Data security of IoT devices with limited resources: challenges and potential solutions Inna Rozlomii1,2 , Andrii Yarmilko1 and Serhii Naumenko1 1 Bohdan Khmelnytsky National University of Cherkasy, 81 Shevchenko Blvd., Cherkasy, 18031, Ukraine 2 Cherkasy State Technological University, 460 Shevchenko Blvd., Cherkasy, 18006, Ukraine Abstract Integration of the Internet of Things (IoT) into various application domains not only expands capabilities but also brings forth a multitude of challenges. These challenges revolve around the security of IoT devices, many of which are characterized by limited resources such as memory, power consumption, and computational power. This article examines key challenges associated with ensuring the security of IoT devices and proposes potential solutions and strategies adapted to resource constraints. Emphasis is placed on the development and analysis of lightweight cryptographic algorithms capable of providing robust data protection with minimal resource utilization. Strategies for efficient energy management and memory usage optimization are also discussed, critical for ensuring the stable and uninterrupted operation of IoT devices. The article highlights the necessity of developing adaptive security mechanisms that can effectively respond to dynamic operational conditions and resource constraints. The key importance of continuously updating security mechanisms to adapt to changing conditions and to guard against new and future cyber threats is underscored. In addition to technical aspects, the importance of strategic planning and innovation in IoT security is also illuminated. It is noted that further research and development should focus on creating integrated solutions that combine hardware, software, and managerial aspects to optimize overall efficiency and security of IoT systems. This article contributes to the understanding and resolution of security issues in IoT devices operating under resource constraints. It provides a broad overview of existing challenges and opportunities while suggesting directions for future research and development in this dynamically evolving field. Keywords IoT, limited resources, cryptographic algorithms, energy efficiency, memory management, authentication algo- rithms, cyber threats 1. Introduction Embedded Internet of Things (IoT) devices are compact, integrated devices embedded in various objects capable of collecting, processing, and utilizing data, as well as exchanging it over a network without direct human involvement [1]. These devices provide automation and monitoring in various fields, from household systems to industrial processes, using their own computational resources to perform their functions [2, 3]. The significance of embedded IoT devices lies in their ability to add intelligence and functionality to different systems, facilitating data collection, process automation, and productivity enhancement [4]. They have become an essential element in advancing technologies and the development of the connected world [5]. However, the security of embedded IoT devices has become a key issue limiting their application [6]. This problem arises from the imbalance between the potentially high functionality of such devices and their resource constraints [7]. The limited computational power and memory resources of embedded devices typically complicate the implementation of robust security mechanisms to prevent unauthorized access to data and control the flow of information processes [8]. This poses serious challenges in ensuring security, as these devices may become targets of external attacks with critical consequences of both technical and humanitarian-legal nature [9, 10]. doors-2024: 4th Edge Computing Workshop, April 5, 2024, Zhytomyr, Ukraine " inna-roz@ukr.net (I. Rozlomii); a-ja@ukr.net (A. Yarmilko); naumenko.serhii1122@vu.cdu.edu.ua (S. Naumenko)  0000-0001-5065-9004 (I. Rozlomii); 0000-0003-2062-2694 (A. Yarmilko); 0000-0002-6337-1605 (S. Naumenko) © 2024 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR ceur-ws.org Workshop ISSN 1613-0073 Proceedings 85 Overcoming challenges related to the security of embedded IoT devices becomes a critical task in the context of their widespread integration into our everyday living spaces and industrial environments. The limited resources of these devices pose not only technical challenges but also serious potential consequences for user safety and infrastructure security. Failure to address the issue of limited resources and inadequate protection may lead to uncontrolled widespread access to confidential information, destruction of critical systems, or even the use of devices for malicious purposes. The main security challenges of embedded IoT devices are associated with their inadequate protection and vulnerability to cyber attacks due to limited support for encryption and authentication, as well as insufficient capabilities for detecting and responding to potential threats. The aim of this research is to develop effective cryptographic protection strategies for embedded IoT devices with limited resources. In the context of researching the security of embedded IoT devices, it is important to identify development perspectives aimed at ensuring their security and reliability. The development of effective cryptographic protection strategies is a key element of this process. Applying modern encryption and authentication methods will improve the reliability and accountability of embedded devices, providing a high level of protection in conditions of limited resources. 2. Related works There are numerous studies dedicated to the security issues of embedded IoT devices with limited resources [11, 12]. Many of them indicate that the physical constraints of such devices complicate the implementation of comprehensive security measures and are the primary cause of numerous vulnerabilities [13]. In these security studies, the importance of embedded IoT device security has garnered significant interest due to their crucial role in daily life, industry, and infrastructure. Many works highlight the fundamental challenge of mismatch between data protection needs and the limited resources of the devices [14]. Security of embedded IoT devices has been the subject of many works investigating vulnerability issues related to limited computational capabilities, restricted memory capacity, and limited power supply [15, 16]. These studies have demonstrated that resource constraints impact the effectiveness of cryptographic protection and authentication processes, making devices vulnerable to external threats. A significant research theme has been cryptographic protection strategies with limited resources [17]. Previous research has shown the low efficiency of certain cryptographic methods and proposed the use of lightweight encryption and authentication methods that require fewer resources [18, 19]. However, some studies suggest that lightweight methods may have their own limitations and require a balance between efficiency and security [20]. Awareness of these aspects is crucial for developing optimal cryptographic protection strategies for embedded IoT devices with limited resources. Further research should focus on effective methods to ensure the security of embedded IoT devices, considering resource constraints and the requirement for a high level of protection. Emphasizing efficient authentication and cryptographic mechanisms that take into account limited resources is identified as a key direction for future scientific research in this area. 3. Capabilities of embedded devices and their resource limitations The architecture of embedded IoT devices is presented as the interaction of three main components [21]: 1. Sensors and actuators – components that provide data collection and transmission. Sensors gather information from the environment (temperature, humidity, etc.), while actuators perform corresponding actions (e.g., turning devices on/off). 2. Data processor is responsible for processing and analyzing the collected data. This can be a microcontroller or a specialized computing system. 3. Network interface facilitates communication with the external environment through various network protocols such as Wi-Fi, Bluetooth, LoRa, Zigbee, etc. 86 The primary functions of embedded IoT devices include [22]: 1. Data collection – obtaining information from sensors. 2. Data processing – analyzing and processing the acquired data to perform defined tasks. 3. Actuator control – sending signals to actuators to execute specific actions. The typical properties of embedded IoT devices, which form the core spectrum of their functional and technical advantages, are accompanied by limitations related to deployment platforms and methods of ensuring autonomy. In general, these limitations encompass the following aspects [23]: 1. Computational power: Embedded IoT devices have limited capability for complex computations due to restricted computational power. This may lead to constraints in applying advanced encryption algorithms and performing computationally intensive operations, reducing the device’s security level. 2. Memory: The limited memory capacity in embedded devices complicates the storage of a large amount of data and software. This may result in a reduction of available resources for storing encryption keys, user data, and other critical elements, increasing vulnerability to attacks. 3. Power supply: mbedded IoT devices are often powered by autonomous energy sources or have limited power consumption. This limitation in power supply can lead to unforeseen interruptions in device operation or limit security capabilities, as the device may power off or enter a low-power mode, reducing its ability to detect and respond to potential threats. These outlined limitations impact the capabilities of embedded devices in implementing robust security measures and pose a challenge in ensuring data reliability and protection. 4. Vulnerabilities of the security systems in embedded IoT devices One of the key issues in the field of embedded IoT devices is the presence of vulnerabilities that can be exploited for attacks and security breaches. Securing embedded IoT devices becomes a crucial task as these devices are used in various life domains, ranging from household systems to critical infrastructure [15, 24, 25]. However, they also become a heightened focus for cybercriminals due to a range of vulnerabilities: 1. Inadequate Authentication and Authorization. A low level of authentication can serve as a starting point for unauthorized access to the device. The absence of robust user identity verification methods, the use of weak passwords, or simple authorization methods can be entry points for cyber-attacks. This can occur due to inadequate determination of access rights to device functions or data. In the absence of authentication, the likelihood of a successful attack on the device can be described by the following formula: 𝑁𝑠 𝑃 (𝐴) = × 100%, (1) 𝑁𝑡 where 𝑃 (𝐴) is the probability of an attack, 𝑁𝑠 is the number of successful attacks, 𝑁𝑡 is the total number of attack attempts. 2. Insufficient Cryptographic Protection: The use of weak or outdated encryption algorithms in IoT devices makes data more vulnerable to interception and compromise. If encryption employs keys of insufficient length or is vulnerable to known attacks, there is a risk of compromising the confidentiality and integrity of data, as well as threats to their availability. To determine the effectiveness of encryption, the Shannon encryption model can be utilized: 𝑆 𝐶 = 𝑙𝑜𝑔2 (1 + ), (2) 𝑁 where 𝐶 – the channel capacity, 𝑆 – the signal power, 𝑁 – the noise level. 87 3. Insufficient Software Updates: Limited memory in embedded devices can complicate the software update process. This creates a risk of temporary or permanent vulnerability of the device to new threats or vulnerabilities, as it may remain without updates to apply security patches or fix software defects that ensure security. 5. Security risks of embedded IoT devices In the network of embedded IoT devices, ensuring security remains one of the main challenges. This is particularly crucial due to the limited resources characterizing these devices. Examining memory, energy consumption, and computational power issues, it can be observed that these aspects serve as potential security threats. The limitation of memory in embedded systems complicates not only data storage but also the implementation of effective encryption methods. The reduced operational duration due to limited energy consumption becomes a starting point for potential DoS attacks. Additionally, limited computational power complicates the application of robust encryption and authentication methods. Examining memory, energy consumption, and computational power, we can determine that: • Memory limitations in embedded devices can lead to buffer overflows and constraints in storing encryption keys, complicating the cryptographic protection of information. • Energy supply is a fundamental factor limiting the operational duration of devices and the risk of potential DoS attacks due to targeted expenditure of limited energy. • Limited computational power complicates the application of complex encryption algorithms and may contribute to the execution of malicious code in case of insufficient input data validation. The discussed limitations expose risks that need to be carefully considered and adequately addressed in embedded IoT devices to ensure the reliability, confidentiality, and integrity of the processed data. 5.1. Risks due to limited power consumption Limited memory capabilities can cause issues in implementing cryptographic protection for embedded devices due to buffer overflows and restricted capacity for key storage: 1. Buffer overflow creates the possibility of embedding malicious code or executing code in vulnera- ble areas. The result is the emergence of vulnerabilities that can be exploited by attackers. Attacks leveraging these vulnerabilities may lead to system compromise, unauthorized code execution, or leakage of sensitive data. 2. As a result of the limited memory capabilities of embedded IoT devices to store encryption keys, there is a risk of their compromise. This is due to the complexity in the processes of storing and managing encryption keys, which are critical elements for ensuring data security. Typically, for system security, it is important to have diverse keys for various encryption tasks. However, due to limited memory, it may be challenging to provide the necessary volume of unique keys for data encryption. 3. Key management also becomes a challenge due to limited resources. For information security, keys need to be efficiently stored, updated, and rotated. However, limited memory can restrict the capacity for storing and processing key information, complicating their effective management. Thus, the complex storage and management of keys can serve as a foundation for their compromise. If keys are not stored or managed properly, it can make them more accessible to attackers or increase the likelihood of system vulnerabilities to attacks aimed at obtaining these keys. Considering the limited memory capabilities of embedded IoT devices, cryptographic protection may become vulnerable due to buffer overflows and difficulties in storing encryption keys. 88 5.2. Risks arising from memory limitations Energy consumption of an embedded system may be insufficient for the operation of cryptographic protection, both due to the design features of autonomous IoT module and intentional unauthorized impact on their power components. Threats related to energy consumption pose a wide range of security risks for the system: 1. Energy Attacks. Attacks aimed at reducing the energy consumption of IoT devices pose a serious threat to their normal functioning. These attacks can be implemented by constantly activating devices, prompting them to consume excessive energy. The consequence of such excessive energy consumption can be the depletion of the device’s battery, leading to its shutdown or disruption of normal operation. This can be problematic, especially for devices operating on batteries or in conditions of limited power supply. Continuous excessive energy consumption can lead to a decrease in device performance and efficiency, making it more vulnerable to various types of attacks or limiting security capabilities due to insufficient energy for the normal operation of protective mechanisms. 2. Interruptions in Operation. Limited charge in an autonomous energy source can cause unforeseen interruptions in the device’s operation, creating serious security risks. When energy becomes lim- ited, the device may abruptly shut down or transition into a low-power mode. Such interruptions in operation can lead to a decrease in the device’s reliability and may be exploited by malicious actors for attacks. As a result, data being processed or stored in the device at that moment may be lost or damaged. These unforeseen halts can create a window of opportunity for attacks on the device or its data, as they may be unavailable for protection or remain unprotected during such times. 3. Reaction Delays. Limited energy consumption in embedded IoT devices, aimed at energy conser- vation, can significantly impact their response time when detecting threats or attacks. This can lead to delays in identifying anomalies or responding to potential threats in the network. For energy-saving purposes, a device may operate in a standby mode, during which it is inactive or does not perform specific operations. In this mode, it may be less responsive to changes or anomalous situations, as it consumes a minimal amount of energy, affecting its ability to respond to real-time events. This delay in response can be critical in the case of rapidly evolving threats or attacks where an immediate response is required to avoid potential consequences. Limited energy consumption may impede the detection or reaction to such events, increasing the risk to the security of the system. These delays in detection or response can impact the overall reliability and security of the device in the face of persistent attacks or threats. 4. Impact on Encryption Algorithms. To ensure the security of IoT device data, encryption algorithms may be employed. However, in low energy consumption modes, their usage may be restricted, and less effective algorithms may be selected. This creates a risk of reducing the level of data protection, as the use of less reliable encryption methods can make data more vulnerable to attacks by malicious actors. Limited energy consumption can affect the efficiency of encryption in embedded devices. The compromise between energy savings and encryption efficiency can be a factor in increasing the vulnerability of devices to potential threats and cyber-attacks. In turn, the reduction in the level of data protection due to the use of less reliable encryption methods can complicate the recovery or protection of information in the event of attacks or unauthorized access to the device. 5. Low battery levels can significantly impact the effectiveness of cryptographic methods used to protect data. Cryptographic algorithms that demand substantial computational resources may operate unstably or lose efficiency due to limited energy supply. This can lead to a reduction in the speed or accuracy of applying cryptographic methods, diminishing the level of data protection. With low battery charges, a device may lack sufficient power to effectively implement complex encryption algorithms, resulting in increased data processing times or even a decrease in the level of protection. Such unstable operation of cryptographic methods can compromise the security of the device, making it more vulnerable to attacks. 89 6. Recovery after power loss. Restoring the operation of an embedded IoT device to its correct functional state can be challenging following a power loss. This is because, during sudden shutdowns or disconnections, the device may lose information about its previous state and current data. The difficulty or even impossibility of returning to the previous state directly affects its reliability and functionality. Let’s consider the effectiveness of protection against attacks when using an encryption algorithm, where efficiency is denoted as 𝐸, the battery level is 𝐵, and the type of cryptographic methodology is 𝐶. One of the possible models of efficiency has the form of a linear function: 𝐸 = 𝑚 · 𝐵 + 𝑐 · 𝐶, (3) where 𝑚 and 𝑐 are parameters reflecting the influence of the battery level and the type of cryptographic methodology, respectively. Let’s assume the values of the coefficients are as follows: 𝑚 = 0.5 and 𝑐 = 0.8. The battery level (𝐵) varies from 1 to 10, and the cryptographic methodology parameter (𝐶) can take values of 1 or 2. The possible values of data protection efficiency (𝐸), calculated using model (1) and these parameters, are presented in table 1. Table 1 Evaluation of the energy-based attack protection efficiency model for an embedded device. Protection efficiency 𝐸 Charge level 𝐵 𝐶=1 𝐶=2 1 0.5·1+0.8·1=1.3 0.5·1+0.8·2=2.1 2 0.5·2+0.8·1=1.8 0.5·2+0.8·2=2.6 3 0.5·3+0.8·1=2.3 0.5·3+0.8·2=3.1 4 0.5·4+0.8·1=2.8 0.5·4+0.8·2=3.6 5 0.5·5+0.8·1=3.3 0.5·5+0.8·2=4.1 6 0.5·6+0.8·1=3.8 0.5·6+0.8·2=4.6 7 0.5·7+0.8·1=4.3 0.5·7+0.8·2=5.1 8 0.5·8+0.8·1=4.8 0.5·8+0.8·2=5.6 9 0.5·9+0.8·1=5.3 0.5·9+0.8·2=6.1 10 0.5·10+0.8·1=5.8 0.5·10+0.8·2=6.6 The linear model (3) can be adapted to more complex dependencies, following the example of a quadratic model: 𝐸 = 𝑎 · 𝐵 2 + 𝑏 · 𝐶 2 + 𝑑 · 𝐵 · 𝐶 + 𝑒, (4) where 𝑎, 𝑏, 𝑑, 𝑒 are coefficients reflecting the interaction of the battery level and the type of cryptographic methodology on the effectiveness of data protection. Models (3), (4) can be supported and refined through experiments, data analysis, and parameter tuning, taking into account the influence of various factors on the effectiveness of data protection at specific battery levels and specific types of cryptographic methodologies. 5.3. Risks due to limited computational power Cryptographic protection algorithms, in general, are quite complex and resource-intensive in terms of the computational resources of their technical platform. Therefore, insufficient computational power of IoT devices has several consequences for their security: 1. Limited capacity for strong encryption application. The incompatibility of the computational resources of the embedded device with the requirements of strong, computationally complex encryption algorithms creates a risk of resorting to weaker encryption methods. This limitation may compel the device to choose less resource-intensive computational methods, which, in turn, may have lower resistance to cyberattacks. 90 2. Authentication failure due to resource constraints. Computational limitations can diminish the suitability of an embedded device for implementing robust identity verification methods, such as biometric data or complex encryption algorithms, thereby increasing vulnerability to attacks. Additionally, the limited memory of embedded devices can complicate the storage and management of authentication-related data, such as passwords, keys, or ciphers. This may lead to the use of less secure methods for storing identification information or a reduction in the number of available authentication methods. Therefore, the challenge of implementing proper authentication in embedded devices is associated with both the potential complexity of authenti- cation algorithms and ensuring secure processes for storing and managing identity information. Moreover, the constraint on computational power may negatively impact the authentication process itself, resulting in the implementation of slower or less reliable authentication processes. The limited speed of the embedded device in processing authentication requests can make them less responsive to user requests in real-time or increase response times. Overall, the rejection of robust authentication methods decreases the device’s level of protection. 6. Cryptographic models for risk analysis In the context of security for embedded IoT devices, a key aspect is considering their resource constraints. These constraints directly impact the effectiveness of implementing security mechanisms and strategies. It is important to realize that each type of constraint – whether it’s memory, battery charge, or energy consumption – poses unique challenges and requires specific solutions [26]. As the analysis shows, memory, battery charge, and energy consumption constraints significantly influence the cryptographic protection of information in IoT devices (table 2). Table 2 Impact of embedded device resource constraints on information security. Type of constraint Impact on information security Memory limitation Complicates storage and management of encryption keys. Limits re- sources available for access control and authentication. Battery charge constraint Creates the risk of unpredictable interruptions in the device’s operation. Reduces cryptography efficiency due to low battery charge. Limited power consumption Leads to a transition to low-power mode, restricting the use of powerful encryption algorithms. Affects response speed to threats due to standby mode for energy conservation. Memory limitations often impact the device’s ability to store encryption keys and other essential data, increasing the risk of unauthorized access and information leakage. Meanwhile, battery charge limitations may lead to unforeseen disruptions in the device’s operation, reducing its reliability and the effectiveness of protective mechanisms. Finally, limited energy consump- tion can restrict the application of resource-intensive protective algorithms, particularly in the field of cryptographic security. Each of these aspects requires detailed consideration and analysis to ensure effective and adequate protection for embedded IoT devices. 6.1. Memory constraints Memory constraints in IoT devices can pose a significant risk to data security. On one hand, limited memory can complicate the storage of large amounts of data or complex software algorithms necessary for effective cryptographic protection. On the other hand, insufficient memory can reduce the efficiency of key management, which is critically important for ensuring the security of communication processes. Memory limitations in IoT devices can lead to inadequate storage and management of encryption keys, increasing vulnerability to attacks. 91 The degree of impact of memory constraints on key storage, security management, and system vulnerabilities is illustrated in the diagram (figure 1). It is based on a conceptual analysis of the impact of memory constraints on these security aspects of IoT devices. The percentages indicated on the diagram reflect widely accepted expert estimates in the field of IoT cybersecurity, based on their experience and analysis of current trends in IoT technology development. These data do not represent specific quantitative research but rather provide a general understanding of trends in the field. Figure 1: Impact of device memory constraints on its security. 6.2. Battery charge limitations Battery charge limitations in IoT devices can cause disruptions in their operation, especially in critical situations. This may lead to a failure to perform essential security operations and unauthorized access to data. Additionally, a low battery charge can limit the effectiveness of encryption and other protective mechanisms. The limited battery life of IoT devices can result in unexpected shutdowns or reduced security functionality, increasing the risk of data leaks. Let’s define a function that relates the battery charge level to the runtime of security protocols. Let 𝐵 be the initial battery charge level, and 𝑇 be the duration of security algorithm operation in hours. Then: 𝑇 = 𝑎 · ln 𝑙𝑛(𝐵) + 𝑏, (5) where 𝑎 and 𝑏 are constants based on the energy consumption characteristics of the device. The diagram (figure 2) illustrates the impact of battery charge limitations on the activity of security protocols, the risk of data loss, and the constraints of protective mechanisms. This diagram is developed based on a qualitative analysis of the effects that battery charge limitations may have on the security aspects of IoT devices. The percentages on the diagram reflect estimated conclusions derived from theoretical considerations and expert opinions in this field, emphasizing the importance of considering energy aspects in the development of protective strategies for IoT. The diagram shows that battery charge limitations have the most significant impact on the risk of data loss during interruptions in operation. This underscores the importance of developing energy-efficient solutions to ensure the reliability and continuity of security functions. 6.3. Limitations on energy consumption Limitations on energy consumption in IoT devices can be an obstacle to using resource-intensive security algorithms, especially in the field of cryptographic protection. This may lead to the selection of less powerful, and therefore less secure, encryption algorithms. Additionally, limited energy can 92 Figure 2: Impact of battery charge limitations on device security. slow down the processes of detecting and responding to potential cyber threats. The difficulty of using complex cryptographic algorithms in IoT devices makes them vulnerable to advanced cyber-attacks. Let’s model the efficiency of cryptographic algorithms in relation to energy consumption. Let 𝐸 represent the effectiveness of the applied algorithm’s security properties, and 𝑃 represent energy consumption. Then, the efficiency of cryptographic algorithms can be described by a polynomial function: 𝐸 = 𝑐1 · 𝑃 2 + 𝑐2 · 𝑃 + 𝑐3 , (6) where 𝑐1 , 𝑐2 and 𝑐3 are coefficients determined based on the computational capabilities of the device. The figure 3 depicts the diagram of the impact of energy consumption constraints on the security of IoT devices. The data for this diagram were formulated based on expert discussions and an assessment of potential consequences of limited energy consumption on the protective mechanisms of IoT devices. The percentage indicators reflect the generalized expert opinion on the importance of this aspect in the context of the development and application of cryptographic security systems. The diagram shows that limited energy consumption most significantly affects the selection and effectiveness of secure algorithms. This emphasizes the need for the development of energy-efficient cryptographic solutions that can provide an adequate level of security with constrained energy consumption. Figure 3: Impact of device energy consumption constraints on its security. 93 7. Strategies for optimizing security in IoT devices with limited resources In the context of ensuring the security of IoT devices, optimizing their limited resources becomes crucial. This requires an innovative approach that takes into account both technical constraints and security needs. By focusing on key aspects of such limitations, such as memory, battery charge, and energy consumption, effective strategies can be developed to enhance the security level of IoT systems. 1. Lightweight Cryptographic Algorithms: Development and use of cryptographic algorithms that require minimal resources for execution but still provide reliable data protection. 2. Efficient Energy Management Algorithms: Implementation of algorithms that optimize energy consumption without compromising security can ensure longer device runtime and security system reliability. 3. Memory Usage Optimization: Development of methods for efficient utilization of limited memory space, including compact storage of encryption keys and using memory for security functions. 4. Adaptive Security Mechanisms: Creation of security systems capable of adapting to changing resource constraints to maintain an optimal level of protection in different operating conditions. 5. Improvement of Authentication Algorithms: Implementation of effective authentication algo- rithms that provide a high level of security with limited computational resources. 6. Secure Communication Protocols: Development of specialized communication protocols for IoT that are optimized for efficient resource utilization and ensure reliable data protection. These strategies form the foundation for ensuring the security of IoT devices operating in resource- constrained environments. They enable a balance between security needs and constraints in memory, energy consumption, and operational resources, providing effective protection against potential threats. 8. Discussion In light of the presented analysis, it is crucial to delve deeper into the discussion of the perspectives for further research in the field of IoT security with constrained resources. One of the key directions is the development and implementation of more efficient algorithms that consider the specificity of IoT devices. This includes not only technical aspects but also taking into account the diversity of applications of IoT devices in various industries. The need for improvement in cryptographic protection methods is evident, especially in the context of limited memory and computational resources. The development of lightweight yet robust cryptographic algorithms can be key to enhancing overall security. Additionally, there is a necessity to develop flexible and adaptive security systems capable of effectively operating under resource constraints and quickly adapting to new threats and challenges. Significant potential lies in research on energy-efficient technologies for IoT devices. Energy is a critical resource for many IoT systems, so developing methods for efficient energy management can significantly increase the autonomy and reliability of devices. It is also essential to consider the interaction between different components of IoT systems to optimize overall efficiency and security. 9. Conclusions In the context of ensuring security for IoT devices with limited resources, it is important to recognize that effective security requires a multidimensional approach. This approach should involve the integra- tion of technical innovations and strategic planning. Considering the constraints in memory, power consumption, and computational power, the development of lightweight cryptographic algorithms that utilize minimal resources becomes a priority to ensure reliable data protection. Adapting security systems to the changing operational conditions of IoT devices is another crucial aspect. Security systems should be flexible, adaptive, and capable of maintaining a high level of security 94 despite resource limitations. This includes not only technical aspects but also operational resource management, especially concerning energy and memory. Innovations in authentication algorithms and energy-efficient technologies are essential for enhancing the autonomy and reliability of IoT devices. Further research in these areas should focus on developing solutions that can efficiently operate under resource constraints while providing reliable protection against current and future cyber threats. Given the rapid advancement of technologies and the constant growth of cyber threats, continuous updating and adaptation of security mechanisms are integral parts of a security assurance strategy. Updating security solutions in response to new threats will help maintain a high level of protection while expanding the possibilities of applying IoT technologies in various domains. 10. Authors contribution The authors confirm contribution to the paper as follows: study conception and design: I. Rozlomii, A. Yarmilko; data collection: I. Rozlomii; analysis and interpretation of results: I. Rozlomii, A. Yarmilko, S. Naumenko; draft manuscript preparation: I. Rozlomii, A. Yarmilko, S. Naumenko. All authors reviewed the results and approved the final version of the manuscript. References [1] S. Maitra, K. Yelamarthi, Rapidly Deployable IoT Architecture with Data Security: Implementation and Experimental Evaluation, Sensors 19 (2019) 2484. doi:10.3390/s19112484. [2] Y. B. Shapovalov, Z. I. Bilyk, S. A. Usenko, V. B. Shapovalov, K. H. Postova, S. O. Zhadan, P. D. Antonenko, Harnessing personal smart tools for enhanced STEM education: exploring IoT integration, Educational Technology Quarterly 2023 (2023) 210–232. doi:10.55056/etq.604. [3] O. V. Klochko, V. M. Fedorets, M. V. Mazur, Y. P. Liulko, An IoT system based on open APIs and geolocation for human health data analysis, CTE Workshop Proceedings 10 (2023) 399–413. doi:10.55056/cte.567. [4] P. M. Chanal, M. S. Kakkasageri, Security and Privacy in IoT: A Survey, Wireless Personal Communications 115 (2020) 1667–1693. doi:10.1007/s11277-020-07649-9. [5] N. Balyk, S. Leshchuk, D. Yatsenyak, Design and implementation of an IoT-based educational model for smart homes: a STEM approach, Journal of Edge Computing 2 (2023) 148–162. doi:10. 55056/jec.632. [6] S. Deep, X. Zheng, A. Jolfaei, D. Yu, P. Ostovari, A. K. Bashir, A survey of security and privacy issues in the Internet of Things from the layered context, Transactions on Emerging Telecommunications Technologies 33 (2022) e3935. doi:10.1002/ett.3935. [7] N. M. Lobanchykova, I. A. Pilkevych, O. Korchenko, Analysis and protection of IoT systems: Edge computing and decentralized decision-making, Journal of Edge Computing 1 (2022) 55–67. doi:10.55056/jec.573. [8] K. Yang, D. Blaauw, D. Sylvester, Hardware Designs for Security in Ultra-Low-Power IoT Systems: An Overview and Survey, IEEE Micro 37 (2017) 72–89. doi:10.1109/MM.2017.4241357. [9] S. Shen, K. Zhang, Y. Zhou, S. Ci, Security in edge-assisted Internet of Things: challenges and solu- tions, Science China Information Sciences 63 (2020) 220302. doi:10.1007/s11432-019-2906-y. [10] A. I. Jony, A. K. B. Arnob, A long short-term memory based approach for detecting cyber attacks in IoT using CIC-IoT2023 dataset, Journal of Edge Computing (2024). doi:10.55056/jec.648. [11] F. Meneghello, M. Calore, D. Zucchetto, M. Polese, A. Zanella, IoT: Internet of threats? A survey of practical security vulnerabilities in real IoT devices, IEEE Internet of Things Journal 6 (2019) 8182–8201. doi:10.1109/JIOT.2019.2935189. [12] M. Ammar, G. Russello, B. Crispo, Internet of Things: A survey on the security of IoT frameworks, Journal of Information Security and Applications 38 (2018) 8–27. doi:10.1016/j.jisa.2017. 11.002. 95 [13] X. Jiang, M. Lora, S. Chattopadhyay, An experimental analysis of security vulnerabilities in industrial IoT devices, ACM Transactions on Internet Technology 20 (2020) 1–24. doi:10.1145/ 3379542. [14] Rachit, S. Bhatt, P. R. Ragiri, Security trends in Internet of Things: A survey, SN Applied Sciences 3 (2021) 121. doi:10.1007/s42452-021-04156-9. [15] M. Yu, J. Zhuge, M. Cao, Z. Shi, L. Jiang, A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices, Future Internet 12 (2020) 27. doi:10.3390/fi12020027. [16] B. D. Davis, J. C. Mason, M. Anwar, Vulnerability Studies and Security Postures of IoT Devices: A Smart Home Case Study, IEEE Internet of Things Journal 7 (2020) 10102–10110. doi:10.1109/ JIOT.2020.2983983. [17] R. T. Tiburski, C. R. Moratelli, S. F. Johann, M. V. Neves, E. de Matos, L. A. Amaral, F. Hessel, Lightweight Security Architecture Based on Embedded Virtualization and Trust Mechanisms for IoT Edge Devices, IEEE Communications Magazine 57 (2019) 67–73. doi:10.1109/MCOM.2018. 1701047. [18] S. Rajesh, V. Paul, V. G. Menon, M. R. Khosravi, A Secure and Efficient Lightweight Symmetric Encryption Scheme for Transfer of Text Files between Embedded IoT Devices, Symmetry 11 (2019) 293. doi:10.3390/sym11020293. [19] B. C. Chifor, I. Bica, V. V. Patriciu, F. Pop, A security authorization scheme for smart home internet of things devices, Future Generation Computer Systems 86 (2018) 740–749. doi:10.1016/ j.future.2017.05.048. [20] M. Parmar, P. Shah, Internet of things-blockchain lightweight cryptography to data security and integrity for intelligent application, International Journal of Electrical and Computer Engineering (IJECE) 13 (2023) 4422–4431. doi:10.11591/ijece.v13i4.pp4422-4431. [21] M. A. Jabraeil Jamali, B. Bahrami, A. Heidari, P. Allahverdizadeh, F. Norouzi, IoT Architecture, in: Towards the Internet of Things: Architectures, Security, and Applications, Springer International Publishing, Cham, 2020, pp. 9–31. doi:10.1007/978-3-030-18468-1_2. [22] E. A. Shammar, A. T. Zahary, The Internet of Things (IoT): a survey of techniques, operating systems, and trends, Library Hi Tech 38 (2020) 5–66. doi:10.1108/LHT-12-2018-0200. [23] S. I. Al-Sharekh, K. H. Al-Shqeerat, Security Challenges and Limitations in IoT Environments, IJCSNS International Journal of Computer Science and Network Security 19 (2019) 193–199. URL: http://paper.ijcsns.org/07_book/201902/20190224.pdf. [24] O. L. Korenivska, V. B. Benedytskyi, O. V. Andreiev, M. G. Medvediev, A system for monitoring the microclimate parameters of premises based on the Internet of Things and edge devices, Journal of Edge Computing 2 (2023) 125–147. doi:10.55056/jec.614. [25] T. M. Nikitchuk, T. A. Vakaliuk, O. A. Chernysh, O. L. Korenivska, L. A. Martseva, V. V. Osadchyi, Non-contact photoplethysmographic sensors for monitoring students’ cardiovascular system functional state in an IoT system, Journal of Edge Computing 1 (2022) 17–28. doi:10.55056/jec. 570. [26] I. Rozlomii, A. Yarmilko, S. Naumenko, P. Mykhailovskyi, IoT Smart Implants: Information Security and the Implementation of Lightweight Cryptography, CEUR Workshop Proceedings 3609 (2023) 145–156. URL: https://ceur-ws.org/Vol-3609/paper12.pdf. 96