State-of-the-Art and Challenges for the Internet of Things Security
draft-irtf-t2trg-iot-seccons-05
The information below is for an old version of the document.
Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 8576.
|
|
---|---|---|---|
Authors | Oscar Garcia-Morchon , Sandeep Kumar , Mohit Sethi | ||
Last updated | 2017-09-10 | ||
Replaces | draft-garcia-core-security | ||
RFC stream | Internet Research Task Force (IRTF) | ||
Formats | |||
IETF conflict review | conflict-review-irtf-t2trg-iot-seccons, conflict-review-irtf-t2trg-iot-seccons, conflict-review-irtf-t2trg-iot-seccons, conflict-review-irtf-t2trg-iot-seccons, conflict-review-irtf-t2trg-iot-seccons, conflict-review-irtf-t2trg-iot-seccons | ||
Additional resources | Mailing list discussion | ||
Stream | IRTF state | (None) | |
Consensus boilerplate | Unknown | ||
Document shepherd | (None) | ||
IESG | IESG state | Became RFC 8576 (Informational) | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
draft-irtf-t2trg-iot-seccons-05
quot;Constrained RESTful Environments (CoRE) Link Format", RFC 6690, DOI 10.17487/RFC6690, August 2012, <https://www.rfc-editor.org/info/rfc6690>. [RFC6749] Hardt, D., Ed., "The OAuth 2.0 Authorization Framework", RFC 6749, DOI 10.17487/RFC6749, October 2012, <https://www.rfc-editor.org/info/rfc6749>. [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., Morris, J., Hansen, M., and R. Smith, "Privacy Considerations for Internet Protocols", RFC 6973, DOI 10.17487/RFC6973, July 2013, <https://www.rfc- editor.org/info/rfc6973>. [RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049, October 2013, <https://www.rfc-editor.org/info/rfc7049>. [RFC7159] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March 2014, <https://www.rfc-editor.org/info/rfc7159>. Garcia-Morchon, et al. Expires March 14, 2018 [Page 42] Internet-Draft IoT Security September 2017 [RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for Constrained-Node Networks", RFC 7228, DOI 10.17487/RFC7228, May 2014, <https://www.rfc- editor.org/info/rfc7228>. [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained Application Protocol (CoAP)", RFC 7252, DOI 10.17487/RFC7252, June 2014, <https://www.rfc- editor.org/info/rfc7252>. [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. Kivinen, "Internet Key Exchange Protocol Version 2 (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October 2014, <https://www.rfc-editor.org/info/rfc7296>. [RFC7401] Moskowitz, R., Ed., Heer, T., Jokela, P., and T. Henderson, "Host Identity Protocol Version 2 (HIPv2)", RFC 7401, DOI 10.17487/RFC7401, April 2015, <https://www.rfc-editor.org/info/rfc7401>. [RFC7416] Tsao, T., Alexander, R., Dohler, M., Daza, V., Lozano, A., and M. Richardson, Ed., "A Security Threat Analysis for the Routing Protocol for Low-Power and Lossy Networks (RPLs)", RFC 7416, DOI 10.17487/RFC7416, January 2015, <https://www.rfc-editor.org/info/rfc7416>. [RFC7515] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May 2015, <https://www.rfc-editor.org/info/rfc7515>. [RFC7517] Jones, M., "JSON Web Key (JWK)", RFC 7517, DOI 10.17487/RFC7517, May 2015, <https://www.rfc- editor.org/info/rfc7517>. [RFC7519] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015, <https://www.rfc-editor.org/info/rfc7519>. [RFC7520] Miller, M., "Examples of Protecting Content Using JSON Object Signing and Encryption (JOSE)", RFC 7520, DOI 10.17487/RFC7520, May 2015, <https://www.rfc- editor.org/info/rfc7520>. [RFC7668] Nieminen, J., Savolainen, T., Isomaki, M., Patil, B., Shelby, Z., and C. Gomez, "IPv6 over BLUETOOTH(R) Low Energy", RFC 7668, DOI 10.17487/RFC7668, October 2015, <https://www.rfc-editor.org/info/rfc7668>. Garcia-Morchon, et al. Expires March 14, 2018 [Page 43] Internet-Draft IoT Security September 2017 [RFC7696] Housley, R., "Guidelines for Cryptographic Algorithm Agility and Selecting Mandatory-to-Implement Algorithms", BCP 201, RFC 7696, DOI 10.17487/RFC7696, November 2015, <https://www.rfc-editor.org/info/rfc7696>. [RFC7815] Kivinen, T., "Minimal Internet Key Exchange Version 2 (IKEv2) Initiator Implementation", RFC 7815, DOI 10.17487/RFC7815, March 2016, <https://www.rfc- editor.org/info/rfc7815>. [RFC7925] Tschofenig, H., Ed. and T. Fossati, "Transport Layer Security (TLS) / Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things", RFC 7925, DOI 10.17487/RFC7925, July 2016, <https://www.rfc- editor.org/info/rfc7925>. [RFC8046] Henderson, T., Ed., Vogt, C., and J. Arkko, "Host Mobility with the Host Identity Protocol", RFC 8046, DOI 10.17487/RFC8046, February 2017, <https://www.rfc- editor.org/info/rfc8046>. [RFC8105] Mariager, P., Petersen, J., Ed., Shelby, Z., Van de Logt, M., and D. Barthel, "Transmission of IPv6 Packets over Digital Enhanced Cordless Telecommunications (DECT) Ultra Low Energy (ULE)", RFC 8105, DOI 10.17487/RFC8105, May 2017, <https://www.rfc-editor.org/info/rfc8105>. [RFC8152] Schaad, J., "CBOR Object Signing and Encryption (COSE)", RFC 8152, DOI 10.17487/RFC8152, July 2017, <https://www.rfc-editor.org/info/rfc8152>. [RG-T2TRG] "IRTF Thing-to-Thing (T2TRG) Research Group", Web https://datatracker.ietf.org/rg/t2trg/charter/, n.d.. [SchneierSecurity] "The Internet of Things Is Wildly Insecure--And Often Unpatchable", Web https://www.schneier.com/essays/archives/2014/01/ the_internet_of_thin.html, n.d.. [SEAL] "Simple Encrypted Arithmetic Library - SEAL", Web https://sealcrypto.codeplex.com/, n.d.. [shodan] "Shodan", Web https://www.shodan.io/, n.d.. Garcia-Morchon, et al. Expires March 14, 2018 [Page 44] Internet-Draft IoT Security September 2017 [sigfox] "Sigfox - The Global Communications Service Provider for the Internet of Things (IoT)", Web https://www.sigfox.com/, n.d.. [Thread] "Thread Group", Web http://threadgroup.org/, n.d.. [TR69] "Too Many Cooks - Exploiting the Internet-of-TR- 069-Things", Web https://media.ccc.de/v/31c3_-_6166_-_en_- _saal_6_-_201412282145_-_too_many_cooks_- _exploiting_the_internet-of-tr-069-things_- _lior_oppenheim_-_shahar_tal, n.d.. [WG-6lo] "IETF IPv6 over Networks of Resource-constrained Nodes (6lo) Working Group", Web https://datatracker.ietf.org/wg/6lo/charter/, n.d.. [WG-6LoWPAN] "IETF IPv6 over Low power WPAN (6lowpan) Working Group", Web http://tools.ietf.org/wg/6lowpan/, n.d.. [WG-ACE] "IETF Authentication and Authorization for Constrained Environments (ACE) Working Group", Web https://datatracker.ietf.org/wg/ace/charter/, n.d.. [WG-ACME] "Automated Certificate Management Environment Working Group", Web https://datatracker.ietf.org/wg/acme/about/, n.d.. [WG-CoRE] "IETF Constrained RESTful Environment (CoRE) Working Group", Web https://datatracker.ietf.org/wg/core/charter/, n.d.. [WG-FUD] "IETF Firmware UpDate (fud)", Web https://datatracker.ietf.org/wg/fud/about/, n.d.. [WG-LWIG] "IETF Light-Weight Implementation Guidance (LWIG) Working Group", Web https://datatracker.ietf.org/wg/lwig/charter/, n.d.. [WG-MSEC] "IETF MSEC Working Group", Web https://datatracker.ietf.org/wg/msec/, n.d.. [wink] "Wink's Outage Shows Us How Frustrating Smart Homes Could Be", Web http://www.wired.com/2015/04/smart-home-headaches/, n.d.. Garcia-Morchon, et al. Expires March 14, 2018 [Page 45] Internet-Draft IoT Security September 2017 [ZB] "ZigBee Alliance", Web http://www.zigbee.org/, February 2011. [Ziegeldorf] Ziegeldorf, J., Garcia-Morchon, O., and K. Wehrle,, "Privacy in the Internet of Things: Threats and Challenges", Security and Communication Networks - Special Issue on Security in a Completely Interconnected World , 2013. Authors' Addresses Oscar Garcia-Morchon Philips IP&S High Tech Campus 5 Eindhoven, 5656 AA The Netherlands Email: oscar.garcia-morchon@philips.com Sandeep S. Kumar Philips Research High Tech Campus Eindhoven, 5656 AA The Netherlands Email: sandeep.kumar@philips.com Mohit Sethi Ericsson Hirsalantie 11 Jorvas, 02420 Finland Email: mohit@piuha.net Garcia-Morchon, et al. Expires March 14, 2018 [Page 46]