INTERNET OF THINGS 2015

1. INTRODUCTION
The notion of Internet of Things (IoT) has been recognized by industrial leaders and media as the next wave of innovation, and pervading into our daily life. Sensors around us are increasingly becoming more pervasive and attempt to fulfill end users’ needs, thus providing ease of usability in our everyday activities. Devices deployed in households, industrial automation, and smart city infrastructure are now interconnected with the
Internet. This interconnection provides a whole range of data (environmental context, device status, energy usage, etc.) that can be collected, aggregated, and then shared in an efficient, secure, and privacy-aware manner. As these devices are connected to the Internet, they can be reached, and managed at any time and at any place. The current landscape of
IoT is filled with a very diverse range of wireless communication technologies, such as
IEEE 802.15.4, Wi-Fi, Bluetooth Low Energy (BTLE), and various other cellular communication technologies.
Naturally, devices using different physical and link layers are not interoperable with each other. Through an Internet Protocol (IP) router, these devices are, however, able to communicate with the Internet. When the differences in the protocol stack extend beyond the physical and link layer, protocol translation needs to be performed by a gateway device. This harms the deployment of IoT devices because the deployment becomes more complex and expensive with multiple middle boxes along the end-to-end communication path. In order to ensure seamless connectivity between different devices deployed in the market, a convergence toward all IP-based communication stack is necessary. Years ago, the Internet Engineering Task Force (IETF) has standardized
IPv6 over Low-Power Wireless Personal Area Networks (LoWPAN), Routing Over Lowpower and Lossy networks (ROLL), and Constrained Application Protocol (CoAP) to equip constrained devices with low memory footprint and computational capabilities to run
IPv6 over low-power wireless networks. The ZigBee IP standard, which primarily targets the smart energy domain, builds on top of the 6LoWPAN stack. IEEE 802.15.4-based devices used in other industry domains are expected to adopt the 6LoWPAN concept as well, since it provides the basis for running IPv6 over low-power radios via an adaptation layer, profiling of the IPv6 neighbor discovery mechanism, and compression schemes.
Similar adaptations are provided to BTLE and Digital Enhanced Cordless

1

INTERNET OF THINGS 2015
Telecommunications (DECT) Ultra Low Energy, the two other short-range radio technologies. Meanwhile, many IoT devices are using Wi-Fi and are already running the full IP protocol stack. IP protocol can be regarded as the glue to interconnect these heterogeneous wireless networks together. The pervasive device connectivity to the
Internet also poses hidden security risks, namely, eavesdropping on the wireless communication channel, unauthorized access to devices, tampering with devices, and privacy risks. The inherent nature of constrained devices means that the state-of-the-art cryptographic algorithms and protocols are not easy to deploy on such devices and even more difficult to keep the software up-to-date. The ability to connect, manage, and control a device from anywhere and at any time requires appropriate authentication and authorization measures. Security experts have emphasized the importance of security in
IoT deployments and have warned about the insecurity of current deployments.
Security for IoT encompasses a wide range of tasks, including embedding keying material during the manufacturing process of the device, provisioning of new keying material during operation, establishing access control policies for access to networks and services, processes for secure software development, use of hardware security modules to protect keys against tampering, software update management, and development and selection of efficient cryptographic primitives. Custom security solutions offered by the IoT research community offer mostly point solutions, but this rarely helps to understand the big picture for securing IoT devices. This papers provides the state-ofthe-art snapshot of the standardization efforts for securing IoT in the IETF.
We believe that these standardization activities play a crucial role in securing the IoT ecosystem, both in terms of improving interoperability of IoT devices in general and to pave the way toward wider industry adoption of security solutions.

2

INTERNET OF THINGS 2015
2. OPPORTUNITY, STATUS, AND CAPABILITY OF IOT

2.1. Opportunity of IoT
The IoT will create a huge network of billions or trillions of
“Things” communicating each other. The IoT is not subversive revolution over the existing technologies, it is comprehensive utilizations of existing technologies, and it is the creation of the new communication modes. The IoT blends the virtual world and the physical world by bringing different concepts and technical components together: pervasive networks, miniaturization of devices, mobile communication, and new ecosystem. In IoT, applications, services, middleware components, networks, and end nodes will be structurally organized and used in entire new ways. IoT offers a means to look into complex processes and relationships.
The IoT implies a symbiotic interaction between the real/physical and the digital/virtual worlds: physical entities have digital counterparts and virtual representation; things become context aware and they can sense, communicate, interact, and exchange data, information, and knowledge. New opportunities will meet business requirements, and new services will be created based on real-time physical world data.
Everything from the physical or virtual world will possibly be connected by the IoT.
Connectivity between the things shall be available to all with low cost and may not be owned by private entities. For IoT, intelligent learning, fast deployment, best information understanding and interpreting, against fraud and malicious attack, and privacy protection are essential requirements.

2.2 Status of IoT
The IoT can be regarded as an extension of existing interaction between people and applications through a new dimension of “Things” for communication and integration. The IoT development process is a complex large-scale technological innovation process. The IoT is evolving from the vertical application to polymeric application. At the early stage of IoT deployment, driving of domain specific applications is the main development strategy.
A domain-specific application might be a manufacturing control system with its own industry characteristics. The application can provide various enterprise management services being integrated with the industry production and business processes.
Polymeric applications are cross-industry applications based on public information service platforms. These applications support both home users and industry users. The application

3

INTERNET OF THINGS 2015 are provided and promoted by communication operators and solution providers with large scale. For example, a vehicle integrated with sensor networks, a global positioning system (GPS), and radio communication technology can provide comprehensive detection, navigation, entertainment, and other information services. By maintaining such information through the public service platform, consumers, original equipment manufacturers (OEMs), maintenance providers, and vehicle management agencies can share these information and share services to improve the vehicle, the vehicle component design, and the fabrication process through the vehicle lifecycle management.

2.3. Capability of the IoT Application
In summary, the IoT applications shall have the following capabilities.
2.3.1) Location Sensing and Sharing of Location Info:
The IoT system can collect the location information of IoT terminals and end nodes, and then provide services based on the collected location information.
The location information includes geographical position information got from the GPS,
Cell-ID, RFID, etc., and absolute or relative position information between things. More typical IoT applications include at least the following.
a) Mobile asset tracking:
This application can track and monitor the status of commodity using the position sensing device and communication function installed on the commodity. b) Fleet management:
The manager of the fleet can schedule the vehicles and drivers based on the business requirements and the real-time position information collected by the vehicles. c) Traffic information system:
This application can get traffic information such as road traffic conditions and congested locations by tracking the location information of a large number of vehicles. The system thus assists the driver to choose the most efficient route. 2.3.2) Environment Sensing:
4

INTERNET OF THINGS 2015
The IoT system can collect and process all kinds of physical or chemical environmental parameters via the locally or widely deployed terminals. Typical environmental information includes temperature, humidity, noise, visibility, light intensity, spectrum, radiation, pollution (CO, CO2, etc.), images, and body indicators. Typical applications include at least the following.

a) Environment detection:
IoT systems offer environmental and ecological, such as forest and glacier, monitoring; disaster, such as volcanoes and seismic, monitoring; and factory monitoring. All are with automatic alarm systems using environmental parameters collected by large number of sensors.
b) Remote medical monitoring:
IoT can analyze the recurring indicator data collected from the device placed on patients’ body and provide the users with health trends and health advice.

2.3.3) Remote Controlling:
IoT systems can control IoT terminals and execute functions based on application commands combined with information collected from things and service requirements. a) Appliance control:
People can remotely control operating status of appliances through
IoT system.
b) Disaster recovery:
Users can remotely start disasters treatment facilities to minimize losses caused by disasters according to the monitoring mentioned before.

2.3.4) Ad Hoc Networking:
IoT system shall have rapidly self-organized networking capability and can interoperate with the network/service layer to provide related services. In the vehicle network, in order to transfer the data, the network between vehicles and/or road infrastructures can be rapidly self-organized.

5

INTERNET OF THINGS 2015

2.3.5) Secure Communication:
IoT system can further establish secure data transmission channel between the application or service platform and IoT terminals based on service requirements. In practice, an IoT application consists of different types of capabilities and even applications based on the service requirement. Table1 shows examples of different IoT applications.

2.4. SUMMARY OF IOT APPLICATIONS

TABLE-1

6

INTERNET OF THINGS 2015

3. INTEROPERABLE SECURITY FOR IOT
The success of the World Wide Web benefited from a solid foundation built on a standardized protocol stack consisting of the IP, the Transmission Control Protocol
(TCP), the Transport Layer Security (TLS) protocol, the Hypertext Transfer Protocol
(HTTP), and the Hypertext Markup Language (HTML). When Personal Digital Assistants
(PDAs) were introduced, they were not able to run the full Web stack. Therefore, the
Wireless Application Protocol (WAP) was developed to allow interworking with the Web infrastructure. The deployment of WAP was, however, a disappointment overall, as it never got anywhere close to the success of the plain HTTP/HTML. Proxying between the different protocols lead to slower innovation since new features deployed on the Web were only available to mobile devices once the gateways were updated. Once mobile devices were capable of supporting the full Web stack, the limited deployment of WAP quickly vanished. In terms of security, the Wireless Transport Layer Security (WTLS) protocol was standardized to provide communication security for WAP as a TLS counterpart. However, it did not mandate the use of cryptographic and key generation algorithms, thus leading to many insecure algorithms such as 12-round RC5 being implemented and deployed. Although a standardized security protocol was used, the fact that WTLS did not ensure end-to-end security is a problem since the WAP gateway was essentially a man-in-the-middle that had access to the data being transmitted over the
Internet. On one hand, it is important that standardization ensures interoperability. On the other hand, it is crucial that the correct (adaptation of) security protocol and security algorithms are also standardized to counter the Internet threat model and its changes over time. There are many standards for Internet security protocols developed in different standardization bodies, such as IEEE (link layer), IETF (network, transport, and application layer), and W3C (Web application layer). These different security protocols offer different protection at different layers and complement each other in fulfilling different security goals. The use of these standardized security protocols is at the discretion of the system architects, who are required to analyze the threats and to decide on how to mitigate them. The security consideration sections found in IETF specifications provide helpful guidance for system architects to make a good judgment. For example, IPsec is not mandatory to be used at the network layer, and TLS is only enabled for applications requiring channel security with authentication, integrity, and confidentiality. The OAuth
7

INTERNET OF THINGS 2015
2.0 protocol is only relevant for applications that require delegated authorization to protected resources. This flexibility has been desired because traditionally, Internet devices accomplish interoperability by implementing several of these protocols which can typically be updated fairly easily. Therefore, interoperability is often by devices implementing a wide range of security protocols and cryptographic algorithms.
However, it is infeasible to require resource-constrained IoT devices to implement all security protocols in all layers. Consequently, it is important to ascertain the threats and risks posed in IoT, and subsequently determine the security protection require that should be deployed across the layers. By mandating such a security protocol implementation for IoT devices, some level of security interoperability can be guaranteed.
While one-size fits all may not serve all IoT use cases, security profiles (i.e., a subset of security protocol functionalities and options) can be specified to address the requirements of different IoT applications.
Ideally, a single security protocol suite that provides a full security service, namely, authentication, authorization, integrity, and confidentiality protection, should be standardized. In fact, various such security protocols have already been standardized, and adapting them to cater for the required security functionalities for use in IoT would be beneficial. In terms of security, most of the standardized protocols have been through a thorough security analysis. Furthermore, such a standardized protocol when deployed on
IoT devices, they can interoperate more easily with existing Internet infrastructure and services. Conversely, designing a completely new security protocol for IoT seems like reinventing the wheel, and it might be difficult to get market traction whereby a critical mass of devices needs to be achieved in order to have an interoperable IoT.

8

INTERNET OF THINGS 2015
4. CHALLENGE AND PROSPECT OF IOT
IoT trends to be unified, seamless, and pervasive. Large-scale service deployment needs to be framed within a set of standards. However, IoT involves many manufacturers, spans multiple industries, and it differs widely in application scenarios and user requirements, which consequently gives impacts on large-scale commercial deployment of related services. The development of IoT is a step-by-step process. There are still many problems to be solved, such as low power nodes and computing, low cost and low latency communication, identification and positioning technologies, self-organized distributed systems technology, and distributed intelligence.

4.1 Challenge of IoT
The IoT provides many new opportunities to the industry and end user in many application fields. Currently, however, the IoT itself lacks theory, technology architecture, and standards that integrate the virtual world and the real physical world in a unified framework. Following key challenges are thus listed.
1) Architecture Challenge:
IoT encompasses an extreme wide range of technologies. IoT involves an increasing number of smart interconnected devices and sensors (e.g., cameras, biometric, physical, and chemical sensors) that are often nonintrusive, transparent, and invisible. As the communications among these devices are expected to happen anytime, anywhere for any related services, generally, these communications are in a wireless, autonomic, and ad hoc manner. In addition, the services become much more mobile, decentralized, and complex. In IoT, data integrations over different environments are thus tough and will be supported by modular interoperable components. Infrastructure solutions will require systems to combine volumes of data from various sources and determine relevant features, to interpret data and show their relationships, to compare data to historical useful information, and support decisionmaking. Single reference architecture thus cannot be a blueprint for all applications.
Heterogeneous reference architectures have to coexist in IoT. Architectures should be open, and following standards, they should not restrict users to use fixed, end-to-end solutions. IoT architectures should be flexible to cater for cases such as identification
(RFID, tags), intelligent devices, and smart objects (hardware and software solutions).

9

INTERNET OF THINGS 2015
2) Technical Challenge:
IoT technology can be complex for variety of reasons. First, there are legacy heterogeneous architectures in the existing networking technologies and applications, e.g., different applications and environments need different networking technologies, and the ranges as well as other characteristics of cellular, wireless local area network, and RFID technologies are much different from each other. Second, communication technologies, including fixed and mobile communication systems, power line communications, wireless communication, and short-range wireless communication technologies, for both fixed and mobile devices, either simple or complicated, should be low cost and with reliable connectivity. At last, there are thousands of different applications; it is in natural to have different requirements on what parties need to communicate with each other, what kind of security solutions are appropriate, and so on. To summarize, complexity and alternative technologies may introduce problems; unnecessary competition and deployment barriers in markets may also introduce problems; systems and communication mechanisms with unnecessary dependencies may block the migration of IoT systems to the most economic and efficient platforms. All the above may block IoT to connect as many “Things” as possible. 3) Hardware Challenge: higher the RF, the more power consumption from RF PA will be. In another way, not yet used very na Smart devices with enhanced inter-device communication will lead to smart systems with high degrees of intelligence. Its autonomy enables rapid deployment of IoT applications and creation of new services.
Therefore, hardware researches are focusing on designing wireless identifiable systems with low size, low cost yet sufficient functionality. As the bandwidth of IoT terminals could vary from kbps to mbps from sensing simple value to video stream, requirements on hardware are diverging. However, two requirements have been nevertheless the essentials: one is the extremely low power consumption in sleep mode and the other is ultra-low cost. Suppose the sleeping time over active time is one million, the leakage power of an IoT terminal shall at least be one million time less than that of active. It is so far impossible when an IoT terminal is sleeping and receiving RF signals. It will be even difficult when using advanced CMOS silicon with relatively more leakage power.
Hardware and protocol code sign for sleeping has been thus the first hardware challenge of IoT. Billions of IoT terminals will be used; the cost of an IoT terminal must be ultralow. However, so far, there is no low cost positioning solution for IoT, especially the positioning precision of a short-range IoT terminal must be high. Low active power is also a challenge for low-cost terminal. Traditionally, low cost equals to lower
10

INTERNET OF THINGS 2015 performance or longer process latency. Longer processing latency ends up to higher energy consumption. As the spectrum resource is very limited at the lower part in L band, IoT may use higher RF such as the frequency bands higher than 5 GHz. The rrow spectrum band between two used bands may have to be used by future IoT. To use very narrow band with strong power neighbors, the cost of passive component will not be low and that will definitely be a potential challenge in the future.

4) Privacy and Security Challenge:
Compared with traditional networks, security and privacy issues of
IoT become more prominent. Much information includes privacy of users, so that protection of privacy becomes an important security issues in IoT. Because of the combinations of things, services, and networks, security of IoT needs to cover more management objects and levels than traditional network security. Existing security architecture is designed from the perspective of human communication, may not be suitable and directly applied to IoT system. Using existed security mechanisms will block logical relationship between things in IoT. IoT needs low-cost- and M2Moriented technical solutions to guarantee the privacy and the security. In many use cases, the security of a system has been considered as a general feature. Related research shall focus on privacy control. Low cost, low latency, and energy-efficient cryptography algorithms and related flexible hardware will be essential for sensor or device. 5) Standard Challenge:
Standards play an important role in forming IoT. A standard is essential to allow all actors to equally access and use. Developments and coordination of standards and proposals will promote efficient development of IoT infrastructures and applications, services, and devices. In general, standards developed by cooperated multiparties, and information models and protocols in the standards, shall be open. The standard development process shall also be open to all participants, and the resulting standards shall be publicly and freely available. In today’s network world, global standards are typically more relevant than any local agreements.

6) Business Challenge:
For a mature application, its business model and application scenario are clear and easy to be mapped into technical requirements. So the developers do not need to spend much time on business-related aspects. But for IoT, there are too
11

INTERNET OF THINGS 2015 many possibilities and uncertainties in business models and application scenarios. It is thus inefficient in terms of business-technology alignment, and one solution will not fit possibilities for all. The IoT is a challenging traditional business model. Although small-scale applications have been profitable in some industries, it is unsustainable when extended to other industries. In the early stage of IoT development, business aspects should be considered to reduce the risk of failure.

4.2 Prospect of IoT
With the development and maturity of distributed intelligent information processing technologies, IoT systems will make intelligent sensing widely available through information sharing and collaboration. The gradual establishment and improvement of the standards system will inevitably bring IoT into our daily life. The IoT creates an opportunity for the web-based services, thus enhancing the commercial and social potential future of IoT. The development of IoT keeps going forward along scale, collaborative, and intelligent. Promoted by technology, standardization, and application experiences, IoT applications will expand the scale in the different industries, and more enterprises will be attracted to come in.

1) Interoperability:
Information interoperability will take place among different things, different enterprises, different industries, and different regions or countries; application models will change from closed to open and the globalization of IoT application system serving different industries and fields will be constructed. Interoperability is the essential issue for crossing layers of physical, device, communication (protocol and spectrum utility), function and application.
These levels traditionally are built with different languages and protocols. Level and domain transparent languages and protocols are, therefore, needed. A holistic approach is required in addressing and solving the interoperability of IoT devices and services at several layers.

2) Intelligent System:
12

INTERNET OF THINGS 2015
The IoT will bring seamless business and social networking over fast reliable and secure networks into our society. System intelligence will be important for the development of IoT and the key point will be context awareness and inter-things information exchange. Therefore, increasing and adapting the intelligence at the device level will be a focus of research, such as the integration of sensors and actuators, high efficiency, multi standard and adaptive communication subsystems, and adaptable antennae. Intelligences can be introduced using micro control unit (MCU) on upper layers. However, physical layer so far has been far behind the required intelligent level, for example, to adapt IoT devices under different radio infrastructures.
Four parts in physical layer must be further developed to adapt to and/or to form an intelligent IoT device, which are as follows. Programmable baseband processor will be used to adapt to different modulation algorithms, different error correction algorithms, different channel bandwidths, and different channel scenarios. Software-controlled RF will be essential for transceiver to adapt to the local radio frequency requirements. Fully digital RF PA will be the indispensable device to consume less low power and offer programmability for PA to adapt radio transmission requirements.
Finally, controllable integrated passive components will be an essential glue to connect intelligent semiconductor components into a sensor node with low cost, low size, and low power.

3) Energy Sustainability:
In the future, energy-efficient and self-sustainable systems will be key enhancing issues to the IoT. The ways to harvest energy from environments must be developed. Efficiency in processing and communication must also be increased through new circuits, new programming paradigms, and the further development of energy-efficient protocols and smart antennae. The development of new, efficient, and compact batteries, fuel cells, as well as new energy generation devices coupling energy transmission methods or energy harvesting will be the key factors for the roll-out of autonomous wireless smart systems.
Charging of global IoT terminals, power consumption of global IoT access points and gateways, as well as the power consumption of IoT data processing in IoT infrastructures will be one of the dominant power consumers in the future world.
Mechanical energy harvest will be sufficient for body network as a part of IoT. Solar or wind energy is a conditional energy sources which may not be reliable. It can be used for battery charging.

13

INTERNET OF THINGS 2015
5. CONCLUSION
The IoT encompasses several technologies such as information technology, cognitive sciences, communication technology, and low-power electronics. IoT creates a newer information society and knowledge economy. But the challenges from research, industries, and the government will keep pushing and investing. The development of IoT will depend on technological advances in silicon scaling and energy-efficient devices, in getting the information from heterogeneous sources, in reducing costs, and in improving efficiencies. The development of the IoT exposed many new challenges including the lack of fundamental theory supporting, unclear architecture, and immature standards. To meet these challenges, we give a three-layer architecture including three platforms.
The proposed acting standard can hopefully balance desires from different parties, can open the door for future fundamental theory development, and can eventually stimulate/regulate IoT development. The future of IoT will be expected to be unified, seamless, and pervasive. Large-scale service deployment needs to be framed within a set of standards. Thus, the developments of IoT as an intelligent system can be proceeding with interoperability, energy sustainability, privacy, and security.
IoT have become an inevitable trend of development of information industry, which bound to bring new changes to our lives.
A standardized security protocol is indispensable for the success of
IoT. When every object in our daily life is connected to the Internet, they must speak the same (security) protocol to ensure interoperability. The standardization efforts in
IETF is, therefore, a very important effort to make IoT a reality.

14

INTERNET OF THINGS 2015

REFERENCES
[1]. J. A. Stankovic, “Research directions for the Internet of Things,” IEEE Internet Things J., vol. 1, no. 1, pp. 3–9, Feb. 2014.
[2]. G. M. Lee et al., “The IoT—Concept and Problem Statement,” IETF Standard draft-leeiot-problem-statement-05, Jul. 30, 2012.

[3]. I. M. Smith et al., “RFID and the inclusive model for the IoT,” CASAGRAS Partnership
Rep., West Yorkshire, U.K., Final Rep., 2009.
[4]. J. Gubbi et al., “IoT: A vision, architectural elements, and future directions,” Future
Gener. Comput. Syst., vol. 29, no. 7, pp. 1645–1660, Sep. 2013.
[5]. A. Zanella et al., “Internet of Things for smart cities,” IEEE Internet Things J., vol. 1, no.
1, pp. 22–32, Feb. 2014.
[6]. R. Kranenburg and A. Bassi, “IoT challenges,” Commun. Mobile Comput., vol. 1, no. 1, pp. 1–5,
2012.

15