You are here: Home > Participate > Join a Discussion > RIPE Forum
RIPE Forum v1.4.1

IoT Working Group


[iot-wg] Fwd: [IRTF-Announce] RFC 8576 on Internet of Things (IoT) Security: State of the Art and Challenges

Gordon Lennox

2019-04-27 08:36:01 CET

Apologies to those who have already seen this but it ought still to be of interest to everyone in the WG.

> Begin forwarded message:
> From: rfc-editor _at_ rfc-editor _dot_ org
> Subject: [IRTF-Announce] RFC 8576 on Internet of Things (IoT) Security: State of the Art and Challenges
> Date: 27 April 2019 at 04:12:31 CEST
> To: ietf-announce _at_ ietf _dot_ org, rfc-dist _at_ rfc-editor _dot_ org, irtf-announce _at_ irtf _dot_ org
> Cc: drafts-update-ref _at_ iana _dot_ org, t2trg _at_ irtf _dot_ org, rfc-editor _at_ rfc-editor _dot_ org
> A new Request for Comments is now available in online RFC libraries.
>        RFC 8576
>        Title:      Internet of Things (IoT) Security: 
>                    State of the Art and Challenges 
>        Author:     O. Garcia-Morchon, 
>                    S. Kumar,
>                    M. Sethi
>        Status:     Informational
>        Stream:     IRTF
>        Date:       April 2019
>        Mailbox:    oscar.garcia-morchon _at_ philips _dot_ com, 
>                    sandeep.kumar _at_ signify _dot_ com, 
>                    mohit _at_ piuha _dot_ net
>        Pages:      50
>        Characters: 128372
>        Updates/Obsoletes/SeeAlso:   None
>        I-D Tag:    draft-irtf-t2trg-iot-seccons-16.txt
>        URL:
>        DOI:        10.17487/RFC8576
> The Internet of Things (IoT) concept refers to the usage of standard
> Internet protocols to allow for human-to-thing and thing-to-thing
> communication.  The security needs for IoT systems are well
> recognized, and many standardization steps to provide security have
> been taken -- for example, the specification of the Constrained
> Application Protocol (CoAP) secured with Datagram Transport Layer
> Security (DTLS).  However, security challenges still exist, not only
> because there are some use cases that lack a suitable solution, but
> also because many IoT devices and systems have been designed and
> deployed with very limited security capabilities.  In this document,
> we first discuss the various stages in the lifecycle of a thing.
> Next, we document the security threats to a thing and the challenges
> that one might face to protect against these threats.  Lastly, we
> discuss the next steps needed to facilitate the deployment of secure
> IoT systems.  This document can be used by implementers and authors
> of IoT specifications as a reference for details about security
> considerations while documenting their specific security challenges,
> threat models, and mitigations.
> This document is a product of the IRTF Thing-to-Thing Research Group
> (T2TRG).
> This document is a product of the Thing-to-Thing of the IRTF.
> INFORMATIONAL: This memo provides information for the Internet community.
> It does not specify an Internet standard of any kind. Distribution of
> this memo is unlimited.
> This announcement is sent to the IETF-Announce, rfc-dist and IRTF-Announce lists.To subscribe or unsubscribe, see
> For searching the RFC series, see
> For downloading RFCs, see
> Requests for special distribution should be addressed to either the
> author of the RFC in question, or to rfc-editor _at_ rfc-editor _dot_ org.  Unless
> specifically noted otherwise on the RFC itself, all RFCs are for
> unlimited distribution.
> The RFC Editor Team
> Association Management Solutions, LLC