RFC 8576

Internet of Things (IoT) Security: State of the Art and Challenges, April 2019

Canonical URL:
https://www.rfc-editor.org/rfc/rfc8576.txt
File formats:
icon for text file icon for PDF icon for HTML
Status:
INFORMATIONAL
Authors:
O. Garcia-Morchon
S. Kumar
M. Sethi
Stream:
IRTF

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC8576

Discuss this RFC: Send questions or comments to t2trg@irtf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

The Internet of Things (IoT) concept refers to the usage of standard Internet protocols to allow for human-to-thing and thing-to-thing communication. The security needs for IoT systems are well recognized, and many standardization steps to provide security have been taken -- for example, the specification of the Constrained Application Protocol (CoAP) secured with Datagram Transport Layer Security (DTLS). However, security challenges still exist, not only because there are some use cases that lack a suitable solution, but also because many IoT devices and systems have been designed and deployed with very limited security capabilities. In this document, we first discuss the various stages in the lifecycle of a thing. Next, we document the security threats to a thing and the challenges that one might face to protect against these threats. Lastly, we discuss the next steps needed to facilitate the deployment of secure IoT systems. This document can be used by implementers and authors of IoT specifications as a reference for details about security considerations while documenting their specific security challenges, threat models, and mitigations.

This document is a product of the IRTF Thing-to-Thing Research Group (T2TRG).


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader