# I. Introduction he most profound technologies are those that disappear. They weave themselves into the fabric of everyday life until they are indistinguishable from it". This was Mark Weiser's central statement in his seminal paper [Weis 91] in Scientific American in 1991. IoT concept has begun to shape our modern world including a common man's everyday life in the society, a world in which devices of every shape and size are manufactured with "smart" capabilities that allow them to communicate and interact not only with other devices but also with humans, exchange their data, make autonomous decisions and perform useful tasks based on preset conditions. IoT is becoming well-known concept across many horizontal and vertical markets with its numerous applications [1].Just to give an example how IoT would affect our daily life: You enter the supermarket and receive your fridge's text message: "You are out of milk." In the dairy section, sensors signal your grocery cart that you've taken a milk carton. As you walk towards the pharmacy, your fitness wristband vibrates as it takes your vitals and streams the results to your doctor to adjust your prescription. When you're finished shopping, you simply walk out the door. Your credit card is charged when you exit the supermarket's geofence. As you drive home, your car communicates with other cars on the roadway to prevent accidents. The early years of Internet of Things (IoT) started with Machine to Machine (M2M) communication. M2M communication indicates two machines communicating with each other, usually without human involvement. The communication platform is not defined, and can be both wireless and wired communication. The term M2M stems from telephony systems. In these systems, different endpoints needed to exchange information between each other, such as the identity of the caller. This information was sent between the endpoints without a human being needed to initiate the transmission. The M2M term is still very much in use, especially in the industrial market, and is commonly regarded as a subset of IoT [5]. The term internet of things was devised by Kevin Ashton, cofounder and executive director of Auto-ID Center at MIT in 1999 and refers to uniquely identifiable objects and their virtual representations in an "internet-like" structure [25]. The Oxford Dictionary perhaps offers a concise definition that invokes the Internet as an element of the IoT: Internet of things (noun): The interconnection via the Internet of computing devices embedded in everyday objects enabling them to send and receive data. Nevertheless, in the past decade, this concept has been extended because of new IoT network applications such as e-healthcare and transport utilities [25]. The evolution of the IoT has its origin in the convergence of wireless technologies, advancements of micro electromechanical systems (MEMS) and digital electronics where has been as a result miniature devices with the ability to sense and compute and communicate wirelessly. In the era of IoT, the interaction or relationship between humans and machines is ever more considered as machines getting smarter and starting to handle more human tasks, and in this situation humans are required to trust the machine and feel safe. In this way, a thing might be a patient with a medical implant to facilitate real-time monitoring in a healthcare application or an accelerometer for movement attached to the cow in a farm environment [26]. These things or devices in IoT include familiar scannables and wearables and more complex systems like home appliances, vehicles, and smart roads and bridges. It is predicted that IoT will consist of 50 billion connected devices by 2020 and that the worldwide IoT market will be more than a $10 trillion industry. These projections depict the possibility of a smarter, efficient and safer world of inter-connected devices [27] while some observers show concerns that the IoT represents a darker world of surveillance, privacy and security violations, and consumer lock-in. Attention-grabbing headlines about the hacking of internet-connected automobiles, surveillance concerns arising from voice recognition features in "smart" TVs, and privacy fears stemming from the potential misuse of IoT data have captured public attention. This "promise vs. peril" debate along with an influx of information though popular media and marketing can make the IoT a complex topic to understand [22]. Garter's Hype Cycle is a way to represent emergence, adoption, maturity and impact on applications of specific technologies. The latest Gartner Hype Cycle for Emerging Technologies places it at the peak. IoT has been identified as one of the emerging technologies as shown below in the Hype Cycle in Emerging Technologies Report for the year 2015 [28]. # II. Security for Internet of Things If one thing can prevent the Internet of things from transforming the way we live and work, it will be a breakdown in security. While security considerations are not new in the context of information technology, the attributes of many IoT implementations present new and unique security challenges. Addressing these challenges and ensuring security in IoT products and services must be a fundamental priority. Users need to trust that IoT devices and related data services are secure from vulnerabilities, especially as this technology become more pervasive and integrated into our daily lives. Important challenge is the integration of security mechanisms and the user acceptance. User must feel that they control any information that is related to them rather than they feel they are being controlled by the system. This integration generates new requirements, not been previously considered. The interconnected nature of IoT devices means that every poorly secured device that is connected online potentially affects the security and resilience of the Internet globally. This challenge is amplified by other considerations like the mass-scale deployment of homogenous IoT devices, the ability of some devices to automatically connect to other devices, and the likelihood of fielding these devices in unsecure environments. As a matter of principle, developers and users of IoT devices and systems have a collective obligation to ensure they do not expose users and the IoT infrastructure itself to potential harm. Accordingly, a collaborative approach to security will be needed to develop effective and appropriate solutions to IoT security challenges that are well suited to the scale and complexity of the issues [22]. Full potential of the IoT depends on strategies that respect individual privacy choices across a broad spectrum of expectations. The data streams and user specificity afforded by IoT devices can unlock incredible and unique value to IoT users, but concerns about privacy and potential harms might hold back full adoption of the Internet of Things. This means that privacy rights and respect for user privacy expectations are integral to ensuring user trust and confidence in the Internet, connected devices, and related services. Indeed, the Internet of Things is redefining the debate about privacy issues, as many implementations can dramatically change the ways personal data is collected, analyzed, used, and protected. For example, IoT amplifies concerns about the potential for increased surveillance and tracking, difficulty in being able to opt out of certain data collection, and the strength of aggregating IoT data streams to paint detailed digital portraits of users. While these are important challenges, they are not insurmountable. In order to realize the opportunities, strategies will need to be developed to respect individual privacy choices across a broad spectrum of expectations, while still fostering innovation in new technology and services [22]. The remainder of this paper is organized as follows: Section II further gives an overview of the IoT features, layers; we first identify properties that make the IoT unique in terms of the security and privacy challenges. In the next section, we describe the security primitives and solutions approaches that take into account to secure the network communication and protect user's data. Finally, Section IV concludes the paper and gives insights regarding current research gaps and possible future directions. # a) IoT Features And Security Requirements In this section, we identify the features that constitute the uniqueness of the IoT in terms of the security and privacy challenges and the layers of IoT. We will see how security issues are different in IoT as compared to traditional internet networks. Moreover, we will establish a number of security and privacy requirements, based on the described properties, and will discuss them in detail. # Figure 2: Internet of Things Applications In contrast to traditional IT systems such as enterprise applications, cloud computing, and big data, a combination of a number of properties makes the IoT unique in terms of the challenges that need to be coped with. We identify these properties by analyzing related IoT research [29]- [30]. A major barrier to realizing the full promise of IoT is that around 85% of existing things were not designed to connect to Internet and cannot share data with the cloud according to IMS research. Addressing this issue, gateways from mobile, home, and industrial act as intermediaries between legacy things and the cloud, providing the needed connectivity, security and manageability described by Intel. The identified distinguishing properties are four, namely: the uncontrolled environment, the heteroge-neity, the need for scalability, as well as the constrained resources utilized in the IoT Uncontrolled Environment: Many things will be part of a highly uncontrolled environment; things travel to untrustworthy surroundings, possibly without supervision. Sub properties of the uncontrolled environment Stable network connectivity and constant presence cannot be expected in such an environment. Physical Accessibility: In the IoT, sensors can be publicly accessible, e.g., traffic control cameras, and environmental sensors. Trust: A priori trusted relationships are unlikely for the large amount of devices interacting with each other and users [22]. Thus, automated mechanisms to measure and manage trust of things, services, and users are crucial for the IoT. Heterogeneity: IoT is expected to be a highly heterogeneous ecosystem as it will have to integrate a multitude of things from various manufacturers. Therefore, version compatibility, and interoperability have to be considered. Scalability: The vast amount of interconnected things in the IoT demands highly scalable protocols. This also has an influence on security mechanisms. For instance, centralized approaches, e.g., hierarchical Public Key Infrastructures (PKIs), as well as some distributed approaches, e.g., pairwise symmetric key exchange schemes, cannot scale with the IoT. Year 2016 ( ) E # Mobility: Infrastructures (PKIs), as well as some distributed approaches, e.g., pairwise symmetric key exchange schemes, cannot scale with the IoT. Constrained Resources: Things in the IoT will have constraints that need to be considered for security mechanisms. This includes energy limitations, e.g., battery powered devices, as well as low computation power, e.g., micro sensors. Thus, heavy computational cryptographic algorithms cannot be applied to all things. IoT and traditional network security issues are different in many ways. IoT is composed of RFID nodes and WSN nodes, whose resources are limited, while the Internet is composed of PC, severs, smart phones whose resources are rich. In the Internet, we use combinations of complex algorithms and lightweight algorithms to maximize security with less considerations of resource usage such as computation power. While in IoT, most of the cases, we can only use lightweight algorithms to find the balance between security and power consumptions. Connection between IoT nodes are always through slower, less secure wireless media, which results in easy data leakage, easily node compromising and all other insecure issues. Whereas in Internet, most communications are through faster, more secure wire or wireless communications. Even with the Mobile Internet, wireless connections are built on top of complex secure protocols which are almost impossible to implement for resource limited IoT nodes. Although there are various devices in the Internet, but with the abstraction of operating system, their data formats are almost the same with Window Family and Unix-like operating systems. However, in IoT, what we have is just bare wireless node. There is no operating system, just a simple embedded program for the chip. With the diversity of nodes perception goal, there comes different chip hardware which result in heterogeneous data contents and data formats. There are all kinds of IoT applications in application layer, used in our everyday life; they gather our private information every second automatically to make our life easier. These applications can even control our everyday life environment. It would be of great potential security problems if we lose control of IoT system. While in the Internet, if we do not provide our information ourselves, there is no way for attackers to get our information. And with the help of operating system and plenty of security software, the environment is more secure. So in one word, IoT system lives in a more dangerous environment with limited resources and less network guards. So we need to implement lightweight solutions to deal with this more dangerous environment. # b) Internet of Things Layers In order to analyze the security issues of IoT in more detail, IoT layers are divided into perception layer, transportation layer and application layer. Perception layer can further be divided into perception nodes and perception network, divide transportation layer into access network, core network, and LAN, and the application layer into application support layer and IoT applications. Each layer has a corresponding technical support, these technologies at all levels play irreplaceable roles, but these techniques are more or less related to the existence of the range problems that can cause insecurity, privacy and other security issues of data. IoT must ensure the security of all layers. In addition, IoT security should also include the security of whole system crossing the perception layer, transportation layer and application layer. # c) LOT Security and Privacy Requirements Security and privacy are crucial enabling technologies and thus among the biggest challenges for the IoT [31]. Therefore, it is compelling for the IoT architectures to consider and resolve these challenges upfront. Otherwise, applications as well as whole ecosystems building on top of such architectures may repeat the security fallacies of the past decades. For that, a precise understanding of security requirements in the context of the IoT is indispensable. Prior technology trends, e.g., cloud computing and big data, are likely to share security requirements with the IoT. However, the uniqueness of the IoT introduces new challenges to security requirements, different from previous technology trends. Big data solutions for instance are designed to scale and deal with heterogeneity of data sources. Nevertheless, big data solutions are not required to deal with an uncontrolled environment and constrained resources; big data analytics run in isolated silos with time or resources to spare. Likewise, cloud computing by design is supposed to scale and overcome challenges of constrained resources. However, cloud computing hardly deals with mobility of devices and physical accessibility of sensors. Related IoT security surveys are incomplete with respect to requirements. To provide a comprehensive overview, we summarize these security requirements from the domain of the IoT and split them into five groups: Network Security, Identity Management, Privacy, Trust, and Resilience. It is obvious that with regard to network security the constrained resources should have the strongest connection, mainly due to the restrictions that they apply to traditional security mechanisms, e.g., cryptography. Moreover, identity management is influenced by the heterogeneity of the IoT. Privacy is mostly connected with scalability and the constrained resources as restrictions are posed to the technology candidates that can be utilized. Furthermore, the uncontrolled environment and the heterogeneity of the IoT have a serious impact on trust. Lastly, resilience is directly connected to the need of the IoT for scalability [23]. Network Security: Network security requirements are divided into confidentiality, authenticity, integrity, and availability [34]. Factors like heterogeneity and constrained resources must be considered while applying these to IoT architectures. Interconnecting the devices require to have better confidentiality so technologies such as IPSec [35] and Transport Layer Security (TLS) [33] are employed to meet this requirement. There's another dedicated secure network stacks of IoT available in case overhead exceeds the resource constraints of things [32]. Authenticity confirms that the connection established is with an authenticated entity and authenticity also includes integrity of data but can be required separately to detect and recover failures so mechanisms such as TCP and TLS suffice this requirement. Privacy: Privacy is considered to be one of main challenges in IoT [24] due to the involvement of humans and increasingly ubiquitous data collection. Privacy of data includes confidential data transmission in a way that it shouldn't expose undesired properties, e.g. identity of a person. This requirement is considered as big challenge as almost every other sensing device collect personal information and large amount of such data becomes Personally Identifiable Information (PII) when combined together; enough to identify a person [38]. A single person not being identifiable as the source of data or an action is anonymity, another challenge to face in IoT as mobile devices and wearable sensors may leak PII such as IP addresses and location unknowingly. There are some technologies already being employed such as anonymous credentials and onion routing, though may not scale well with IoT. Unlinkability protects from profiling in the IoT while pseudonyms may solve unlink ability. With pseudonymity, actions of a person are linked with a pseudonym, a random identifier, rather than an identity [23]. Intel Security also announced, its Enhanced Privacy Identity (EPID) technology will be promoted to other silicon vendors. EPID has anonymity properties, in addition to hardware-enforced integrity, and is included in ISO and TCG standards. The EPID technology provides an on-ramp for other devices to securely connect to the Intel IoT Platform [1]. Identity Management: A comprehensive attention should be given for identity management in IoT due to the number of devices and the complex relationship between devices, services, owners and users [38]. Methods for authentication, authorization including revocation, and accountability or non-repudiation are required. There may be multiple domain scenarios in IoT, authorization solutions, e.g., Kerberos [13], assume a single domain that encloses devices, owners, users, and services. Therefore, new authorization solutions that work with un-trusted devices, allow delegation of access across domains, and capable of quick revocation are needed. Accountability in trust management ensures that every action is clearly bound to an authenticated entity, is another challenge in IoT. It must be capable to deal with huge amounts of entities, delegation of access, actions that span organizational domains along with continuous derivation of data. Resilience: Resilience and robustness against attacks and failures becomes another important challenge due to large scale of devices. IoT architectures must provide mechanisms to proficiently select things, transmission paths, and services according to their robustness (failure/attack avoidance). Also, fail-over and recovery mechanisms must be provided to maintain operations under failure or attacks, and to return to normal operations [2]. # d) Cryptographic Primitives Goals and Attack Techniques Cryptographic primitives are in general utilized to comply with the main security goals for exchanged messages and the system itself [3]. Main security requirements are Confidentiality: message only disclosed to authorized entities Integrity: Original message is not tempered Authenticity: message is sent from a genuine entity Availability: system keeps serving its purpose and stays uninterruptedly available for legitimate entities It is also important to understand the attack techniques in order to rationalize security mechanisms in communication protocols. Some important attacks with respect to IoT are: Eavesdropping: process of 5 Year 2016 ( ) overhearing an ongoing communication, i.e. is as well preliminary for launching next attacks. In wireless communication, everyone has in general access to the medium so takes less effort to launch as compared to wired communication. Confidentiality is a typical counter-measurement against eavesdropping but if keying material is not exchanged in secure manner, eavesdropper could compromise the confidentiality. Secure key exchange algorithms such as Diffe-Hellman (DH) are used. Impersonation: a malicious party pretends to be a legitimate entity for instance by replaying a generic message, in order to bypass the aforementioned security goals. MITM Attack: Man-in-the-middle attack takes place when a malicious entity is on the network path of two genuine entities. Capable of delaying, modifying or dropping messages. Interesting within the context of PKC, malicious entity doesn't attempt to break the keys of involved parties but rather to become the falsely trusted MITM. DoS Attack: targets the availability of a system that offers services, is achieved by exhaustingly consuming resources at the victim so that the offered services become unavailable to legitimate entities. A common way to launch this attack is to trigger expensive operations at the victim that consume resources such as computational power, memory bandwidth or energy. This attack is critical for constrained devices where existing resources are already scarce. # III. Internet of Things Security Solutions Approaches Different approaches are being employed for secure End-to-End communication in WSNs and IoT, they can be classified into major research directions as follows ? Centralized Approaches ? Protocol-based Extensions and Optimizations ? Alternative Delegation Architectures ? Solutions that Require Special Purpose Hardware Modules a) Centralized Approaches Centralized security solution approaches are considered as efficient and suitable for the resourceconstrained sensor networks but the common issue is the scalability of the key management; node must be pre-configured with shared keys of all entities before deployment. Some of the common centralized based approaches are SPINS (A centralized architecture for securing uni-and multicast communication in constrained networks, composed of two security protocols; SNEP and µTESLA) and the Polynomial-based scheme (Polynomial schemes aim at simplifying the key agreement process in distributed sensor networks, main idea is to assign every node n a polynomial share F(n; y) derived from a secret symmetric bi-variate polynomial F(x; y). This allows any possible pair of nodes with a polynomial share to be able to establish a common secret) [3]. # b) Protocol-based Extensions and Optimizations Approaches such as compression aim at optimizing the protocol without breaking the security properties. There are several compression schemes proposed such as the compression of IPV6 header, extension headers, and UDP (User Datagram Protocol) header now standard in 6LoWPAN. Some of these approaches are Abbreviated DTLS Handshake (allows for a shorter handshake that reuses the state information from the previous session, in order to resume the session). TLS Session Resumption without Server-Side State where server does not hold any state required to resume a session rather server's encrypted state is offloaded during the handshake towards the client and in caching, TLS Cached Information extension allows for omitting cached information, such as these large certificate chains from the handshake. Compression of header information is an approach to reduce the transmission overhead of packets in constrained environments, 6LoWPAN defines already header compression mechanism for IP packets. # c) Delegation-based Architectures Delegate computationally intensive tasks, such as public-key-based operations involved in session establishments, to more powerful devices. Some important approaches are: Server-based Certificate Validation Protocol (SCVP), it enables a client to delegate the complex task of certificate validation or certificate path construction to a trusted server. SCVP server should be trusted. Another delegation approach: by Bonetto [4]. It delegates the public-key-based operations to a more powerful device, such as the Gateway (GW). They describe the procedure for IKE session establishment, where the GW intercepts session establishment and pretends to be the end-point. After calculation of the session key, this key is handed over the constrained device and both peers can directly protect their communication with the session key. But in the vision of IoT, not always a trusted GW is present e.g. in the home automation scenario, constrained devices of different manufacturers might be present in the constrained network. Tiny 3-TLS [6]: It requires a strong trust level between the constrained resource device and the GW, offloads expensive public-key-based operations to the GW. The constrained resource device trusts the GW and the unconstrained device authenticates itself to the GW and hence, GW trusts the unconstrained device. constrained resource device trusts the GW and the unconstrained device authenticates itself to the GW and hence, GW trusts the unconstrained device. Consequently, Tiny 3-TLS assumes that by means of transitive trust the constrained device could trust the unconstrained device. Tiny 3-TLS distinguishes between partially and fully trusted GWs. Sizzle [7] implements a complete SSL-secured HTTP web server for constrained devices with support for ECC-based authentication. This approach, in contrast to previous delegation-based architectures, delegates only the task of adapting the underlying transport-layer protocol. This is achieved by terminating the incoming TCP connection at the GW and sending the payload via a UDP-based reliable protocol to the constrained device. Sizzle only allows for certificatebased authentication towards powerful clients and does not implement certificate handling for constrained devices. Peer authentication and End-to-End data protection are crucial requirements to prevent eavesdropping on sensitive data or malicious triggering of harmful actuating tasks in the context of Internet of Things (IoT). Symmetric key cryptography such as AES provides fast and lightweight encryption and decryption on smart devices and their integrated hardware supports it as well. However, when number of devices connected becomes high, exchanging symmetric keys becomes a challenging task and an efficient scalable key establishment protocol is required. Asymmetric key cryptography is another method for key establishment at two ends, but it involves high computational overheads which are the main concerns for resource-constrained devices [9]. Sensors with low resources (energy, computation) are not meant to perform complex asymmetric cryptographic operations. Key establishment protocols are used to provide shared secrets between two or more parties, typically for subsequent use as private keys for a variety of cryptographic objectives [12]. These objectives are in turn used as security primitives for enabling various security protocols such as source authentication, integrity protection or confidentiality [8]. To afford interoperable network security between endpoints from independent network domains, variants of traditional End-to-End IP security protocols have recently been proposed for resource-constrained devices and the networks formed by them [9]. ? Protocol variants such as Datagram Transport Layer Security (DTLS) [14], HIP-DEX [15], and minimal IKEv2 [16] consider public-key cryptography in their protocol design. As public-key cryptography acquires significant computational processing and transmission overheads in resource-constrained network environments, research and standardization currently focuses to reduce the public-key related overheads during the protocol handshake. ? Another interesting approach has been suggested in [20] and [8]. In these papers, a proxy-based solution is proposed to delegate the heavy cryptographic operations from a resourceconstrained device to less constrained nodes. A similar approach might be found in [11] for ambientassisted living and also in [21] where communication is made from one resourceconstrained node to another resource-constrained sensor node. These approaches have assumed the sensor nodes to be trustworthy and the mechanism in case if nodes are compromised, misbehave, authentication fails or nodes fail to deliver its assigned share. Still the risk involved is there for the secret shared key to be revealed by the attacker from the compromised nodes. Selection criteria are described for these assisting nodes to evaluate their abilities before they are assigned computational tasks to work as proxies. Other approaches proposed including session resumption mechanisms [17] and caching of static handshake information such as certificates [18]. However, the considerable RAM and ROM requirements make the use of public-key cryptography unsuitable for a wide range of constrained devices [9]. One such implementation of two-way authentication scheme for the IoT based on DTLS protocol is described in [19]. This approach even generates considerable overheads to the network traffic due to the utilization of X.509 certificates and RSA public keys with DTLS handshake. Both these X.509 certificate and RSA public key with DTLS handshake involve heavy computations for the low performing and high resource-constrained sensor nodes. # d) Hardware-based Approaches A class of security solutions relies on additional hardware security modules, such as TPMs. A Trusted Platform Module (TPM) is tamper-proof hardware that provides support for cryptographic computations especially public-key-based cryptographic primitives. TPMs can hold keys, such as RSA private keys, in a protected memory area. Furthermore, the cryptographic accelerator of TPMs is capable of computing the cryptographic computations with a higher performance. In contrast, ECC provides the same level of security with considerably smaller key sizes [3]. Therefore, ECC is preferred and recommend for constrained environments. # IV. Conclusion This paper aims to provides the reader a basic overview about Internet of Things, the major security and privacy challenges because of its exponential growth and what kind of security primitives and solution approaches are being taken to make communication secure and to protect the user's data. Conventional security primitives cannot be applied due to the heterogeneous nature of sensors, low resources and the system architecture in IoT applications. To prevent unauthorized use of user's data, protect their privacy and to mitigate security and privacy threats, strong network security infrastructures are required. Peer authentication and End-to-End data protection are crucial requirements to prevent eavesdropping on sensitive data or malicious triggering of harmful actuating tasks. Any unauthorized use of data may restrict users to utilize IoT based applications. This review paper provides the security solution approaches been proposed recently identifying both the challenges related to security and privacy and the attack techniques used to compromise/fail the sensor nodes in Internet of Things as well. Current approaches are focused on predeployed, pre-shared keys on both ends whereas certificate-based authentication is generally considered infeasible for constrained resource sensors. New security paradigm are needed for End-to-End secure key establishment protocols that are lightweight for resource-constrained sensors and secure through strong encryption and authentication. # Global Journal of Computer Science and Technology Volume XVI Issue VII Version I 1![Figure 1: Hyper Cycle for Emerging Technologies, 2105[12] ](image-2.png "Figure 1 :") 2![Figure 2: Network Model Scenario for Body Area Network in the context of Internet of Things (IoT)](image-3.png "Figure 2 :") ![](image-4.png "") © 2016 Global Journals Inc. (US) * RSomayya Madakam SiddharthRamaswamy Tripathi Internet of Things (IoT): A Literature Review * EmmanouilVasilomanolakis JorgDaubert ManishaLuthra Vangelis Gazis, Alex Wiesmaie and Panayotis Kikiras "On the Security and Privacy of Internet of Things Architectures and Systems * Leveraging Public-keybased Authentication for the Internet of Things HosseinShafagh 2013 Germany RWTH Aachen University Master Thesis * Secure communication for smart IoT objects: Protocol stacks, use cases and practical examples RBonetto NBui VLakkundi AOlivereau ASerbanati MRossi 10.1109/WoWMoM.2012.6263790 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM'12) San Francisco, CA June 2012 * Security in Internet of Things Systems Christian Dancke Tuen Norwegian University of Science and Technology Master Thesis * Tiny 3-TLS: a trust delegation protocol for wireless sensor networks SepidehFouladgar BastienMainaud KhaledMasmoudi HossamAfifi 10.1007/11964254_5 Proceedings of the Third European conference on Security and Privacy in Ad-Hoc and Sensor Net works (ESAS'06) the Third European conference on Security and Privacy in Ad-Hoc and Sensor Net works (ESAS'06)Hamburg, Germany Nov 2006 * Sizzle: A standards-based end-to-end security architecture for the VipulGupta MichaelWurm YuZhu MatthewMillard StephenFung NilsGura HansEberle Sheueling Chang Shantz 2005 * Lightweight collaborative key establishment scheme for the Internet of Things YBSaied AOlivereau DZeghlache MLaurent Computer Networks 64 2014 * Delegation based Authentication and Authorization for the IP-based Internet of Things RHummen HShafagh SRaza TVoigt KWehrle IEEE SECON 2014 * That 'Internet of Things' thing KAshton June 2009 22 * Secure End-to-End Key Establishment Protocol for Resource-Constrained Healthcare Sensors in the Context of IoT MagdyMuhammad A Iqbal Bayoumi The 14th Annual IEEE International Conference on High Performance Computing and Simulations (HPCS) Innsbruck Austria 2016 2016 * Handbook of Applied Cryptography AJMenezes SAVanstone PCVan Oorschot 1996 CRC Press, Inc Boca Raton, FL * Kerberos: An authentication service for open network systems JenniferGSteiner BCliffordNeuman JeffreyISchiller Proceedings of the USENIX Winter Conference the USENIX Winter ConferenceDallas, Texas, USA USENIX Association January 1988. 1988 * Datagram Transport Layer Security Version 1.2 ERescorla NModadugu IETF 6347 2012 RFC * RMoskowitz RHummen draftmoskowitz-hip-dex-01 HIP Diet EXchange (DEX) 2012 * Minimal IKEv2 TKivinen draft-kivinen- ipsecme-ikev2-minimal-01 2012 WiP), IETF * Tailoring End-to-End IP Security Protocols to the Internet of Things RHummen HWirtz JHZiegeldorf JHiller KWehrle Proc. of IEEE ICNP of IEEE ICNP 2013 * Transport Layer Security (TLS) Cached Information Extension SSantesson HTschofenig 2014 WiP), IETF draft-ietf-tls-cached-info-16 * DTLS based security and two-way authentication for the Internet of Things TKothmayr CSchmitt WHu MBrünig GCarle Ad Hoc Networks 11 8 2013 * D-HIP: A distributed key exchange scheme for HIP-based Internet of Things YSaied AOlivereau Proceeding of IEEE World of Wireless, Mobile and Multimedia Networks (WoWMoM) 2012 eeding of IEEE World of Wireless, Mobile and Multimedia Networks (WoWMoM) 2012 2012 * Secure end-to-end communication for constrained devices in IoTenabled Ambient Assisted Living systems PPorambage Braeken MGurtov SusannaYlianttila Spinsante proceedings of 2nd World Forum on Internet of Things (WF-IoT) 2nd World Forum on Internet of Things (WF-IoT) 2015 * Internet of Things: An overview" by Internet Society * EmmanouilVasilomanolakis JorgDaubert ManishaLuthra Vangelis Gazis, Alex Wiesmaier and Panayotis Kikiras "On the Security and Privacy of Internet of Things Architectures and Systems * A view on privacy & trust in iot JoergDaubert AlexanderWiesmaier PanayotisKikiras IOT/CPS-Security Workshop, IEEE International Conference on Communications London, GB 2015. 2015. June 08-12, 2015 page to appear. IEEE * Vision and Challenges for Realising the Internet of Things HSundmaeker PGuillemin PFriess SWoelfflé * European Commission-Information Society and Media 2010 * Lee Security Analysis and Improvements of Authentication and Access Control in the Internet of Things BruceNdibanje Hoon-JaeLee Sang-Gon Internet of Things: The new frontier for data security and privacy Bethany Lobo Benjamin Kleine Amanada Levendowski March 2015 27 Part 1 * Gartner's Hype Cycle Special Report for 2015. 2015 Gartner Inc * Threat-Based Security Analysis for the Internet of Things WAhmad AndrewAtamli Martin Secure Internet of Things (SIoT) IEEE 2014 * Internet of Things -New security and privacy challenges RolfHWeber Computer Law & Security Review 26 1 Jan 2010 * Security and Privacy in the Internet of Things: Current Status and Open Issues MohamedAbomhara GeirMKoien Privacy and Security in Mobile Systems (PRISMS) IEEE 2014 * Secure communication for smart IoT objects: Protocol stacks, use cases and practical examples RiccardoBonetto NicolaBui VishwasLakkundi AlexisOlivereau AlexandruSerbanati MicheleRossi IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2012 -Digital Proceedings 2012. 2012 * The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard) TDierks ERescorla August 2008 5746 6176 * ¨ Security in fixed and wireless networks -an introduction to securing data communications GunterSch ¨Afer 2003 Wiley * Security Architecture for the Internet Protocol. RFC 2401 (Proposed Standard) SKent RAtkinson November 1998 4301 updated by RFC 3168