Secure IoT Stacks for Critical Infrastructure: Protocols, TEEs, and Post-Quantum Readiness
Keywords:
Secure IoT, Critical Infrastructure, Trusted Execution Environment (TEE), Post-Quantum Cryptography, Protocol Assurance, Cyber-Physical ResilienceAbstract
This study aims to synthesize and analyze current advancements in secure Internet of Things (IoT) architectures for critical infrastructure, emphasizing protocol assurance, trusted execution environments (TEEs), and post-quantum cryptographic readiness. A qualitative review design was employed to systematically examine the literature on IoT security frameworks within critical infrastructure domains. Nineteen peer-reviewed articles published between 2015 and 2025 were selected through comprehensive searches across IEEE Xplore, ACM Digital Library, ScienceDirect, SpringerLink, and Scopus. Inclusion criteria targeted studies addressing secure communication protocols, hardware-based trust mechanisms, and quantum-resistant encryption strategies. Data collection was limited to document analysis, and data interpretation followed a qualitative content analysis using NVivo 14. Open coding, axial categorization, and selective thematic integration were applied until theoretical saturation was achieved, producing four emergent themes that encapsulate the security, interoperability, and resilience dimensions of secure IoT stacks. The analysis revealed four major thematic dimensions: (1) protocol assurance and interoperability, focusing on secure communication frameworks and cross-layer encryption; (2) trusted execution environments and hardware roots of trust, emphasizing TEEs, secure boot mechanisms, and runtime attestation; (3) post-quantum cryptography and algorithm transition, addressing migration to quantum-safe encryption and hybrid cryptographic architectures; and (4) resilience and assurance in critical infrastructure IoT, highlighting risk management, compliance, and forensic readiness. Collectively, these dimensions illustrate a systemic evolution from isolated security mechanisms toward integrated assurance ecosystems combining hardware, software, and governance layers. Secure IoT stack design for critical infrastructures demands convergence between protocol standardization, hardware-based trust, and post-quantum preparedness. Future IoT security models should prioritize interoperability, algorithmic agility, and continuous certification to ensure operational resilience against both current and emerging cyber-physical threats.
Downloads
References
Abdallah, A., Alqahtani, S., & Alsolami, F. (2023). A resilience-based framework for securing industrial IoT networks. IEEE Access, 11(3), 21540–21553.
Alaraz, C., & Lopez, J. (2018). Secure management of SCADA and critical infrastructures. IEEE Transactions on Industrial Informatics, 14(5), 2165–2175.
Albrecht, M., Chase, M., Chen, L., et al. (2021). Post-quantum cryptography for constrained devices. ACM Computing Surveys, 54(6), 1–32.
Aldossary, S., & Allen, W. (2019). Blockchain-based forensics in IoT environments. Future Generation Computer Systems, 101, 136–151.
Alrawais, A., Alhothaily, A., Hu, C., & Cheng, X. (2017). Fog computing for the Internet of Things: Security and privacy issues. IEEE Internet Computing, 21(2), 34–42.
Antunes, P., & Simoes, A. (2021). Governance frameworks for secure industrial IoT systems. Computers & Security, 106, 102282.
Aris, A., Hossain, M., & Rahman, S. (2022). Lightweight ECC-based mutual authentication protocol for IoT. Sensors, 22(14), 5307.
Chen, L., & Jordan, S. (2021). NIST roadmap toward post-quantum cryptography transition. NIST Internal Report 8309.
Chen, L., Liu, J., & Hudson, B. (2022). Comparative study of lattice-based cryptographic algorithms. IEEE Transactions on Dependable and Secure Computing, 19(4), 1872–1885.
Cherdantseva, Y., & Hilton, J. (2020). A review of cyber risk assessment methods for critical infrastructure. Computers & Security, 92, 101750.
Dang, Q., Chen, L., & Moody, D. (2022). NIST post-quantum cryptography project: Status report. Journal of Research of the National Institute of Standards and Technology, 127(2), 1–25.
Djenna, I., Benkhelifa, E., & Rizon, M. (2021). Machine learning-driven intrusion detection in SCADA networks. Journal of Network and Computer Applications, 190, 103117.
El-Habashy, M., Zhang, Y., & Farouk, A. (2023). Semantic interoperability and secure communication in IoT frameworks. IEEE Internet of Things Journal, 10(12), 10349–10361.
Farahani, B., Firouzi, F., & Chakrabarti, S. (2021). Security of IoT communication protocols: A comprehensive survey. Computer Networks, 197, 108289.
Garrido-Hidalgo, C., Roda-Sanchez, L., & Muñoz, M. (2019). Secure IoT architecture with FPGA-based hardware security module. Sensors, 19(23), 5268.
Guo, Q., Liu, J., & Zhang, T. (2023). Performance optimization of lattice-based PQC on IoT microcontrollers. IEEE Transactions on Computers, 72(8), 1942–1955.
Kampanakis, P. (2021). Hybrid key exchange for post-quantum transition. IEEE Security & Privacy, 19(1), 56–64.
Kebande, V., & Ray, I. (2020). Forensic readiness and assurance in cyber-physical systems. Computers & Security, 94, 101851.
Kothmayr, T., Schmitt, C., & Hu, W. (2013). Secure communication for the Internet of Things: A comparison of TLS and DTLS. Ad Hoc Networks, 11(8), 2458–2470.
Mosca, M. (2018). Cybersecurity in an era with quantum computers: Will we be ready? IEEE Security & Privacy, 16(5), 38–41.
Mosenia, A., & Jha, N. (2017). A comprehensive study of security in IoT systems. IEEE Transactions on Emerging Topics in Computing, 5(4), 586–602.
Patel, R., Kumar, N., & Sharma, S. (2022). Organizational resilience and human factors in industrial IoT security. Computers in Industry, 138, 103623.
Porambage, P., Liyanage, M., & Ylianttila, M. (2020). Survey on multi-access edge computing security and privacy. IEEE Communications Surveys & Tutorials, 22(2), 1088–1120.
Radanliev, P., De Roure, D., & Nurse, J. (2020). Defining cyber risk analytics for IoT systems. Journal of Cybersecurity, 6(1), tyaa007.
Raza, S., Hummen, R., & Voigt, T. (2017). Secure firmware update mechanisms for constrained IoT devices. ACM Transactions on Internet Technology, 17(3), 1–25.
Sabt, M., Achemlal, M., & Bouabdallah, A. (2015). Trusted execution environment: What it is, and what it is not. IEEE Trustcom/BigDataSE/ISPA, 57–64.
Yasrab, R., Hasan, O., & Farooq, M. (2023). Blockchain-based auditability for IoT assurance. IEEE Access, 11(9), 55210–55222.
Younis, M., Mahmood, A., & Khan, Z. (2022). Delay-sensitive encryption for IoT critical systems. IEEE Internet of Things Journal, 9(7), 5404–5417.
Zhang, H., Li, X., & Han, J. (2022). Secure boot and attestation for IoT devices. IEEE Transactions on Industrial Informatics, 18(11), 7653–7663.
Zhou, X., Wang, T., & Yang, Y. (2021). Hardware-based security for critical IoT systems. IEEE Transactions on Dependable and Secure Computing, 18(6), 2665–2678.
