diff options
Diffstat (limited to 'doc/rfc/rfc8576.txt')
-rw-r--r-- | doc/rfc/rfc8576.txt | 2803 |
1 files changed, 2803 insertions, 0 deletions
diff --git a/doc/rfc/rfc8576.txt b/doc/rfc/rfc8576.txt new file mode 100644 index 0000000..a6b4f05 --- /dev/null +++ b/doc/rfc/rfc8576.txt @@ -0,0 +1,2803 @@ + + + + + + +Internet Research Task Force (IRTF) O. Garcia-Morchon +Request for Comments: 8576 Philips +Category: Informational S. Kumar +ISSN: 2070-1721 Signify + M. Sethi + Ericsson + April 2019 + + + Internet of Things (IoT) Security: State of the Art and Challenges + +Abstract + + The Internet of Things (IoT) concept refers to the usage of standard + Internet protocols to allow for human-to-thing and thing-to-thing + communication. The security needs for IoT systems are well + recognized, and many standardization steps to provide security have + been taken -- for example, the specification of the Constrained + Application Protocol (CoAP) secured with Datagram Transport Layer + Security (DTLS). However, security challenges still exist, not only + because there are some use cases that lack a suitable solution, but + also because many IoT devices and systems have been designed and + deployed with very limited security capabilities. In this document, + we first discuss the various stages in the lifecycle of a thing. + Next, we document the security threats to a thing and the challenges + that one might face to protect against these threats. Lastly, we + discuss the next steps needed to facilitate the deployment of secure + IoT systems. This document can be used by implementers and authors + of IoT specifications as a reference for details about security + considerations while documenting their specific security challenges, + threat models, and mitigations. + + This document is a product of the IRTF Thing-to-Thing Research Group + (T2TRG). + + + + + + + + + + + + + + + + + +Garcia-Morchon, et al. Informational [Page 1] + +RFC 8576 IoT Security April 2019 + + +Status of This Memo + + This document is not an Internet Standards Track specification; it is + published for informational purposes. + + This document is a product of the Internet Research Task Force + (IRTF). The IRTF publishes the results of Internet-related research + and development activities. These results might not be suitable for + deployment. Documents approved for publication by the IRSG are not + candidates for any level of Internet Standard; see Section 2 of RFC + 7841. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + https://www.rfc-editor.org/info/rfc8576. + +Copyright Notice + + Copyright (c) 2019 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. + + + + + + + + + + + + + + + + + + + + + + + + +Garcia-Morchon, et al. Informational [Page 2] + +RFC 8576 IoT Security April 2019 + + +Table of Contents + + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 + 2. The Thing Lifecycle . . . . . . . . . . . . . . . . . . . . . 5 + 3. Security Threats and Managing Risk . . . . . . . . . . . . . 8 + 4. State of the Art . . . . . . . . . . . . . . . . . . . . . . 13 + 4.1. IP-Based IoT Protocols and Standards . . . . . . . . . . 13 + 4.2. Existing IP-Based Security Protocols and Solutions . . . 16 + 4.3. IoT Security Guidelines . . . . . . . . . . . . . . . . . 18 + 5. Challenges for a Secure IoT . . . . . . . . . . . . . . . . . 21 + 5.1. Constraints and Heterogeneous Communication . . . . . . . 21 + 5.1.1. Resource Constraints . . . . . . . . . . . . . . . . 21 + 5.1.2. Denial-of-Service Resistance . . . . . . . . . . . . 22 + 5.1.3. End-to-End Security, Protocol Translation, and the + Role of Middleboxes . . . . . . . . . . . . . . . . . 23 + 5.1.4. New Network Architectures and Paradigm . . . . . . . 25 + 5.2. Bootstrapping of a Security Domain . . . . . . . . . . . 25 + 5.3. Operational Challenges . . . . . . . . . . . . . . . . . 25 + 5.3.1. Group Membership and Security . . . . . . . . . . . . 26 + 5.3.2. Mobility and IP Network Dynamics . . . . . . . . . . 27 + 5.4. Secure Software Update and Cryptographic Agility . . . . 27 + 5.5. End-of-Life . . . . . . . . . . . . . . . . . . . . . . . 30 + 5.6. Verifying Device Behavior . . . . . . . . . . . . . . . . 30 + 5.7. Testing: Bug Hunting and Vulnerabilities . . . . . . . . 31 + 5.8. Quantum-Resistance . . . . . . . . . . . . . . . . . . . 32 + 5.9. Privacy Protection . . . . . . . . . . . . . . . . . . . 33 + 5.10. Reverse-Engineering Considerations . . . . . . . . . . . 34 + 5.11. Trustworthy IoT Operation . . . . . . . . . . . . . . . . 35 + 6. Conclusions and Next Steps . . . . . . . . . . . . . . . . . 36 + 7. Security Considerations . . . . . . . . . . . . . . . . . . . 36 + 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 36 + 9. Informative References . . . . . . . . . . . . . . . . . . . 37 + Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 50 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 50 + + + + + + + + + + + + + + + + + +Garcia-Morchon, et al. Informational [Page 3] + +RFC 8576 IoT Security April 2019 + + +1. Introduction + + The Internet of Things (IoT) denotes the interconnection of highly + heterogeneous networked entities and networks that follow a number of + different communication patterns, such as: human-to-human (H2H), + human-to-thing (H2T), thing-to-thing (T2T), or thing-to-things + (T2Ts). The term "IoT" was first coined in 1999 by the Auto-ID + center [AUTO-ID], which had envisioned a world where every physical + object has a radio-frequency identification (RFID) tag with a + globally unique identifier. This would not only allow tracking of + objects in real time but also allow querying of data about them over + the Internet. However, since then, the meaning of the Internet of + Things has expanded and now encompasses a wide variety of + technologies, objects, and protocols. It is not surprising that the + IoT has received significant attention from the research community to + (re)design, apply, and use standard Internet technology and protocols + for the IoT. + + The things that are part of the Internet of Things are computing + devices that understand and react to the environment they reside in. + These things are also often referred to as smart objects or smart + devices. The introduction of IPv6 [RFC6568] and CoAP [RFC7252] as + fundamental building blocks for IoT applications allows connecting + IoT hosts to the Internet. This brings several advantages, + including: (i) a homogeneous protocol ecosystem that allows simple + integration with other Internet hosts; (ii) simplified development + for devices that significantly vary in their capabilities; (iii) a + unified interface for applications, removing the need for + application-level proxies. These building blocks greatly simplify + the deployment of the envisioned scenarios, which range from building + automation to production environments and personal area networks. + + This document presents an overview of important security aspects for + the Internet of Things. We begin by discussing the lifecycle of a + thing in Section 2. In Section 3, we discuss security threats for + the IoT and methodologies for managing these threats when designing a + secure system. Section 4 reviews existing IP-based (security) + protocols for the IoT and briefly summarizes existing guidelines and + regulations. Section 5 identifies remaining challenges for a secure + IoT and discusses potential solutions. Section 6 includes final + remarks and conclusions. This document can be used by IoT standards + specifications as a reference for details about security + considerations that apply to the specified system or protocol. + + The first draft version of this document was submitted in March 2011. + Initial draft versions of this document were presented and discussed + during the meetings of the Constrained RESTful Environments (CORE) + Working Group at IETF 80 and later. Discussions on security + + + +Garcia-Morchon, et al. Informational [Page 4] + +RFC 8576 IoT Security April 2019 + + + lifecycle at IETF 92 (March 2015) evolved into more general security + considerations. Thus, the draft was selected to address the T2TRG + work item on the security considerations and challenges for the + Internet of Things. Further updates of the draft were presented and + discussed during the T2TRG meetings at IETF 96 (July 2016) and IETF + 97 (November 2016) and at the joint interim meeting in Amsterdam + (March 2017). This document has been reviewed by, commented on, and + discussed extensively for a period of nearly six years by a vast + majority of the T2TRG and related group members, the number of which + certainly exceeds 100 individuals. It is the consensus of T2TRG that + the security considerations described in this document should be + published in the IRTF Stream of the RFC series. This document does + not constitute a standard. + +2. The Thing Lifecycle + + The lifecycle of a thing refers to the operational phases of a thing + in the context of a given application or use case. Figure 1 shows + the generic phases of the lifecycle of a thing. This generic + lifecycle is applicable to very different IoT applications and + scenarios. For instance, [RFC7744] provides an overview of relevant + IoT use cases. + + In this document, we consider a Building Automation and Control (BAC) + system to illustrate the lifecycle and the meaning of these different + phases. A BAC system consists of a network of interconnected nodes + that performs various functions in the domains of Heating, + Ventilating, and Air Conditioning (HVAC), lighting, safety, etc. The + nodes vary in functionality, and a large majority of them represent + resource-constrained devices such as sensors and luminaries. Some + devices may be battery operated or may rely on energy harvesting. + This requires us to also consider devices that sleep during their + operation to save energy. In our BAC scenario, the life of a thing + starts when it is manufactured. Due to the different application + areas (i.e., HVAC, lighting, or safety), nodes/things are tailored to + a specific task. It is therefore unlikely that one single + manufacturer will create all nodes in a building. Hence, + interoperability as well as trust bootstrapping between nodes of + different vendors is important. + + The thing is later installed and commissioned within a network by an + installer during the bootstrapping phase. Specifically, the device + identity and the secret keys used during normal operation may be + provided to the device during this phase. Different subcontractors + may install different IoT devices for different purposes. + Furthermore, the installation and bootstrapping procedures may not be + a discrete event and may stretch over an extended period. After + being bootstrapped, the device and the system of things are in + + + +Garcia-Morchon, et al. Informational [Page 5] + +RFC 8576 IoT Security April 2019 + + + operational mode and execute the functions of the BAC system. During + this operational phase, the device is under the control of the system + owner and used by multiple system users. For devices with lifetimes + spanning several years, occasional maintenance cycles may be + required. During each maintenance phase, the software on the device + can be upgraded, or applications running on the device can be + reconfigured. The maintenance tasks can be performed either locally + or from a backend system. Depending on the operational changes to + the device, it may be required to rebootstrap at the end of a + maintenance cycle. The device continues to loop through the + operational phase and the eventual maintenance phases until the + device is decommissioned at the end of its lifecycle. However, the + end-of-life of a device does not necessarily mean that it is + defective; rather, it denotes a need to replace and upgrade the + network to next-generation devices for additional functionality. + Therefore, the device can be removed and recommissioned to be used in + a different system under a different owner, thereby starting the + lifecycle all over again. + + We note that the presented lifecycle represents to some extent a + simplified model. For instance, it is possible to argue that the + lifecycle does not start when a tangible device is manufactured but + rather when the oldest bit of code that ends up in the device -- + maybe from an open-source project or the operating system -- was + written. Similarly, the lifecycle could also include an on-the-shelf + phase where the device is in the supply chain before an owner/user + purchases and installs it. Another phase could involve the device + being rebadged by some vendor who is not the original manufacturer. + Such phases can significantly complicate other phases such as + maintenance and bootstrapping. Finally, other potential end states + can be, e.g., a vendor that no longer supports a device type because + it is at the end of its life or a situation in which a device is + simply forgotten but remains functional. + + + + + + + + + + + + + + + + + + +Garcia-Morchon, et al. Informational [Page 6] + +RFC 8576 IoT Security April 2019 + + + _Manufactured _SW update _Decommissioned + / / / + | _Installed | _ Application | _Removed & + | / | / reconfigured | / replaced + | | _Commissioned | | | | + | | / | | | | _Reownership & + | | | _Application | | _Application | | / recommissioned + | | | / running | | / running | | | + | | | | | | | | | | \\ + +##+##+###+#############+##+##+#############+##+##+##############>>> + \/ \______________/ \/ \_____________/ \___/ time // + / / \ \ \ + Bootstrapping / Maintenance & \ Maintenance & + / rebootstrapping \ rebootstrapping + Operational Operational + + Figure 1: The Lifecycle of a Thing in the Internet of Things + + Security is a key requirement in any communication system. However, + security is an even more critical requirement in real-world IoT + deployments for several reasons. First, compromised IoT systems can + not only endanger the privacy and security of a user but can also + cause physical harm. This is because IoT systems often comprise + sensors, actuators, and other connected devices in the physical + environment of the user that could adversely affect the user if they + are compromised. Second, a vulnerable IoT system means that an + attacker can alter the functionality of a device from a given + manufacturer. This not only affects the manufacturer's brand image + but can also leak information that is very valuable for the + manufacturer (such as proprietary algorithms). Third, the impact of + attacking an IoT system goes beyond a specific device or an isolated + system, since compromised IoT systems can be misused at scale. For + example, they may be used to perform a Distributed Denial of Service + (DDoS) attack that limits the availability of other networks and + services. The fact that many IoT systems rely on standard IP + protocols allows for easier system integration, but this also makes + attacks on standard IP protocols widely applicable in other + environments. This results in new requirements regarding the + implementation of security. + + The term "security" subsumes a wide range of primitives, protocols, + and procedures. For instance, it includes services such as + confidentiality, authentication, integrity, authorization, source + authentication, and availability. It often also includes augmented + services such as duplicate detection and detection of stale packets + (timeliness). These security services can be implemented through a + combination of cryptographic mechanisms such as block ciphers, hash + functions, and signature algorithms, as well as noncryptographic + + + +Garcia-Morchon, et al. Informational [Page 7] + +RFC 8576 IoT Security April 2019 + + + mechanisms that implement authorization and other aspects of + security-policy enforcement. For ensuring security in IoT networks, + one should not only focus on the required security services but also + pay special attention to how the services are realized in the overall + system. + +3. Security Threats and Managing Risk + + Security threats in related IP protocols have been analyzed in + multiple documents, including Hypertext Transfer Protocol (HTTP) over + Transport Layer Security (TLS) (HTTPS) [RFC2818], Constrained + Application Protocol (CoAP) [RFC7252], IPv6 over Low-Power Wireless + Personal Area Networks (6LoWPAN) [RFC4919], Access Node Control + Protocol (ANCP) [RFC5713], Domain Name System (DNS) [RFC3833], IPv6 + Neighbor Discovery (ND) [RFC3756], and Protocol for Carrying + Authentication and Network Access (PANA) [RFC4016]. In this section, + we specifically discuss the threats that could compromise an + individual thing or the network as a whole. Some of these threats + might go beyond the scope of Internet protocols, but we gather them + here for the sake of completeness. The threats in the following list + are not in any particular order, and some threats might be more + critical than others, depending on the deployment scenario under + consideration: + + 1. Vulnerable software/code: Things in the Internet of Things rely + on software that might contain severe bugs and/or bad design + choices. This makes the things vulnerable to many different + types of attacks, depending on the criticality of the bugs, + e.g., buffer overflows or lack of authentication. This can be + considered one of the most important security threats. The + large-scale Distributed Denial of Service (DDoS) attack, + popularly known as the Mirai botnet [Mirai], was caused by + things that had well-known or easy-to-guess passwords for + configuration. + + 2. Privacy threat: The tracking of a thing's location and usage may + pose a privacy risk to people around it. For instance, an + attacker can infer privacy-sensitive information from the data + gathered and communicated by individual things. Such + information may subsequently be sold to interested parties for + marketing purposes and targeted advertising. In extreme cases, + such information might be used to track dissidents in oppressive + regimes. Unlawful surveillance and interception of traffic to/ + from a thing by intelligence agencies is also a privacy threat. + + 3. Cloning of things: During the manufacturing process of a thing, + an untrusted factory can easily clone the physical + characteristics, firmware/software, or security configuration of + + + +Garcia-Morchon, et al. Informational [Page 8] + +RFC 8576 IoT Security April 2019 + + + the thing. Deployed things might also be compromised and their + software reverse engineered, allowing for cloning or software + modifications. Such a cloned thing may be sold at a cheaper + price in the market and yet can function normally as a genuine + thing. For example, two cloned devices can still be associated + and work with each other. In the worst-case scenario, a cloned + device can be used to control a genuine device or perform an + attack. One should note here that an untrusted factory may also + change functionality of the cloned thing, resulting in degraded + functionality with respect to the genuine thing (thereby + inflicting potential damage to the reputation of the original + thing manufacturer). Moreover, additional functionality can be + introduced in the cloned thing. An example of such + functionality is a backdoor. + + 4. Malicious substitution of things: During the installation of a + thing, a genuine thing may be replaced by a similar variant (of + lower quality) without being detected. The main motivation may + be cost savings, where the installation of lower-quality things + (for example, noncertified products) may significantly reduce + the installation and operational costs. The installers can + subsequently resell the genuine things to gain further financial + benefits. Another motivation may be to inflict damage to the + reputation of a competitor's offerings. + + 5. Eavesdropping attack: During the commissioning of a thing into a + network, it may be susceptible to eavesdropping, especially if + operational keying materials, security parameters, or + configuration settings are exchanged in the clear using a + wireless medium or if used cryptographic algorithms are not + suitable for the envisioned lifetime of the device and the + system. After obtaining the keying material, the attacker might + be able to recover the secret keys established between the + communicating entities, thereby compromising the authenticity + and confidentiality of the communication channel, as well as the + authenticity of commands and other traffic exchanged over this + communication channel. When the network is in operation, T2T + communication can be eavesdropped if the communication channel + is not sufficiently protected or if a session key is compromised + due to protocol weaknesses. An adversary may also be able to + eavesdrop if keys are not renewed or updated appropriately. + Lastly, messages can also be recorded and decrypted offline at a + later point of time. The VENONA project [venona-project] is one + such example where messages were recorded for offline + decryption. + + + + + + +Garcia-Morchon, et al. Informational [Page 9] + +RFC 8576 IoT Security April 2019 + + + 6. Man-in-the-middle attack: Both the commissioning and operational + phases may be vulnerable to man-in-the-middle attacks. For + example, when keying material between communicating entities is + exchanged in the clear, the security of the key establishment + protocol depends on the tacit assumption that no third party can + eavesdrop during the execution of this protocol. Additionally, + device authentication or device authorization may be nontrivial + or need the support of a human decision process, since things + usually do not have a priori knowledge about each other and + cannot always differentiate friends and foes via completely + automated mechanisms. + + 7. Firmware attacks: When a thing is in operation or maintenance + phase, its firmware or software may be updated to allow for new + functionality or new features. An attacker may be able to + exploit such a firmware upgrade by maliciously replacing the + thing's firmware, thereby influencing its operational behavior. + For example, an attacker could add a piece of malicious code to + the firmware that will cause it to periodically report the + energy usage of the thing to a data repository for analysis. + The attacker can then use this information to determine when a + home or enterprise (where the thing is installed) is unoccupied + and break in. Similarly, devices whose software has not been + properly maintained and updated might contain vulnerabilities + that might be exploited by attackers to replace the firmware on + the device. + + 8. Extraction of private information: IoT devices (such as sensors, + actuators, etc.) are often physically unprotected in their + ambient environment, and they could easily be captured by an + attacker. An attacker with physical access may then attempt to + extract private information such as keys (for example, a group + key or the device's private key), data from sensors (for + example, healthcare status of a user), configuration parameters + (for example, the Wi-Fi key), or proprietary algorithms (for + example, the algorithm performing some data analytics task). + Even when the data originating from a thing is encrypted, + attackers can perform traffic analysis to deduce meaningful + information, which might compromise the privacy of the thing's + owner and/or user. + + + + + + + + + + + +Garcia-Morchon, et al. Informational [Page 10] + +RFC 8576 IoT Security April 2019 + + + 9. Routing attack: As highlighted in [Daniel], routing information + in IoT networks can be spoofed, altered, or replayed, in order + to create routing loops, attract/repel network traffic, extend/ + shorten source routes, etc. A nonexhaustive list of routing + attacks includes: + + a. Sinkhole attack (or blackhole attack), where an attacker + declares himself to have a high-quality route/path to the + base station, thus allowing him to do manipulate all packets + passing through it. + + b. Selective forwarding, where an attacker may selectively + forward packets or simply drop a packet. + + c. Wormhole attack, where an attacker may record packets at one + location in the network and tunnel them to another location, + thereby influencing perceived network behavior and + potentially distorting statistics, thus greatly impacting + the functionality of routing. + + d. Sybil attack, whereby an attacker presents multiple + identities to other things in the network. We refer to + [Daniel] for further router attacks and a more detailed + description. + + 10. Elevation of privilege: An attacker with low privileges can + misuse additional flaws in the implemented authentication and + authorization mechanisms of a thing to gain more privileged + access to the thing and its data. + + 11. Denial of Service (DoS) attack: Often things have very limited + memory and computation capabilities. Therefore, they are + vulnerable to resource-exhaustion attack. Attackers can + continuously send requests to specific things so as to deplete + their resources. This is especially dangerous in the Internet + of Things since an attacker might be located in the backend and + target resource-constrained devices that are part of a + constrained-node network [RFC7228]. A DoS attack can also be + launched by physically jamming the communication channel. + Network availability can also be disrupted by flooding the + network with a large number of packets. On the other hand, + things compromised by attackers can be used to disrupt the + operation of other networks or systems by means of a Distributed + DoS (DDoS) attack. + + + + + + + +Garcia-Morchon, et al. Informational [Page 11] + +RFC 8576 IoT Security April 2019 + + + To deal with the above threats, it is required to find and apply + suitable security mitigations. However, new threats and exploits + appear on a daily basis, and products are deployed in different + environments prone to different types of threats. Thus, ensuring a + proper level of security in an IoT system at any point of time is + challenging. To address this challenge, some of the following + methodologies can be used: + + 1. A Business Impact Analysis (BIA) assesses the consequences of the + loss of basic security attributes: confidentiality, integrity, + and availability in an IoT system. These consequences might + include the impact from lost data, reduced sales, increased + expenses, regulatory fines, customer dissatisfaction, etc. + Performing a business impact analysis allows a business to + determine the relevance of having a proper security design. + + 2. A Risk Assessment (RA) analyzes security threats to an IoT system + while considering their likelihood and impact. It also includes + categorizing each of them with a risk level. Risks classified as + moderate or high must be mitigated, i.e., the security + architecture should be able to deal with those threats. + + 3. A Privacy Impact Assessment (PIA) aims at assessing the + Personally Identifiable Information (PII) that is collected, + processed, or used in an IoT system. By doing so, the goal is to + fulfill applicable legal requirements and determine the risks and + effects of manipulation and loss of PII. + + 4. Procedures for incident reporting and mitigation refer to the + methodologies that allow becoming aware of any security issues + that affect an IoT system. Furthermore, this includes steps + towards the actual deployment of patches that mitigate the + identified vulnerabilities. + + BIA, RA, and PIA should generally be realized during the creation of + a new IoT system or when deploying significant system/feature + upgrades. In general, it is recommended to reassess them on a + regular basis, taking into account new use cases and/or threats. The + way a BIA, RA, or PIA is performed depends on the environment and the + industry. More information can be found in NIST documents such as + [NISTSP800-34r1], [NISTSP800-30r1], and [NISTSP800-122]. + + + + + + + + + + +Garcia-Morchon, et al. Informational [Page 12] + +RFC 8576 IoT Security April 2019 + + +4. State of the Art + + This section is organized as follows. Section 4.1 summarizes the + state of the art on IP-based IoT systems, within both the IETF and + other standardization bodies. Section 4.2 summarizes the state of + the art on IP-based security protocols and their usage. Section 4.3 + discusses guidelines and regulations for securing IoT as proposed by + other bodies. Note that the references included in this section are + a representative of the state of the art at the point of writing, and + they are by no means exhaustive. The references are also at varying + levels of maturity; thus, it is advisable to review their specific + status. + +4.1. IP-Based IoT Protocols and Standards + + Nowadays, there exists a multitude of control protocols for IoT. For + BAC systems, the ZigBee standard [ZB], BACNet [BACNET], and DALI + [DALI] play key roles. Recent trends, however, focus on an all-IP + approach for system control. + + In this setting, a number of IETF working groups are designing new + protocols for resource-constrained networks of smart things. The + 6LoWPAN Working Group [WG-6LoWPAN], for example, has defined methods + and protocols for the efficient transmission and adaptation of IPv6 + packets over IEEE 802.15.4 networks [RFC4944]. + + The CoRE Working Group [WG-CoRE] has specified the Constrained + Application Protocol (CoAP) [RFC7252]. CoAP is a RESTful protocol + for constrained devices that is modeled after HTTP and typically runs + over UDP to enable efficient application-level communication for + things. ("RESTful" refers to the Representational State Transfer + (REST) architecture.) + + In many smart-object networks, the smart objects are dispersed and + have intermittent reachability either because of network outages or + because they sleep during their operational phase to save energy. In + such scenarios, direct discovery of resources hosted on the + constrained server might not be possible. To overcome this barrier, + the CoRE Working Group is specifying the concept of a Resource + Directory (RD) [RD]. The Resource Directory hosts descriptions of + resources that are located on other nodes. These resource + descriptions are specified as CoRE link format [RFC6690]. + + While CoAP defines a standard communication protocol, a format for + representing sensor measurements and parameters over CoAP is + required. "Sensor Measurement Lists (SenML)" [RFC8428] is a + specification that defines media types for simple sensor measurements + and parameters. It has a minimalistic design so that constrained + + + +Garcia-Morchon, et al. Informational [Page 13] + +RFC 8576 IoT Security April 2019 + + + devices with limited computational capabilities can easily encode + their measurements and, at the same time, servers can efficiently + collect a large number of measurements. + + In many IoT deployments, the resource-constrained smart objects are + connected to the Internet via a gateway that is directly reachable. + For example, an IEEE 802.11 Access Point (AP) typically connects the + client devices to the Internet over just one wireless hop. However, + some deployments of smart-object networks require routing between the + smart objects themselves. The IETF has therefore defined the IPv6 + Routing Protocol for Low-Power and Lossy Networks (RPL) [RFC6550]. + RPL provides support for multipoint-to-point traffic from resource- + constrained smart objects towards a more resourceful central control + point, as well as point-to-multipoint traffic in the reverse + direction. It also supports point-to-point traffic between the + resource-constrained devices. A set of routing metrics and + constraints for path calculation in RPL are also specified [RFC6551]. + + The IPv6 over Networks of Resource-constrained Nodes (6lo) Working + Group of the IETF [WG-6lo] has specified how IPv6 packets can be + transmitted over various link-layer protocols that are commonly + employed for resource-constrained smart-object networks. There is + also ongoing work to specify IPv6 connectivity for a Non-Broadcast + Multi-Access (NBMA) mesh network that is formed by IEEE 802.15.4 + Time-Slotted Channel Hopping (TSCH) links [ARCH-6TiSCH]. Other link- + layer protocols for which the IETF has specified or is currently + specifying IPv6 support include Bluetooth [RFC7668], Digital Enhanced + Cordless Telecommunications (DECT) Ultra Low Energy (ULE) air + interface [RFC8105], and Near Field Communication (NFC) + [IPv6-over-NFC]. + + Baker and Meyer [RFC6272] identify which IP protocols can be used in + smart-grid environments. They give advice to smart-grid network + designers on how they can decide on a profile of the Internet + protocol suite for smart-grid networks. + + The Low Power Wide-Area Network (LPWAN) Working Group [WG-LPWAN] is + analyzing features, requirements, and solutions to adapt IP-based + protocols to networks such as LoRa [LoRa], Sigfox [sigfox], NB-IoT + [NB-IoT], etc. These networking technologies enable a smart thing to + run for years on a single coin-cell by relying on a star network + topology and using optimized radio modulation with frame sizes in the + order of tens of bytes. Such networks bring new security challenges, + since most existing security mechanism do not work well with such + resource constraints. + + + + + + +Garcia-Morchon, et al. Informational [Page 14] + +RFC 8576 IoT Security April 2019 + + + JavaScript Object Notation (JSON) is a lightweight text- + representation format for structured data [RFC8259]. It is often + used for transmitting serialized structured data over the network. + The IETF has defined specifications for encoding cryptographic keys, + encrypted content, signed content, and claims to be transferred + between two parties as JSON objects. They are referred to as JSON + Web Keys (JWKs) [RFC7517], JSON Web Encryption (JWE) [RFC7516], JSON + Web Signatures (JWSs) [RFC7515], and JSON Web Token (JWT) [RFC7519]. + + An alternative to JSON, Concise Binary Object Representation (CBOR) + [RFC7049], is a concise binary data format that is used for + serialization of structured data. It is designed for resource- + constrained nodes, and therefore it aims to provide a fairly small + message size with minimal implementation code and extensibility + without the need for version negotiation. CBOR Object Signing and + Encryption (COSE) [RFC8152] specifies how to encode cryptographic + keys, message authentication codes, encrypted content, and signatures + with CBOR. + + The Light-Weight Implementation Guidance (LWIG) Working Group + [WG-LWIG] is collecting experiences from implementers of IP stacks in + constrained devices. The working group has already produced + documents such as [RFC7815], which defines how a minimal Internet Key + Exchange Version 2 (IKEv2) initiator can be implemented. + + The Thing-2-Thing Research Group (T2TRG) [RG-T2TRG] is investigating + the remaining research issues that need to be addressed to quickly + turn the vision of IoT into a reality where resource-constrained + nodes can communicate with each other and with other more capable + nodes on the Internet. + + Additionally, industry alliances and other standardization bodies are + creating constrained IP protocol stacks based on the IETF work. Some + important examples of this include: + + 1. Thread [Thread]: Specifies the Thread protocol that is intended + for a variety of IoT devices. It is an IPv6-based network + protocol that runs over IEEE 802.15.4. + + 2. Industrial Internet Consortium [IIoT]: The consortium defines + reference architectures and security frameworks for development, + adoption, and widespread use of Industrial Internet technologies + based on existing IETF standards. + + 3. IPSO Alliance (which subsequently merged with OMA SpecWorks + [OMASpecWorks]): The alliance specifies a common object model + that enables application software on any device to interoperate + with other conforming devices. + + + +Garcia-Morchon, et al. Informational [Page 15] + +RFC 8576 IoT Security April 2019 + + + 4. OneM2M [OneM2M]: The standards body defines technical and API + specifications for IoT devices. It aims to create a service + layer that can run on any IoT device hardware and software. + + 5. Open Connectivity Foundation (OCF) [OCF]: The foundation develops + standards and certifications primarily for IoT devices that use + Constrained Application Protocol (CoAP) as the application-layer + protocol. + + 6. Fairhair Alliance [Fairhair]: Specifies an IoT middleware to + enable a common IP network infrastructure between different + application standards used in building automation and lighting + systems such as BACnet, KNX, and ZigBee. + + 7. OMA LwM2M [LWM2M]: OMA Lightweight M2M is a standard from the OMA + SpecWorks for M2M and IoT device management. LwM2M relies on + CoAP as the application-layer protocol and uses a RESTful + architecture for remote management of IoT devices. + +4.2. Existing IP-Based Security Protocols and Solutions + + There are three main security objectives for IoT networks: + + 1. protecting the IoT network from attackers + + 2. protecting IoT applications and thus the things and users + + 3. protecting the rest of the Internet and other things from attacks + that use compromised things as an attack platform + + In the context of the IP-based IoT deployments, consideration of + existing Internet security protocols is important. There are a wide + range of specialized as well as general-purpose security solutions + for the Internet domain, such as IKEv2/IPsec [RFC7296], Transport + Layer Security (TLS) [RFC8446], Datagram Transport Layer Security + (DTLS) [RFC6347], Host Identity Protocol (HIP) [RFC7401], PANA + [RFC5191], Kerberos [RFC4120], Simple Authentication and Security + Layer (SASL) [RFC4422], and Extensible Authentication Protocol (EAP) + [RFC3748]. + + TLS provides security for TCP and requires a reliable transport. + DTLS secures and uses datagram-oriented protocols such as UDP. Both + protocols are intentionally kept similar and share the same ideology + and cipher suites. The CoAP base specification [RFC7252] provides a + description of how DTLS can be used for securing CoAP. It proposes + three different modes for using DTLS: the PreSharedKey mode, where + nodes have pre-provisioned keys for initiating a DTLS session with + another node, RawPublicKey mode, where nodes have asymmetric-key + + + +Garcia-Morchon, et al. Informational [Page 16] + +RFC 8576 IoT Security April 2019 + + + pairs but no certificates to verify the ownership, and Certificate + mode, where public keys are certified by a certification authority. + An IoT implementation profile is defined for TLS version 1.2 and DTLS + version 1.2 that offers communication security for resource- + constrained nodes [RFC7925]. + + There is ongoing work to define an authorization and access-control + framework for resource-constrained nodes. The Authentication and + Authorization for Constrained Environments (ACE) Working Group + [WG-ACE] is defining a solution to allow only authorized access to + resources that are hosted on a smart-object server and identified by + a URI. The current proposal [ACE-OAuth] is based on the OAuth 2.0 + framework [RFC6749], and it comes with profiles intended for + different communication scenarios, e.g., "Datagram Transport Layer + Security (DTLS) Profile for Authentication and Authorization for + Constrained Environments (ACE)" [ACE-DTLS]. + + Object Security for Constrained RESTful Environments (OSCORE) + [OSCORE] is a proposal that protects CoAP messages by wrapping them + in the COSE format [RFC8152]. Thus, OSCORE falls in the category of + object security, and it can be applied wherever CoAP can be used. + The advantage of OSCORE over DTLS is that it provides some more + flexibility when dealing with end-to-end security. Section 5.1.3 + discusses this further. + + The Automated Certificate Management Environment (ACME) Working Group + [WG-ACME] is specifying conventions for automated X.509 certificate + management. This includes automatic validation of certificate + issuance, certificate renewal, and certificate revocation. While the + initial focus of the working group is on domain-name certificates (as + used by web servers), other uses in some IoT deployments are + possible. + + The Internet Key Exchange (IKEv2)/IPsec -- as well as the less used + Host Identity protocol (HIP) -- reside at or above the network layer + in the OSI model. Both protocols are able to perform an + authenticated key exchange and set up the IPsec for secure payload + delivery. Currently, there are also ongoing efforts to create a HIP + variant coined Diet HIP [HIP-DEX] that takes constrained networks and + nodes into account at the authentication and key-exchange level. + + Migault et al. [Diet-ESP] are working on a compressed version of + IPsec so that it can easily be used by resource-constrained IoT + devices. They rely on the Internet Key Exchange Protocol Version 2 + (IKEv2) for negotiating the compression format. + + The Extensible Authentication Protocol (EAP) [RFC3748] is an + authentication framework supporting multiple authentication methods. + + + +Garcia-Morchon, et al. Informational [Page 17] + +RFC 8576 IoT Security April 2019 + + + EAP runs directly over the data link layer and thus does not require + the deployment of IP. It supports duplicate detection and + retransmission but does not allow for packet fragmentation. PANA is + a network-layer transport for EAP that enables network access + authentication between clients and the network infrastructure. In + EAP terms, PANA is a UDP-based EAP lower layer that runs between the + EAP peer and the EAP authenticator. + +4.3. IoT Security Guidelines + + Attacks on and from IoT devices have become common in recent years -- + for instance, large-scale DoS attacks on the Internet Infrastructure + from compromised IoT devices. This fact has prompted many different + standards bodies and consortia to provide guidelines for developers + and the Internet community at large to build secure IoT devices and + services. The following is a subset of the different guidelines and + ongoing projects: + + 1. Global System for Mobile Communications Association (GSMA) IoT + security guidelines [GSMAsecurity]: GSMA has published a set of + security guidelines for the benefit of new IoT product and + service providers. The guidelines are aimed at device + manufacturers, service providers, developers, and network + operators. An enterprise can complete an IoT Security Self- + Assessment to demonstrate that its products and services are + aligned with the security guidelines of the GSMA. + + 2. Broadband Internet Technical Advisory Group (BITAG) IoT Security + and Privacy Recommendations [BITAG]: BITAG has published + recommendations for ensuring the security and privacy of IoT + device users. BITAG observes that many IoT devices are shipped + from the factory with software that is already outdated and + vulnerable. The report also states that many devices with + vulnerabilities will not be fixed, either because the + manufacturer does not provide updates or because the user does + not apply them. The recommendations include that IoT devices + should function without cloud and Internet connectivity and that + all IoT devices should have methods for automatic secure + software updates. + + 3. United Kingdom Department for Digital, Culture, Media and Sport + (DCMS) [DCMS]: UK DCMS has released a report that includes a + list of 13 steps for improving IoT security. These steps, for + example, highlight the need for implementing a vulnerability + disclosure policy and keeping software updated. The report is + aimed at device manufacturers, IoT service providers, mobile + application developers, and retailers. + + + + +Garcia-Morchon, et al. Informational [Page 18] + +RFC 8576 IoT Security April 2019 + + + 4. Cloud Security Alliance (CSA) New Security Guidance for Early + Adopters of the IoT [CSA]: CSA recommendations for early + adopters of IoT encourage enterprises to implement security at + different layers of the protocol stack. It also recommends + implementation of an authentication/authorization framework for + IoT deployments. A complete list of recommendations is + available in the report [CSA]. + + 5. United States Department of Homeland Security (DHS) [DHS]: DHS + has put forth six strategic principles that would enable IoT + developers, manufacturers, service providers, and consumers to + maintain security as they develop, manufacture, implement, or + use network-connected IoT devices. + + 6. National Institute of Standards and Technology (NIST) + [NIST-Guide]: The NIST special publication urges enterprise and + US federal agencies to address security throughout the systems + engineering process. The publication builds upon the + International Organization for Standardization + (ISO)/International Electrotechnical Commission (IEC) 15288 + standard and augments each process in the system lifecycle with + security enhancements. + + 7. National Institute of Standards and Technology (NIST) + [NIST-LW-PROJECT] [NIST-LW-2016]: NIST is running a project on + lightweight cryptography with the purpose of: (i) identifying + application areas for which standard cryptographic algorithms + are too heavy, classifying them according to some application + profiles to be determined; (ii) determining limitations in those + existing cryptographic standards; and (iii) standardizing + lightweight algorithms that can be used in specific application + profiles. + + 8. Open Web Application Security Project (OWASP) [OWASP]: OWASP + provides security guidance for IoT manufacturers, developers, + and consumers. OWASP also includes guidelines for those who + intend to test and analyze IoT devices and applications. + + 9. IoT Security Foundation [IoTSecFoundation]: The IoT Security + Foundation has published a document that enlists various + considerations that need to be taken into account when + developing IoT applications. For example, the document states + that IoT devices could use a hardware root of trust to ensure + that only authorized software runs on the devices. + + 10. National Highway Traffic Safety Administration (NHTSA) [NHTSA]: + The US NHTSA provides guidance to the automotive industry for + improving the cyber security of vehicles. While some of the + + + +Garcia-Morchon, et al. Informational [Page 19] + +RFC 8576 IoT Security April 2019 + + + guidelines are general, the document provides specific + recommendations for the automotive industry, such as how various + automotive manufacturers can share cybersecurity vulnerabilities + discovered. + + 11. "Best Current Practices for Securing Internet of Things (IoT) + Devices" [Moore]: This document provides a list of minimum + requirements that vendors of IoT devices should to take into + account while developing applications, services, and firmware + updates in order to reduce the frequency and severity of + security incidents that arise from compromised IoT devices. + + 12. European Union Agency for Network and Information Security + (ENISA) [ENISA-ICS]: ENISA published a document on + communication-network dependencies for Industrial Control + Systems (ICS)/Supervisory Control And Data Acquisition (SCADA) + systems in which security vulnerabilities, guidelines, and + general recommendations are summarized. + + 13. Internet Society Online Trust Alliance [ISOC-OTA]: The Internet + Society's IoT Trust Framework identifies the core requirements + that manufacturers, service providers, distributors, purchasers, + and policymakers need to understand, assess, and embrace for + effective security and privacy as part of the Internet of + Things. + + Other guideline and recommendation documents may exist or may later + be published. This list should be considered nonexhaustive. Despite + the acknowledgment that security in the Internet is needed and the + existence of multiple guidelines, the fact is that many IoT devices + and systems have very limited security. There are multiple reasons + for this. For instance, some manufacturers focus on delivering a + product without paying enough attention to security. This may be + because of lack of expertise or limited budget. However, the + deployment of such insecure devices poses a severe threat to the + privacy and safety of users. The vast number of devices and their + inherently mobile nature also imply that an initially secure system + can become insecure if a compromised device gains access to the + system at some point in time. Even if all other devices in a given + environment are secure, this does not prevent external attacks caused + by insecure devices. Recently, the US Federal Communications + Commission (FCC) has stated the need for additional regulation of IoT + systems [FCC]. It is possible that we may see other such regional + regulations in the future. + + + + + + + +Garcia-Morchon, et al. Informational [Page 20] + +RFC 8576 IoT Security April 2019 + + +5. Challenges for a Secure IoT + + In this section, we take a closer look at the various security + challenges in the operational and technical features of IoT and then + discuss how existing Internet security protocols cope with these + technical and conceptual challenges through the lifecycle of a thing. + This discussion should not be understood as a comprehensive + evaluation of all protocols, nor can it cover all possible aspects of + IoT security. Yet, it aims at showing concrete limitations and + challenges in some IoT design areas rather than giving an abstract + discussion. In this regard, the discussion handles issues that are + most important from the authors' perspectives. + +5.1. Constraints and Heterogeneous Communication + + Coupling resource-constrained networks and the powerful Internet is a + challenge, because the resulting heterogeneity of both networks + complicates protocol design and system operation. In the following + subsections, we briefly discuss the resource constraints of IoT + devices and the consequences for the use of Internet protocols in the + IoT domain. + +5.1.1. Resource Constraints + + IoT deployments are often characterized by lossy and low-bandwidth + communication channels. IoT devices are also often constrained in + terms of the CPU, memory, and energy budget available [RFC7228]. + These characteristics directly impact the design of protocols for the + IoT domain. For instance, small packet-size limits at the physical + layer (127 Bytes in IEEE 802.15.4) can lead to (i) hop-by-hop + fragmentation and reassembly or (ii) small IP-layer maximum + transmission unit (MTU). In the first case, excessive fragmentation + of large packets that are often required by security protocols may + open new attack vectors for state-exhaustion attacks. The second + case might lead to more fragmentation at the IP layer, which commonly + downgrades the overall system performance due to packet loss and the + need for retransmission. + + The size and number of messages should be minimized to reduce memory + requirements and optimize bandwidth usage. In this context, layered + approaches involving a number of protocols might lead to worse + performance in resource-constrained devices since they combine the + headers of the different protocols. In some settings, protocol + negotiation can increase the number of exchanged messages. To + improve performance during basic procedures such as, for example, + bootstrapping, it might be a good strategy to perform those + procedures at a lower layer. + + + + +Garcia-Morchon, et al. Informational [Page 21] + +RFC 8576 IoT Security April 2019 + + + Small CPUs and scarce memory limit the usage of resource-expensive + cryptographic primitives such as public key cryptography as used in + most Internet security standards. This is especially true if the + basic cryptographic blocks need to be frequently used or the + underlying application demands low delay. + + There are ongoing efforts to reduce the resource consumption of + security protocols by using more efficient underlying cryptographic + primitives such as Elliptic Curve Cryptography (ECC) [RFC8446]. The + specification of elliptic curve X25519 [ecc25519], stream ciphers + such as ChaCha [ChaCha], Diet HIP [HIP-DEX], and ECC groups for IKEv2 + [RFC5903] are all examples of efforts to make security protocols more + resource efficient. Additionally, most modern security protocols + have been revised in the last few years to enable cryptographic + agility, making cryptographic primitives interchangeable. However, + these improvements are only a first step in reducing the computation + and communication overhead of Internet protocols. The question + remains if other approaches can be applied to leverage key agreement + in these heavily resource-constrained environments. + + A further fundamental need refers to the limited energy budget + available to IoT nodes. Careful protocol (re)design and usage are + required to reduce not only the energy consumption during normal + operation but also under DoS attacks. Since the energy consumption + of IoT devices differs from other device classes, judgments on the + energy consumption of a particular protocol cannot be made without + tailor-made IoT implementations. + +5.1.2. Denial-of-Service Resistance + + The tight memory and processing constraints of things naturally + alleviate resource-exhaustion attacks. Especially in unattended T2T + communication, such attacks are difficult to notice before the + service becomes unavailable (for example, because of battery or + memory exhaustion). As a DoS countermeasure, DTLS, IKEv2, HIP, and + Diet HIP implement return routability checks based on a cookie + mechanism to delay the establishment of state at the responding host + until the address of the initiating host is verified. The + effectiveness of these defenses strongly depends on the routing + topology of the network. Return routability checks are particularly + effective if hosts cannot receive packets addressed to other hosts + and if IP addresses present meaningful information as is the case in + today's Internet. However, they are less effective in broadcast + media or when attackers can influence the routing and addressing of + hosts (for example, if hosts contribute to the routing infrastructure + in ad hoc networks and meshes). + + + + + +Garcia-Morchon, et al. Informational [Page 22] + +RFC 8576 IoT Security April 2019 + + + In addition, HIP implements a puzzle mechanism that can force the + initiator of a connection (and potential attacker) to solve + cryptographic puzzles with variable difficulties. Puzzle-based + defense mechanisms are less dependent on the network topology but + perform poorly if CPU resources in the network are heterogeneous (for + example, if a powerful Internet host attacks a thing). Increasing + the puzzle difficulty under attack conditions can easily lead to + situations where a powerful attacker can still solve the puzzle while + weak IoT clients cannot and are excluded from communicating with the + victim. Still, puzzle-based approaches are a viable option for + sheltering IoT devices against unintended overload caused by + misconfiguration or malfunctioning things. + +5.1.3. End-to-End Security, Protocol Translation, and the Role of + Middleboxes + + The term "end-to-end security" often has multiple interpretations. + Here, we consider end-to-end security in the context of end-to-end IP + connectivity from a sender to a receiver. Services such as + confidentiality and integrity protection on packet data, message + authentication codes, or encryption are typically used to provide + end-to-end security. These protection methods render the protected + parts of the packets immutable as rewriting is either not possible + because (i) the relevant information is encrypted and inaccessible to + the gateway or (ii) rewriting integrity-protected parts of the packet + would invalidate the end-to-end integrity protection. + + Protocols for constrained IoT networks are not exactly identical to + their larger Internet counterparts, for efficiency and performance + reasons. Hence, more or less subtle differences between protocols + for constrained IoT networks and Internet protocols will remain. + While these differences can be bridged with protocol translators at + middleboxes, they may become major obstacles if end-to-end security + measures between IoT devices and Internet hosts are needed. + + If access to data or messages by the middleboxes is required or + acceptable, then a diverse set of approaches for handling such a + scenario is available. Note that some of these approaches affect the + meaning of end-to-end security in terms of integrity and + confidentiality, since the middleboxes will be able to either decrypt + or partially modify the exchanged messages: + + 1. Sharing credentials with middleboxes enables them to transform + (for example, decompress, convert, etc.) packets and reapply the + security measures after transformation. This method abandons + end-to-end security and is only applicable to simple scenarios + with a rudimentary security model. + + + + +Garcia-Morchon, et al. Informational [Page 23] + +RFC 8576 IoT Security April 2019 + + + 2. Reusing the Internet wire format for IoT makes conversion between + IoT and Internet protocols unnecessary. However, it can lead to + poor performance in some use cases because IoT-specific + optimizations (for example, stateful or stateless compression) + are not possible. + + 3. Selectively protecting vital and immutable packet parts with a + message authentication code or encryption requires a careful + balance between performance and security. Otherwise, this + approach might either result in poor performance or poor + security, depending on which parts are selected for protection, + where they are located in the original packet, and how they are + processed. [OSCORE] proposes a solution in this direction by + encrypting and integrity protecting most of the message fields + except those parts that a middlebox needs to read or change. + + 4. Homomorphic encryption techniques can be used in the middlebox to + perform certain operations. However, this is limited to data + processing involving arithmetic operations. Furthermore, the + performance of existing libraries -- for example, Microsoft SEAL + [SEAL] -- is still too limited, and homomorphic encryption + techniques are not widely applicable yet. + + 5. Message authentication codes that sustain transformation can be + realized by considering the order of transformation and + protection (for example, by creating a signature before + compression so that the gateway can decompress the packet without + recalculating the signature). Such an approach enables IoT- + specific optimizations but is more complex and may require + application-specific transformations before security is applied. + Moreover, the usage of encrypted or integrity-protected data + prevents middleboxes from transforming packets. + + 6. Mechanisms based on object security can bridge the protocol + worlds but still require that the two worlds use the same object- + security formats. Currently, the object-security format based on + COSE [RFC8152] is different from JSON Object Signing and + Encryption (JOSE) [RFC7520] or Cryptographic Message Syntax (CMS) + [RFC5652]. Legacy devices relying on traditional Internet + protocols will need to update to the newer protocols for + constrained environments to enable real end-to-end security. + Furthermore, middleboxes do not have any access to the data, and + this approach does not prevent an attacker who is capable of + modifying relevant message header fields that are not protected. + + + + + + + +Garcia-Morchon, et al. Informational [Page 24] + +RFC 8576 IoT Security April 2019 + + + To the best of our knowledge, none of the mentioned security + approaches that focus on the confidentiality and integrity of the + communication exchange between two IP endpoints provide the perfect + solution in this problem space. + +5.1.4. New Network Architectures and Paradigm + + There is a multitude of new link-layer protocols that aim to address + the resource-constrained nature of IoT devices. For example, IEEE + 802.11ah [IEEE802ah] has been specified for extended range and lower + energy consumption to support IoT devices. Similarly, LPWAN + protocols such as LoRa [LoRa], Sigfox [sigfox], and NarrowBand IoT + (NB-IoT) [NB-IoT] are all designed for resource-constrained devices + that require long range and low bit rates. [RFC8376] provides an + informational overview of the set of LPWAN technologies being + considered by the IETF. It also identifies the potential gaps that + exist between the needs of those technologies and the goal of running + IP in such networks. While these protocols allow IoT devices to + conserve energy and operate efficiently, they also add additional + security challenges. For example, the relatively small MTU can make + security handshakes with large X509 certificates a significant + overhead. At the same time, new communication paradigms also allow + IoT devices to communicate directly amongst themselves with or + without support from the network. This communication paradigm is + also referred to as Device-to-Device (D2D), Machine-to-Machine (M2M), + or Thing-to-Thing (T2T) communication, and it is motivated by a + number of features such as improved network performance, lower + latency, and lower energy requirements. + +5.2. Bootstrapping of a Security Domain + + Creating a security domain from a set of previously unassociated IoT + devices is a key operation in the lifecycle of a thing in an IoT + network. This aspect is further elaborated and discussed in the + T2TRG draft on bootstrapping [BOOTSTRAP]. + +5.3. Operational Challenges + + After the bootstrapping phase, the system enters the operational + phase. During the operational phase, things can use the state + information created during the bootstrapping phase in order to + exchange information securely. In this section, we discuss the + security challenges during the operational phase. Note that many of + the challenges discussed in Section 5.1 apply during the operational + phase. + + + + + + +Garcia-Morchon, et al. Informational [Page 25] + +RFC 8576 IoT Security April 2019 + + +5.3.1. Group Membership and Security + + Group-key negotiation is an important security service for IoT + communication patterns in which a thing sends some data to multiple + things or data flows from multiple things towards a thing. All + discussed protocols only cover unicast communication and therefore do + not focus on group-key establishment. This applies in particular to + (D)TLS and IKEv2. Thus, a solution is required in this area. A + potential solution might be to use the Diffie-Hellman keys -- which + are used in IKEv2 and HIP to set up a secure unicast link -- for + group Diffie-Hellman key negotiations. However, Diffie-Hellman is a + relatively heavy solution, especially if the group is large. + + Symmetric and asymmetric keys can be used in group communication. + Asymmetric keys have the advantage that they can provide source + authentication. However, doing broadcast encryption with a single + public/private key pair is also not feasible. Although a single + symmetric key can be used to encrypt the communication or compute a + message authentication code, it has inherent risks since the capture + of a single node can compromise the key shared throughout the + network. The usage of symmetric keys also does not provide source + authentication. Another factor to consider is that asymmetric + cryptography is more resource-intensive than symmetric key solutions. + Thus, the security risks and performance trade-offs of applying + either symmetric or asymmetric keys to a given IoT use case need to + be well analyzed according to risk and usability assessments + [RFC8387]. [MULTICAST] is looking at a combination of + confidentiality using a group key and source authentication using + public keys in the same packet. + + Conceptually, solutions that provide secure group communication at + the network layer (IPsec/IKEv2, HIP/Diet HIP) may have an advantage + in terms of the cryptographic overhead when compared to application- + focused security solutions (TLS/DTLS). This is due to the fact that + application-focused solutions require cryptographic operations per + group application, whereas network-layer approaches may allow sharing + secure group associations between multiple applications (for example, + for neighbor discovery and routing or service discovery). Hence, + implementing shared features lower in the communication stack can + avoid redundant security measures. However, it is important to note + that sharing security contexts among different applications involves + potential security threats, e.g., if one of the applications is + malicious and monitors exchanged messages or injects fake messages. + In the case of OSCORE, it provides security for CoAP group + communication as defined in RFC 7390, i.e., based on multicast IP. + If the same security association is reused for each application, then + this solution does not seem to have more cryptographic overhead + compared to IPsec. + + + +Garcia-Morchon, et al. Informational [Page 26] + +RFC 8576 IoT Security April 2019 + + + Several group-key solutions have been developed by the MSEC Working + Group of the IETF [WG-MSEC]. The MIKEY architecture [RFC4738] is one + example. While these solutions are specifically tailored for + multicast and group-broadcast applications in the Internet, they + should also be considered as candidate solutions for group-key + agreement in IoT. The MIKEY architecture, for example, describes a + coordinator entity that disseminates symmetric keys over pair-wise + end-to-end secured channels. However, such a centralized approach + may not be applicable in a distributed IoT environment, where the + choice of one or several coordinators and the management of the group + key is not trivial. + +5.3.2. Mobility and IP Network Dynamics + + It is expected that many things (for example, user devices and + wearable sensors) will be mobile in the sense that they are attached + to different networks during the lifetime of a security association. + Built-in mobility signaling can greatly reduce the overhead of the + cryptographic protocols because unnecessary and costly re- + establishments of the session (possibly including handshake and key + agreement) can be avoided. IKEv2 supports host mobility with the + MOBIKE extension [RFC4555] [RFC4621]. MOBIKE refrains from applying + heavyweight cryptographic extensions for mobility. However, MOBIKE + mandates the use of IPsec tunnel mode, which requires the + transmission of an additional IP header in each packet. + + HIP offers simple yet effective mobility management by allowing hosts + to signal changes to their associations [RFC8046]. However, slight + adjustments might be necessary to reduce the cryptographic costs -- + for example, by making the public key signatures in the mobility + messages optional. Diet HIP does not define mobility yet, but it is + sufficiently similar to HIP and can use the same mechanisms. DTLS + provides some mobility support by relying on a connection ID (CID). + The use of connection IDs can provide all the mobility functionality + described in [Williams] except sending the updated location. The + specific need for IP-layer mobility mainly depends on the scenario in + which the nodes operate. In many cases, mobility supported by means + of a mobile gateway may suffice to enable mobile IoT networks, such + as body-sensor networks. Using message-based application-layer + security solutions such as OSCORE [OSCORE] can also alleviate the + problem of re-establishing lower-layer sessions for mobile nodes. + +5.4. Secure Software Update and Cryptographic Agility + + IoT devices are often expected to stay functional for several years + or decades, even though they might operate unattended with direct + Internet connectivity. Software updates for IoT devices are + therefore required not only for new functionality but also to + + + +Garcia-Morchon, et al. Informational [Page 27] + +RFC 8576 IoT Security April 2019 + + + eliminate security vulnerabilities due to software bugs, design + flaws, or deprecated algorithms. Software bugs might remain even + after careful code review. Implementations of security protocols + might contain (design) flaws. Cryptographic algorithms can also + become insecure due to advances in cryptanalysis. Therefore, it is + necessary that devices that are incapable of verifying a + cryptographic signature are not exposed to the Internet, even + indirectly. + + In his essay, Schneier highlights several challenges that hinder + mechanisms for secure software update of IoT devices + [SchneierSecurity]. First, there is a lack of incentives for + manufacturers, vendors, and others on the supply chain to issue + updates for their devices. Second, parts of the software running on + IoT devices is simply a binary blob without any source code + available. Since the complete source code is not available, no + patches can be written for that piece of code. Lastly, Schneier + points out that even when updates are available, users generally have + to manually download and install them. However, users are never + alerted about security updates, and many times do not have the + necessary expertise to manually administer the required updates. + + The US Federal Trade Commission (FTC) staff report on "Internet of + Things - Privacy & Security in a Connected World" [FTCreport] and the + Article 29 Working Party's "Opinion 8/2014 on the Recent Developments + on the Internet of Things" [Article29] also document the challenges + for secure remote software update of IoT devices. They note that + even providing such a software-update capability may add new + vulnerabilities for constrained devices. For example, a buffer + overflow vulnerability in the implementation of a software update + protocol (TR69) [TR69] and an expired certificate in a hub device + [wink] demonstrate how the software-update process itself can + introduce vulnerabilities. + + Powerful IoT devices that run general-purpose operating systems can + make use of sophisticated software-update mechanisms known from the + desktop world. However, resource-constrained devices typically do + not have any operating system and are often not equipped with a + memory management unit or similar tools. Therefore, they might + require more specialized solutions. + + An important requirement for secure software and firmware updates is + source authentication. Source authentication requires the resource- + constrained things to implement public key signature verification + algorithms. As stated in Section 5.1.1, resource-constrained things + have limited computational capabilities and energy supply available, + which can hinder the amount and frequency of cryptographic processing + that they can perform. In addition to source authentication, + + + +Garcia-Morchon, et al. Informational [Page 28] + +RFC 8576 IoT Security April 2019 + + + software updates might require confidential delivery over a secure + (encrypted) channel. The complexity of broadcast encryption can + force the usage of point-to-point secure links; however, this + increases the duration of a software update in a large system. + Alternatively, it may force the usage of solutions in which the + software update is delivered to a gateway and then distributed to the + rest of the system with a network key. Sending large amounts of data + that later needs to be assembled and verified over a secure channel + can consume a lot of energy and computational resources. Correct + scheduling of the software updates is also a crucial design + challenge. For example, a user of connected light bulbs would not + want them to update and restart at night. More importantly, the user + would not want all the lights to update at the same time. + + Software updates in IoT systems are also needed to update old and + insecure cryptographic primitives. However, many IoT systems, some + of which are already deployed, are not designed with provisions for + cryptographic agility. For example, many devices come with a + wireless radio that has an AES128 hardware coprocessor. These + devices solely rely on the coprocessor for encrypting and + authenticating messages. A software update adding support for new + cryptographic algorithms implemented solely in software might not fit + on these devices due to limited memory, or might drastically hinder + its operational performance. This can lead to the use of old and + insecure software. Therefore, it is important to account for the + fact that cryptographic algorithms would need to be updated and + consider the following when planning for cryptographic agility: + + 1. Would it be secure to use the existing cryptographic algorithms + available on the device for updating with new cryptographic + algorithms that are more secure? + + 2. Will the new software-based implementation fit on the device + given the limited resources? + + 3. Would the normal operation of existing IoT applications on the + device be severely hindered by the update? + + Finally, we would like to highlight the previous and ongoing work in + the area of secure software and firmware updates at the IETF. + [RFC4108] describes how Cryptographic Message Syntax (CMS) [RFC5652] + can be used to protect firmware packages. The IAB has also organized + a workshop to understand the challenges for secure software update of + IoT devices. A summary of the recommendations to the standards + community derived from the discussions during that workshop have been + documented [RFC8240]. A working group called Software Updates for + Internet of Things (SUIT) [WG-SUIT] is currently working on a new + specification to reflect the best current practices for firmware + + + +Garcia-Morchon, et al. Informational [Page 29] + +RFC 8576 IoT Security April 2019 + + + update based on experience from IoT deployments. It is specifically + working on describing an IoT firmware update architecture and + specifying a manifest format that contains metadata about the + firmware update package. Finally, the Trusted Execution Environment + Provisioning Working Group [WG-TEEP] aims at developing a protocol + for lifecycle management of trusted applications running on the + secure area of a processor (Trusted Execution Environment (TEE)). + +5.5. End-of-Life + + Like all commercial devices, IoT devices have a given useful + lifetime. The term "end-of-life" (EOL) is used by vendors or network + operators to indicate the point of time at which they limit or end + support for the IoT device. This may be planned or unplanned (for + example, when the manufacturer goes bankrupt, the vendor just decides + to abandon a product, or a network operator moves to a different type + of networking technology). A user should still be able to use and + perhaps even update the device. This requires for some form of + authorization handover. + + Although this may seem far-fetched given the commercial interests and + market dynamics, we have examples from the mobile world where the + devices have been functional and up to date long after the original + vendor stopped supporting the device. CyanogenMod for Android + devices and OpenWrt for home routers are two such instances where + users have been able to use and update their devices even after the + official EOL. Admittedly, it is not easy for an average user to + install and configure their devices on their own. With the + deployment of millions of IoT devices, simpler mechanisms are needed + to allow users to add new trust anchors [RFC6024] and install + software and firmware from other sources once the device is EOL. + +5.6. Verifying Device Behavior + + Users using new IoT appliances such as Internet-connected smart + televisions, speakers, and cameras are often unaware that these + devices can undermine their privacy. Recent revelations have shown + that many IoT device vendors have been collecting sensitive private + data through these connected appliances with or without appropriate + user warnings [cctv]. + + An IoT device's user/owner would like to monitor and verify its + operational behavior. For instance, the user might want to know if + the device is connecting to the server of the manufacturer for any + reason. This feature -- connecting to the manufacturer's server -- + may be necessary in some scenarios, such as during the initial + configuration of the device. However, the user should be kept aware + + + + +Garcia-Morchon, et al. Informational [Page 30] + +RFC 8576 IoT Security April 2019 + + + of the data that the device is sending back to the vendor. For + example, the user might want to know if his/her TV is sending data + when he/she inserts a new USB stick. + + Providing such information to the users in an understandable fashion + is challenging. This is because IoT devices are not only resource + constrained in terms of their computational capability but also in + terms of the user interface available. Also, the network + infrastructure where these devices are deployed will vary + significantly from one user environment to another. Therefore, where + and how this monitoring feature is implemented still remains an open + question. + + Manufacturer Usage Description (MUD) files [RFC8520] are perhaps a + first step towards implementation of such a monitoring service. The + idea behind MUD files is relatively simple: IoT devices would + disclose the location of their MUD file to the network during + installation. The network can then retrieve those files and learn + about the intended behavior of the devices stated by the device + manufacturer. A network-monitoring service could then warn the user/ + owner of devices if they don't behave as expected. + + Many devices and software services that automatically learn and + monitor the behavior of different IoT devices in a given network are + commercially available. Such monitoring devices/services can be + configured by the user to limit network traffic and trigger alarms + when unexpected operation of IoT devices is detected. + +5.7. Testing: Bug Hunting and Vulnerabilities + + Given that IoT devices often have inadvertent vulnerabilities, both + users and developers would want to perform extensive testing on their + IoT devices, networks, and systems. Nonetheless, since the devices + are resource constrained and manufactured by multiple vendors, some + of them very small, devices might be shipped with very limited + testing, so that bugs can remain and can be exploited at a later + stage. This leads to two main types of challenges: + + 1. It remains to be seen how the software-testing and quality- + assurance mechanisms used from the desktop and mobile world will + be applied to IoT devices to give end users the confidence that + the purchased devices are robust. Bodies such as the European + Cyber Security Organization (ECSO) [ECSO] are working on + processes for security certification of IoT devices. + + 2. It is also an open question how the combination of devices from + multiple vendors might actually lead to dangerous network + configurations -- for example, if the combination of specific + + + +Garcia-Morchon, et al. Informational [Page 31] + +RFC 8576 IoT Security April 2019 + + + devices can trigger unexpected behavior. It is needless to say + that the security of the whole system is limited by its weakest + point. + +5.8. Quantum-Resistance + + Many IoT systems that are being deployed today will remain + operational for many years. With the advancements made in the field + of quantum computers, it is possible that large-scale quantum + computers will be available in the future for performing + cryptanalysis on existing cryptographic algorithms and cipher suites. + If this happens, it will have two consequences. First, + functionalities enabled by means of primitives such as RSA or ECC -- + namely, key exchange, public key encryption, and signature -- would + not be secure anymore due to Shor's algorithm. Second, the security + level of symmetric algorithms will decrease, for example, the + security of a block cipher with a key size of b bits will only offer + b/2 bits of security due to Grover's algorithm. + + The above scenario becomes more urgent when we consider the so-called + "harvest and decrypt" attack in which an attacker can start to + harvest (store) encrypted data today, before a quantum computer is + available, and decrypt it years later, once a quantum computer is + available. Such "harvest and decrypt" attacks are not new and were + used in the VENONA project [venona-project]. Many IoT devices that + are being deployed today will remain operational for a decade or even + longer. During this time, digital signatures used to sign software + updates might become obsolete, making the secure update of IoT + devices challenging. + + This situation would require us to move to quantum-resistant + alternatives -- in particular, for those functionalities involving + key exchange, public key encryption, and signatures. [C2PQ] + describes when quantum computers may become widely available and what + steps are necessary for transitioning to cryptographic algorithms + that provide security even in the presence of quantum computers. + While future planning is hard, it may be a necessity in certain + critical IoT deployments that are expected to last decades or more. + Although increasing the key size of the different algorithms is + definitely an option, it would also incur additional computational + overhead and network traffic. This would be undesirable in most + scenarios. There have been recent advancements in quantum-resistant + cryptography. We refer to [ETSI-GR-QSC-001] for an extensive + overview of existing quantum-resistant cryptography, and [RFC7696] + provides guidelines for cryptographic algorithm agility. + + + + + + +Garcia-Morchon, et al. Informational [Page 32] + +RFC 8576 IoT Security April 2019 + + +5.9. Privacy Protection + + People will eventually be surrounded by hundreds of connected IoT + devices. Even if the communication links are encrypted and + protected, information about people might still be collected or + processed for different purposes. The fact that IoT devices in the + vicinity of people might enable more pervasive monitoring can + negatively impact their privacy. For instance, imagine the scenario + where a static presence sensor emits a packet due to the presence or + absence of people in its vicinity. In such a scenario, anyone who + can observe the packet can gather critical privacy-sensitive + information. + + Such information about people is referred to as personal data in the + European Union (EU) or Personally identifiable information (PII) in + the US. In particular, the General Data Protection Regulation (GDPR) + [GDPR] defines personal data as: "any information relating to an + identified or identifiable natural person ('data subject'); an + identifiable natural person is one who can be identified, directly or + indirectly, in particular by reference to an identifier such as a + name, an identification number, location data, an online identifier + or to one or more factors specific to the physical, physiological, + genetic, mental, economic, cultural or social identity of that + natural person". + + Ziegeldorf [Ziegeldorf] defines privacy in IoT as a threefold + guarantee: + + 1. Awareness of the privacy risks imposed by IoT devices and + services. This awareness is achieved by means of transparent + practices by the data controller, i.e., the entity that is + providing IoT devices and/or services. + + 2. Individual control over the collection and processing of personal + information by IoT devices and services. + + 3. Awareness and control of the subsequent use and dissemination of + personal information by data controllers to any entity outside + the subject's personal control sphere. This point implies that + the data controller must be accountable for its actions on the + personal information. + + Based on this definition, several threats to the privacy of users + have been documented [Ziegeldorf] [RFC6973], in particular + considering the IoT environment and its lifecycle: + + 1. Identification - refers to the identification of the users, their + IoT devices, and generated data. + + + +Garcia-Morchon, et al. Informational [Page 33] + +RFC 8576 IoT Security April 2019 + + + 2. Localization - relates to the capability of locating a user and + even tracking them, e.g., by tracking MAC addresses in Wi-Fi or + Bluetooth. + + 3. Profiling - is about creating a profile of the user and their + preferences. + + 4. Interaction - occurs when a user has been profiled and a given + interaction is preferred, presenting (for example, visually) some + information that discloses private information. + + 5. Lifecycle transitions - take place when devices are, for example, + sold without properly removing private data. + + 6. Inventory attacks - happen if specific information about IoT + devices in possession of a user is disclosed. + + 7. Linkage - is about when information of two of more IoT systems + (or other data sets) is combined so that a broader view of the + personal data captured can be created. + + When IoT systems are deployed, the above issues should be considered + to ensure that private data remains private. These issues are + particularly challenging in environments in which multiple users with + different privacy preferences interact with the same IoT devices. + For example, an IoT device controlled by user A (low privacy + settings) might leak private information about another user B (high + privacy settings). How to deal with these threats in practice is an + area of ongoing research. + +5.10. Reverse-Engineering Considerations + + Many IoT devices are resource constrained and often deployed in + unattended environments. Some of these devices can also be purchased + off the shelf or online without any credential-provisioning process. + Therefore, an attacker can have direct access to the device and apply + advanced techniques to retrieve information that a traditional black- + box model does not consider. Examples of those techniques are side- + channel attacks or code disassembly. By doing this, the attacker can + try to retrieve data such as: + + 1. Long-term keys. These long-term keys can be extracted by means + of a side-channel attack or reverse engineering. If these keys + are exposed, then they might be used to perform attacks on + devices deployed in other locations. + + + + + + +Garcia-Morchon, et al. Informational [Page 34] + +RFC 8576 IoT Security April 2019 + + + 2. Source code. Extraction of source code might allow the attacker + to determine bugs or find exploits to perform other types of + attacks. The attacker might also just sell the source code. + + 3. Proprietary algorithms. The attacker can analyze these + algorithms gaining valuable know-how. The attacker can also + create copies of the product (based on those proprietary + algorithms) or modify the algorithms to perform more advanced + attacks. + + 4. Configuration or personal data. The attacker might be able to + read personal data, e.g., healthcare data, that has been stored + on a device. + + One existing solution to prevent such data leaks is the use of a + secure element, a tamper-resistant device that is capable of securely + hosting applications and their confidential data. Another potential + solution is the usage of a Physical Unclonable Function (PUF) that + serves as unique digital fingerprint of a hardware device. PUFs can + also enable other functionalities such as secure key storage. + Protection against such data leakage patterns is not trivial since + devices are inherently resource-constrained. An open question is + whether there are any viable techniques to protect IoT devices and + the data in the devices in such an adversarial model. + +5.11. Trustworthy IoT Operation + + Flaws in the design and implementation of IoT devices and networks + can lead to security vulnerabilities. A common flaw is the use of + well-known or easy-to-guess passwords for configuration of IoT + devices. Many such compromised IoT devices can be found on the + Internet by means of tools such as Shodan [shodan]. Once discovered, + these compromised devices can be exploited at scale -- for example, + to launch DDoS attacks. Dyn, a major DNS service provider, was + attacked by means of a DDoS attack originating from a large IoT + botnet composed of thousands of compromised IP cameras [Dyn-Attack]. + There are several open research questions in this area: + + 1. How to avoid vulnerabilities in IoT devices that can lead to + large-scale attacks? + + 2. How to detect sophisticated attacks against IoT devices? + + 3. How to prevent attackers from exploiting known vulnerabilities at + a large scale? + + + + + + +Garcia-Morchon, et al. Informational [Page 35] + +RFC 8576 IoT Security April 2019 + + + Some ideas are being explored to address this issue. One of the + approaches relies on the use of Manufacturer Usage Description (MUD) + files [RFC8520]. As explained earlier, this proposal requires IoT + devices to disclose the location of their MUD file to the network + during installation. The network can then (i) retrieve those files, + (ii) learn from the manufacturers the intended usage of the devices + (for example, which services they need to access), and then (iii) + create suitable filters and firewall rules. + +6. Conclusions and Next Steps + + This document provides IoT security researchers, system designers, + and implementers with an overview of security requirements in the IP- + based Internet of Things. We discuss the security threats, state of + the art, and challenges. + + Although plenty of steps have been realized during the last few years + (summarized in Section 4.1) and many organizations are publishing + general recommendations describing how IoT should be secured + (Section 4.3), there are many challenges ahead that require further + attention. Challenges of particular importance are bootstrapping of + security, group security, secure software updates, long-term security + and quantum-resistance, privacy protection, data leakage prevention + -- where data could be cryptographic keys, personal data, or even + algorithms -- and ensuring trustworthy IoT operation. + + Authors of new IoT specifications and implementers need to consider + how all the security challenges discussed in this document (and those + that emerge later) affect their work. The authors of IoT + specifications need to put in a real effort towards not only + addressing the security challenges but also clearly documenting how + the security challenges are addressed. This would reduce the chances + of security vulnerabilities in the code written by implementers of + those specifications. + +7. Security Considerations + + This entire memo deals with security issues. + +8. IANA Considerations + + This document has no IANA actions. + + + + + + + + + +Garcia-Morchon, et al. Informational [Page 36] + +RFC 8576 IoT Security April 2019 + + +9. Informative References + + [ACE-DTLS] Gerdes, S., Bergmann, O., Bormann, C., Selander, G., and + L. Seitz, "Datagram Transport Layer Security (DTLS) + Profile for Authentication and Authorization for + Constrained Environments (ACE)", Work in Progress, + draft-ietf-ace-dtls-authorize-08, April 2019. + + [ACE-OAuth] + Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and + H. Tschofenig, "Authentication and Authorization for + Constrained Environments (ACE) using the OAuth 2.0 + Framework (ACE-OAuth)", Work in Progress, draft-ietf-ace- + oauth-authz-24, March 2019. + + [ARCH-6TiSCH] + Thubert, P., "An Architecture for IPv6 over the TSCH mode + of IEEE 802.15.4", Work in Progress, draft-ietf-6tisch- + architecture-20, March 2019. + + [Article29] + Article 29 Data Protection Working Party, "Opinion 8/2014 + on the Recent Developments on the Internet of Things", + WP 223, September 2014, <https://ec.europa.eu/justice/ + article-29/documentation/opinion- + recommendation/files/2014/wp223_en.pdf>. + + [AUTO-ID] "Auto-ID Labs", September 2010, + <https://www.autoidlabs.org/>. + + [BACNET] American Society of Heating, Refrigerating and Air- + Conditioning Engineers (ASHRAE), "BACnet", February 2011, + <http://www.bacnet.org>. + + [BITAG] Broadband Internet Technical Advisory Group, "Internet of + Things (IoT) Security and Privacy Recommendations", + November 2016, <https://www.bitag.org/report-internet-of- + things-security-privacy-recommendations.php>. + + [BOOTSTRAP] + Sarikaya, B., Sethi, M., and D. Garcia-Carillo, "Secure + IoT Bootstrapping: A Survey", Work in Progress, + draft-sarikaya-t2trg-sbootstrapping-06, January 2019. + + [C2PQ] Hoffman, P., "The Transition from Classical to Post- + Quantum Cryptography", Work in Progress, draft-hoffman- + c2pq-04, August 2018. + + + + +Garcia-Morchon, et al. Informational [Page 37] + +RFC 8576 IoT Security April 2019 + + + [cctv] "Backdoor In MVPower DVR Firmware Sends CCTV Stills To an + Email Address In China", February 2016, + <https://hardware.slashdot.org/story/16/02/17/0422259/ + backdoor-in-mvpower-dvr-firmware-sends-cctv-stills-to-an- + email-address-in-china>. + + [ChaCha] Bernstein, D., "ChaCha, a variant of Salsa20", January + 2008, <http://cr.yp.to/chacha/chacha-20080128.pdf>. + + [CSA] Cloud Security Alliance Mobile Working Group, "Security + Guidance for Early Adopters of the Internet of Things + (IoT)", April 2015, + <https://downloads.cloudsecurityalliance.org/whitepapers/S + ecurity_Guidance_for_Early_Adopters_of_the_Internet_of_Thi + ngs.pdf>. + + [DALI] DALIbyDesign, "DALI Explained", February 2011, + <http://www.dalibydesign.us/dali.html>. + + [Daniel] Park, S., Kim, K., Haddad, W., Chakrabarti, S., and J. + Laganier, "IPv6 over Low Power WPAN Security Analysis", + Work in Progress, draft-daniel-6lowpan-security-analysis- + 05, March 2011. + + [DCMS] UK Department for Digital Culture, Media & Sport, "Secure + by Design: Improving the cyber security of consumer + Internet of Things Report", March 2018, + <https://www.gov.uk/government/publications/ + secure-by-design-report>. + + [DHS] U.S. Department of Homeland Security, "Strategic + Principles For Securing the Internet of Things (IoT)", + November 2016, + <https://www.dhs.gov/sites/default/files/publications/ + Strategic_Principles_for_Securing_the_Internet_of_Things- + 2016-1115-FINAL....pdf>. + + [Diet-ESP] Migault, D., Guggemos, T., Bormann, C., and D. Schinazi, + "ESP Header Compression and Diet-ESP", Work in Progress, + draft-mglt-ipsecme-diet-esp-07, March 2019. + + [Dyn-Attack] + Oracle Dyn, "Dyn Analysis Summary Of Friday October 21 + Attack", October 2016, <https://dyn.com/blog/ + dyn-analysis-summary-of-friday-october-21-attack/>. + + + + + + +Garcia-Morchon, et al. Informational [Page 38] + +RFC 8576 IoT Security April 2019 + + + [ecc25519] Bernstein, D., "Curve25519: new Diffie-Hellman speed + records", February 2006, + <https://cr.yp.to/ecdh/curve25519-20060209.pdf>. + + [ECSO] "European Cyber Security Organisation", + <https://www.ecs-org.eu/>. + + [ENISA-ICS] + European Union Agency for Network and Information + Security, "Communication network dependencies for ICS/ + SCADA Systems", February 2017, + <https://www.enisa.europa.eu/publications/ + ics-scada-dependencies>. + + [ETSI-GR-QSC-001] + European Telecommunications Standards Institute (ETSI), + "Quantum-Safe Cryptography (QSC); Quantum-safe algorithmic + framework", ETSI GR QSC 001, July 2016, + <https://www.etsi.org/deliver/etsi_gr/ + QSC/001_099/001/01.01.01_60/gr_qsc001v010101p.pdf>. + + [Fairhair] "The Fairhair Alliance", + <https://www.fairhair-alliance.org/>. + + [FCC] US Federal Communications Commission, Chairman Tom Wheeler + to Senator Mark Warner, December 2016, + <https://docs.fcc.gov/public/attachments/ + DOC-342761A1.pdf>. + + [FTCreport] + US Federal Trade Commission, "FTC Report on Internet of + Things Urges Companies to Adopt Best Practices to Address + Consumer Privacy and Security Risks", January 2015, + <https://www.ftc.gov/news-events/press-releases/2015/01/ + ftc-report-internet-things-urges-companies-adopt-best- + practices>. + + [GDPR] "The EU General Data Protection Regulation", + <https://www.eugdpr.org>. + + [GSMAsecurity] + "GSMA IoT Security Guidelines and Assessment", + <http://www.gsma.com/connectedliving/future-iot-networks/ + iot-security-guidelines>. + + [HIP-DEX] Moskowitz, R. and R. Hummen, "HIP Diet EXchange (DEX)", + Work in Progress, draft-ietf-hip-dex-06, December 2017. + + + + +Garcia-Morchon, et al. Informational [Page 39] + +RFC 8576 IoT Security April 2019 + + + [IEEE802ah] + IEEE, "Status of Project IEEE 802.11ah", IEEE P802.11 - + Task Group AH - Meeting Update, + <http://www.ieee802.org/11/Reports/tgah_update.htm>. + + [IIoT] "Industrial Internet Consortium", + <http://www.iiconsortium.org>. + + [IoTSecFoundation] + Internet of Things Security Foundation, "Establishing + Principles for Internet of Things Security", + <https://iotsecurityfoundation.org/establishing- + principles-for-internet-of-things-security>. + + [IPv6-over-NFC] + Choi, Y., Hong, Y., Youn, J., Kim, D., and J. Choi, + "Transmission of IPv6 Packets over Near Field + Communication", Work in Progress, draft-ietf-6lo-nfc-13, + February 2019. + + [ISOC-OTA] Internet Society, "Online Trust Alliance (OTA)", + <https://www.internetsociety.org/ota/>. + + [LoRa] "LoRa Alliance", <https://www.lora-alliance.org/>. + + [LWM2M] OMA SpecWorks, "Lightweight M2M (LWM2M)", + <http://openmobilealliance.org/iot/lightweight-m2m-lwm2m>. + + [Mirai] Kolias, C., Kambourakis, G., Stavrou, A., and J. Voas,, + "DDoS in the IoT: Mirai and Other Botnets", Computer, + Vol. 50, Issue 7, DOI 10.1109/MC.2017.201, July 2017, + <https://ieeexplore.ieee.org/document/7971869>. + + [Moore] Moore, K., Barnes, R., and H. Tschofenig, "Best Current + Practices for Securing Internet of Things (IoT) Devices", + Work in Progress, draft-moore-iot-security-bcp-01, July + 2017. + + [MULTICAST] + Tiloca, M., Selander, G., Palombini, F., and J. Park, + "Group OSCORE - Secure Group Communication for CoAP", Work + in Progress, draft-ietf-core-oscore-groupcomm-04, March + 2019. + + [NB-IoT] Qualcomm Incorporated, "New Work Item: NarrowBand IOT (NB- + IOT)", September 2015, + <http://www.3gpp.org/ftp/tsg_ran/TSG_RAN/TSGR_69/Docs/ + RP-151621.zip>. + + + +Garcia-Morchon, et al. Informational [Page 40] + +RFC 8576 IoT Security April 2019 + + + [NHTSA] National Highway Traffic Safety Administration, + "Cybersecurity Best Practices for Modern Vehicles", Report + No. DOT HS 812 333, October 2016, + <https://www.nhtsa.gov/staticfiles/nvs/ + pdf/812333_CybersecurityForModernVehicles.pdf>. + + [NIST-Guide] + Ross, R., McEvilley, M., and J. Oren, "Systems Security + Engineering: Considerations for a Multidisciplinary + Approach in the Engineering of Trustworthy Secure + Systems", NIST Special Publication 800-160, + DOI 10.6028/NIST.SP.800-160, November 2016, + <http://nvlpubs.nist.gov/nistpubs/SpecialPublications/ + NIST.SP.800\ -160.pdf>. + + [NIST-LW-2016] + Sonmez Turan, M., "NIST's Lightweight Crypto Project", + October 2016, <https://www.nist.gov/sites/default/files/ + documents/2016/10/17/ + sonmez-turan-presentation-lwc2016.pdf>. + + [NIST-LW-PROJECT] + NIST, "Lightweight Cryptography", <https://www.nist.gov/ + programs-projects/lightweight-cryptography>. + + [NISTSP800-122] + McCallister, E., Grance, T., and K. Scarfone, "Guide to + Protecting the Confidentiality of Personally Identifiable + Information (PII)", NIST Special Publication 800-122, + April 2010, <https://nvlpubs.nist.gov/nistpubs/legacy/sp/ + nistspecialpublication800-122.pdf>. + + [NISTSP800-30r1] + National Institute of Standards and Technology, "Guide for + Conducting Risk Assessments", NIST Special + Publication 800-30 Revision 1, September 2012, + <https://nvlpubs.nist.gov/nistpubs/Legacy/SP/ + nistspecialpublication800-30r1.pdf>. + + [NISTSP800-34r1] + Swanson, M., Bowen, P., Phillips, A., Gallup, D., and D. + Lynes, "Contingency Planning Guide for Federal Information + Systems", NIST Special Publication 800-34 Revision 1, May + 2010, <https://nvlpubs.nist.gov/nistpubs/Legacy/SP/ + nistspecialpublication800-34r1.pdf>. + + [OCF] "Open Connectivity Foundation", + <https://openconnectivity.org/>. + + + +Garcia-Morchon, et al. Informational [Page 41] + +RFC 8576 IoT Security April 2019 + + + [OMASpecWorks] + "OMA SpecWorks", + <https://www.omaspecworks.org/ipso-alliance>. + + [OneM2M] "OneM2M", <http://www.onem2m.org>. + + [OSCORE] Selander, G., Mattsson, J., Palombini, F., and L. Seitz, + "Object Security for Constrained RESTful Environments + (OSCORE)", Work in Progress, draft-ietf-core-object- + security-16, March 2019. + + [OWASP] The OWASP Foundation, "IoT Security Guidance", February + 2017, + <https://www.owasp.org/index.php/IoT_Security_Guidance>. + + [RD] Shelby, Z., Koster, M., Bormann, C., Stok, P., and C. + Amsuess, Ed., "CoRE Resource Directory", Work in + Progress, draft-ietf-core-resource-directory-20, March + 2019. + + [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, + DOI 10.17487/RFC2818, May 2000, + <https://www.rfc-editor.org/info/rfc2818>. + + [RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. + Levkowetz, Ed., "Extensible Authentication Protocol + (EAP)", RFC 3748, DOI 10.17487/RFC3748, June 2004, + <https://www.rfc-editor.org/info/rfc3748>. + + [RFC3756] Nikander, P., Ed., Kempf, J., and E. Nordmark, "IPv6 + Neighbor Discovery (ND) Trust Models and Threats", + RFC 3756, DOI 10.17487/RFC3756, May 2004, + <https://www.rfc-editor.org/info/rfc3756>. + + [RFC3833] Atkins, D. and R. Austein, "Threat Analysis of the Domain + Name System (DNS)", RFC 3833, DOI 10.17487/RFC3833, August + 2004, <https://www.rfc-editor.org/info/rfc3833>. + + [RFC4016] Parthasarathy, M., "Protocol for Carrying Authentication + and Network Access (PANA) Threat Analysis and Security + Requirements", RFC 4016, DOI 10.17487/RFC4016, March 2005, + <https://www.rfc-editor.org/info/rfc4016>. + + [RFC4108] Housley, R., "Using Cryptographic Message Syntax (CMS) to + Protect Firmware Packages", RFC 4108, + DOI 10.17487/RFC4108, August 2005, + <https://www.rfc-editor.org/info/rfc4108>. + + + + +Garcia-Morchon, et al. Informational [Page 42] + +RFC 8576 IoT Security April 2019 + + + [RFC4120] Neuman, C., Yu, T., Hartman, S., and K. Raeburn, "The + Kerberos Network Authentication Service (V5)", RFC 4120, + DOI 10.17487/RFC4120, July 2005, + <https://www.rfc-editor.org/info/rfc4120>. + + [RFC4422] Melnikov, A., Ed. and K. Zeilenga, Ed., "Simple + Authentication and Security Layer (SASL)", RFC 4422, + DOI 10.17487/RFC4422, June 2006, + <https://www.rfc-editor.org/info/rfc4422>. + + [RFC4555] Eronen, P., "IKEv2 Mobility and Multihoming Protocol + (MOBIKE)", RFC 4555, DOI 10.17487/RFC4555, June 2006, + <https://www.rfc-editor.org/info/rfc4555>. + + [RFC4621] Kivinen, T. and H. Tschofenig, "Design of the IKEv2 + Mobility and Multihoming (MOBIKE) Protocol", RFC 4621, + DOI 10.17487/RFC4621, August 2006, + <https://www.rfc-editor.org/info/rfc4621>. + + [RFC4738] Ignjatic, D., Dondeti, L., Audet, F., and P. Lin, "MIKEY- + RSA-R: An Additional Mode of Key Distribution in + Multimedia Internet KEYing (MIKEY)", RFC 4738, + DOI 10.17487/RFC4738, November 2006, + <https://www.rfc-editor.org/info/rfc4738>. + + [RFC4919] Kushalnagar, N., Montenegro, G., and C. Schumacher, "IPv6 + over Low-Power Wireless Personal Area Networks (6LoWPANs): + Overview, Assumptions, Problem Statement, and Goals", + RFC 4919, DOI 10.17487/RFC4919, August 2007, + <https://www.rfc-editor.org/info/rfc4919>. + + [RFC4944] Montenegro, G., Kushalnagar, N., Hui, J., and D. Culler, + "Transmission of IPv6 Packets over IEEE 802.15.4 + Networks", RFC 4944, DOI 10.17487/RFC4944, September 2007, + <https://www.rfc-editor.org/info/rfc4944>. + + [RFC5191] Forsberg, D., Ohba, Y., Ed., Patil, B., Tschofenig, H., + and A. Yegin, "Protocol for Carrying Authentication for + Network Access (PANA)", RFC 5191, DOI 10.17487/RFC5191, + May 2008, <https://www.rfc-editor.org/info/rfc5191>. + + [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, + RFC 5652, DOI 10.17487/RFC5652, September 2009, + <https://www.rfc-editor.org/info/rfc5652>. + + + + + + + +Garcia-Morchon, et al. Informational [Page 43] + +RFC 8576 IoT Security April 2019 + + + [RFC5713] Moustafa, H., Tschofenig, H., and S. De Cnodder, "Security + Threats and Security Requirements for the Access Node + Control Protocol (ANCP)", RFC 5713, DOI 10.17487/RFC5713, + January 2010, <https://www.rfc-editor.org/info/rfc5713>. + + [RFC5903] Fu, D. and J. Solinas, "Elliptic Curve Groups modulo a + Prime (ECP Groups) for IKE and IKEv2", RFC 5903, + DOI 10.17487/RFC5903, June 2010, + <https://www.rfc-editor.org/info/rfc5903>. + + [RFC6024] Reddy, R. and C. Wallace, "Trust Anchor Management + Requirements", RFC 6024, DOI 10.17487/RFC6024, October + 2010, <https://www.rfc-editor.org/info/rfc6024>. + + [RFC6272] Baker, F. and D. Meyer, "Internet Protocols for the Smart + Grid", RFC 6272, DOI 10.17487/RFC6272, June 2011, + <https://www.rfc-editor.org/info/rfc6272>. + + [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer + Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, + January 2012, <https://www.rfc-editor.org/info/rfc6347>. + + [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., + Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, + JP., and R. Alexander, "RPL: IPv6 Routing Protocol for + Low-Power and Lossy Networks", RFC 6550, + DOI 10.17487/RFC6550, March 2012, + <https://www.rfc-editor.org/info/rfc6550>. + + [RFC6551] Vasseur, JP., Ed., Kim, M., Ed., Pister, K., Dejean, N., + and D. Barthel, "Routing Metrics Used for Path Calculation + in Low-Power and Lossy Networks", RFC 6551, + DOI 10.17487/RFC6551, March 2012, + <https://www.rfc-editor.org/info/rfc6551>. + + [RFC6568] Kim, E., Kaspar, D., and JP. Vasseur, "Design and + Application Spaces for IPv6 over Low-Power Wireless + Personal Area Networks (6LoWPANs)", RFC 6568, + DOI 10.17487/RFC6568, April 2012, + <https://www.rfc-editor.org/info/rfc6568>. + + [RFC6690] Shelby, Z., "Constrained RESTful Environments (CoRE) Link + Format", RFC 6690, DOI 10.17487/RFC6690, August 2012, + <https://www.rfc-editor.org/info/rfc6690>. + + [RFC6749] Hardt, D., Ed., "The OAuth 2.0 Authorization Framework", + RFC 6749, DOI 10.17487/RFC6749, October 2012, + <https://www.rfc-editor.org/info/rfc6749>. + + + +Garcia-Morchon, et al. Informational [Page 44] + +RFC 8576 IoT Security April 2019 + + + [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., + Morris, J., Hansen, M., and R. Smith, "Privacy + Considerations for Internet Protocols", RFC 6973, + DOI 10.17487/RFC6973, July 2013, + <https://www.rfc-editor.org/info/rfc6973>. + + [RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object + Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049, + October 2013, <https://www.rfc-editor.org/info/rfc7049>. + + [RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for + Constrained-Node Networks", RFC 7228, + DOI 10.17487/RFC7228, May 2014, + <https://www.rfc-editor.org/info/rfc7228>. + + [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained + Application Protocol (CoAP)", RFC 7252, + DOI 10.17487/RFC7252, June 2014, + <https://www.rfc-editor.org/info/rfc7252>. + + [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. + Kivinen, "Internet Key Exchange Protocol Version 2 + (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October + 2014, <https://www.rfc-editor.org/info/rfc7296>. + + [RFC7401] Moskowitz, R., Ed., Heer, T., Jokela, P., and T. + Henderson, "Host Identity Protocol Version 2 (HIPv2)", + RFC 7401, DOI 10.17487/RFC7401, April 2015, + <https://www.rfc-editor.org/info/rfc7401>. + + [RFC7515] Jones, M., Bradley, J., and N. Sakimura, "JSON Web + Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May + 2015, <https://www.rfc-editor.org/info/rfc7515>. + + [RFC7516] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", + RFC 7516, DOI 10.17487/RFC7516, May 2015, + <https://www.rfc-editor.org/info/rfc7516>. + + [RFC7517] Jones, M., "JSON Web Key (JWK)", RFC 7517, + DOI 10.17487/RFC7517, May 2015, + <https://www.rfc-editor.org/info/rfc7517>. + + [RFC7519] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token + (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015, + <https://www.rfc-editor.org/info/rfc7519>. + + + + + + +Garcia-Morchon, et al. Informational [Page 45] + +RFC 8576 IoT Security April 2019 + + + [RFC7520] Miller, M., "Examples of Protecting Content Using JSON + Object Signing and Encryption (JOSE)", RFC 7520, + DOI 10.17487/RFC7520, May 2015, + <https://www.rfc-editor.org/info/rfc7520>. + + [RFC7668] Nieminen, J., Savolainen, T., Isomaki, M., Patil, B., + Shelby, Z., and C. Gomez, "IPv6 over BLUETOOTH(R) Low + Energy", RFC 7668, DOI 10.17487/RFC7668, October 2015, + <https://www.rfc-editor.org/info/rfc7668>. + + [RFC7696] Housley, R., "Guidelines for Cryptographic Algorithm + Agility and Selecting Mandatory-to-Implement Algorithms", + BCP 201, RFC 7696, DOI 10.17487/RFC7696, November 2015, + <https://www.rfc-editor.org/info/rfc7696>. + + [RFC7744] Seitz, L., Ed., Gerdes, S., Ed., Selander, G., Mani, M., + and S. Kumar, "Use Cases for Authentication and + Authorization in Constrained Environments", RFC 7744, + DOI 10.17487/RFC7744, January 2016, + <https://www.rfc-editor.org/info/rfc7744>. + + [RFC7815] Kivinen, T., "Minimal Internet Key Exchange Version 2 + (IKEv2) Initiator Implementation", RFC 7815, + DOI 10.17487/RFC7815, March 2016, + <https://www.rfc-editor.org/info/rfc7815>. + + [RFC7925] Tschofenig, H., Ed. and T. Fossati, "Transport Layer + Security (TLS) / Datagram Transport Layer Security (DTLS) + Profiles for the Internet of Things", RFC 7925, + DOI 10.17487/RFC7925, July 2016, + <https://www.rfc-editor.org/info/rfc7925>. + + [RFC8046] Henderson, T., Ed., Vogt, C., and J. Arkko, "Host Mobility + with the Host Identity Protocol", RFC 8046, + DOI 10.17487/RFC8046, February 2017, + <https://www.rfc-editor.org/info/rfc8046>. + + [RFC8105] Mariager, P., Petersen, J., Ed., Shelby, Z., Van de Logt, + M., and D. Barthel, "Transmission of IPv6 Packets over + Digital Enhanced Cordless Telecommunications (DECT) Ultra + Low Energy (ULE)", RFC 8105, DOI 10.17487/RFC8105, May + 2017, <https://www.rfc-editor.org/info/rfc8105>. + + [RFC8152] Schaad, J., "CBOR Object Signing and Encryption (COSE)", + RFC 8152, DOI 10.17487/RFC8152, July 2017, + <https://www.rfc-editor.org/info/rfc8152>. + + + + + +Garcia-Morchon, et al. Informational [Page 46] + +RFC 8576 IoT Security April 2019 + + + [RFC8240] Tschofenig, H. and S. Farrell, "Report from the Internet + of Things Software Update (IoTSU) Workshop 2016", + RFC 8240, DOI 10.17487/RFC8240, September 2017, + <https://www.rfc-editor.org/info/rfc8240>. + + [RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data + Interchange Format", STD 90, RFC 8259, + DOI 10.17487/RFC8259, December 2017, + <https://www.rfc-editor.org/info/rfc8259>. + + [RFC8376] Farrell, S., Ed., "Low-Power Wide Area Network (LPWAN) + Overview", RFC 8376, DOI 10.17487/RFC8376, May 2018, + <https://www.rfc-editor.org/info/rfc8376>. + + [RFC8387] Sethi, M., Arkko, J., Keranen, A., and H. Back, "Practical + Considerations and Implementation Experiences in Securing + Smart Object Networks", RFC 8387, DOI 10.17487/RFC8387, + May 2018, <https://www.rfc-editor.org/info/rfc8387>. + + [RFC8428] Jennings, C., Shelby, Z., Arkko, J., Keranen, A., and C. + Bormann, "Sensor Measurement Lists (SenML)", RFC 8428, + DOI 10.17487/RFC8428, August 2018, + <https://www.rfc-editor.org/info/rfc8428>. + + [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol + Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, + <https://www.rfc-editor.org/info/rfc8446>. + + [RFC8520] Lear, E., Droms, R., and D. Romascanu, "Manufacturer Usage + Description Specification", RFC 8520, + DOI 10.17487/RFC8520, March 2019, + <https://www.rfc-editor.org/info/rfc8520>. + + [RG-T2TRG] IRTF, "Thing-to-Thing Research Group (T2TRG)", + <https://datatracker.ietf.org/rg/t2trg/charter/>. + + [SchneierSecurity] + Schneier, B., "The Internet of Things Is Wildly Insecure + -- And Often Unpatchable", January 2014, + <https://www.schneier.com/essays/archives/2014/01/ + the_internet_of_thin.html>. + + [SEAL] Microsoft, "Microsoft SEAL: Fast and Easy-to-Use + Homomorphic Encryption Library", + <https://www.microsoft.com/en-us/research/project/ + microsoft-seal/>. + + [shodan] "Shodan", <https://www.shodan.io>. + + + +Garcia-Morchon, et al. Informational [Page 47] + +RFC 8576 IoT Security April 2019 + + + [sigfox] "Sigfox - The Global Communications Service Provider for + the Internet of Things (IoT)", <https://www.sigfox.com>. + + [Thread] "Thread", <http://threadgroup.org>. + + [TR69] Oppenheim, L. and S. Tal, "Too Many Cooks - Exploiting the + Internet-of-TR-069-Things", December 2014, + <https://media.ccc.de/v/31c3_-_6166_-_en_-_saal_6_- + _201412282145_-_too_many_cooks_-_exploiting_the_internet- + of-tr-069-things_-_lior_oppenheim_-_shahar_tal>. + + [venona-project] + National Security Agency | Central Security Service, + "VENONA", <https://www.nsa.gov/news-features/declassified- + documents/venona/index.shtml>. + + [WG-6lo] IETF, "IPv6 over Networks of Resource-constrained Nodes + (6lo)", <https://datatracker.ietf.org/wg/6lo/charter/>. + + [WG-6LoWPAN] + IETF, "IPv6 over Low power WPAN (6lowpan)", + <http://datatracker.ietf.org/wg/6lowpan/charter/>. + + [WG-ACE] IETF, "Authentication and Authorization for Constrained + Environments (ace)", + <https://datatracker.ietf.org/wg/ace/charter/>. + + [WG-ACME] IETF, "Automated Certificate Management Environment + (acme)", <https://datatracker.ietf.org/wg/acme/charter/>. + + [WG-CoRE] IETF, "Constrained RESTful Environment (core)", + <https://datatracker.ietf.org/wg/core/charter/>. + + [WG-LPWAN] IETF, "IPv6 over Low Power Wide-Area Networks (lpwan)", + <https://datatracker.ietf.org/wg/lpwan/charter/>. + + [WG-LWIG] IETF, "Light-Weight Implementation Guidance (lwig)", + <https://datatracker.ietf.org/wg/lwig/charter/>. + + [WG-MSEC] IETF, "Multicast Security (msec)", + <https://datatracker.ietf.org/wg/msec/charter/>. + + [WG-SUIT] IETF, "Software Updates for Internet of Things (suit)", + <https://datatracker.ietf.org/wg/suit/charter/>. + + [WG-TEEP] IETF, "Trusted Execution Environment Provisioning (teep)", + <https://datatracker.ietf.org/wg/teep/charter/>. + + + + +Garcia-Morchon, et al. Informational [Page 48] + +RFC 8576 IoT Security April 2019 + + + [Williams] Williams, M. and J. Barrett, "Mobile DTLS", Work in + Progress, draft-barrett-mobile-dtls-00, March 2009. + + [wink] Barrett, B., "Wink's Outage Shows Us How Frustrating Smart + Homes Could Be", Wired, Gear, April 2015, + <http://www.wired.com/2015/04/smart-home-headaches/>. + + [ZB] "Zigbee Alliance", <http://www.zigbee.org/>. + + [Ziegeldorf] + Ziegeldorf, J., Garcia Morchon, O., and K. Wehrle, + "Privacy in the Internet of Things: Threats and + Challenges", Security and Communication Networks, Vol. 7, + Issue 12, pp. 2728-2742, DOI 10.1002/sec.795, 2014. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Garcia-Morchon, et al. Informational [Page 49] + +RFC 8576 IoT Security April 2019 + + +Acknowledgments + + We gratefully acknowledge feedback and fruitful discussion with + Tobias Heer, Robert Moskowitz, Thorsten Dahm, Hannes Tschofenig, + Carsten Bormann, Barry Raveendran, Ari Keranen, Goran Selander, Fred + Baker, Vicent Roca, Thomas Fossati, and Eliot Lear. We acknowledge + the additional authors of a draft version of this document: Sye Loong + Keoh, Rene Hummen, and Rene Struik. + +Authors' Addresses + + Oscar Garcia-Morchon + Philips + High Tech Campus 5 + Eindhoven, 5656 AE + The Netherlands + + Email: oscar.garcia-morchon@philips.com + + + Sandeep S. Kumar + Signify + High Tech Campus 7 + Eindhoven, 5656 AE + The Netherlands + + Email: sandeep.kumar@signify.com + + + Mohit Sethi + Ericsson + Jorvas 02420 + Finland + + Email: mohit@piuha.net + + + + + + + + + + + + + + + + +Garcia-Morchon, et al. Informational [Page 50] + |