State-of-the-Art and Challenges for the Internet of Things Security
draft-irtf-t2trg-iot-seccons-05

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft that was ultimately published as RFC 8576.
Authors Oscar Garcia-Morchon , Sandeep Kumar , Mohit Sethi
Last updated 2017-09-10
Replaces draft-garcia-core-security
RFC stream Internet Research Task Force (IRTF)
Formats
txt htmlized pdf bibtex bibxml
IETF conflict review conflict-review-irtf-t2trg-iot-seccons, conflict-review-irtf-t2trg-iot-seccons, conflict-review-irtf-t2trg-iot-seccons, conflict-review-irtf-t2trg-iot-seccons, conflict-review-irtf-t2trg-iot-seccons, conflict-review-irtf-t2trg-iot-seccons
Additional resources Mailing list discussion
Stream IRTF state (None)
Consensus boilerplate Unknown
Document shepherd (None)
IESG IESG state Became RFC 8576 (Informational)
Telechat date (None)
Responsible AD (None)
Send notices to (None)
Email authors Email RG IPR References Referenced by Nits Search email archive
draft-irtf-t2trg-iot-seccons-05 
quot;Constrained RESTful Environments (CoRE) Link
              Format", RFC 6690, DOI 10.17487/RFC6690, August 2012,
              <https://www.rfc-editor.org/info/rfc6690>.

   [RFC6749]  Hardt, D., Ed., "The OAuth 2.0 Authorization Framework",
              RFC 6749, DOI 10.17487/RFC6749, October 2012,
              <https://www.rfc-editor.org/info/rfc6749>.

   [RFC6973]  Cooper, A., Tschofenig, H., Aboba, B., Peterson, J.,
              Morris, J., Hansen, M., and R. Smith, "Privacy
              Considerations for Internet Protocols", RFC 6973,
              DOI 10.17487/RFC6973, July 2013, <https://www.rfc-
              editor.org/info/rfc6973>.

   [RFC7049]  Bormann, C. and P. Hoffman, "Concise Binary Object
              Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049,
              October 2013, <https://www.rfc-editor.org/info/rfc7049>.

   [RFC7159]  Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
              Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March
              2014, <https://www.rfc-editor.org/info/rfc7159>.

Garcia-Morchon, et al.   Expires March 14, 2018                [Page 42]
Internet-Draft                IoT Security                September 2017

   [RFC7228]  Bormann, C., Ersue, M., and A. Keranen, "Terminology for
              Constrained-Node Networks", RFC 7228,
              DOI 10.17487/RFC7228, May 2014, <https://www.rfc-
              editor.org/info/rfc7228>.

   [RFC7252]  Shelby, Z., Hartke, K., and C. Bormann, "The Constrained
              Application Protocol (CoAP)", RFC 7252,
              DOI 10.17487/RFC7252, June 2014, <https://www.rfc-
              editor.org/info/rfc7252>.

   [RFC7296]  Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T.
              Kivinen, "Internet Key Exchange Protocol Version 2
              (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October
              2014, <https://www.rfc-editor.org/info/rfc7296>.

   [RFC7401]  Moskowitz, R., Ed., Heer, T., Jokela, P., and T.
              Henderson, "Host Identity Protocol Version 2 (HIPv2)",
              RFC 7401, DOI 10.17487/RFC7401, April 2015,
              <https://www.rfc-editor.org/info/rfc7401>.

   [RFC7416]  Tsao, T., Alexander, R., Dohler, M., Daza, V., Lozano, A.,
              and M. Richardson, Ed., "A Security Threat Analysis for
              the Routing Protocol for Low-Power and Lossy Networks
              (RPLs)", RFC 7416, DOI 10.17487/RFC7416, January 2015,
              <https://www.rfc-editor.org/info/rfc7416>.

   [RFC7515]  Jones, M., Bradley, J., and N. Sakimura, "JSON Web
              Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May
              2015, <https://www.rfc-editor.org/info/rfc7515>.

   [RFC7517]  Jones, M., "JSON Web Key (JWK)", RFC 7517,
              DOI 10.17487/RFC7517, May 2015, <https://www.rfc-
              editor.org/info/rfc7517>.

   [RFC7519]  Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token
              (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015,
              <https://www.rfc-editor.org/info/rfc7519>.

   [RFC7520]  Miller, M., "Examples of Protecting Content Using JSON
              Object Signing and Encryption (JOSE)", RFC 7520,
              DOI 10.17487/RFC7520, May 2015, <https://www.rfc-
              editor.org/info/rfc7520>.

   [RFC7668]  Nieminen, J., Savolainen, T., Isomaki, M., Patil, B.,
              Shelby, Z., and C. Gomez, "IPv6 over BLUETOOTH(R) Low
              Energy", RFC 7668, DOI 10.17487/RFC7668, October 2015,
              <https://www.rfc-editor.org/info/rfc7668>.

Garcia-Morchon, et al.   Expires March 14, 2018                [Page 43]
Internet-Draft                IoT Security                September 2017

   [RFC7696]  Housley, R., "Guidelines for Cryptographic Algorithm
              Agility and Selecting Mandatory-to-Implement Algorithms",
              BCP 201, RFC 7696, DOI 10.17487/RFC7696, November 2015,
              <https://www.rfc-editor.org/info/rfc7696>.

   [RFC7815]  Kivinen, T., "Minimal Internet Key Exchange Version 2
              (IKEv2) Initiator Implementation", RFC 7815,
              DOI 10.17487/RFC7815, March 2016, <https://www.rfc-
              editor.org/info/rfc7815>.

   [RFC7925]  Tschofenig, H., Ed. and T. Fossati, "Transport Layer
              Security (TLS) / Datagram Transport Layer Security (DTLS)
              Profiles for the Internet of Things", RFC 7925,
              DOI 10.17487/RFC7925, July 2016, <https://www.rfc-
              editor.org/info/rfc7925>.

   [RFC8046]  Henderson, T., Ed., Vogt, C., and J. Arkko, "Host Mobility
              with the Host Identity Protocol", RFC 8046,
              DOI 10.17487/RFC8046, February 2017, <https://www.rfc-
              editor.org/info/rfc8046>.

   [RFC8105]  Mariager, P., Petersen, J., Ed., Shelby, Z., Van de Logt,
              M., and D. Barthel, "Transmission of IPv6 Packets over
              Digital Enhanced Cordless Telecommunications (DECT) Ultra
              Low Energy (ULE)", RFC 8105, DOI 10.17487/RFC8105, May
              2017, <https://www.rfc-editor.org/info/rfc8105>.

   [RFC8152]  Schaad, J., "CBOR Object Signing and Encryption (COSE)",
              RFC 8152, DOI 10.17487/RFC8152, July 2017,
              <https://www.rfc-editor.org/info/rfc8152>.

   [RG-T2TRG]
              "IRTF Thing-to-Thing (T2TRG) Research Group",
              Web https://datatracker.ietf.org/rg/t2trg/charter/, n.d..

   [SchneierSecurity]
              "The Internet of Things Is Wildly Insecure--And Often
              Unpatchable", Web
              https://www.schneier.com/essays/archives/2014/01/
              the_internet_of_thin.html, n.d..

   [SEAL]     "Simple Encrypted Arithmetic Library - SEAL",
              Web https://sealcrypto.codeplex.com/, n.d..

   [shodan]   "Shodan", Web https://www.shodan.io/, n.d..

Garcia-Morchon, et al.   Expires March 14, 2018                [Page 44]
Internet-Draft                IoT Security                September 2017

   [sigfox]   "Sigfox - The Global Communications Service Provider for
              the Internet of Things (IoT)",
              Web https://www.sigfox.com/, n.d..

   [Thread]   "Thread Group", Web http://threadgroup.org/, n.d..

   [TR69]     "Too Many Cooks - Exploiting the Internet-of-TR-
              069-Things", Web https://media.ccc.de/v/31c3_-_6166_-_en_-
              _saal_6_-_201412282145_-_too_many_cooks_-
              _exploiting_the_internet-of-tr-069-things_-
              _lior_oppenheim_-_shahar_tal, n.d..

   [WG-6lo]   "IETF IPv6 over Networks of Resource-constrained Nodes
              (6lo) Working Group",
              Web https://datatracker.ietf.org/wg/6lo/charter/, n.d..

   [WG-6LoWPAN]
              "IETF IPv6 over Low power WPAN (6lowpan) Working Group",
              Web http://tools.ietf.org/wg/6lowpan/, n.d..

   [WG-ACE]   "IETF Authentication and Authorization for Constrained
              Environments (ACE) Working Group",
              Web https://datatracker.ietf.org/wg/ace/charter/, n.d..

   [WG-ACME]  "Automated Certificate Management Environment Working
              Group", Web https://datatracker.ietf.org/wg/acme/about/,
              n.d..

   [WG-CoRE]  "IETF Constrained RESTful Environment (CoRE) Working
              Group", Web https://datatracker.ietf.org/wg/core/charter/,
              n.d..

   [WG-FUD]   "IETF Firmware UpDate (fud)",
              Web https://datatracker.ietf.org/wg/fud/about/, n.d..

   [WG-LWIG]  "IETF Light-Weight Implementation Guidance (LWIG) Working
              Group", Web https://datatracker.ietf.org/wg/lwig/charter/,
              n.d..

   [WG-MSEC]  "IETF MSEC Working Group",
              Web https://datatracker.ietf.org/wg/msec/, n.d..

   [wink]     "Wink's Outage Shows Us How Frustrating Smart Homes Could
              Be",
              Web http://www.wired.com/2015/04/smart-home-headaches/,
              n.d..

Garcia-Morchon, et al.   Expires March 14, 2018                [Page 45]
Internet-Draft                IoT Security                September 2017

   [ZB]       "ZigBee Alliance", Web http://www.zigbee.org/, February
              2011.

   [Ziegeldorf]
              Ziegeldorf, J., Garcia-Morchon, O., and K. Wehrle,,
              "Privacy in the Internet of Things: Threats and
              Challenges", Security and Communication Networks - Special
              Issue on Security in a Completely Interconnected World ,
              2013.

Authors' Addresses

   Oscar Garcia-Morchon
   Philips IP&S
   High Tech Campus 5
   Eindhoven, 5656 AA
   The Netherlands

   Email: oscar.garcia-morchon@philips.com

   Sandeep S. Kumar
   Philips Research
   High Tech Campus
   Eindhoven, 5656 AA
   The Netherlands

   Email: sandeep.kumar@philips.com

   Mohit Sethi
   Ericsson
   Hirsalantie 11
   Jorvas, 02420
   Finland

   Email: mohit@piuha.net

Garcia-Morchon, et al.   Expires March 14, 2018                [Page 46]