Introduction To The Internet Of Things Security
Standardization and research challenges
Salim ELBOUANANI
Computer Science Dept
University Cadi Ayyad, UCA
Marrakesh, Morocco
elbouanani.salim@gmail.com
Omar ACHBAROU
Computer Science Dept
University Cadi Ayyad, UCA
Marrakesh, Morocco
Omar.achbarou@gmail.com
AbstractThe transition from the current Internet to the
Internet of things (IoT) is inevitable and is already necessary.
The main aspect about the IoT paradigm is the integration of
several technologies and standards. However, what places
have the security and privacy in this paradigm?
We present the necessary background by introducing the IoT
paradigm. Then, we summarize the standards and enabling
technologies that refer to security in the IoT. Furthermore, we
point some major issues that should be faced by the research
community related to the security in the IoT. Finally, based on
our evaluation, we highlight some possible directions for future
research. Our goal is not only to analyze, compare and
consolidate past research work but also to appreciate their
findings and discuss their applicability towards securing the
IoT and to provide a solid base to start a scientific research
around security and privacy on the IoT.
Keywords-Internet of things; Security; Privacy; Sensor;
thing; object
I. INTRODUCTION
The IoT technology offers unprecedented opportunities
to interconnect human beings as well as Machine-to-
Machine (M2M) communication, whereby sensors and
networks allow all things to communicate directly with each
other to share information and allow us to have an
instrumented universe where accurate data is readily
available to inform optimal decision making.This revolution
is based on a constant evolution of the Internet, technologies
and software, communication protocols, embedded sensors,
smart physical objects able to collect data in real time. Its
the future internet[1], it will dramatically change our way of
living as the Internet impacts on education, health, homes,
communications, transportation, cities, business, science,
government and men in general. However, several issues are
threatening the IoT development, like the privacy and
security in this technology, the transition from IPv4 to
IPv6[2], having a common set of standards and managing the
enormous amount of data that will be stored, accessed, and
analyzed.
978-1-4673-8715-6/15/$31.00 2015 IEEE 32
My Ahmed EL KIRAM
Computer Science Dept
University Cadi Ayyad, UCA
Marrakesh, Morocco
kiram@uca.ma
Our survey treats the IoT from a security approaches and
tries to give generals definitions in this domain.
II. OVERVIEW OF THE INTERNET OF THINGS
A. History of the IoT
The term Internet of Things was firstly coined by Kevin
Ashton [3] in 1999. But the concept began to be clearer with
the MIT Auto-ID and their presentation of the IoT vision in
2001. Later, IoT [4]was formally introduced by the
International Telecommunication Union (ITU) in the ITU
Internet report in 2005.
According to the Cisco Internet Business Solutions
Group (IBSG)[2] , IoT is simply the point in time when more
things or objects were connected to the Internet than
people and it was around 2008 and 2009.
The web has gone through several distinct evolutionary
stages: from the first stage with the Arpanet to the fourth
stage, where we are now, is the social or experience
web, what we call the web 2.0.
Unlike the Web, the Internet has been on a steady path of
development and improvement, but there have been no
fundamental change. IoT becomes immensely important
because it is the first real evolution of the Internet.
B. The IOT Concepts
The Internet of Things encompasses several concepts,
IDATE listed three distinct but complementary concepts [5] :
Communicating devices referring to devices
connected to the Internet or other types of network.
Machine-to-machine (M2M) communications refers
to machines which are objects that can work
autonomously without any connectivity.
Internet of Objects (IoO) here refers to inert and
passive objects that do not generate any data by
themselves.
The numerous technologies of the IoT that drive its very
broad vision make the research into this area still in its
infancy. Therefore, there arent any standard definitions for
IoT. Next, we choose to list some interesting definitions:
 Definition by the Cluster of European Research
Projects (CERP) [6] : The Internet of Things allows
people and things to be connected Anytime,
Anyplace, with Anything and Anyone, ideally using
Any path/network and Any service.
Definition by ITU-T Y.2060 [7] Recommendation:
the IoT is a global infrastructure for the information
society, enabling advanced services by
interconnecting (physical and virtual) things based
on existing and evolving interoperable information
and communication technologies. Through the
exploitation of identification, data capture,
processing and communication capabilities, the IoT
makes full use of "things" to offer services to all
kinds of applications, whilst ensuring that security
and privacy requirements are fulfilled. The IoT adds
the dimension "Any THING communication" to the
information and communication technologies which
already provide "any TIME" and "any PLACE"
communication.
We find that the last two definitions provided by ITU and
the CERP covers the principals definitions and aspects of the
IoT. On the one hand, the definition by the CERP-IOT is
more general in specifying the communication with Anyone
in addition with anything, and the part ideally using Any
path/network and Any service. On the other hand, the
definition by the ITU is more understandable and accessible
to the public and mentions that IoT services need to ensure
security and privacy requirements.
C. A standard IOT platform
The typical structure of a standard IoT platform in the
figure 1 comprises the cloud and mobile applications and the
things themselves.
Figure 1. Typical structure of a IoT Platform
Any security architecture must address the security
requirements of the object itself with its OS and
computational capabilities, the mobile and the cloud parts.
The security and privacy of communications between object
and cloud / mobile applications and objects through its
access point will be implemented essentially in the
middleware of the device.
2015 11th International Conference on Information Assurance and Security (IAS)
D. The Device, thing and object
With regard to the IoT, thing is defined by ITU-T
Y.2060 [7] : an object of the physical world (physical
things) or the information world (virtual things), which is
capable of being identified and integrated into
communication networks. Some other terms used by the
research community are smart objects, devices, nodes.
Figure 2. A device in the IOT
While the device by the ITU is a piece of equipment with
the mandatory capabilities of communication and the
optional capabilities of sensing, actuation, data capture data
storage and data processing.
More generally, The device from an technical view [8] is
a set of electronic components with low computation
capabilities, in addition to communication devices connected
to the Internet or other types of network to interact with the
real world not only with sensor nodes but also actuators.
E. IoT statistics and numbers
According to Gartner Internet of Things Report 2013[9]
in 2020, The IoT will grow to 26 billion units installed, the
revenue will exceed 300 billion $ with 1.9 trillion $ in global
economic impact.
Cisco IBSG [2]predicts there will be even more, 50
billion devices by 2020 with 6.58 as number of connected
devices per person.
For the IDATE[5], 80 billion things will be connected by
2020. The IoO will represent 85% of the total IoT, ahead of
communicating devices (11%) and M2M (4%).
The HP Security Research and its Internet of Things
Research Study 2014 report reviewed 10 of the most
popular devices in some of the most common IoT niches and
conclude with an alarmingly high average number of
vulnerabilities per device, up to 80 percent for some
concerns. Vulnerabilities ranged from Heartbleed to denial of
service to weak passwords to cross-site scripting.
F. Applications Domains
The Internet of Things is based on existing technologies,
such as the cloud and social networks, not to mention mobile
technologies. Potential applications of the IoT are numerous
and diverse, permeating into practically all areas of every-
day life of individuals or organizations. The Cerp-IoT
divided this application domains into three categories based
on their focus [6]: Industry, environment and society. While
the Internet of things : survey[10] listed four categories :
Transportation and logistics , Healthcare, Smart environment
and finally Personal and social domain.
33
 We will propose a combination of the last two
classifications in the table I, we also list sub categories from
the precedent classifications in addition of the one proposed
by Asin & Gascon[11].
TABLE I. IOT CATEGORIES AND SUB CATEGORIES DOMAINS
Category Sub domain Categories
retail, transportations, logistics, industrial control,
Industry
telecommunications, manufacturing
Healthcare eHealth, independent living, Pharmaceutical
smart environment, smart metering and water, smart
Environment
agriculture, smart animal farming,domestic automation
Society
smart cities, security and emergencies, Social
networking
III. STANDARDS AND ENABLING TECHNOLOGIES RELATED
TO THE SECURITY AND PRIVACY IN THE IOT
There is currently no standard or framework for all
aspects of the security in the IOT and its an actual issue of
research. The fact is that IOT is based on existing
technologies and the actors in this area need to use several
standards. It would be very difficult to go through all these
standards and enabling technologies, we choose to focus on
initiatives related to "generic" standards of the IoT,
especially those that are already used by industry, we list the
following initiatives [10] [12]:
A. IoT-GSI (Internet of Things Global Standard Initiative)
1) ITU-T Y.2060 recommandation :
Recommendation ITU-T Y.2060 [7]approved in june
2012 provides an overview of the Internet of things (IoT). It
clarifies the concept and scope of the IoT, identifies the
fundamental characteristics and high-level requirements of
the IoT and describes the IoT reference model.
The recommendation has proposed an IoT reference
model. It is composed of four layers as well as management
capabilities and security capabilities which are associated
with the four layers that are:
Application layer
Service support and application support layer
Network layer
Device layer.
The security aspects of this model are mentioned in the
security capabilities. There are two kinds of security
capabilities: generic security capabilities and specific
security capabilities. Generic security capabilities are
independent of applications. They include:
At the application layer: authorization,
authentication, application data confidentiality and
integrity protection, privacy protection, security
audit and anti-virus;
At the network layer: authorization, authentication,
use data and signaling data confidentiality, and
signaling integrity protection;
At the device layer: authentication, authorization,
device integrity validation, access control, data
confidentiality and integrity protection.
34 2015 11th International Conference on Information Assurance and Security (IAS)
Specific security capabilities are closely coupled with
application-specific requirements, for example security
requirements of mobile payment.
2) ITU-T Y.2061 recommandation :
This Recommendation ITU-T Y.2061 [13] approved in
june 2012 covers extensions and additions to next generation
networks (NGN) as well as device capabilities in order to
support machine-oriented communication (MOC)
applications in the NGN environment and can conceptually
be applicable to other networks. As already mentioned in
section II-D, the communication in NGN environment or
networks in general will be essential in the IoT.
The security aspects described by the recommendation
are concerning:
Authentication and authorization
Security data
Security of MOC device access
B. IEEE initiative
IEEE has tried to expand the TCP/IP model layers by
introducing more appropriate protocols to the IoT for the
different layers. However, IoT can also use conventional
Internet standards as Ethernet, IP, TCP / IP and HTTP
The standard IEEE 802.15.4 is a communication protocol
for low rate wireless personal area networks (LR-WPAN).
The 802.15.4 is used by many implementations based on
proprietary protocols such as ZigBee or 6LoWPAN. The
IEEE 802.15.4 [14]architecture is defined in terms of layers.
Each layer is responsible for one part of the standard and
offers services to the higher layers. The 3 layers of the IEEE
802.15.4 starting by the upper one:
The link layer provides error control mechanism to
check frame integrity. This is a fundamental
difference with the Ethernet standard.
The Medium Access Control sublayer (MAC)
defines the method of exchange of frames among the
network elements. Each item is identified by a
specific MAC address to the Protocol.
The physical layer (PHY) contains the radio
transmitter / receiver, with a low-level control
mechanism.
The 802.15.4 specification provides security functions at
the link layer: access Control, messages integrity, messages
privacy and protection against replay. These elements are set
at the security enabled field in the MAC frames. We can
enable one, several or all the functions, based on encryption
algorithms AES.
C. IETF initiative
The IETF standards around the Internet of things mainly
concern network protocols.
1) IETF standard RFC 4919 & RFC 4944:
IPv4 and IPv6 are effective for data delivery to
LANs, MANs and WANs such as the Internet. However,
they are difficult to implement in sensors network and other
constrained systems due in particular to the large size of
headers [15]. Responding to the increasing interest of
connecting those resource constrained devices to the Internet,
the IETF has proposed standards that enable IPv6-based
networks. The 6LoWPAN [16]as IPv6 over Low power
Wireless Personal Area Networks, defines encapsulation and
header compression mechanisms that allow IPv6 packets to
be sent to and received between resource constrained devices
usually by adopting low-power radio communication
protocols such as IEEE 802.15.4 and 802.15.6 . The standard
does not provide security features in addition to those
potentially implemented at the 802.15.4 and IPV6.
2) IETF Standard RFC 6550 : RPL
One of the challenges of the Internet of Things is routing
IP packets. RPL or the IPv6 Routing Protocol for LLNs (
Low-power and Lossy Network) [17] creates routes without
changing the IP forwarding process. Designed for machines
with limited network capacity, RPL by default has few
security requirements .It supports message confidentiality
and integrity. It is designed such that link-layer mechanisms
can be used when available and appropriate; yet, in their
absence, RPL can use its own mechanisms.
RPL has three basic security modes:
In the first, called "unsecured", RPL control
messages are sent without any additional security
mechanisms.
In the second, called "preinstalled", nodes joining a
RPL Instance have preinstalled keys that enable
them to process and generate secured RPL messages.
The third mode is called "authenticated". In this
mode, nodes have preinstalled keys; the key may
only be used to join a RPL Instance as a leaf. Joining
an authenticated RPL Instance as a router requires
obtaining a key from an authentication authority.
3) IETF Standard RFC 7252 : CoAP
The HTTP protocol is based on TCP, which is the most
used transport protocol on the Internet. Unfortunately, this
protocol requires a lot of resources making its
implementation ineffective for the IoT environment.
The Constrained Application Protocol (CoAP) [18] is a
specialized web transfer protocol for use with constrained
nodes and constrained (e.g., low-power, lossy) networks.
CoAP is designed to easily interface with HTTP for
integration with the Web while meeting specialized
requirements such as multicast support, very low overhead,
and simplicity for constrained environments.
Essentially, COAP operates above UDP and not TCP.
COAP is a client / server protocol. It gives ability to manage
resources with commands as GET, PUT, POST, DELETE on
IP networks.
The COAP specifications related to security offer two
methods with the following functions to ensure for the
datagrams: authentication, integrity checking, protection
against replay attacks and confidentiality protection (through
encryption). These two methods are the DTLS protocol
(Datagram Transport Layer Security) and IPSec
4) IETF Standard RFC 6347 : DTLS
The Datagram Transport Layer Security (DTLS)[19]
protocol provides communications privacy for datagram
protocols. The protocol allows client/server applications to
communicate in a way that is designed to prevent
2015 11th International Conference on Information Assurance and Security (IAS)
eavesdropping, tampering, or message forgery. The DTLS
protocol is based on the Transport Layer Security (TLS)
protocol and provides equivalent security guarantees. DTLS
is a derivation of SSL protocol. It provides the same security
services (integrity, authentication and confidentiality) but
under UDP protocol.
5) COAP & DTLS
Analogous to TLS-protected HTTP (HTTPs), the DTLS-
secured CoAP protocol is termed CoAPs [20]. DTLS
guarantees E2E security of different applications on a single
machine by operating between the transport and application
layers.
D. GS1 initiative
GS1 (Global Standard 1) is a global organization active
in the standardization field of coding methods used in the
supply chain.
1) EPC : Electronic Product Code
Electronic Product Code system (EPC) [21]developed by
the Auto-ID, is a universal identifier for any physical object
[21]. It is used in information systems that need to track or
otherwise refer to physical objects.
In the version 2.0.0 of this standard, ratified in late 2013,
Security requirements were proposed allowing:
Fighting counterfeiting by verifying the tag
authenticity,
Enhancing the security by modifying the information
contained in a tag. Commands such as Challenge',
'Authenticate, Authcomm will support the
cryptographic suites developed in the framework of
the ISO / IEC 29167-1x,
Ensuring better management of files by setting
access privileges,
Ensure non-traceability, with hiding some data in a
tag to protect consumer privacy;
Loss prevention by using the tag as anti-theft system.
2) ONS Standard
Domain Name System (DNS) is a distributed database
that is indexed by domain names. It is a service for
translating a domain in several types of information,
including the IP addresses of the machine. Similarly, the
ONS (Object Naming Service) [22]standard published in
December 2012, ensures naming objects and the routing
requests. ONS 2.0 enables to set up a root by region or
country according to the choice of GS1 member/country.
Being based upon DNS, A lot of functions depend or are
related on DNS, as the ONS lookup function which is
implemented by a distributed set of servers with a single
(replicated) root, currently at onsepc.com. The ONS security
might also have the same security problems as the DNS what
we will try to test in our future researches.
E. OASIS Initiative : MQTT ( Message Queuing Telemetry
Transport )
OASIS (the Advancement of Structured Information
Standards) is a global consortium working for the
standardization of open file formats based on XML.
35
 MQTT (Message Queuing Telemetry Transport) has
been standardized by the Oasis in 2013. It is a
publish/subscribe, extremely simple and lightweight
messaging protocol [23], designed for constrained devices
and low-bandwidth, high-latency or unreliable networks.
3 concepts are fundamental to the security in the MQTT:
Identification consists of naming the server and the
client to which it gives access rights.
Authentication seeks to prove the identity of each
client and the server.
The authorization is to manage the client's rights.
It is possible to pass a user name and password with an
MQTT packet in V3.1 of the protocol. Encryption across the
network can be handled with SSL, independently of the
MQTT protocol itself. An MQTT server authenticates a
client using SSL, a password, or both. The authorization is
not part of the MQTT protocol. It is provided by the MQTT
servers.
IV. RESEARCH CHALLENGES IN THE IOT SECURITY
In this section problems and required researchs related to
security and privacy in the IoT are mentioned [10] . Each of
the topic discussions primarily focuses on new problems and
challenges that arise for future IoT systems. They are
representative and not complete:
A. Authentication
Authentication is difficult in the IOT as it requires
appropriate authentication infrastructures that will not be
available in IOT scenarios. Challenge will be to distribute
keys [24] for trillions of devices. Also man-in-the-middle
attack is a serious problem because of the architecture.
B. Data integrity and provenance
Ensuring the trustworthiness [25] of data coming from
IoT to applications that analyze that data and potentially
actuate requires that trust be addressed at both the producer
and the consumer side. This is usually ensured by protecting
data with passwords. However, the password lengths
supported by IoT technologies are in most cases too short to
provide strong levels of protection.
C. Privacy Protection
Things may contain private information concerning their
owners or users. The IoT needs to support privacy protection
[7]during data transmission, aggregation, storage, mining
and processing. Privacy protection should not set a barrier to
data source authentication. A solution can be to specify the
privacy policies for each (system) domain [26] and the
interoperability between privacy policy of each system must
be studied. Another challenge in this field will be to respect
the balance between privacy and utility.
D. identity Management
An open question in IoT research is identification and
accessing of the objects and services offered by them, as well
as how to bind objects/services to machine addressable and
identifiable name[27]s. These issues can be solved with a
Virtual Identity[28], common for all IoT devices.
36 2015 11th International Conference on Information Assurance and Security (IAS)
E. Anoymity
As the promising future IoT technology tends to be more
pervasive and omnipresent, the anonymity and unlinkability
have regained great interest within the research community,
as users demand fully private transactions. Most of the
proposed solutions provide anonymous authentication via the
use of digital credentials. Research about the optimal fully
decentralized anonymous authentication protocol is still in
progress[29].
F. Digital forgetting
All the information collected about a person by the IoT
may be retained indefinitely as the cost of storage decreases.
Also data mining techniques can be used to easily retrieve
any information even after several years
G. Standardization
One major area of development for IoT revolves around
interoperability and standards. As described in the section
IV, There are several standardization efforts but they are not
integrated in a comprehensive framework about security and
privacy for the IoT. Also, In order to make Privacy by design
and Privacy by default a reality, the consideration of data
protection requirements should become a mandatory design
goal in standardization.
H. Security Architecture
As trillions of things (objects) are connected to the
Internet it is necessary to have an adequate architecture[26]
that permits easy connectivity, control, communications, and
useful applications while ensuring security and privacy.
I. Security
In the IoT, every 'thing' is connected which results in
significant security threats, such as threats towards
confidentiality, authenticity and integrity of both data and
services [7]. A critical example of security requirements is
the need to integrate different security policies and
techniques related to the variety of devices and user
networks in the IoT.
J. Security Attacks
Security attacks are problematic [26] for the IoT because
of the minimal capacity things (devices) being used, the
physical accessibility to sensors, actuators and objects, and
the openness of the systems, including the fact that most
devices will communicate wirelessly. IoT applications must
be able to continue to operate satisfactorily in the presence of
security attacks, and to recover effectively from these
attacks. Solutions may require designing system that
operates with a base level of support including strong attack
detection and self-healing capabilities. To heal from security
attacks, a system needs to detect the attack, diagnose the
attack, and deploy countermeasures and repairs, but perform
all of this in a lightweight manner due to the types of low
capacity devices involved.
 V. FUTURE WORKS
After this global understanding of our subject that results
in this current introduction to IoT security. It resulted in two
main research topics:
the study of ONS security taking into account the
various advanced in terms of problems and security
solutions of the DNS. ONS is based on DNS, it is
DNS security problems [30] as Misdirected
Destination (Trusting Faked Information), Name
Based Authentication / Authorization and Trusting
Supplementary Non-Authoritative Information. But
also DNS security solutions and extensions as
DNSSEC (Domain Name System Security
Extensions), DNS RRL (Response Rate Limit) and
using a mixture of DNS engines to mitigate the risk
of attacks.
The study of attacks and countermeasures on a
standard platform of IoT in the IOT-LAB testbed
and in our lab with real sensors, actuators, cloud
platform and mobile applications. The result will be
the proposal of an optimal security architecture.
VI. CONCLUSIONS
The Internet has changed drastically the way we live, in
our way to communicate, to work or to innovate. IoT is the
next big opportunity and challenge. It integrates several
technologies and protocols. Until now security and privacy
concerns have been neglected in this area. It could be a major
issue that could affect and slow down the development of the
IOT. The challenge then is is to define the principles and
regulatory frameworks that will guide the development of
the IoT with a high level of security and privacy.
REFERENCES
[1] J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, Internet of
Things (IoT): A vision, architectural elements, and future directions,
Futur. Gener. Comput. Syst., vol. 29, no. 7, pp. 16451660, 2013.
[2] D. Evans, The Internet of Things - How the Next Evolution of the
Internet is Changing Everything, CISCO white Pap., no. April, pp.
111, 2011.
[3] K. Ashton, That Internet of Things Thing - RFID Journal, RFID [28] A. C. Sarma and J. Giro, Identities in the future internet of things,
JOURNAL, 2009. [Online]. Available:
http://www.rfidjournal.com/articles/view?4986. [Accessed: 06-Oct-
2015].
[4] ITU Internet Reports 2005: The Internet of Things. [Online].
Available: http://www.itu.int/osg/spu/publications/internetofthings/.
[Accessed: 06-Oct-2015].
[5] Institut de laudiovisuel et des tlcommunications en Europe
(France), Internet of Things: Outlook for the Top 8 Vertical Markets.
IDATE, 2013.
[6] O. Vermesan, F. Peter, G. Patrick, G. Sergio, B. Harald, Sundmaeker
Alessandro, J. Ignacio Soler, M. Margaretha, H. Mark, E. Markus,
and D. Pat, Internet of Things: Strategic Research Roadmap,
Internet Things Strateg. Res. Roadmap, pp. 150, 2009.
[7] International Telecommunication Union (ITU), Overview of the
internet of things, 2012.
[8] L. Zhou and H. Chao, Multimedia traffic security architecture for the
internet of things, Network, IEEE, no. June, pp. 3540, 2011.
[9] Gartner Says the Internet of Things Installed Base Will Grow to 26
Billion Units By 2020. [Online]. Available:
http://www.gartner.com/newsroom/id/2636073. [Accessed: 18-Oct-
2015 11th International Conference on Information Assurance and Security (IAS)
2015].
[10] L. Atzori, A. Iera, and G. Morabito, The Internet of Things: A
survey, Comput. Networks, vol. 54, no. 15, pp. 27872805, 2010.
[11] A. Asn and D. Gascn, 50 Sensor Applications for a Smarter
World: Libelium white paper, Libelium, 2012.
[12] R. Roman, P. Najera, and J. Lopez, Securing the Internet of things,
Computer (Long. Beach. Calif)., vol. 44, no. 9, pp. 5158, 2011.
[13] International Telecommunication Union (ITU), Requirements for the
support of machine-oriented communication applications in the next
generation network environment, 2012.
[14] IEEE Computer Society, Part 15.4: Low-Rate Wireless Personal
Area Networks (LR-WPANs), 2011.
[15] G. Montenegro, N. Kushalnagar, J. Hui, and D. Culler, RFC 4944:
Transmission of IPv6 Packets over IEEE 802.15.4 Networks, 2007.
[16] N. Kushalnagar, G. Montenegro, and C. Schumacher, RFC4919
IPv6 over Low-Power Wireless Personal Area Networks
(6LoWPANs): Overview, Assumptions, Problem Statement, and
Goals, 2007.
[17] T. Winter, P. Thubert, A. Brandt, J. Hui, R. Kelsey, P. Levis, K.
Pister, R. Struik, J. Vasseur, and R. Alexander, RFC6550 RPL: IPv6
Routing Protocol for Low-Power and Lossy Networks, 2012.
[18] Z. Shelby, K. Hartke, and C. Bormann, RFC 7252 The Constrained
Application Protocol (CoAP), 2014.
[19] E. Rescorla and N. Modadugu, Request for Comments: 6347 -
Datagram Transport Layer Security Version 1.2, 2012.
[20] D. Uthaya Sinthan and M. Balamurugan, DTLS & COAP Based
Security For Internet of Things Enabled Devices, Ijesrt.Com, vol. 2,
no. 12, pp. 27, 2013.
[21] Gs1, EPC Tag Data Standard. Version 1.9, 2014.
[22] I. January and P. Gautier, GS1 Object Name Service ( ONS ), 2013.
[23] MQTT.ORG, MQTT.ORG. [Online]. Available:
http://mqtt.org/faq. [Accessed: 25-Oct-2015].
[24] P. Balamuralidhar, P. Misra, and A. Pal, Software platforms for
internet of things and M2M, Journal of the Indian Institute of
Science, vol. 93, no. 3. pp. 487497, 2013.
[25] A. Kanuparthi, R. Karri, and S. Addepalli, Hardware and embedded
security in the context of internet of things, in Proceedings of the
2013 ACM workshop on Security, privacy & dependability for cyber
vehicles - CyCAR 13, 2013, pp. 6164.
[26] J. a Stankovic and L. Fellow, Research Directions for the Internet of
Things, vol. 1, no. 1, pp. 39, 2014.
[27] J. M. Batalla, P. Krawiec, M. Gajewski, and K. Sienkiewicz, ID
layer for internet of things based on name-oriented networking, J.
Telecommun. Inf. Technol., vol. 2013, pp. 4048, 2013.
Wirel. Pers. Commun., vol. 49, no. 3, pp. 353363, 2009.
[29] A. Alcaide, E. Palomar, J. Montero-Castillo, and A. Ribagorda,
Anonymous authentication for privacy-preserving IoT target-driven
applications, Comput. Secur., vol. 37, pp. 111123, 2013.
[30] A. Lioy, F. Maino, M. Marian, I. Politecnico, and T. Torino, DNS
Security, Informatica, pp. 113, 2000.
37