Securing the Internet of Things: A Standardization Perspective

Abstract

The Internet of Things (IoT) is the next wave of innovation that promises to improve and optimize our daily life based on intelligent sensors and smart objects working together. Through Internet Protocol (IP) connectivity, devices can now be connected to the Internet, thus allowing them to be read, controlled, and managed at any time and at any place. Security is an important aspect for IoT deployments. However, proprietary security solutions do not help in formulating a coherent security vision to enable IoT devices to securely communicate with each other in an interoperable manner. This paper gives an overview of the efforts in the Internet Engineering Task Force (IETF) to standardize security solutions for the IoT ecosystem. We first provide an in-depth review of the communication security solutions for IoT, specifically the standard security protocols to be used in conjunction with the Constrained Application Protocol (CoAP), an application protocol specifically tailored to the needs of adapting to the constraints of IoT devices. Since Datagram Transport Layer Security (DTLS) has been chosen as the channel security underneath CoAP, this paper also discusses the latest standardization efforts to adapt and enhance the DTLS for IoT applications. This includes the use of 1) raw public key in DTLS; 2) extending DTLS record Layer to protect group (multicast) communication; and 3) profiling DTLS for reducing the size and complexity of implementations on embedded devices. We also provide an extensive review of compression schemes that are being proposed in IETF to mitigate message fragmentation issues in DTLS.