.3390/s23249856

Lin, T.-W. (2022). A Privacy-Preserved ID-Based Secure Communication Scheme in 5G-IoT Telemedicine Systems. Sensors, 22(18), 6838. https://doi.org/10.3390/s22186838

Michaelides, S., Mucke, J., & Henze, M. (2025). Assessing the Latency of Network Layer Security in 5G Networks. In 18th ACM Conference on Security and Privacy in Wireless and Mobile Networks (pp. 262–267). ACM. https://doi.org/10.1145/3734477.3734722

Nguyen, P., Nguyen, H.-H., Phung, P., Truong, H.-L., & Cheung, T. (2025). Advanced context- sensitive access management for edge-driven IoT data sharing as a service. ACM Transactions on Internet Technology, 25(2), Article 9, 1–31. https://doi.org/10.1145/3721430

Lin, H.-Y., Tsai, T.-T., Ting, P.-Y., & Chan, P.-C. (2024). CL-SML: Secure certificateless signature with message linkages for IoT-based fog computing environments. Proceedings of the 2023 5th International Conference on Big-Data Service and Intelligent Computation (BDSIC ’23) (pp. 9–15). Association for Computing Machinery. https://doi.org/10.1145/3633624.3633626

Shin, S., Park, M., Kim, T., & Yang, H. (2024). Architecture for Enhancing Communication Security with RBAC IoT Protocol-Based Microgrids. Sensors, 24(18), 6000. https://doi.org/10.3390/s24186000

Babbar, H., Rani, S., & Shabaz, M. (2025). Federated learning with enhanced cryptographic security for vehicular cyber-physical systems. Scientific Reports, 15, 28593. https://doi.org/10.1038/s41598-025-14341-0

Höglund, R., Tiloca, M., Selander, G., Mattsson, J. P., Vučinić, M., & Watteyne, T. (2024). Secure communication for the IoT: EDHOC and (group) OSCORE protocols. IEEE Access, 12, 49865–49877. https://doi.org/10.1109/ACCESS.2024.3384095

Yang, W., Wang, X., Zhang, Z., Chen, S., Hou, C., & Luo, S. (2025). Intrusion detection using hybrid Pearson correlation and GS-PSO optimized random forest technique for RPL- based IoT. IEEE Access, 13, 78320–78334. https://doi.org/10.1109/ACCESS.2025.3566368

Fotse, Y. S. N., Tchendji, V. K., & Velempini, M. (2025). Federated learning based DDoS attacks detection in large scale software-defined network. IEEE Transactions on Computers, 74(1), 101–115. https://doi.org/10.1109/TC.2024.3474180

Ali, W., Din, I. U., Almogren, A., & Kim, B. S. (2022). A Novel Privacy Preserving Scheme for Smart Grid-Based Home Area Networks. Sensors (Basel, Switzerland), 22(6), 2269. https://doi.org/10.3390/s22062269

Alazab, M., Awajan, A., Alazzam, H., Wedyan, M., Alshawi, B., & Alturki, R. (2024). A Novel IDS with a Dynamic Access Control Algorithm to Detect and Defend Intrusion at IoT Nodes. Sensors (Basel, Switzerland), 24(7), 2188. https://doi.org/10.3390/s24072188

Yang, Z., Chen, X., He, Y., Liu, L., Che, Y., Wang, X., Xiao, K., & Xu, G. (2024). An attribute- based access control scheme using blockchain technology for IoT data protection. High- Confidence Computing, 4(3), 100199. https://doi.org/10.1016/j.hcc.2024.100199

Alzahrani, N. (2025). A verifiably secure and lightweight device-to-device (D2D) authentication protocol for the resource-constrained IoT networks. IEEE Access, 13, 92982–92996. https://doi.org/10.1109/ACCESS.2025.3568692

Chaganti, K. C. (2025). A scalable, lightweight AI-driven security framework for IoT ecosystems: Optimization and game theory approaches. IEEE Access, 13, 72235–72247. https://doi.org/10.1109/ACCESS.2025.3558623

Junior, N. F., Silva, A. A. A. d., Guelfi, A. E., Ueda, E. T., & Kofuji, S. T. (2025). FedSensor: Federated learning framework for secure sensor-based IoT at the extreme edge. IEEE Access, 13, 136945–136969. https://doi.org/10.1109/ACCESS.2025.3595490

Brancati, F., Mongelli, D., Mariotti, F., Ceccarelli, A., Bondavalli, A., & Buonanno, L. (2025). A cybersecurity risk assessment methodology for industrial automation control systems. International Journal of Information Security, 24(1), 76. https://doi.org/10.1007/s10207- 025-00990-9

Pathak, A., Al-Anbagi, I., & Hamilton, H. J. (2023). TABI: Trust-based ABAC mechanism for Edge-IoT using blockchain technology. IEEE Access, 11, 36379–36398. https://doi.org/10.1109/ACCESS.2023.3265349

Son, S., Kwon, D., Lee, S., Kwon, H., & Park, Y. (2024). A zero-trust authentication scheme with access control for 6G-enabled IoT environments. IEEE Access, 12, 154066–154079. https://doi.org/10.1109/ACCESS.2024.3484522

Cao, Y., Li, J., Chao, K., Xiao, J., & Lei, G. (2024). Blockchain meets generative behavior steganography: A novel covert communication framework for secure IoT edge computing. Chinese Journal of Electronics, 33(4), 886–898. https://doi.org/10.23919/cje.2023.00.382

Yang, Y.-C., Lu, K.-F., Chen, Y.-X., & Tsay, R.-S. (2025). Ensuring GDPR compliance in IoT network with a glass box security guard system. IEEE Transactions on Privacy, 2, 27–40. https://doi.org/10.1109/TP.2025.3546854

Malik, V., Mittal, R., Mavaluru, D., Narapureddy, B. R., Goyal, S. B., Martin, R. J., Srinivasan, K., & Mittal, A. (2023). Building a secure platform for digital governance interoperability and data exchange using blockchain and deep learning-based frameworks. IEEE Access, 11, 70110–70131. https://doi.org/10.1109/ACCESS.2023.3293529