IETF draft-irtf-t2trg-iot-seccons: State-of-the-Art and Challenges for the IoT Security

State-of-the-Art and Challenges for the Internet of Things Security

The Internet of Things (IoT) concept refers to the usage of standard Internet protocols to allow for human-to-thing and thing-to-thing communication. The security needs for IoT systems are well-recognized and many standardization steps to provide security have been taken, for example, the specification of Constrained Application Protocol (CoAP) secured with Datagram Transport Layer Security (DTLS). However, security challenges still exist, not only because there are some use cases that lack a suitable solution, but also because many IoT devices and systems have been designed and deployed with very limited security capabilities. In this document, we first discuss the various stages in the lifecycle of a thing. Next, we document the security threats to a thing and the challenges that one might face to protect against these threats. Lastly, we discuss the next steps needed to facilitate the deployment of secure IoT systems. This document can be used by IoT standards specifications as a reference for details about security considerations applying to the specified protocol.



Philips firmware blocks third party vendors

Wow, you’ll need to root your lamp and home lighting system soon, if Philips gets their way.



But here’s the kicker. Literally. Philips has just slapped fans like us in the face and kicked interoperability out the door. Without any communication they delivered a new firmware to the system that disables adding products that they don’t approve of. Basically they are banning other Zigbee Light Link products despite the fact that they are a Connected Lighting Alliance member whose mission is to promote interoperability.
As it seems (and unless this is just a huge mistake on Philips’ side), they have without a warning turned their open product into a walled garden. They have also destroyed the value of the solutions that the customers have set up based on Philips’ promises.
And the worst thing is that Philips has done this to their most enthusiastic fans. To the early adopters. To those who enthusiastically recommended the system to their friends.
Way to go, Philips. Way to go.
If you are in the same boat, here are links to a few places to complain or discuss:

Update: I’ve just seen the first mention by someone on the Philips Hue Developer Forum if anyone knew a lawyer who could look into this from a class action lawsuit point of view, as Philips did false advertising and a bait and switch here. Things are heating up.

Full post: