{"draft":"draft-irtf-t2trg-iot-seccons-16","doc_id":"RFC8576","title":"Internet of Things (IoT) Security: State of the Art and Challenges","authors":["O. Garcia-Morchon","S. Kumar","M. Sethi"],"format":["ASCII","HTML"],"page_count":"50","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"Thing-to-Thing","abstract":"The Internet of Things (IoT) concept refers to the usage of standard\r\nInternet protocols to allow for human-to-thing and thing-to-thing\r\ncommunication.  The security needs for IoT systems are well\r\nrecognized, and many standardization steps to provide security have\r\nbeen taken -- for example, the specification of the Constrained\r\nApplication Protocol (CoAP) secured with Datagram Transport Layer\r\nSecurity (DTLS).  However, security challenges still exist, not only\r\nbecause there are some use cases that lack a suitable solution, but\r\nalso because many IoT devices and systems have been designed and\r\ndeployed with very limited security capabilities.  In this document,\r\nwe first discuss the various stages in the lifecycle of a thing.\r\nNext, we document the security threats to a thing and the challenges\r\nthat one might face to protect against these threats.  Lastly, we\r\ndiscuss the next steps needed to facilitate the deployment of secure\r\nIoT systems.  This document can be used by implementers and authors\r\nof IoT specifications as a reference for details about security\r\nconsiderations while documenting their specific security challenges,\r\nthreat models, and mitigations.\r\n\r\nThis document is a product of the IRTF Thing-to-Thing Research Group\r\n(T2TRG).","pub_date":"April 2019","keywords":["IoT","Internet of Things","M2M","Machine-to-machine","Machine-type communication","MTC","Security","Privacy","Trustworthy","Lifecycle"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC8576","errata_url":null}