The Internet of Things (IoT) has rapidly expanded across multiple sectors, exposing significant opportunities but also raising important concerns. This rapid growth has raised concerns about the security of IoT devices and the protection of the large volumes of data they collect, transmit, store, and process. Numerous large-scale attacks on IoT systems underscore the need for security measures, as well as comprehensive security assessments and benchmarking methods to verify and validate these systems. We conduct a Systematic Literature Review (SLR) to analyze previous studies, methodologies, and tools used to assess and benchmark the security of IoT systems, and to identify critical challenges and gaps in the existing literature. As a result, we highlight that, due to their complexity, IoT systems lack a comprehensive security framework that covers all layers and their security concerns. Despite awareness of known vulnerabilities, there is a lack of best practices, tools, and techniques to prevent, detect, and mitigate threats effectively. The absence of standardized security benchmarks complicates the evaluation and comparison of the solutions. There is also limited alignment with emerging standards such as ISO/IEC 27402 and SESIP. Finally, it is noteworthy that IoT gateway security remains unexplored despite its critical role in IoT ecosystems. CCS Concepts: • Computer systems organization → Embedded systems ; Redundancy ; Robotics; • Networks → Network reliability.
Slaibi et al. (Sun,) studied this question.