Security and Threats of RFID and WSNs: Comparative Study

The Internet of Things (IoT) has garnered significant attention from people with growing changes in human life over the last few years. IoT is a network of a group of smart devices that use sensors to collect information and conduct events in their environments. The information can then be shared on the Internet. IoT uses a range of technologies and finds various applications such as smart homes, environmental monitoring, and healthcare. In this paper, we conducted a comparative study to analyze the difference between two technologies—Wireless Sensor Networks (WSNs) and Radio Frequency Identification (RFID). It is pertinent to note that these technologies would not be effective without incorporating security aspects due to a potential number of threats and attacks on the network. This paper provides a comprehensive review of the recent approaches to securing RFID and WSNs. We have carefully chosen most of these studies to investigate only the recent technique from 2017 to 2020. The paper also highlights common attacks on RFID and WSNs and the secure authentication mechanisms on these technologies. It further provides a different way of detecting varying attacks in RFID and WSNs. Keywords—Security; IoT; WSN; RFID


I. INTRODUCTION
The Internet of Things (IoT) is a network of a group of smart devices that use sensors to collect information and conduct events in their environments. The information can then be shared on the Internet. IoT has witnessed rapid growth recently; Cisco reported a remarkable increase in the number of IoT devices to nearly 50 billion in 2020 [1]. IoT is used in several areas such as industrial automation (Industrial IoT), sensing applications in smart homes, traffic control, and other applications that deal less with sensors and more with data analysis. Industrial IoT and smart homes deal more with sensors and less with data analysis. The IoT that focuses more on data analysis is used in the transformation of business processes (BPs) such as banking, organizational operations, and healthcare optimization [2] [3].
IoT uses a wide range of technologies such as Wireless Sensor Networks (WSNs), Radio Frequency Identification (RFID), and Near Field Communication (NFC), as shown in Fig. 1 [4].
Among these technologies, WSNs and RFID are mainly used and have become the two main pillars [4].

II. RADIO FREQUENCY IDENTIFICATION
RFID can be defined as the nonlinear network system that replaces barcodes and QR codes for a rapid response and relies on radio waves to capture and disseminate information [5]. It was first designed in 1948 and took many years to mature and become affordable and reliable for widespread use. Some considered RFID as the most widespread computing technology in history [6]. Today, it has become an important and integral part of current technologies such as computing and IoT [7], [8]. RFID is composed of four parts: tag, an antenna and transceiver tag processor, a database, and a backend. Tags are connected to items to store their information, the RFID reader reads the data coming from the tag and writes it to the transponder, and the backend database links that data with records. See Fig. 2 [6], [5], [9].
Active tags include a battery that allows automatic data transfer to the readers. On the other hand, passive tags are triggered by the electromagnetic waves of the reader. (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 12, No. 5, 2021 277 | P a g e www.ijacsa.thesai.org These tags are more commonly used than their active counterparts on the account of their low cost and infinite life. Tags contain read-only memory (ROM), that stores data classified as security data, system ID, and OS instructions and volatile read/write or random access memory (RAM) that stores data during transmission and response [6], [5]. They are used in various applications such as transportation, logistics, manufacturing, healthcare/pharmaceutical industry, processing, and security [9], [7]. With the advent of IoT technology and the development of signal processing technology and distributed network technology for IoT nodes to acquire signals, a model has been established to acquire radio frequency signals within an IoT environment to add more features that are important in many fields [10].

III. WIRELESS SENSOR NETWORKS
WSNs have been becoming the area of interest for various researchers due to the rapid development of wireless technology and embedded electronics. WSN contains node sensorssmall devices used to sense their current environment [11]. It is a distinct type of network containing small distributed devices called sensor nodes. They are considered low-power devices that communicate with each other without infrastructure and used for sensing and collecting data through wireless communication [12]. The basic components of sensor nodes include microcontrollers that perform data processing and control other components to perform their functions [13]. Transmitter and receiver use radio waves to send and receive data over wireless networks. Wireless sensors are powered by batteries or a power source. The choice of power source depends on the deployment environment and energy availability of the applications [14]. As provided in Fig. 3, EEPROM or Flash memory [15] are also the key components of sensor nodes. IoT model enables computers to access data about objects and the environment without human interaction [10]. Such model involves the integration of 'physical things' and IT infrastructure to transfer and collect data through a wireless network. It further allows to understand, interpret, communicate, and exchange data without any communication units and human participation [16], [10]. WSN plays an important role in IoT applications [17], as it provides IoT applications with high sensing and operational capabilities.
WSNs are the eyes and ears of IoT; they convert physical phenomena into digital signals and transmit these signals for processing and analysis [18]. Today, there is a myriad of applications that depend on WSN and IoT technology, such as patient monitoring (measuring blood pressure, heart rate, and oxygen concentration) [19] and smart homes and buildings [17]. With the tremendous growth of IoT devices with high connectivity, there has been an increasing concern about their security and the data they store and transmit across various devices. Moreover, there has been an increase in the number of attacks on these devices. The current security challenges of IoT devices are generally due to their limited capacity, processing power, and battery life [20]. These limitations have made IoT devices a target for attackers such as hackers, hacktivists, and cybercriminals. Cybersecurity is therefore important to secure IoT and ensure protection from malicious activities such as data theft, modification, unauthorized access attempt, or network attack [20].
RFID and WSN technologies are widely used in many applications, such as in the scientific or medical fields and even in our home life, so achieving security in them is very important because they may deal with very sensitive data. Therefore, security became sour main motivation in this paper, we discussed the security requirements and how to achieve them, the common attacks based on current research also discussed protection and detection mechanisms suggested by other researchers. Our research paper is one of the few that discusses both RFID and WSN in terms of security requirements and common attacks. This paper is divided into nine sections: Section IV introduces the required security applied in RFID and WSNs. The common threats and attacks on RFID and WSNs are presented in Section V. The following Sections VI and VII, respectively focus on the security of RFID followed by WSNs for achieving secure authentication, ensuring confidentiality, and detecting common attacks on both. In Section VIII we discussed the papers mentioned in our paper from various aspects. Lastly, we mentioned our future work on RFID and WSNs in Section IX.

IV. SECURITY REQUIREMENTS OF INTERNET OF THINGS
To secure IoT deployment, we classified IoT security into three categories as listed in Fig. 4.

1) Task-based Access Control (RBAC):
RBAC manages all user-assigned access to roles and grants multiple user permissions to roles. For more efficiency, roles can be organized into a hierarchy, allowing some roles to inherit permissions from others. RBAC is generally used to simplify access control. It reduces complex protection management and endorses the analysis of user-assigned permissions [30].
2) Organization-based Access Control (OrBAC): An improved version of the RBAC model. However, it has a time limitation and supports the periodic activation of roles [31].
3) Capability-based Access Control (CapBAC): CapBAC gives each user a capabilitya key that gives access rights. The admin then decides if the user can access the network by checking the validity of the key [32].

4) Attribute-based Access Control (ABAC):
Depending on the characteristics of the requester and resource, users do not need to know the resources before they submit the request. ABAC has become significant recently, particularly in web service applications [33]. 5) Trust-based Access Control (TBAC): It gives users a high level of trust to support dynamically changing permissions assigned to them [34]. Non-repudiation refers to a situation where data must be checked in a way that a sender has sent a message and it can be rejected or a receiver cannot refuse receipt of the message [35]. It can be achieved using Public Key Cryptography (PKC) and Digital signature [36].

C. Device Security (Trust and Availability)
Trust is critical to achieving security in an IoT system. Additionally, IoT devices must be trusted to prevent unwanted actions by malicious nodes [37]. The stages of trust-building start from the establishment stage to the operational and transmission stages of IoT. This trust is formed by two mechanismskey generation and token. A key generated by the entitlement system is allocated to each new unit and introduced by a consumer device. Token, on the other hand, is generated by the owner or producer and coupled with an RFID indication of the device. [38]. In IoT, the availability of hardware and software remains essential. Hardware availability implies to the availability of devices for IoT applications at all times. Software availability is the ability to provide services at any place and time [39]. Moreover, in IoT devices, all data should be available to users whenever they need it. The devices and services must also be available and reachable whenever the users need them at the right time to achieve IoT expectations [38].

V. ATTACKS ON RADIO FREQUENCY IDENTIFICATION AND WIRELESS SESNSOR NETWORK
In this section, we highlight some of the common attacks on RFID and WSNs.

A. Security Threats and Attacks on Radio Frequency
Identification The author in [40] summarized several threats directed towards RFIDs. A key reason behind most of these attacks is the security of the communication channel between the user and tags. A group of famous attacks on RFID is revealed below: 1) Action threat: In this type of threat, the tags possessed by an individual are monitored and predicted for his future intentions and actions.
2) Association threat: Electronic Product Code (EPC) tag is a unique number for each product. When a consumer purchases a product, a link between the consumer's identity and the product is created.
3) Location threat: By tracking the tags associated with a user's site, an attacker could obtain the exact location of the user. 4) Preference threat: It is possible to obtain consumer preferences illegally by tracking unique EPC tags for each product that identify company name and product type. 5) Constellation threat: It is one of the threats where the illegal parties track transactions between users.
6) Breadcrumb threat: Also known as electronic breadcrumbs, this threat occurs when a consumer buys a product that creates a link between his/her identity and EPC tag product number. Consequently, when the consumer gets rid of this product, the link is not broken and can be used. www.ijacsa.thesai.org Some common attacks on RFID systems mentioned in paper [41] are summarized in Table I.   TABLE I. SUMMARY OF SECURITY ATTACKS ON RFID TECHNOLOGY

Attacks Descriptions
Temporariy disabling tags The signs may be unintendedany event due to natural factors or interference of frequencies. They may also be intentional, such as Passive Interference and Active Jamming.

Removal or destruction of RFID readers
Because of its small pilgrimage, an RFID reader is vulnerable to attackers who use it to obtain data or modify it.
Relay attacks Also known as MITMA; the intruder intercepts the radio signal between the sender and receiver and may modify it.

Attacks on the tags
Making a copy of the tag (Cloning) or impersonating the tag (Spoofing).
Reader attacks Impersonating a legitimate reader (Impersonation) or recording the legitimate RFID tags (Eavesdropping).

Unauthorized tag reading
Since authentication protocol RFID tags are not supported, an attacker can read the contents of the RFID tags.

Tag modification
The data on RFID tags can be modified or deleted by the attacker.

Middleware attacks
The attacker uses RFID tags to either cause an attack (Buffer Overflows or end RFID middleware) or spread malicious code with an attack (Malicious Code Injection) Covert channels Using RFID tags, an attacker could create unauthorized channels for transmitting data.

DoS
The attacker blocks or disconnects RFID tags service from users.  The author in [43] notes Sybil attacks as the most common attacks observed in WSN, followed by wormhole and DoS attacks. DDoS attacks are relatively less on this type of network. The authors of paper [42] mentioned some common attacks on WSN systems, as shown in Table II.   TABLE II. SUMMARY OF SECURITY ATTACKS ON WSNS

DoS
The attacker tries to sabotage the data and disable the system that reduces network efficiency

Sybil
In WSN networks, there are several sub-tasks such as duplicating information that you do not perform and assigning it to one node This node is attacked by Sybil Attacks, targeting the schemes of fault tolerance.

Blackhole
It is more severe than a Sally attack, as the attacker offers a shorter path to the nodes, acts as a black hole, and completely captures the data traffic. The attacker can also affect the data traffic.

HELLO Flood
This attack occurs in the network layer where the attacker fabricates hello, sends it to convince the sensor in WSN, and then changes the scenario Wormhole A common attack that occurs in two separate nodes carrying important parts of the message when a low-latency bandwidth is directed to them

VI. SECURITY IN RADIO FREQUENCY IDENTIFICATION TECHNOLOGY
This section includes an overview of previous works on RFID network security divided into several sections:

A. Authentication Protocols for Radio Frequency Identification
In [8], the authors introduced a new authentication protocol that offers an acceptable level of protection. It is also resistant to the risks reported in the article and evaluates the security of mutual authentication suggested by Wang and Ma. This review demonstrates the key security pitfalls of the protocol. Firstly, they presented two methods used by an opponent to make valid readers believe that they are dealing with a valid database. Next, they demonstrated how an adversary can turn an RFID reader into a legal database and introduced a new adversary model. Finally, they implemented an improved server method named ISMAP and demonstrated that this protocol provides sufficient protection against different types of attacks including the current adversary model discussed in the article. Additionally, the authors in [44] introduced a new lightweight RFID security authentication protocol (LRSAS). They analyzed the security properties of the protocol, containing data confidentiality and integrity (DCI), replay attack (RA), desynchronization attack (DA), impersonation attack (IA), tracking attack (TA), denial of service attack (DoS), and forward security (FS). Finally, they compared the LRSAS protocol with other protocols in terms of communications, computation, and storage. The authors also showed that the protocol is efficient in terms of security and cost requirements.
In [45], the authors presented two lightweight RFID protocols that provide security, identity authentication, and privacy and have multiple tag groups. They used a filtering process to decrease collision between tags, sleep activation www.ijacsa.thesai.org mechanism, RFID system, and computing load. They also used a pseudorandom number generator (PRNG) and hash function to encrypt all sessions between the reader and tags. These protocols can resist eavesdropping, replay, and desynchronized attacks.
In [46], the authors introduced a group-based authentication protocol for the RFID system. It uses only mod operation and bitwise XOR. Additionally, two standard measures were used to measure the privacy of the system, resulting in anonymity when the opponent conducts numerous operations. Experimental results showed that their scheme maintains a high level of privacy when some tags are compromised. After the analysis, the authors proved that their protocol is safe and effective for a reduced RFID system.

B. Security Communication in Radio Frequency
Identification to Ensure Confidentiality In [47], the authors studied elliptical curve coding (ECC) protocol based on RFID security protocol, as it has several important features such as high strength ECC encryption that provides high security for communication and access to tag memory data. The new protocol relies on simple calculations such as XOR and bitwise AND which reduces complex calculations for low-cost tags. The authors analyzed their protocol for security and performance by using BAN logic. The analysis demonstrated that the protocol can provide mutual authentication of the tags and reader at the same time.

C. Detection Mechanisms in Radio Frequency Identification
In [48], the authors presented new effective research to preserve the privacy of cloning, as it is relevant and effective to preserve the privacy to explore cloning for all supplies that support RFID technology. They analyzed and evaluated the proposed mechanism through simulations which proved to be effective under various conditions. They then designed and implemented Multilateral Secure Computing (SMC) protocols to implement private-preserving for clone estimate that shows changes in efficiency regarding similar programs inside the existing SMC system. In [49], the authors discussed important problems associated with tag detection in RFID systems, including reader collision avoidance, optimal tag reporting, and optimal tag coverage problems. These issues occur due to the inability of collision intrusion detection and RFID readers that transmit packets created by other readers and poor access to resources in RFID tags on the account of severe limitations.
In [50], the authors presented an approach that implements MAC, routing, and application layer outlier detection processes in three different regions. Multiple invigilator regions executed internal or external detections after data collection. The proposed system has consequently been found to be efficient in terms of performance indicators. These indicators may be internal or external based on service quality. Various internal indicators used to measure the stability of structures are DI, RMSSDI, RSI, SI, CHI, and DBI. Additionally, various external indicators used to measure the stability of structures are FI, NMII, PI, and EI. Both internal and external indicators confirm the formation of structure and external detection processes. Furthermore, two indicators based on QoS (productivity and jitter) are used in this work.
The authors in [51] presented an efficient hash-based RFID authentication protocol that provides miss-tag detection. They presumed that for each user, an authentication system would validate large quantities with RFID tags inside its ranges. Their protocol can detect and reset lost tags if the missing tag can rejoin the system. After analyzing the protocol in terms of security, they proved that it can provide adequate security guarantees, resist various attacks, and offer better performance. Moreover, the protocol achieves both security and performance characteristics. See the summary of security in RFID technology in Table III. [45] 2020 Hash function, PRG, activatesleep mechanism,and filtering process The authors presented two lightweight RFID protocols that provide security, identity authentication, and privacy.
[46] 2020 XOR operation The authors introduced a group-based authentication protocol for the RFID system.
[47] 2016 XOR and bit wise AND The authors studied elliptical curve coding (ECC) protocol based on RFID security protocol as it has several important features [48] 2010 Algamal encryption system The authors presented a novel efficient, private information mechanism to detect clones for RFIDenabled supply chain operations. [49] 2009 Tree flow algorithm The authors discussed many important problems associated with tag detection in RFID systems, such as reader collision avoidance, optimal tag reporting, and optimal tag coverage problems. [50] 2019 DI, RMSSDI, RSI, SI, CHI, DBI, FI, NMII, PI, and EI The authors presented an approach that implements MAC, routing, and application layer outlier detection processes in three different regions. The multiple invigilator region executes internal or external detections. [51] 2018 Hash function The authors presented an efficient hash-based RFID authentication protocol that provides miss-tag detection. www.ijacsa.thesai.org

VII. SECURITY IN WIRELESS SENSOR NETWORKS
In this section, many papers written on the security of WSNs have been compiled and divided into several sections as shown in the following:

A. Authentication Protocols for Wireless Sensor Networks
In [52], the authors mentioned weaknesses in traditional authentication methods found in IoT and suggested the use of a system based on WSN identity authentication and blockchain technology. Blockchain is a book of accounts that cannot be modified or tampered with and where transactions or data are generally recorded. They integrated blockchain decentralization with the nodes that formed the IoT structure. In a public blockchain, several private blockchains are connected and each private blockchain is connected between the cluster heads of a WSN. In the end, we have a hybrid blockchain for the whole network. The authors also created a model where the identification data was recorded between cluster head nodes and ordinary nodes. Finally, a connection authentication is done between these nodes. After analyzing the model, it became clear that the system has a greater and more efficient level of safety.
The researchers in [53] submitted a proposal to make the use of authentication protocols in WSN more secure and focused on reducing the cost as compared to other conventional protocols. They used the Altera DE2 demo board and implemented several corresponding device structures such as the Altera Cyclone II field-programmable gate array. Finally, they showed the waves produced from this process -16702Aa logic analysis device. Additionally, the process XOR was used for encoding the key. The results showed the effectiveness of the experiment.
Paper [54] also mentioned many concerns about the difficulty of preventing smartcard stolen and off-line guessing attacks. To prevent these attacks, the paper suggested using a protocol that uses honey-list technology and relies on threefactor authentication. As the sensor performance is limited, the protocol also encodes the elliptic curve that relies on the public key and uses only hash functions. The authors performed a formal security analysis using the real-or-random (ROR) and Burrows Abadi Needham (BAN) models. For verification, they used simulation software called Automated Validation of Internet Security Protocols and Applications (AVISPA) that resulted as a safe protocol.
The author in [55] focused on lightweight and cost as the two main features; the authors saw that WSN devices need strong and light authentication protocols that can withstand any difficult environment. They proposed a model that uses XOR and hash functions. This model was effective in terms of reducing the use of resources and speed while maintaining data security.

B. Secure Communication in Wireless Sensor Networks to Ensure Confidentiality
There has been a growing need to guarantee the high security of WSNs used in various applications such as home, industrial, and healthcare. Therefore, paper [56] proposed a protocol that improves the security of WSN by distributing the main keys, identifying the node, and verifying the identity of messages in WSN. The password is updated and changed for the message verifier and connected to the dynamic node on the network. The authors concluded that this method outperformed previous methods. Subsequently, paper [57] used a scheme based on additive homomorphic encryption algorithm in WSN, whereby a symmetric-key homomorphic is used to provide more protection for the confidentiality of data. This key also combines the data with a homomorphic signature to achieve integrity. After decoding, the data is classified according to various symmetric-key homomorphic. Furthermore, after analyzing the results, it became clear that using this method is effective in reducing cost and increasing effectiveness in terms of protecting the data from any tampering during its transmission and ensuring the accuracy of its collection.
The author in [58] suggested the use of hybrid technology from Diffie-Hellman key exchange and Elliptic Curve cryptography. The combination of these two technologies allowed for increased security of data traffic, confidentiality, authentication, and time savings. These techniques are simulated, applied to a Java platform, and implemented in a WSN environment. The authors of [59] directed their efforts towards solving the security problems of sensitive data, as it traveled through WSN for various applications, by applying new technologies. They integrated discrete chaotic map and genetic cryptography as 2DES and 3DES for WSN, which increased the security regardless of limited resources. For a text and visual data, Henon map encryption was used due to its strong encryption. They encoded these processes under the Arduino microcontroller and determined that the attacker might need time depending on the speed of his device. They concluded that using random numbers increases the robustness of the system and prevents attacks. They preserve the confidentiality of data from unauthorized disclosure and collect it with high accuracy, as shown in Fig. 6.
To increase security and make IoT devices more independent, the authors in the paper [60] suggested the use of blockchain security features such as availability to users, data integrity, and various cryptographic tools. The model was applied to the WSNs that were used to measure moisture and temperature. It was found that the transmission of information between the nodes became more secure, independent, and less vulnerable to various types of attacks such a DoS and MITM attacks.

C. Detection Mechanisms in Wireless Sensor Networks
DoS jamming attack is one of the common attacks on WSN, as discussed in [61]. It aimed at sending many signals to jam the main signal. A denial of service occurred consequently and caused disruption of functions in the WSN nodes.
The authors in [61] proposed an exponentially weighted moving average (EWMA). They deployed an exponential moving variable that detects any change occurring in the traffic. The authors concluded that this model can accurately detect different jamming attacks and be used in situations where sensitive instantaneous information is transmitted.
Due to the sensitivity of information transmitted through WSN, a solution has been proposed in [62] to discover the unauthorized and intentional sequences of WSN. The sequence detection methodology in this paper relied on the use of MATLAB Simulink that uses an artificial neural network.
In the first session, a large discrepancy in node values makes them a harmful contract for WSN. For the second session, the results of the regression of the artificial neural network for both packet delivery ratio (PDR) and energy consumption variables were analyzed. It was observed that ANN-based PDR is stronger and quicker than ANN-based energy usage. However, the results for both were good.
In the survey paper [63], a part of its objectives was to provide a comparison of different intrusion detection protocols of each WSN and IoT. It mentions the uses and efficiency of each type.
The authors in [65] aimed at using a new system that detects the sequence and has a longer residence time by adding a low-power resistance and survival continuity to IDS. The paper showed that nodes continue to work efficiently on algorithm strength, mobile nodes, and attack strength. See the summary of security in WSNs in Table IV.   TABLE IV. DIFFERENT SECURITY TECHNIQUES ON WSNS.

Paper
Year Techniques used Contribution [52] 2020 Hybrid blockchain The authors mentioned weaknesses in the traditional authentication methods of IoT and suggested the use of a system based on many WSN identity authentication with blockchain.
[53] 2015 XOR arithmetic The researchers submitted a proposal to make the use of authentication protocols in WSN more secure and focused on reducing the cost as compared to other conventional protocols.
[54] 2020 Honey-list, three-factor authentication The paper suggested using a protocol that uses honey-list technology and relies on three-factor authentication for preventing smartcard stolen and off-line guessing attacks.
[55] 2020 XOR and hash functions The authors saw that WSN devices need strong and light authentication protocols and that can withstand any difficult environment.
[56] 2017 The protocol distributing the main keys, identifying the node and verifying the identity The paper proposed a protocol that increases the security of the WSN by distributing the main keys, identifying the node also verifying the identity of the messages in the WSN.
[5] 2015 Symmetric-key homomorphic, homomorphic signature The authors proposed a scheme based on an additive homomorphic encryption algorithm in WSN for the confidentiality of data.
[58] 2018 Diffie-Hellman, Elliptic Curve Suggested the use of hybrid technology from Diffie-Hellman key exchange and Elliptic Curve cryptography. The combination of these two technologies allowed for increased security of data traffic, confidentiality, authentication, and time savings.
[59] 2020 Discrete chaotic map, genetic cryptography, Henon map Solving the security problems of sensitive data, as it traveled through WSN for various applications, by applying new technologies. The authors integrated discrete chaotic map and genetic cryptography as 2DES and 3DES for WSN which increased security regardless of limited resources.
[60] 2020 Blockchain To improve security and make IoT devices more independent, the authors suggested the use of blockchain security features such as availability to users, data integrity, and various cryptographic tools.
[61] 2018 Exponentially weighted moving average (EWMA) The authors proposed an exponentially weighted moving average (EWMA). They deployed an exponential moving variable that detects any change occurring in the traffic. It can accurately detect different jamming attacks.
[62] 2020 Artificial neural network, MATLAB Simulink Due to the sensitivity of information transmitted through WSN, a solution has been proposed by researchers to discover the unauthorized and intentional sequences of WSN. They relied on the use of MATLAB Simulink which uses an artificial neural network.
[63] 2019 Survey (e.g. Intrusion detection by cluster head, Hybrid anomaly detection..) The paper provides a survey comparison of various intrusion detection protocols in both WSN and IoT. It mentions the uses and efficiency of each type.
[64] 2015 Low-power resistance and survival continuity to IDS The paper aimed at using a new system that detects the sequence and has a longer residence time

VIII. DISCUSSION
This part focuses on discussing the above-mentioned recent techniques for protection and detection mechanisms. The discussion section has been divided into two parts:

A. Critical Review of Radio Frequency Identification Security
This section discusses the most important recent approaches which aim to secure an RFID environment. These approaches are selected as the most relevant and have novelty. For example, many research papers have discussed www.ijacsa.thesai.org authentication and their protocols are distinguished using lightweight encryption algorithms. They consume fewer resources during calculation and are more efficient compared to traditional encryption algorithms. They are also suitable for devices with limited computing power such as RFID. The authors in papers [8] took a few measures to overcome some of the flaws and introduced an improved protocol using Scyther and GNY Logic. These are two excellent ways to assess security for the protocol of cryptography. However, the protocol has a drawbackit does not take into account multiserver or multi-reader environments. In two other researches [44] [45], the authors used hashing function to encrypt all session between tags and reader that ensures data integrity. They also used a pseudo-random number process to strengthen the encryption, making it difficult for the attacker to guess the key used. Both protocols proved effective in protecting against many types of attacks such as restart attack (RA), trace attack (TA), denial of service attack (DoS), and security forwarding (FS). The difference between the two papers is that the authors in [45] used the SKINNY encryption algorithm for the data used by the tag and reader to achieve mutual authentication. In our opinion, their protocol was good because it balanced security requirements and costs. Additionally, the use of SKINNY was well-suited for a scenario where the server is connected to numerous lightweight devices. In [44], we liked that they used the activate-sleep mechanism efficiently and filtering process which reduced collision on the tags. In the paper [46], the authors not only used a pseudo system that provides a feature on the side of the tag but also used that feature in the reader to generate the nonce. Their protocol only uses bit-wise XOR operation in the authentication stage along with symmetric encryption and decryption. It was an excellent protocol, as it uses fewer resources in the tags to achieve arithmetic work and store data. Moreover, it maintains a high level of privacy when attacking some tags.
In the next section, we discussed RFID security communication to ensure confidentiality. The authors in [47] presented a protocol based on an elliptical curve for coding. From our point of view, their protocol has several advantages. It provides mutual authentication for the tag and reader and is good at resisting some of the common attacks related to RFID technology. Additionally, their protocol only relies on a few simple operations such as XOR and bitwise AND which reduces the complexity of computation in low-cost tags. In the following section, we discussed several research papers regarding detection mechanisms in RFID. The researchers in the [48] presented a novel, reliable, privacy-preserving mechanism for detecting clones for RFID-enabled supply chain operations. They used the Algamal encryption system, which is an asymmetric encryption system, in their protocol that achieved both authentication and confidentiality. Their protocol has been effective at detecting RFID supply chain clones. However, from our point of view, their protocol has many weaknesses such as the need for more robust hardware. They also need to reduce the security level to n/2 to improve the performance of their protocols. The authors in [49] provide a distributed and localized algorithm. They used a tree flow algorithm centered on the recursive direction of the binary tree for tag identifiers and the problem of tag collision where the reader initially sends a broadcast including the string of "0".
The ID of all these tags in the interrogation space starts with a "0" bit. When an answer is received or a collision of the tag is observed, the reader will iterate on both sub-trees "0" rooted at "00" and "01" However, if there is no answer, the reader assumes that there is no "0"-tags preceded in their interrogation region and sends a question "1" afterward. For the reader, the difficulty of TWA is proportional to the number of tags in TWA. The researchers introduced in [51] the protocol for dealing with lost tags. Their protocol depends on lightweight cryptographic techniques and the key size is taken into account. In their protocol, RFID tags and key size are the two main factors that affect the entire group authentication process. From our perspective, their protocol is unique because they considered the effect of key size on authentication efficiency, assuming the presence of a large number of RFID tags. They also proved their protocol efficient, as it requires less time to authenticate the tag, provides resistance to a replay attack, and all the tags are independently verified. In another in research [50], the authors suggested a scheme. It was found to be effective in terms of performance indicators. These indicators can be internal, external, or QoS-based. Internal indicators that have been used to measure structural stability are DI, RMSSDI, RSI, SI, CHI, and DBI. External indicators that were used to measure the stability of structures are FI, NMII, PI, and EI. Two additional indicators were also used based on service quality (productivity and jitter). One of the advantages of their model is that it observed an improvement of 0.15% in minimum and 14.9% in maximum in the case of network instability without outliers compared to that of the network with outliers. It has further proven high efficiency.

B. A Critical Review of Wireless Sensor Networks Security
After addressing the security requirements of WSN, we are reviewing various scientific papers focusing on their security. It was noted that in terms of authentication, blockchain technology is considered one of the leading modern techniques. Some researchers [52] used the technology in several ways; some used it as a blockchain structure linked to the head node. It is followed by the blockchain linked to subnodes that formed a structure distinguished by its effectiveness in the authentication. However, it can take more time in the case of a large number of nodes and become immune to the attacks of concurrent guessing against IDs and passwords. Some [60] have applied this technique to other ways on the IoT, but its effectiveness cannot be confirmed when applied to WSN, except through experience. It was also noticeable that the AVISPA tool was used [54], which aims to analyze the Internet safety protocols on a large scale and increases the strength of the experiment results. The authors were also focused on making security protocols that are lightweight, affordable, and offer high security in return. However, lightweight protocols may not be able to detect harmful nodes in WSN. Concerning secure communication in WSN, one of the research papers [57] suggested the use of homomorphic encryption. However, this type of encryption is known to be vulnerable to compromise attacks. To solve this dilemma, you can attempt to split the data into pieces and send them to different aggregators. Another type of encryption was also mentioned in one of the papers [58] that merges Diffie-Hellman key exchange and Elliptic Curve cryptography. It www.ijacsa.thesai.org was an effective method in terms of time-saving, data security, and authentication. Another paper [59] proposed encryption based on data clutter that uses Hénon map to generate random numbers. However, it can break after several attempts, depending on the ability of the attacker. One work [51] mentioned updating the key periodically without the need for any sync, but the work did not mention time and efficiency factors. In the algorithms for the detection of attacks, Exponentially Weighted Moving Average (EWMA) [61] was used and the results were accurate, indicating the superiority of this method. Sequence attacks were detected in one work using algorithms [62] and in another work [64] using resistances placed on nodes. Both the studies gave positive results. We noticed a difference between RFID and WSN; in terms of security techniques, most of the references we discussed on RFID used a simple approach to achieve security, as the RFID tag has a short reading range from 5 meters (ideal conditions) to less than 1 meter (not ideal conditions). In contrast, a more sophisticated approach was used in most of the literature we discussed on WSNs. It is observed that authentication is different in these two technologies the reason behind that the different capabilities of them e.g., we can apply only lightweight approaches on RFID while we can apply the complex algorithms on WSN. This paper provides a comprehensive review of the recent approaches for securing RFID and WSNs.

IX. CONCLUSION
IoT technology has become an essential part of our era. It is defined as the set of devices connected for collecting and analyzing data from their environments. The types of technologies that use IoT are bifurcated. In this paper, we have highlighted the security and attacks of both WSNs and RFID since they are parts of the IoTs environments. The goal of providing a comprehensive study and investigate the recent research related to the security of WSN and RFID technologies in terms of security requirements, detection techniques, and prevention of attacks against them are accomplished. Thus the comprehensive discussion of these technologies of research observed in terms of efficiency, comparison of protocol security, cost, and weight is included.
In the future, we will keep up with the new approaches, further investigate, and compare the performance and security mechanisms of RFID and WSN.