A survey on security challenges and solutions in the IOTA

Wide-scale adoption of the Internet of Everything requires decentralized security, responsibility, and trust among the stakeholders. All these can be achieved by a Distributed Ledger Technology (DLT) backbone. As a mathematical model for enabling this DLT backbone, IOTA's Tangle is gaining popularity due to its scalability and freedom from transaction fees. Unlike blockchain, the Tangle uses a Directed Acyclic Graph (DAG) structure, and its design does not cover essential blockchain pitfalls, including expensive Proof of Work (PoW), limited throughput, high transaction costs, and significant confirmation delays. The original IOTA is evolving into a Coordinator-less environment, the Coordicide. It requires additional modules, such as auto-peering and a reputation system, to fully exploit Tangle's scalability and complete decentralization potential. Nevertheless, each new evolutionary update adds complexity and may introduce security threats. Therefore, the present survey's motivation is a detailed security analysis of the IOTA. To spur developers and researchers’ interest and summarize the security status in IOTA, we have drawn the current review. Our survey outlines security vulnerabilities on IOTA and their mitigation strategies and explores several important open directions to be researched further. The vulnerabilities are discussed on both the original IOTA and its upcoming Coordicide version. In summary, this survey is first in the field for (i) understanding the basic functionalities of the IOTA, (ii) listing the security solutions provided in the literature against the reported and unreported attacks, and (iii) presenting open research questions (RQ) for directing the future investigations on IOTA.