Search RFCs
RFC 8576
Internet of Things (IoT) Security: State of the Art and Challenges,April 2019
- File formats:
- Status:
- INFORMATIONAL
- Authors:
- O. Garcia-Morchon
S. Kumar
M. Sethi - Stream:
- IRTF
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC8576
Discuss this RFC: Send questions or comments to the mailing listt2trg@irtf.org
Other actions:Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 8576
Abstract
The Internet of Things (IoT) concept refers to the usage of standardInternet protocols to allow for human-to-thing and thing-to-thingcommunication. The security needs for IoT systems are wellrecognized, and many standardization steps to provide security havebeen taken -- for example, the specification of the ConstrainedApplication Protocol (CoAP) secured with Datagram Transport LayerSecurity (DTLS). However, security challenges still exist, not onlybecause there are some use cases that lack a suitable solution, butalso because many IoT devices and systems have been designed anddeployed with very limited security capabilities. In this document,we first discuss the various stages in the lifecycle of a thing.Next, we document the security threats to a thing and the challengesthat one might face to protect against these threats. Lastly, wediscuss the next steps needed to facilitate the deployment of secureIoT systems. This document can be used by implementers and authorsof IoT specifications as a reference for details about securityconsiderations while documenting their specific security challenges,threat models, and mitigations.
This document is a product of the IRTF Thing-to-Thing Research Group(T2TRG).
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.