TY - JOUR
T1 - A survey on security challenges and solutions in the IOTA
AU - Conti, Mauro
AU - Kumar, Gulshan
AU - Nerurkar, Pranav
AU - Saha, Rahul
AU - Vigneri, Luigi
PY - 2022
Y1 - 2022
N2 - Wide-scale adoption of the Internet of Everything requires decentralized security, responsibility, and trust among the stakeholders. All these can be achieved by a Distributed Ledger Technology (DLT) backbone. As a mathematical model for enabling this DLT backbone, IOTA's Tangle is gaining popularity due to its scalability and freedom from transaction fees. Unlike blockchain, the Tangle uses a Directed Acyclic Graph (DAG) structure, and its design does not cover essential blockchain pitfalls, including expensive Proof of Work (PoW), limited throughput, high transaction costs, and significant confirmation delays. The original IOTA is evolving into a Coordinator-less environment, the Coordicide. It requires additional modules, such as auto-peering and a reputation system, to fully exploit Tangle's scalability and complete decentralization potential. Nevertheless, each new evolutionary update adds complexity and may introduce security threats. Therefore, the present survey's motivation is a detailed security analysis of the IOTA. To spur developers and researchers’ interest and summarize the security status in IOTA, we have drawn the current review. Our survey outlines security vulnerabilities on IOTA and their mitigation strategies and explores several important open directions to be researched further. The vulnerabilities are discussed on both the original IOTA and its upcoming Coordicide version. In summary, this survey is first in the field for (i) understanding the basic functionalities of the IOTA, (ii) listing the security solutions provided in the literature against the reported and unreported attacks, and (iii) presenting open research questions (RQ) for directing the future investigations on IOTA.
AB - Wide-scale adoption of the Internet of Everything requires decentralized security, responsibility, and trust among the stakeholders. All these can be achieved by a Distributed Ledger Technology (DLT) backbone. As a mathematical model for enabling this DLT backbone, IOTA's Tangle is gaining popularity due to its scalability and freedom from transaction fees. Unlike blockchain, the Tangle uses a Directed Acyclic Graph (DAG) structure, and its design does not cover essential blockchain pitfalls, including expensive Proof of Work (PoW), limited throughput, high transaction costs, and significant confirmation delays. The original IOTA is evolving into a Coordinator-less environment, the Coordicide. It requires additional modules, such as auto-peering and a reputation system, to fully exploit Tangle's scalability and complete decentralization potential. Nevertheless, each new evolutionary update adds complexity and may introduce security threats. Therefore, the present survey's motivation is a detailed security analysis of the IOTA. To spur developers and researchers’ interest and summarize the security status in IOTA, we have drawn the current review. Our survey outlines security vulnerabilities on IOTA and their mitigation strategies and explores several important open directions to be researched further. The vulnerabilities are discussed on both the original IOTA and its upcoming Coordicide version. In summary, this survey is first in the field for (i) understanding the basic functionalities of the IOTA, (ii) listing the security solutions provided in the literature against the reported and unreported attacks, and (iii) presenting open research questions (RQ) for directing the future investigations on IOTA.
KW - Coordinator
KW - Graph
KW - IOTA protocol
KW - Ledger
KW - Security
KW - Tangle
UR - http://www.scopus.com/inward/record.url?scp=85129464889&partnerID=8YFLogxK
U2 - 10.1016/j.jnca.2022.103383
DO - 10.1016/j.jnca.2022.103383
M3 - Review article
AN - SCOPUS:85129464889
SN - 1084-8045
VL - 203
JO - Journal of Network and Computer Applications
JF - Journal of Network and Computer Applications
M1 - 103383
ER -