The contributions outlined in this review paper encompass the following:

Analyzing and discussing the core security and privacy challenges faced by SDN-enabled IoT systems, along with their underlying causes.

Section 2 reviews existing surveys on SDN-IoT security and emphasizes differences with them. Section 3 presents the categorization of literature on the security and privacy of SDN-IoT, highlighting key research contributions in this domain. In Section 4, the Analytical Questions (AQs) used to identify and analyze literature information is initially introduced, followed by the presentation of research outcomes in a classification table and the discussion. Finally, Section 5 concludes this paper.

Unlike the aforementioned surveys, our research aims to offer a comprehensive classification of the common security and privacy challenges specific to SDN-enabled IoT systems. This study examines the underlying causes and highlights the most significant methods proposed by researchers and industry experts. Our objective is to evaluate the advanced approaches employed in recent research and determine the specific plane at which each method is most effective in addressing these challenges. Identifying the underlying causes of these security and privacy challenges is also vital, since recognizing and addressing these root causes serves as the foundational step toward implementing effective security solutions. With these distinctions in mind, our study centers on identifying existing gaps to provide a clear direction for future exploration. Table 1 provides a comparison of our work with other surveys in this field.

In [16], the researchers presented a secure architecture for SDN-enabled IoT networks, focusing on safeguarding both metadata and payload. This design incorporates a centralized SDN controller, which serves as a trusted entity for secure routing and efficient management of system performance, effectively countering diverse attacks, including those involving traffic analysis or inference. The secure SDN-enabled IoT framework [17] enhanced security through the SDN control plane, offering services such as access control, authentication, and lightweight encryption. In [18], an SDN-enabled IoT gateway was crafted to identify and address abnormal behaviors. This gateway, which monitors traffic to and from IoT devices, employs an adaptive mechanism for dynamic traffic pattern analysis, enabling the detection of malicious activities.

Expanding on this in [19], a novel architecture for IoT with SDN was proposed, aiming to establish and secure wired and wireless network infrastructures, encompassing Ad-Hoc networks and diverse network objects. In [20], SDN features like centralized logical control, traffic analysis, and dynamic flow management in remote switches were leveraged for the identification of malicious flows. Addressing security concerns, reference [21] employed NFV to enhance security in SDN-enabled IoT, comprising three main components: physical layer, middle layer, and application layer. Moreover, the SDN-enabled IoT framework with NFV implementation [22] adopted a classic three-layer architecture (service, network, and sensing layers). This underscores the significance of planning a proficient-dispersed operating system using control plane visualization methods. This approach enables the centralized control and visibility of different IoT services to diverse users. To this end, in [23], a system model was introduced to optimize the integration of SDN with IoT networks, along with a strategy to counter man-in-the-middle threats targeting IoT devices.

Attacks on IoT-Fog systems focus on availability, eavesdropping, and gateway management. Through SDN integration, IoT-Fog can effectively enhance security measures and mitigate conventional cloud-related challenges effectively [7]. Accordingly, a study in [24] proposed an SDN-based fog computing approach for vehicular networks, focusing on core network functions. They also implemented encryption to ensure central security, and secure and reliable communication. A defense framework in [25] utilized SDN to combat IoT-based DDoS attacks in fog-assisted cyber-physical systems. This paper leveraged fog computing, incorporating distributed computational nodes, to decrease response latency. Additionally, reference [26] introduced a multi-objective optimization strategy to balance security and resource efficiency in SDN-based IoT-Fog networks. Lastly, the integration of fog and SDN to meet security needs was elaborated in [27].

In [28], the researchers integrated SDN and blockchain to address safety and privacy concerns within IoT systems enabled by SDN. They devised a routing protocol within the SDN controller specifically tailored for IoT gadgets. In [29], a decentralized entry to manipulate a mechanism based on blockchain for SDN-enabled IoT was proposed. Similarly, reference [30] applied SDN and blockchain innovations to improve the quality of present-day providers in shrewd transportation devices. They devised a fine, blockchain-based, completely secure power alternate gadget for electric-powered cars. In [31], the investigators leveraged the decentralized characteristics of a private blockchain to empower resource-constrained SDN controllers, facilitating the transparent configuration of flow rules for fog nodes and other devices within a fog-enabled IoT network. In addition, they advocated encrypting the data before their inclusion in blocks, thereby enhancing data security against unauthorized access. In [32], blockchain and SDN were utilized to bolster security of IoT through a proactive response, analysis, and traffic monitoring system. This system helps in identifying and mitigating DoS and DDoS attacks.

In [33], the synergy between blockchain and SDN was explored, with the authors addressing important demanding situations in IoT processing, including strength intake and real-time processing. In [34], the authors introduced a blockchain-primarily enabled architecture that applies a complementary collaboration and decentralized attack statistics switch among more than one SDN domain name. Moreover, reference [35] proposed a blockchain-enabled architecture that facilitates the collaborative and decentralized exchange of attack statistics across multiple SDN domains. In a look at [36], a fusion of blockchain along with SDN was employed to enhance the security level of existing IoT systems. Furthermore, in reference [37], the authors introduced a distributed SDN framework for IoT by integrating blockchain innovation. They presented a method for experimentally validating and updating rule tables, showcasing its effectiveness in terms of scalability, accuracy, and performance overhead. In [38], the authors advocated storing public keys and identities, and agreed with indices present-day IoT gadgets on a blockchain in an SDN-primarily enabled IoT network. Similarly, reference [39] introduced a secure IoT architecture leveraging blockchain technology. The implementation of this methodology is anticipated to improve the security level, performance, and functionality of NFV and SDN.

In [40], the researchers suggested a lightweight and blockchain-enabled security framework tailored for SDN to empower IoT networks in 5G communication. Furthermore, reference [41] presented a layered hierarchical architecture designed to deploy an efficient SDN-IoT framework based on blockchain. Additionally, reference [42] suggested a decision-making method to decide who to trust in IoT networks and how to manage the flow of data in IoT networks more effectively through the integration of blockchain and SDN. Moreover, reference [43] employed a trust list mechanism that outlines the conveyance of trust in the midst of stakeholders in IoT, utilizing blockchains and SDN to control traffic in edge networks of IoT devices without human intervention. In addition, reference [44] tackled defenselessness within the trust relationship between the data and control planes in SDN-controlled IoT networks by proposing an edge computing-based blockchain as a service. The proposed solution offers flow verification using an efficient edge-distributed blockchain solution. Similarly, reference [45] introduced a blockchain-enabled method deployed in SDN setups to accommodate the proliferation of IoT devices. In [46], a novel approach was proposed to make IoT more secure using a combination of blockchain and SDN technology to find and stop attacks. Blockchain was utilized to improve the attack detection model.

Another study [47] delineated a method for routing within an SDN-IoT framework with blockchain innovation in order to enhance the privacy level. In [48], a lightweight blockchain-enabled authentication component was proposed, where the credentials of the sensors were securely embedded in the SDN controller, considering the latest constraints on IoT processing capabilities and energy consumption. Addressing security concerns, reference [49] utilized both proxy re-encryption and blockchain innovations to establish secure communication in SDN-enabled IoT environments. This strategic approach aims to mitigate risks, such as DDoS attacks and data breaches, by avoiding single points of failure. Furthermore, in [50], the authors proposed a new blockchain-enabled authentication approach to make it easier to switch between different cell phone towers in 5G networks without having to repeatedly log in. Eventually, reference [51] investigated a commercial IoT scenario involving numerous SDN controllers and presented a blockchain-enabled consensus algorithm to synchronize and gather network-wide perspectives surrounded by these distinct SDN controllers.

In [52], various anomaly detection classification algorithms were compared utilizing the same public dataset. The authors advocated for a new approach based on the Decision Tree algorithm, emphasizing its potential to decrease packet handling at the edge compared to a single classifier. In [53], the authors proposed an SDN-enabled IoT anomaly identification framework aimed at the early detection of abnormal behaviors and attacks by utilizing Multi-Layer Perceptron, K-Means, and Support Vector Machine. Moreover, reference [54] applied a machine learning method to detect DDoS attacks in an SDN-IoT controller. They added a machine learning tool to the controller and created a test area to pretend cyberattacks. Reference [55] proposed a detection approach utilizing learning algorithms and features from OpenFlow packets to recognize attack traffic in the data and control planes. Similarly, reference [56] introduced an SDN-enabled secure IoT system for the early identification and mitigation of abnormal behaviors and attacks. Machine learning was employed in the SDN controller to observe and learn how IoT devices behave. In [57], researchers presented a method for DDoS attack detection in SDN, focusing on data collection and the analysis of traffic types, particularly emphasizing data entropy.

In [58], the researchers presented a machine learning model coupled with SDN to better predict the extent to which network resources will be used and to improve sensor data delivery. They proposed a centralized SDN to counter network vulnerabilities in the midst of expanded sensors at minimum cost. In [59], an algorithm was presented to enhance secure routing in IoT by employing a system to make decisions about how to connect network components and transfer data based on machine learning and SDN. Furthermore, reference [60] introduced a multilayer classifier for DDoS attack identification by utilizing Support Vector Machine. The study in [61] presented machine learning techniques to detect and categorize low-rate collision flows in SDN-enabled 5G networks. They utilized Decision Tree, K-Means, and Feed Forward Neural Network algorithms for this purpose. Likewise, reference [62] utilized machine learning to detect and defend against DDoS attacks in IoT environments by integrating SDN controllers. An investigation into the impact of DDoS attacks on the controller layer in SDN and its system performance reduction was also conducted in [63].

Building on this understanding, a framework that is SDN-enabled and specifically tailored to implement deep learning procedures was introduced in [64]. The main objective of this framework is to protect the IoT environment from a range of cybersecurity threats, encompassing brute-force attacks, DDoS incidents, bot assaults, malware, and infiltration. Reference [65] introduced an improved Crow-look algorithm utilizing deep learning in an SDN-IoT-type network to reliably detect and classify cyberattacks. In [66], an SDN-based security mechanism was introduced to identify and mitigate DDoS attacks within IoT networks. This method involves utilizing a trained Multi-Layer Perceptron for attack detection, followed by the classification of detected attacks. Furthermore, reference [67] employed advanced deep learning strategies, such as Long Short-Term Memory (LSTM), to detect and mitigate the impact of DDoS attacks on SDN controllers, showcasing a commitment to robust security measures in the face of evolving cyber threats. Similarly, reference [68] introduced an architecture based on LSTM for efficient multiclass classification within SDN-enabled intrusion detection systems in IoT networks. The significance of privacy preservation was underscored in [69], where deep learning methodologies were employed to handle sensitive information more robustly. The authors of [70] introduced a deep reinforcement learning system for monitoring traffic in the SDN-IoT. The aim is to enhance the learning performance at edge nodes and enable detailed traffic analysis, including intrusion detection systems.

The efficiency of communication between controllers and switches in SDN-based networks was significantly enhanced in [71]. This enhancement contributes to elevating the system performance and user usability. Navigating the challenges of resource-constrained IoT scenarios, reference [72] employed deep learning techniques explicitly designed to identify threats while being mindful of the limitations imposed by resource constraints. In a medical IoT domain based on SDN, reference [73] implemented a deep learning approach to effectively identify and mitigate malware, contributing to the overall system’s safety. Additionally, reference [74] utilized a deep learning classification method, specifically targeting anomaly identification in an IoT setting, taking into consideration the limitations associated with available resources. Reference [75] proposed a secure framework for SDN-based IoT, incorporating a system that uses Restricted Boltzmann Machines to detect intrusions. Finally, reference [76] presented a sophisticated intrusion prevention framework grounded in deep learning principles. This system is strategically designed to counteract DDoS attacks, brute-force attacks, and the incursion of malicious packets within an SDN environment.

In [77], the authors analyzed various encryption algorithms, highlighting why existing algorithms are unsuitable for direct application in software-defined industrial IoT edge networks. Subsequently, they introduced a novel encryption algorithm tailored to this context. Meanwhile, reference [78] proposed a simplified handshake protocol aimed at reducing the computational burden on IoT devices in device-to-device communications based upon SDN. This protocol involves a controller making a secret key on its own, which is then encrypted and distributed to the both communicating IoT devices. Additionally, reference [79] presented an attribute-based encryption scheme designed to ensure secure data communication within an SDN industrial IoT communication model. Moreover, reference [80] proposed a novel approach to streamline the transport layer security handshake protocol based on SDN. Their method involves a controller that dynamically generates the premaster secret and distributes it to the IoT devices through an encrypted channel.

In [81], a secure multipath routing scheme focused on energy efficiency was suggested, incorporating a secret sharing scheme to bolster security while ensuring energy efficiency. Reference [82] presented a method for securing data transmission among IoT devices in smart cities. This approach combines a secret-sharing mechanism with SDN techniques to securely transport IoT data. Additionally, reference [83] introduced a secret-sharing-based distributed cloud system aimed at privacy protection within IoT environments. Moreover, reference [84] proposed a secure service path validation method that employs Batch Hashing and Tag Verification to improve the security of SDN-IoT systems. Likewise, reference [85] suggested a hash-based dispersed capacity methodology for Flow Tables within SDN-IoT Systems.

In response to the challenges in establishing reliable connections among high-speed IoT devices, reference [86] presented a novel privacy-preserving approach for IoT networks. This scheme utilizes mutual authentication across the certificate authorities. Drawing on the core attributes of SDN, reference [87] developed a simple process to authenticate IoT devices and secure network flows. In [88], a secure multifactor authentication protocol was proposed for healthcare services utilizing cloud-based SDN. Furthermore, reference [89] devised a dedicated SDN-based smart home communication scheme to ensure privacy. This scheme focuses on providing authentication for users and smart devices as well as privacy for data and user queries through lightweight authentication and searchable query protocols. Another study [90] offered an innovative and efficient handover authentication scheme based on SDN for utilizing versatile gadgets in computing within cyber-physical frameworks. Furthermore, reference [91] presented a secure authentication framework for SDN-IoT networks utilizing Bliss-B and Keccak-256 algorithms, whereas reference [92] proposed a secure access control scheme for SDN-based industrial IoT. Reference [93] also introduced a security architecture aimed at defining and enforcing security profiles within SDN-based IoT systems by employing an attribute-based access control approach. Similarly, reference [94] presented an access control mechanism based on SDN for collaborative networks between cloud and edge computing environments. Moreover, reference [95] suggested a role-based access control system enabled by SDN, coupled with a trust-based model to enhance virtual machine security within cloud environments.

An investigation into privacy protection within smart grids integrated with software-defined networks was detailed in [96]. This framework incorporates dual privacy measures and formulates a distributed privacy-optimization algorithm to minimize network costs. Similarly, reference [97] proposed an approach involving IP analysis and anomaly behaviors to detect DDoS attacks. In [98], the authors employed a method using OpenFlow to detect and prevent DDoS attacks by targeting malicious packets at switches before reaching the control panel. Additionally, reference [99] introduced an approach to mitigate DDoS threats through SDN, enabling the prediction of attack traffic drops and effective traffic mitigation measures. Damage mitigation and defense strategies against DDoS attacks were reviewed in [100], proposing a cost-effective approach to reduce controller burdens. Meanwhile, reference [101] suggested hybrid preventive defense methods that combine moving target defense tactics with cyber deception strategies to mislead potential attackers. The authors of [102] investigated the energy efficiency of anomaly detection by introducing dynamic strategy selection and a lightweight detection module.

In [103], researchers proposed a security solution to preemptively identify attacker-end hosts before the submission of flow requests to the SDN controller. The examination of DDoS attacks targeting the control plane was detailed in [104], with 5G as a benchmark for experiments. Another study [105], analyzed a Multi-Hop New Link attack and its prevention within a hybrid SDN environment. Exploration of abnormal behavior detection across various IoT programs, examining the relationship and impact of distributed rules within SDNs, was discussed in [106]. Reference [107] focused on traffic management in IoT environments, and predicted and monitored malicious traffic at IoT gateways. Furthermore, abnormality detection in diverse IoT applications, such as smart homes and healthcare, was addressed in [108], and the identification and mitigation of attack effects using SDN. In a related vein, reference [109] presented a roadmap for enhancing smart home security through SDN, and an extension of this approach to smart health applications, emphasizing edge processing, was detailed in [110]. A novel framework centered on certificate trust to mitigate Crossfire attacks through the utilization of SDN for IoT was introduced in [111].

A comprehensive review of the literature shows that at the application plane, notable security threats include accountability issues, application manipulation, information leakage, impersonation, and communication hijacking. Concerning the control plane, significant security challenges involve conflicts of flow rules, policy enforcement, network manipulation, and unauthorized access. In the data plane, common security challenges include network manipulation, conflicts in flow rules, configuration errors, and metadata attacks. Additionally, privacy concerns, malicious packets, and DoS and DDoS attacks are recognized as challenges spanning all planes of the SDN-enabled IoT system. Fig. 2 illustrates common security challenges in different planes of SDN-enabled IoT systems.

It can be seen that the primary causes of security challenges in SDN-enabled IoT systems include the proliferation of data and devices, vulnerabilities in controllers—especially pronounced in instances where a single controller is relied upon—the segregation of planes, malicious traffic and packets, traffic analysis or inference, inadequate authentication mechanisms, data integrity issues, legal constraints, compatibility challenges with flow rules, scalability limitations, insecure wireless communication channels, and configuration discrepancies. This paper undertakes an analysis of security and privacy threats and their root causes, culminating in a summary of findings depicted in Table 2, illustrating their ramifications across SDN planes.

Recent advancements include exploring blockchain technology for recording transactions to enhance security and privacy, as well as utilizing machine learning and deep learning techniques to detect and mitigate the impacts of DoS and DDoS attacks. The categorization of the collected papers clearly states that encryption and hashing techniques are currently prevalent in the data plane, while access control and certificate authorization are predominantly considered in the control plane. Authentication methods are commonly employed within the application plane.

To achieve an acceptable level of security and privacy in SDN-enabled IoT systems, it is crucial to address challenges across all three layers simultaneously. This involves creating unified protocols and standards to ensure consistent security measures across all layers, thereby preventing exploitable gaps. Additionally, it requires investigating advanced threat detection systems capable of real-time monitoring and analysis of data across all layers. Developing automated tools and frameworks for the deployment, management, and updating of security policies and measures can also be beneficial. Automation can rapidly address new threats, reduce the manual effort required for security management, and ensure consistent application of security measures.

Although security has received considerable attention, privacy protection needs more focus from researchers. Techniques such as differential privacy and homomorphic encryption can help protect data privacy while still allowing for necessary data analysis and processing. Integrating blockchain components, known for their distributed nature, with the centralized nature of SDN in IoT networks to uphold security and privacy requires more coordination and adaptation. Given the importance of machine learning and deep learning methods in identifying malicious packets, DoS, and DDoS attacks, there is a need for low-overhead solutions for processing these methods. Enhancing lightweight encryption and energy-efficient security protocols can bolster security in these systems without significantly draining device resources. Therefore, it is essential to explore resource-efficient security mechanisms tailored to the constraints of IoT devices, such as limited processing power and battery life.

Nowadays, SDN-IoT has become more flexible with the integration of fog computing. Researchers need to also focus on several key areas within this combined field. Firstly, optimizing resource management and allocation in fog computing environments can enhance data processing efficiency. Additionally, scalable solutions must be explored to support the increasing number of IoT devices, ensuring seamless connectivity and interoperability. Furthermore, developing energy-efficient secure algorithms and protocols is essential to minimize the power consumption of IoT devices and Fog nodes.

Securing IoT networks through the development of novel SDN architectures can be useful. Additionally, implementing new methods like secret sharing and data minimization can substantially alleviate privacy concerns. As data generation proliferates with the expansion of IoT networks, adopting data minimization approaches becomes imperative. Minimizing the amount of data collected, stored, and shared by smart devices simplifies the protection of users’ personal information. Processing collected data with data minimization models not only enhances data privacy but also facilitates efficient data storage, easier data management, and heightened awareness of data accuracy.

Furthermore, processing speed and latency pose significant challenges in SDN-enabled IoT systems, and extensive research is urgently needed to address security and privacy challenges, while ensuring service availability and support for high mobility. For real-time applications in the SDN-IoT, such as video streaming, which requires fast response and processing times, researchers should also consider service availability in the network architecture. In addition, most IoT devices, including smartphones, drones, and cars, are constantly moving, connecting, and disconnecting to and from the network, leading to numerous security issues. Consequently, specialized secure algorithms and protocols must be developed to address these challenges effectively.