Fighting COVID-19 and Future Pandemics With the Internet of Things: Security and Privacy Perspectives

Mohamed Amine Ferrag, Lei Shu,, and Kim-Kwang Raymond Choo,

Abstract—The speed and pace of the transmission of severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2; also referred to as novel Coronavirus 2019 and COVID-19) have resulted in a global pandemic, with significant health, financial,political, and other implications. There have been various attempts to manage COVID-19 and other pandemics using technologies such as Internet of Things (IoT) and 5G/6G communications. However, we also need to ensure that IoT devices used to facilitate COVID-19 monitoring and treatment(e.g., medical IoT devices) are secured, as the compromise of such devices can have significant consequences (e.g., life-threatening risks to COVID-19 patients). Hence, in this paper we comprehensively survey existing IoT-related solutions, potential security and privacy risks and their requirements. For example,we classify existing security and privacy solutions into five categories, namely: authentication and access control solutions,key management and cryptography solutions, blockchain-based solutions, intrusion detection systems, and privacy-preserving solutions. In each category, we identify the associated challenges.We also identify a number of recommendations to inform future research.

I. INTRODUCTION

THE global outbreak of the novel coronavirus 2019(COVID-19) was declared by the World Health Organization (WHO) on 30 January 2020 [1]. The clinical symptoms of COVID-19 are predominantly pulmonary,although serious cardiovascular side effects were also observed in a number of patients [2]. Fig. 1 presents an overview of COVID-19 symptoms and protective strategies.Existing preventative solutions, include frequent hand wash using soap and water, or a hydro-alcoholic solution, and digital technologies such as mobile applications (e.g., contact tracing applications), artificial intelligence (AI), blockchain technology, drones, and robots to detect and limit the spread of the virus and track/monitor the movement of quarantined citizens [3]–[8].

Fig. 1. Overview of COVID-19 symptoms and protective strategies.

A. COVID-19 Mobile Applications (Apps)

A number of governments/countries have introduced the use of official contact tracing apps for iOS and Android devices.Examples include Australia (COVIDSafe), Austria (Stopp Corona), Canada (COVID Alert), Denmark (Smittestop),Finland (Koronavilkku), France (StopCovid), Germany(Corona-Warn-App), China (LeaveHomeSafe), Italy (Immuni),Singapore (TraceTogether), etc. In addition to these official contact tracing apps, some organizations (e.g., hospitals) have also used other systems and approaches such as COVID Symptom Tracker, HowWeFeel, COVID-19 Symptoms &Social Distancing Web Survey, Global COVID-19 Survey,and Beiwe, to facilitate the monitoring and management of the COVID-19 pandemic [9]. The COVID Symptom Tracker[10], for example, is created by medical doctors and scientists at Stanford University School of Medicine, King’s College London, Harvard T.H. Chan School of Public Health, and Massachusetts General Hospital, to track the spread of COVID-19 and study the symptoms of this virus.

Fig. 2. The use of IoT in healthcare systems during pandemics.

Existing COVID-19 mobile apps can be categorised into six groups [11], namely: COVID-19 symptoms apps, COVID-19 contact tracing apps, COVID-19 health monitoring apps,COVID-19 research apps, telemedicine apps, and social distancing apps. These apps play different roles. For example,COVID-19 symptoms apps can facilitate users to monitor their own health, while COVID-19 contact tracing apps (e.g.,COVIDWISE (for Virginia) and GuideSafe (for Alabama))can be used by healthcare authorities to identify individuals who may have been in contact with an infected person. Also,data sensed/collected by COVID-19 health monitoring apps can be used by medical doctors to monitor the health of their patients. COVID-19 research apps can be used by research institutions to trace and study the spread of COVID-19, as well as its impacts. To enable video chat between medical doctors and their patients, telemedicine apps (e.g., Doctor On Demand, MDLive, and Amwell) can be adopted by healthcare providers. We also remark that these COVID-19 mobile apps can be integrated with other internet of things (IoT) devices and telecommunication networks (e.g., 5G) to enable public health institutions to further improve the quality of user experience and healthcare delivery, for example in terms of improved and real-time data and service access.

B. The Use of IoT Approaches to Fight Against COVID-19

The IoT is an ideal potential network for vaccine cold chain monitoring, healthcare management, healthcare delivery drones, remote patient monitoring, detecting and preventing infectious diseases such as COVID-19 [12]–[15]. As presented in Fig. 2, the use of IoT in healthcare systems to fight against epidemic situations like COVID-19 is structured in three layers, namely, the healthcare sensor layer, fog computing layer, and cloud computing layer. The healthcare sensor layer consists of IoT-enabled devices, including, smart hospitals, patients (COVID-19) with wearable smart devices,and doctors. The smart hospitals enable intelligent monitoring of the inside parameters such as temperature [16]. The wearable smart devices enable health data to be obtained using handheld smart devices and then forwarded to a doctor.The doctors use video calls for remote consultations and diagnosis of patients through a COVID-19 tracing app [17],[18]. The fog computing layer consists of network devices such as router, gateway, switch, and access points [19], [20].The healthcare data are transmitted directly to the fog computing layer from the healthcare sensor layer via the 5G/6G wireless connectivity network for analysis and machine learning algorithms [21]. In addition, the fog computing layer provides a detailed view of each patient and manages such information quickly. The cloud computing layer consists of traditional cloud servers with sufficient computing resources to provides storage and end-to-end services [22].

The internet of bio-nanothings (IoBNT) concept considers the connectivity between the Internet and biological cells. The IoBNT’s vision is to accelerate progress in biomedical research technologies based on synthetic biology, biosensors,integrated technologies, molecular communication, to achieve a better quality of life as well as human health, as discussed by Akyildizet al. [23]. The advantages of using IoT approaches to fight against COVID-19 are presented in Table I.Regarding the diagnosis and treatment, the use of IoT approaches provides real-time patient monitoring based on IoT-powered telemedicine and reducing unnecessary medical visits as well as hospital stays. Therefore, thanks to the IoTdevices that are connected to the IoT network, drugs and equipment are efficiently administered and operated with lower costs. The IoT architecture includes fog computing and cloud computing technologies which can enable cost-effective decision making using the data generated via IoT devices.Regarding healthcare delivery, IoT-enabled drones are used to deliver lightweight packages such as medical and vaccines.Based on IoT sensors placed on the vaccine, the use of IoT applications can optimize the vaccine supply chain and can provide flexibility, efficiency, and speed. The blockchainbased solution stops the propagation of the COVID-19 virus using chained medical digital passports and immunity certificates. In addition, LoRaWAN trackers and emerging wearables are used for detecting COVID-linked symptoms.

TABLE I EXAMPLES OF IOT AND CONVENTIONAL APPLICATION USAGE DURING COVID-19 MANAGEMENT

C. Related Works

In the literature, there are a number of recent surveys published in 2020 and 2021 for the use of IoT applications to fight against the COVID-19 pandemic. As shown in Table II,we categorize the related surveys according to the following criteria:

1) The Use of IoT Approaches:It indicates whether the survey described the use of IoT approaches.

2) Security and Privacy Requirements:It states if the survey has provided the security and privacy requirements as well as the threat models.

3) Security and Privacy Solutions:It indicates whether the survey presented a comparative analysis of potential solutions for security and privacy in epidemic situations like COVID-19.

4) Security and Privacy Challenges:It indicates whether the survey discussed the challenges and future research directions to combat COVID-19 as well as security and privacy challenges faced by the use of the IoT.

Most of the surveys on the use of IoT applications to fight against the COVID-19 pandemic outline the emerging technologies without focusing on security and privacy solutions. For example, a brief overview of solutions that IoT and associated sensor technologies have made to fight against the COVID-19 pandemic was discussed in [25], [26].However, these surveys are very limited regarding detailed discussion on security and privacy solutions. Moreover,Ahmedet al. [24] provided an overview and detailed investigation of COVID-19 contact tracing apps with a discussion of users’ concerns about their uses. Chamolaet al.[4] presented a systematic survey that covers the role of various emerging technologies such as 5G, Blockchain,artificial intelligence, drones, and IoT in the fight against the COVID-19 pandemic. The feasibility of efficiency of edge computing and deep learning approaches for mitigating the COVID-19 pandemic were presented in [27]. Hussainet al.[28] provided a review on existing artificial intelligence techniques applied to the medical information-based pandemic as well as discussed the implementation of cloud and edge computing against COVID-19. The feasibility of efficiency of blockchain applications in combating the COVID-19 pandemic is presented in [31] and [32]. Table II summarizes the main focuses and major contributions of the previous comprehensive surveys on the use of IoT applications to fight against the COVID-19 pandemic. Although the abovementioned surveys [28]–[30] have laid a solid foundation for the detection and classification of COVID-19 medical images using artificial intelligence techniques, our survey differs in several aspects. To the best of our knowledge, our survey is the first that thoroughly covers security and privacy solutions as well as challenges and future research directions faced by the use of IoT applications to combat COVID-19 and future pandemics.

D. Systematic Review and Meta-Analysis Methodology

The process of conducting our literature review is based on the following phases proposed by Snyder in [35]:

1) Designing the Review:The identification of literature for analysis in this paper was based on a keyword search, namely,“An IoT-based framework for COVID-19”, “An IoT-based system for COVID-19”, “An IoT-based protocol for COVID-19”, and “An IoT-based scheme for COVID-19”. Searching for these keywords in academic databases such as medRxiv,SCOPUS, Web of Science, Wiley Online Library, Google Scholar, and ACM Digital Library, an initial set of relevant sources were located. The search process provided a significant number of results, which only proposed IoT-based schemes for COVID-19 were collected.

TABLE II RELATED SURVEYS ON THE USE OF IOT APPLICATIONS TO FIGHT AGAINST THE COVID-19 PANDEMIC

2) Conducting the Review:The collected references have been evaluated based on the following key factors: a)reputation, b) pertinence, c) originality, and d) most influential articles in the topic area.

3) Analyze Data:After conducting the literature review and selecting a final sample, the articles are evaluated and analyzed according to the following key factors: a) network model, b) solution type, c) countermeasures, d) security and privacy requirements, e) resistance to attacks, f) advantages and disadvantages, and g) motivation and design goals for COVID-19.

4) Synthesize Data:Based on the evaluation and analysis of the articles, the sections are structured and synthesized to provide different types of information and different levels of details. Specifically, the final review article is structured in five sections, which offer an overview of future research directions to combat COVID-19 as well as security and privacy challenges faced by the use of IoT applications.

E. Our Contributions

The major challenge of IoT deployment for COVID-19 does not reside in the implementation of the emerging technologies,but primarily in the guarantee of security and privacy since the deployment of thousands of IoT based devices is in an open field [36]. For example, an adversary can use many cyber attacks, such as DDoS attacks to makes a service unavailable and then injects false data, which affects vaccine cold chain monitoring, healthcare management, healthcare delivery drones, and remote patient monitoring.

Our contributions in this work are:

1) We discuss the use of IoT applications to fight against the COVID-19 pandemic, including, for diagnosis and treatment,drugs and equipment management, decision making,healthcare delivery, vaccine cold chain monitoring,disinfecting public spaces, digital medical passports,immunity certificates, and COVID-linked symptoms.

2) We overview security and privacy requirements as well as the threat models, and the challenges associated with developing IoT-based frameworks for COVID-19.

3) Based on review and a new taxonomy of state-of-the-art solutions, we provide a classification into five categories,namely, authentication and access control solutions, key management and cryptography solutions, blockchain-based solutions, intrusion detection systems, and privacy-preserving solutions.

4) We outline challenges and future research directions to combat COVID-19 as well as security and privacy challenges faced by the use of the IoT, such as the use of the internet of bio-nano things, applications of industry 4.0, IoTs solutions for vaccine shipments, computer vision for remote diagnosis,private patient information issues, vulnerabilities of machine learning techniques, compliance with healthcare data protection regulation, etc.

The remaining part of this paper is structured as Fig. 3.Section II focuses on security and privacy requirements.Section III describes threat models. Section IV presents security and privacy solutions to combat COVID-19. Section V describes future research against epidemic situation applications like COVID-19. Lastly, Section VI presents conclusions.

II. SECURITY AND PRIVACY REQUIREMENTS

Due to continuing serious cyber attacks on public and private healthcare services, the proposal of a security and privacy solution to fight against epidemic situations like COVID-19 should provide and achieve the following requirements.

1) Conditional Privacy Preserving:Viewed as an essential characteristic of privacy protection, which there are two aspects: the protection of user privacy and the targeted retrieval of device information. In other words, the user’s confidential data will be stored securely during the whole session. The unauthorized tracking to a specific device will not be permitted to be successful.

2) Differential Privacy:Refers to a set of mathematical techniques (e.g., stable transformations, randomized response,Laplace mechanism, and sensitivity) that enable big data analysis on epidemic situation applications to be performed without disclosing individual information.

3)Patient Anonymity:The open wireless transmission functionalities mean that communication channels of epidemic situation applications can be eavesdropped on by malicious devices. An adversary can analyze eavesdropped information such as user location, which seriously affects the user’s privacy. Hence, the anonymity of each device in epidemic situation applications must be guaranteed. The security solution should assure that an adversary is unable to determine a user’s true identity through intercepted data.

4)Unforgeability:In practical transmission of epidemic situation applications, an adversary can forge selectively legitimate credentials, authentication session keys, or other signatures in order to complete the verification process successfully [37]. Therefore, unforgeability against the chosen message attack is the main characteristic of a secured exchange of information.

5) Mutual Authentication:In the design of epidemic situation applications, mutual authentication is the primary and principal safety feature, which ensures that both units(Fog device, IoT device, Cloud center, etc.) in a session of communication can mutually authenticate each other. Thus,the identity theft attacks to specific equipment can be prevented [38].

6)Untraceability:The untraceability of patients of COVID-19 when a program is under the surveillance of an adversary is the characteristic that the adversary is unable to track the patients when moving from one location to the next destination. Usually, the security protocols achieves untraceability using identities, current timestamps, and random nonces.

7)Non-Repudiation:It guarantees the reliability of the data communicated in epidemic situation applications, where the originator of the data is not able to deny the validity of the signature transmitted.

8)Session Key Establishment:When mutual authentication takes place, one single session key between individual device and epidemic situation application system must be provided to ensure secure communication [39].

9) Session-Key Security:It maintains a secret session key between an approved member and an authorized device after they have successfully authenticated each other.

10) Perfect Forward Secrecy:To ensure the security of data previously sent, the security solutions for epidemic situation applications need to provide the perfect forward secrecy,which means that an adversary is unable to retrieve a session key from a previous session of two users, although the adversary may compromise the two users’ private keys [40].

11) Patient Location Privacy:The idea of location privacy can be described as the ability of patients COVID-19 to choose exactly when and how their location credentials may be shared with other parties and for what purposes.

12) Patient Identity Privacy:It consists of applying protection technologies to minimize the disclosure of patient data that allow attackers to infer a patient’s identity.

13) Patient Traceability:The medical center is capable of extracting the true identity of the patient by scanning pertinent information when requested. Heet al.[41] designed a crossdomain handshake solution based on hierarchical identitybased cryptography, which can provide patient traceability.

14) Data Integrity:The integrity is one of the essential basic security requirements for the benign function of epidemic situation applications. Data integrity is the confirmation that the data that has been sent, received, or stored is complete and has not been altered. Therefore, security solutions use hash functions to provide data integrity. The blockchain-based solutions have integrity protection built-in since it is a tamperproof and immutable ledger.

Fig. 3. Organization of this paper.

III. THREAT MODELS

Since the COVID-19 sensitive patient information will be transmitted through an open channel (i.e., the Internet), the potential for misuse of this information can happen. Hence,we propose the following threat models against epidemic situation applications like COVID-19. Specifically, we consider the widely accepted Dolev-Yao (DY) threat model[42] according to which two parties are allowed to interact through a public (unsecured) network. In the DY model, an adversaryAlaunches the following attacks to interrupt the data that are exchanged between parties but can also alter or eliminate the content of the data and can insert false data during the communication. Fig. 4 classifies the prevalent threats in the IoT-based healthcare systems on the basis of the layer it affects.

Fig. 4. Classification of security threats in IoT-based healthcare systems to fight against epidemic situations like COVID-19.

1) Replay Attack:To provide replay attacking resistance in epidemic situations, Tanet al.[43] designed a practical homomorphic authentication framework, which is based on the fresh timestamps used in each calculation. Usually, the use of timestamps can resist against replay attack.

2) Impersonation Attack:An adversary assumes the identity of one of the legitimate entities in a communication protocol or a system. Alladiet al.[44] proposed an authentication framework for providing two-way authentication based on physical unclonable functions, which can resist impersonation attacks.

3) Denial-of-Service Attack:This attack aims to make an epidemic situation application unable to respond to the requests of its users. Challaet al.[45] proposed an authentication framework based on ECC cryptography and three-factor, which can resist the denial-of-service attacks.

4) Stolen Smart Card Attack:This implies that if an adversary takes the smart card of a user of an epidemic situation application, he may have the opportunity to impersonate this user identity or to initiate a new attack.Usually, the use of cryptography methods (e.g., Elliptic Curve Cryptography) can resist against stolen smart card attack.

5) Man-in-the-Middle (MITM) Attack:It is an attack that uses at least three devices. Two devices use an epidemic situation application and communicate with each other. The third (i.e., an adversary) in the middle breaks the link between the two devices and masquerades as the other device. In other words, it intercepts and redirects the communications, and can also modify the exchanged data. Srinivaset al.[46] designed a cloud-based user authentication framework for enhanced medical data authentication, which can resist to the MITM attack since the random nonces and timestamps are used in encrypted data.

6) Tampering Attack:It is a form of web-based attack where some parameters in the epidemic situation application or web page form field data that are submitted by a user are altered without that user’s authorization.

7) De-Synchronization Attack:This type of attack means that the private data exchanged between a specific tag and the main server can be desynchronized using a number of attack techniques.

8) Privileged-Insider Attack:This attack means that any person with special access (e.g., login information) to critical systems, servers and databases in epidemic situation applications can be viewed as an internal threat, as everyone’s access is a vulnerable point.

9) False Data Injection Attack:These attacks are designed to compromising the readings of several medical sensors and healthcare data with the objective of misleading control and operations.

10) Ephemeral Secret Leakage Attack:When ephemeral secrets are compromised, an adversary is able to divulge patients’ private keys, and the session key will be revealed from the listened messages.

11) Attacks Against Blockchain-Based Solutions:These attacks are designed to create the vulnerabilities of the blockchain systems such as 51% vulnerability, selfish and reputation-based behaviors, private key leakage, double spending, and transaction privacy leakage. For more information about the threat models against blockchain systems, we refer the reader to the work [47].

12) Sybil Attack:With this attack, an adversary generates a number of additional node identities based on a single physical device in order to acts in the same way as if it were a larger number of nodes.

13) Botnet Attack:Botnets are malware-controlled and infected networks of electronic devices used to carry out DDoS or other types of cyber attacks.

IV. SECURITY AND PRIVACY SOLUTIONS

According to the security and privacy models, we classify the security and privacy solutions to combat COVID-19 into five categories, namely, 1) Authentication and access control solutions, 2) Key management and cryptography solutions, 3)Blockchain-based solutions, 4) Intrusion detection systems,and 5) Privacy-preserving solutions. The summary of potential solutions for security and privacy to combat epidemic situations like COVID-19 is presented in both Tables III and IV. The opportunities for these security and privacy solutions are presented in Fig. 5.

A. Authentication and Access Control Solutions

According to authentication models, we classify the authentication and access control solutions to combat COVID-19 into nine categories, namely, 1) Homomorphic authentication, 2) Electrocardiogram-based authentication, 3)Two-Way authentication, 4) ECC-based user authentication,5) Fine-grained data access control, 6) Cloud-centricauthentication, 7) Anonymous RFID tag authentication, 8)Smart card-based anonymous user authentication, and 9)Biometric authentication.

TABLE III SUMMARY OF POTENTIAL SOLUTIONS FOR SECURITY AND PRIVACY IN EPIDEMIC SITUATIONS LIKE COVID-19 (PART 1)

TABLE III SUMMARY OF POTENTIAL SOLUTIONS FOR SECURITY AND PRIVACY IN EPIDEMIC SITUATIONS LIKE COVID-19 (PART 1) (CONTINUED)

TABLE IV SUMMARY OF POTENTIAL SOLUTIONS FOR SECURITY AND PRIVACY IN EPIDEMIC SITUATIONS LIKE COVID-19 (PART 2)

TABLE IV SUMMARY OF POTENTIAL SOLUTIONS FOR SECURITY AND PRIVACY IN EPIDEMIC SITUATIONS LIKE COVID-19 (PART 2) (CONTINUED)

1) Homomorphic Authentication:Based on the new intelligent transportation system (ITS)’s emerging advantages,Vehicle ad-hoc networks (VANETs) can capture and processing valuable vehicle data to enhance the driving environment and road safety. Tanet al.[43] addressed improving healthcare surveillance and infection monitoring for high-mobility transportation systems, which is not achievable for pandemic control. The automated tracking of infections for pandemic control can be performed consequently. Specifically, the authors designed a practical homomorphic authentication framework for cloud-assisted VANETs, where healthcare surveillance for any involved passengers is delivered. The proposed framework includes the use of the integrated cloud-based VANET infrastructure,where the medical data collection module is connected to the hybrid medical data acquisition module. To provide the infection monitoring on a specific vehicle and person, the mechanism of decentralized vehicle registration based on the blockchain is implemented cooperatively between vehicular cloud and edge units.

2) Electrocardiogram-Based Authentication:The electrocardiogram can be used as tool for authenticate the telemedical terminals of epidemic situation applications.Zhanget al.[51] proposed an authentication framework based on the parallel electrocardiogram, named PEA, which can be applied for epidemic situation applications. The PEA framework provides a method of hybrid electrocardiogram feature extraction which includes features based on fiducialand non-fiducial for extracting enhanced electrocardiogram features to improve the stability of the authentication. Huanget al.[50] introduced an authentication framework that can authenticate patients based on noisy electrocardiogram data and guarantee the privacy of the patterns stored in the system.The proposed framework can be adopted for epidemic situation applications like COVID-19 which is able to track movements and adjust the algorithm depending on the current state of the movement.

Fig. 5. Opportunities for security and privacy solutions to fight against epidemic situations like COVID-19.

3) Two-Way Authentication:With the new use of IoT in health care, a large number of data on patients of COVID-19 are communicated and provided online. Alladiet al.[44]proposed an authentication framework, named HARCI, for providing two-way authentication, which can be applied between various entities in epidemic situation applications.The HARCI framework uses IoT devices with limited resources and architecture of three layers, including,healthcare cloud server, sink nodes, and patient nodes.Therefore, the HARCI framework can offer end-to-end authenticity by providing a single session key for each step of the authentication process. Based on a formal security proof called the Mao-Boyd logic, the HARCI framework is proven that it can ensure session key uniqueness and resist against node tampering attack, reply attack, man-in-the-middle(MITM) attack, and impersonation attack.

4) ECC-Based User Authentication:The elliptic curve cryptography (ECC) is used by security protocols for providing authentication. Challaet al.[45] proposed an authentication framework based on ECC cryptography and three factors for wireless healthcare sensor networks, which can be applied for epidemic situation applications. Through formal security analysis techniques (e.g., BAN logic, AVISPA tool, and real-or-random (ROR) model), the proposed framework is proven to be secure against replay attack, denialof-service attack, stolen smart card attack, offline password guessing attack, impersonation attack, privileged-insider attack. In addition, the proposed framework guarantees user anonymity and mutual authentication.

5) Fine-Grained Data Access Control:In smart healthcare where an epidemic situation application is used, some attributes of the server database information may be accessible only to privileged users. Royet al.[52] proposed a security framework that combines fine-grained access control and mutual authentication for healthcare applications using mobile cloud computing, which can be applied for epidemic situation applications like COVID-19. Based on the attribute-based encryption techniques and hash functions, the proposed framework can provide untraceability and user anonymity.

6) Cloud Centric Authentication:Security and privacy are key issues in cloud computing-based epidemic situation applications, where people are restricted in their access to data stored at remote sites operated by various providers. Srinivaset al.[46] designed a cloud-based user authentication framework for enhanced medical data authentication, which can be applied for epidemic situation applications like COVID-19. Based on mutual successful authentication performed by a patient and a handheld sensor node, both parties create a secret session key which is then applied for secure communications in the future. Based on the ROR model and AVISPA tool, the proposed framework is proven secure against wearable sensor node capture attack as well as password change attack.

7) Anonymous RFID Tag Authentication:The epidemic situation applications like COVID-19 use the low-cost radio frequency identification (RFID) tag to communicate with the servers and access points. Wuet al.[53] designed an anonymous RFID tag authentication framework for ehealthcare systems, which can be applied for epidemic situation applications. The proposed framework employs three techniques, namely, the secret key, the pseudo-identity, and the hash functions, which can provide anonymity for both the tag and the reader. Based on the game theory model, the proposed framework can provide forward and backward untraceability as well as can resist data forgery attacks and desynchronization attacks.

8) Smart Card-Based Anonymous User Authentication:A wireless medical sensor network is a network of sensors composed of lightweight devices with limited resources,limited memory, low computational performance, and low energy battery power. The healthcare sensor devices (e.g.,ECG monitoring electrodes, heart rate monitors, oxygen,temperature, and blood pressure sensors) are placed on a user’s body, forming a wireless body network. Daset al.[55]designed a smart card-based anonymous user authentication framework for wireless body networks, which can be applied to counter epidemic situations like COVID-19. Based on the BAN Logic and AVISPA tool, the proposed framework is proven that can provides user anonymity as well as resistance against the following five attacks: replay attack, identity and password guessing attack, stolen verifier attack, and privileged-insider attack.

9) Biometric Authentication:Biometric authentication is a security concept that is based on an individual’s unique biological characteristics to ensure that they are exactly who the individuals say they are. Biometric authentication technologies are based on the comparison of a biometric data capture with authentic data stored and validated in a database.Zhanget al.[56] proposed an authenticated key agreement system, which can address the security and computational requirements of eHealth applications. In the proposed system,the medical server is in charge of controlling the validity of the user. To protect the server from the possibility of identifying the biometric template, a random string is associated with it using the gold-exclusive operation. In addition, these hidden strings are protected by hash or biohach functions throughout the authentication and key negotiation procedures. This enables the medical server to check the biometric features in epidemic situations like COVID-19 directly without storing and retrieving the exact values.Biometric templates in storage devices such as smart cards and databases are protected by random numbers, ensuring that only the user has the actual value.

B. Key Management and Cryptography Solutions

According to key management models, we classify the key management and cryptography solutions to combat COVID-19 into five categories, namely, 1) Lattice-based secure cryptosystem; 2) Pairwise key establishment-based solution;3) Cross-domain handshake solution; 4) Three-factor remote user authentication; and 5) Homomorphic encryption-based solution.

1) Lattice-Based Secure Cryptosystem:To securely processing COVID-19 data, it very important to use key management and cryptography solutions for providing security and privacy. Chaudharyet al.[54] designed a security protocol that is based on the lattice, named LSCSH, providing security of smart healthcare, which can be applied to counter epidemic situations. The security key used by the proposed LSCSH protocol is computed using lattice-based vector equations. The LSCSH protocol enables the validation of demands from cloud storage to various end-users including doctors and patients. In addition, the LSCSH protocol can resist to quantum attacks since breaking the security of Lattice vectors is equal to trying to solve NP-difficult problems.

2) Pairwise Key Establishment-Based Solution:The idea of the pairwise key establishment is adopted by Zhouet al.[59]for designing a privacy-preserving key management framework, named 4S, in the m-healthcare social network,which can be applied to counter epidemic situations. Based on the collaboration of patients affected by similar pathologies in the same community, the proposed framework can withstand both time-based and location-based mobile attacks. Due to the symmetrical structure of the body, sensors for body monitoring such as electrocardiogram and electroencephalography are usually placed on patients symmetrically to track their vital symptoms. By extending the proactive secretsharing approach, the proposed framework is proven that can provide both identity and location privacy.

3) Cross-Domain Handshake Solution:The handshake solution is an example of an effective cryptography method,that can enable secure communication in epidemic situation applications like COVID-19. Based on hierarchical identitybased cryptography, Heet al.[41] designed a cross-domain handshake solution, named CDHS, for secure communication in mobile healthcare social networks. For securing epidemic situation applications, two patients who are registered at various health institutions can obtain mutual authentication and then create a session key, where the elliptic curve cryptography is applied. In addition, using the random oracle model, the CDHS solution was proven secure assuming the intractability of the inversion computational diffie-Hellman(ICDH) problem. Therefore, to provide anonymity in internet of medical things with COVID-19 patients care, Masudet al.[60] designed a secure key establishment scheme. The proposed scheme uses some cryhptographics methods,including, Bit-wise XOR operations, physical unclonable functions, nonce, and one-way hash function. Based on these lightweight cryptography primitives, the proposed scheme is proven that can secure communication from adversarial threats through secure sessions as well as providing resistance to cloning, tampering and side-channel attacks.

4) Three-Factor Remote User Authentication:Implantable medical devices (IMDs) are artificial devices that can be placed in the patient’s body to enhance the operation of different parts of the body. IMDs are used to control and process the human physiological status (e.g., blood glucose monitoring by insulin pumps). In this type of communications infrastructure, however, security and privacy issues such as health data leakage and IMD malfunction through unauthorized access are always present. Wazidet al.[57]designed a lightweight three-factor remote user authentication framework for secure IMDs, which can be applied for epidemic situation applications like COVID-19. Based on the security verification tool, the proposed framework can provide protection against some attacks, namely, replay attack,controller node impersonation attack, user impersonation attack, and privileged-insider and offline password guessing attack. In addition, the proposed framework can provide session key security and preserve both anonymity and untraceability properties.

Fig. 6. Blockchain-based solution for security and privacy to counter epidemic situations like COVID-19.

5) Homomorphic Encryption-Based Solution:E-health systems are enabling the monitoring of health conditions like COVID-19, facilitating disease models and rapid intervention,as well as providing evidence-based medical intervention through medical text mining and the extraction of image characteristics. Zhouet al.[58] designed a privacy-preserving fully holomorphic data aggregation framework, named PPDM, for securing data exchanged between parties. Based on the formal security proof, the PPDM framework can achieve a higher security level of privacy preservation.

C. Blockchain-Based Solutions

The blockchain technology [76] is identified by the European parliament’s research service (EPRS) as one of the ten key enabling strategies to combat COVID-19, as discussed by Kallaet al.[32], where blockchain-based systems can be used for 1) tracking of contacts, 2) emergency assistance and insurance, 3) sharing patient data, 4) automated monitoring and contactless delivery, etc. According to the case used, we classify the blockchain-based solutions to combat COVID-19 into six categories, namely, 1) Digital medical passports and immunity certificates, 2) Blockchain-based data tracking solution, 3) Blockchain-based evaluation for online education,4) Artificial intelligence and blockchain-based solution, 5)Blockchain-based access control, and 6) Decoupled blockchain-based solution.

1) Digital Medical Passports and Immunity Certificates:The basic idea of the blockchain data structure is based on a chained list, i.e., it is distributed between all nodes of the network where each node stores its local copy of all blocks started from the block of genesis. Hasanet al.[48] designed a blockchain-based solution based on proxy re-encryption for digital medical passports and immunity certificates, as presented in Fig. 6. The proposed solution employs programmable Ethereum Smart Contracts to perform function calls and produce events which inform entities involved of health data, updates on tests and other requirements.Therefore, the proposed solution helps stop the propagation of the COVID-19 virus using chained medical digital passports and immunity certificates. Because the information broadcast on the network is immutable, it can be reliable because it comes from an affiliated source. In addition, in the proposed solution, all notifications are reported by trusted authorities affiliated with high authorities such as the COVID-19 testing centers, the Ministry of Health, and the Ministry of Foreign Affairs.

2) Blockchain-Based Data Tracking Solution:To guarantee that the data collected by the public and government organizations are dependable and trusted, the implementation of a blockchain-based tracking system is essential to fight against the COVID-19 pandemic. Marbouhet al.[31]designed a blockchain-based tracking solution based on Ethereum smart contracts and oracles to monitor data reported on a number of new infections, mortality, and recovery rates from reliable information sources. In the proposed solution,there three smart contracts used by the blockchain system,namely, aggregator Smart contract, reputation contract, and registration contract. The aggregator smart contract consists of recovering the most recent updates and forwarding that information to front-end users. The reputation contract involves attributing a reputation rating to an oracle obtained from the assessment of web data sources that are evaluated to recover data. The registration contract contains details of web sources and stakeholders involved.

Fig. 7. Artificial intelligence and blockchain-based solution for drone-aided healthcare services including the current pandemic of COVID-19.

3) Blockchain-Based Evaluation for Online Education:Online education is now required internationally during the COVID-19 pandemic situations. Therefore, it is necessary to improve e-learning technology for the preservation of data privacy and transparency in the education system. Shuklaet al.[49] introduced a blockchain-based evaluation framework, named BDoTs, for securing online education during the COVID-19 pandemic situations. The BDoTs framework is based on three layers, including, instructor layer,middleware layer, and student layer. The instructor layer ensures pedagogical support by providing the required content to support learning. The middleware contains the Ethereum blockchain, while the student layer consists of the registration of students in the system. These layers develop smart contracts on blockchain technology to ensure accountability,trust between parties involved, and a secure payment system in the online education environment.

4) Artificial Intelligence and Blockchain-Based Solution:The artificial intelligence-based IoT UAV-assisted healthcare service is a dedicated framework that can be deployed for various different types of healthcare tasks, for example, the collection of blood and urine tests, the delivery of medical products, and the delivery of other medical services, such as the present COVID-19 pandemic, as presented in Fig. 7.Wazidet al.[61] designed a security solution using a private blockchain for securing communications in an IoT-activated UAV-assisted healthcare communication infrastructure. Based on the elliptic curve digital signature algorithm and blockchain technology, the proposed solution can resist some attacks, such as privileged-insider attacks, impersonation attacks, man-in-the-middle attacks, and replay attacks.

5) Blockchain-Based Access Control:Access control is a critical security measure required for an authorized user equipped with IoT that uses his or her intelligent wireless enabled device to authenticate with a hospital’s trusted authority. Sahaet al.[62] proposed an access control framework using private blockchain technology for secure communications for IoT-enabled healthcare systems, which can be applied to counter epidemic situations like COVID-19.Based on the elliptic curve cryptography approach, the proposed framework is proven that can provide anonymity and untraceability as well as resistance against impersonation attacks, replay attacks, ephemeral secret leakage attacks,offline guessing attacks, and man-in-the-middle attacks.

6) Decoupled Blockchain-Based Solution:The internal monitoring sensors in COVID-19 form a large IoT network which monitors and sends data to nearby equipment or computers on a permanent basis. The networking of these IoTbased sensors with various devices, however, results in security vulnerabilities that can be taken by an adversary due to the availability of data. Aujlaet al.[63] designed a decoupled blockchain-based solution for ensuring the security and privacy of information in the internal healthcare surveillance ecosystem. The proposed solution enables the transmission of internal healthcare surveillance data to the cloud by leveraging edge nodes. The proposed network model is organized in two parts, including: i) in-home health monitoring model and ii) lightweight and decoupled blockchain architecture. The in-home health monitoring model includes three layers, namely, IoT-Healthcare layer,Edge-Blockchain layer, and Cloud layer. The findings in terms of blockchain and tensor-based metrics of evaluation demonstrate the efficiency of the proposed solution.

Fig. 8. Intrusion detection system-based solution for healthcare services including the current pandemic of COVID-19.

D. Intrusion Detection Systems

Intrusion detection systems (IDSs) have become one of the most important security techniques for identifying threats in smart healthcare networks. To enhance the detection capabilities of a single IDS, collaborative intrusion detection systems or networks are frequently deployed in smart hospitals, enabling a set of IDS nodes to communicate with each other by exchanging alarms, signatures, and other information such as COVID-19 alarms. The process of building an IDS-based solution for healthcare services including the current pandemic of COVID-19 is presented in Fig. 8 [77]. The first step consists of creating an environment of communications, including, IoT devices, Access Points,SDN, Cloud Computing, Edge Computing, etc. The second step consists of launching different network attacks using Kali Linux. The third step includes capturing and recording the data including the network traffic (Pcaps) and event logs(windows and Ubuntu event Logs) per machine. The fourth step consists of generating the CSV files from Pcaps files and analyzing the data (e.g., using the CICFlowMeter tool). The fifth step consists of splitting the dataset into a training dataset and a test dataset. The sixth step consists of training using machine learning approaches to build a model. The last step consists of testing using this model to identify and detect attacks on medical devices. Therefore, there are two categories of IDS solutions, namely, 1) Signature-based solutions and 2) Machine learning-based solutions.

1) Signature-Based Solutions:This technique is based on the description of suspicious behaviors through rules, called signatures. These signatures are used to describe state machines, pattern queries, or statistical analyses. The main disadvantage of this technique resides in the need to having a regularly updated rules base. Liet al.[67] proposed a generic blockchain-based framework, named CBSigIDS, which is a signature-based IDS. The CBSigIDS framework can ensure that signatures are shared securely against malicious nodes in IoT environments for smart healthcare. The main concept behind this is to deploy blockchain technology to build up a database of trusted signatures over time. This approach can guarantee detection efficiency by only applying verified and reliable signatures in a collaborative IoT network such as smart healthcare. Therefore, Mitchellet al.[78] provided and studied a rule-based approach for the specification of behavioral rules for intrusion detection of medical devices integrated into a medical cyber physical system where patient protection has high priority.

2) Machine Learning-Based Solutions:This technique is based on the use of machine learning and data mining algorithms to identify and detect attacks on medical devices including fake data injection, message alteration, and eavesdropping, which can affect patient safety, security, and reliability of critical systems such as the COVID-19 applications. To ensure the security of the connected medical device network, Thamilarasuet al.[64] introduced an intrusion detection system based on a mobile agent. The proposed system is hierarchy-based, self-contained, and uses self-learning and regression algorithms to identify anomalies in the sensor data as well as intrusions at the network level.There are five machine learning algorithms evaluated,including, random forests, decision trees, k-nearest neighbor,naive Bayes classifier, and support vector machines, where the results show that random forests achieves the highest classification accuracy of approximately 100%. Heet al.[68]proposed an intrusion detection system based on stacked autoencoder to identify and detect attacks in connected healthcare systems, which can be applied for healthcare critical systems such as the COVID-19 applications. The proposed system uses a stacked autoencoder to extracting the attributes, which reduces not only the size of the attributes but also the memory necessary to compute the covariance matrix.Based on the ensemble learning technique, Kumaret al.[66]designed an intrusion detection system for securing the internet of medical things environment that combines Cloud architecture with Fog computing. The performance evaluation on the ToN_IoT dataset shows that the proposed system achieves an accuracy of 96.35%.

E. Privacy-Preserving Solutions

According to the privacy model, we classify the privacypreserving solutions to combat COVID-19 into six categories,namely, 1) Anonymity preserving solutions, 2) Privacypreserving collaborative model learning solution, 3) Users privacy-preserving solution, 4) Data privacy-preserving solution, 5) Identity privacy-preserving solution, and 6)Location privacy-preserving solution.

1) Anonymity Preserving Solutions:Automating electronic contacts is one of the most cost-effective and efficient additional non-pharmaceutical strategies for reducing and controlling diseases such as Coronavirus 2019. To provide anonymity-preserving, Garget al.[7] created and implemented an anonymous IoT privacy framework with an RFID proof of concept. Based on blockchain technology, the proposed model solution enables moving devices to be able to send or receive alerts when they are in close proximity to a reported, suspected or confirmed case of disease. Yuet al.[65] developed a blockchain-based framework to enhance the support of medical research, which can enable efficient sharing of information while maintaining privacy against COVID-19. In the first stage, both hospitals and medical research organizations are considered as nodes in the alliance chain, allowing consensus and data sharing between the nodes. Secondly, researchers, medical doctors, COVID-19 patients are required to be authenticated at different locations.In addition, medical doctors and researchers are required to be registered with the Fabric Certification Authority. To protect privacy, The COVID-19 patient uses the pseudonym mechanism of blockchain technology. The performance evaluation demonstrates that the security performance of reading and writing and security on blockchain satisfies the specifications, which can support a large application of the results of scientific research to combat COVID-19.

2) Privacy-Preserving Collaborative Model Learning Solution:To enhance the medical online diagnostic service accuracy, Wanget al.[69] designed a privacy-preserving collaborative model learning framework, named PCML, for secure E-Healthcare, which can be applied to combat COVID-19. With the proposed PCML framework, medical institutions can more safely train a comprehensive global diagnostic model from their cloud-based local diagnostic models, and each medical institution’s critical data is fully secured using the paillier cryptosystem. Besides, the proposed PCML framework employs a secure multi-party vector comparison algorithm which ensures that any local diagnostic models are encoded by the local community before they are delivered to the cloud and can be used immediately without decryption.

3) Users Privacy-Preserving Solution:To provide the development of predictions of disease risk and recommendations for hospitals, Wanget al.[70] designed a privacy-preserving pre-clinical guidance framework, called PGuide, which can be applied to combat COVID-19. Using the PGuide framework, a user requiring health services is able to access the disease risk prediction and hospital recommendation services provided by the health service provider while maintaining the privacy of the user and the service provider. Based on the performance evaluation, the PGuide framework is proven efficient in terms of communication overhead and computational cost. Note that the single-attribute encryption technique is used to achieve privacy-preservation requirements.

4) Data Privacy-Preserving Solution:The online health care provider can offer a trusted data service (e.g., k-NN query) to doctors for more accurate diagnosis with the help of health data. For encrypted outsourced eHealthcare data, Zhenget al.[71] proposed a privacy-preserving k-NN query framework based on the homomorphic encryption method. The proposed framework can perform a k-NN computation on data encrypted with a computing complexityO(lklogN), in whichlandNrefer to the size of data and the number of data,respectively. Therefore, there is another potential solution that uses the homomorphic cryptographic method, where Yanget al.[72] designed a privacy-preserving disease risk prediction framework, named EPDP, which can be applied to combat COVID-19. The proposed EPDP framework performs two phases of disease risk prediction overall, i.e., training in the disease model and disease prediction, while maintaining confidentiality.

5) Identity Privacy-Preserving Solution:To provide an identity privacy-preserving solution, Zhanget al.[73]introduced a privacy-preserving disease prediction system,named PPDP, for securing cloud-based e-Healthcare system which can be applied to combat COVID-19. With the proposed PPDP framework, the historical medical data collected from COVID-19 patients are encrypted and transferred to the cloud server, which can then be used to build prediction patterns through the Perceptron Single-Layer learning algorithm to maintain identity privacy. The disease risk for future medical data can be calculated on the basis of prediction models. Based on the nonlinear kernel support vector machine, Zhuet al.[74] designed a privacy-preserving online medical pre-diagnosis scheme, named eDiag, for secure healthcare systems. The eDiag scheme enables that critical personal health data can be managed anonymously during the process of online pre-diagnosis. In addition, the eDiag scheme uses polynomial aggregation and lightweight multi-party random masking techniques for providing privacy-preserving.

6) Location Privacy-Preserving Solution:To identify the risk of patient disease in a privacy-sensitive environment, Liuet al.[75] designed a privacy-preserving patient-centric clinical decision support framework. In the proposed framework, historical data of previous patients is stored in the cloud and can be applied to build the naive Bayesian classifier without disclosing the patients’ individual medical data, then the built classifier can be implemented to calculate the risk of disease for new patients in the future and also allow these patients to recover the names of the most popular diseases depending on their own preferences. Therefore, the additive homomorphic proxy aggregation technique is used to ensure the protection of the privacy of historical data (e.g., location privacy).

V. FUTURE RESEARCH

To complete our study, we outline both open challenges and future research opportunities to combat COVID-19. Table V summarizes research challenges in terms of security and privacy for fighting COVID-19 and future pandemics with the IoT.

A. Resistance Against Quantum Computing Attacks

With the new emerging technologies that are evolving all the time, such as quantum computing, the potential solutions of cybersecurity to fight against epidemic situations like COVID-19 will continue to be adapted [104]. As we have seen in this study, through public-key cryptography and hash functions, the blockchain-based solution can provide accountability, redundancy, and transparency. Therefore, the rapid advances in quantum computing technologies are making attacks based on Grover and Shor’s methods possible in the near future. Such methods menace both public-key cryptography and hash functions, which require the rethinking of blockchains to use encryption systems that are resistant to quantum attacks. The development of quantum-resistant cryptosystems is one of the significant research challenges,which will help the blockchain-based solutions to combat COVID-19.

B. Vulnerabilities of Machine Learning Techniques

Artificial intelligence is currently employed as a tool to contribute to the fight against the viral pandemic which has infected the world since the beginning of 2020 [105]. The predictions of the virus structure generated by machine learning techniques helped scientists to gain many months of experimentation. The American start-up Moderna is renowned for its control of new biotechnology techniques based on messenger ribonucleic acid (mRNA). With the support of bioinformatics, which includes machine learning techniques,the company has reduced significantly the time needed to design a prototype vaccine testable on humans [106].However, during learning and classification, an adversarial attack on deep learning can allow an adversary to inject false data into the target system, which will disturb the predictions of the virus structure. Hence, potential vulnerabilities of machine learning algorithms should be carefully designed to find the best predictions of the virus structure.

C. Computer Vision for Remote Diagnosis

Computer vision, as a sub-field of artificial intelligence, has had a big success in the solution of several complex healthcare challenges and has the opportunity to support the control of COVID-19. There have been many computer vision approaches proposed so far, addressing various dimensions of controlling the COVID-19 pandemic. Recently, Ulhaqet al.[107] proposed a classification of computer vision techniques to combat COVID-19 into three main research areas: 1)disease treatment and management, 2) disease prevention and control, and 3) diagnosis and prognosis. However, these computer vision techniques are vulnerable to adversarial preprocessing techniques such as image-scaling attacks [108],[109], which will affect the classification of image features(e.g., classify the COVID-19 as a bacterial condition). A possible research direction in this topic could be related to the development of new defenses against image-scaling attacks.

D. IoT Solutions for Vaccine Shipments

On December 11, 2020, the U.S. Food and Drug Administration issued its approval authority stamp for the authorization of Pfizer BioNTech COVID-19 vaccine for use as an emergency product in the United States. However, the Pfizer vaccine faces a challenge in terms of logistics, which shippers are required to maintain it in exceptionally cold temperatures of minus 70 degrees Celsius [110]. The progress of the internet of things technologies can allows monitoring this temperatures of vaccine shipments in transit and can significantly contribute to improving the public’s assurance that vaccines are both reliable and cost-effective [111]. The use of the IoT solutions for vaccine shipments is one of the significant research challenges.

E. Applications of Industry 4.0

Industry 4.0 is the implementation of advanced new technologies such as, the IoT, cyber-physical system, cloud computing, fog computing, and Big data analytics, etc., that enable reliability flexibility, visibility, and traceability in an intelligent production system [112]. The use of industry 4.0 as an implementation of a smart factory can contribute to developing a vaccine for COVID-19, which the industrial internet of things (IIoT) will be implemented to integrate the underlying equipment resources and guarantee cooperation among equipment as well as the quality-of-service (QoS) ofthe network. Hence, smart factory architecture should be carefully designed to improve the management of manufacturing resources.

TABLE V SUMMARY OF RESEARCH CHALLENGES FOR FIGHTING COVID-19 AND FUTURE PANDEMICS WITH THE IOT

F. The Internet of Bio-Nano Things (IoBNT)

The IoBNT concept is introduced by Akyildizet al.[113],which is defined as the basic structure and function parts that are uniquely identifiable and interact with each other in the biological system. This concept executes functions and processes in connected bio-nano sensors and devices, such as sensing, analysis, operation, and communication with each other. The nano-senors can operate inside the human body and transmit the data (i.e., ECG, heart rate monitors, oxygen,temperature, and blood pressure sensors) to edge nodes for data analysis, and then cloud data centers for storage and endto-end services [114]. However, a group of attackers can use many cyber attacks (i.e., attacks against Cloud data centers,attacks against Fog-nodes, and attacks against nano-sensors)as presented in Fig. 9, which will disclose sensitive information and affect the smooth operation of the IoBNT networks, such as remote patient monitoring, healthcare delivery drones, and healthcare management, etc. Hence,critical security issues arise as follows:

Fig. 9. Security threats in the IoBNT architecture with nano-scale devices.

1) How to provide secure data exchange between parties involved in the healthcare process and ensure connectivity with patients?

2) How to provide authentication and access control between nano-sensors and Edge nodes?

3) How to preserve the privacy of location and identity of nano-sensors?

G. Compliance With Healthcare Data Protection Regulation

To track COVID-19 in countries, some nations like China,Israel, Singapore, and South Korea, the government uses each person’s cellphone and credit card information in order to track the moving information as well as know and control whether a person has once been to a high-risk area [115]. In this kind of control, there is no privacy for hiding the visited places from the government. Another thing, some researchers mentioned that they can use the cellphone to record all the potentially contacted (i.e., pass by) people to allow the government to quickly identify and localize the potentially affected people, in this scenario, there is no privacy for hiding from the government. Therefore, the European Union (EU)applies the General Data Protection Regulation (GDPR),which addresses EU law on data protection and privacy, but does not take people’s privacy into consideration in epidemic situations like COVID-19. Hence, new technical and organizational measures must be implemented by controllers and processors of personal data in epidemic situations, which is a promising area of research for the near future.

H. Designing a Secure SDN-IoT Framework

The IoT architecture to combat COVID-19 is a fusion of a heterogeneous collection of several technologies, where each technology carries a different set of security challenges and weaknesses. The software defined network (SDN), along with its special features of separating the control plan from the data plan and providing maintenance of a centralized programmable controller, has become increasingly important in overcoming the security issues and challenges associated with the IoT environment [116]. However, the design of a secure SDN-IoT framework to combat COVID-19 is particularly challenging as it requires applying a security protection scheme for various IoT network technologies and management aspects while taking into account the sensitivities of each IoT sub-system.

I. Private Patient Information Issues

Hospitals store an incredible quantity of data on COVID-19 patients. This confidential data is highly valuable to hackers who can easily market it, which makes the industry a rising target. Since the healthcare staff need to access data remotely,the IoT devices can be used as an entry point for attackers to launch an attack such as man-in-the-middle attacks and DoS attacks, which will prevent health care institutions to provide life-saving treatment to COVID-19 patients [117]–[119]. To monitors the system for such attacks, some countermeasures like public key infrastructure (PKI), TLS/SSL-based communication, cryptographic algorithms and protocols, and differential privacy techniques have been proposed. A possible research direction in this topic could be related to developing efficient secure and privacy-preserving schemes using these countermeasures in order to preserve private patient information. In addition, the optimization of computing cost needs to be taken into consideration since the connected bio-nano sensors and devices are characterized by limited resources.

J. Cyber Security Datasets for IoT-Based Platforms

When proposing intrusion detection systems for identifying threats in smart healthcare networks, the finding of complete and valid cyber security datasets is incredibly challenging since there are few IoT-based network traffic datasets with malicious attack behaviors such as BoT-IoT dataset [120].Therefore, security researchers also use other cyber security datasets such as UNSW-NB15, DARPA/KDD Cup99, NSLKDD, ISCX 2012, CICIDS 2017, etc. [121]. These cyber security datasets are not simulated for smart healthcare environments to fight against COVID-19. Hence, the development of a new cyber security dataset to build a network intrusion detector under an IoT-based smart healthcare environment is one of the significant research challenges to fight against COVID-19.

VI. CONCLUSION

In this paper, we provided a comprehensive survey of potential solutions for security and privacy challenges faced by the use of IoT applications for fighting against epidemic situations like COVID-19. Specifically, we presented the security and privacy requirements as well as the threat models,and the challenges associated with developing IoT-based frameworks for COVID-19. Based on review and a new taxonomy of state-of-the-art solutions, we provided a classification into five categories, namely, authentication and access control solutions, key management and cryptography solutions, blockchain-based solutions, intrusion detection systems, and privacy-preserving solutions. The works presented in each class have been crisply summarized and compared with each other. Finally, we discussed and highlighted open challenges and future research directions,including, 1) resistance against quantum attacks, 2)Vulnerabilities of machine learning techniques, 3) computer vision for remote diagnosis, 4) internet of things solutions, 5)applications of industry 4.0, 6) the internet of bio-nano things,7) compliance with healthcare data protection regulation, 8)designing a secure SDN-IoT framework, 9) private patient information issues, and 10) cyber security datasets for IoTbased platforms. We hope that this survey will help security and privacy protocol designers to design efficient solutions for fighting COVID-19 and future pandemics with the use of IoT applications.