Keywords

1 Introduction

The Internet of Things (IoT) [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20] signifies the interconnection of exceedingly heterogeneous networked entities for instance sensors, actuators, smart phones, etc. At first, let’s highlight on the ongoing projects [8, 11, 21,22,23,24,25,26,27,28,29,30] and consider them as our case studies. In this chapter, we have discussed some of the important IoT projects like European Union FP7 project [22], Hydra [24], iCore [26], HACMS [27], National Science Foundation projects [28], and FIRE [29, 30] etc. Then we have highlighted their security features and have highlighted different domains of applications, then security pitfalls and last but not the least, have described our model followed by conclusions. We have highlighted our approach with its End to End security aspects.

In this chapter, Sect. 1’s subsections have highlighted some of the significant important projects, which have some security pitfalls and some have good security (Sect. 1.1). Then another subsection of Sect. 1 has highlighted very important IoT projects around the world with some sort of structural analysis. The Sect. 2 has highlighted different practical implementations [31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46] domains of IoT projects nowadays. Section 3’s subsections have highlighted two things-

  1. 1.

    Securities of existing IoT projects.

  2. 2.

    Privacy and trust `techniques in IoT.

Our approach for providing End to End security in messaging scenario, which is a nine layer protocol stack, is described in Sect. 4. Our whole messaging scheme is named as Secure Hybrid RSA (SHRSA) messaging scheme [47,48,49,50,51]. This cipher- Secure Hybrid RSA (SHRSA) can be later used for data encryption in IoT and Internet of Everything (IoE) scenario. Here we have also discussed our scheme advantages than existing Instant Messaging schemes. Moreover, we have highlighted three major distinguishable aspects of our work, those are- less memory occupancy, less CPU usage and much more efficiency in decryption process [47,48,49,50,51]. Section 4 has concluded our chapter.

1.1 Present Ongoing Important IoT Projects

In this section, sub-sections have highlighted some of the significant important projects, which have some security pitfalls, and some have good security.

1.1.1 European Union Projects

The European Union is working on a project called as Butler (European Union FP7 project) [21]. This project facilitates the expansion of secure and smart life assistant applications, along with the security and privacy necessities. Also this work has developed a mobile framework. The smart applications which are targeted, are like smart-home/smart office, smart-mobility/smart transport, smart-health, smart-shopping, and smart-cities.

Another European Union project is EBBITS (EU FP7 project) [23]. This project works for an Intrusion Detection System (IDS), by use of latest IPv6 over 6LoWPAN devices. Ever since, 6LoWPAN protocol is defenceless to wireless and Internet protocol attacks [52]. This project has projected a IDS framework comprises of a monitoring system and a detection engine.

The Hydra project [24] has projected a middleware for Network Embedded Systems. This middleware is founded on a Service-Oriented Architecture (SOA). Hydra project has considered the distributed security concerns and social trust within the middleware constituent. Hydra [24] is designed for P2P communication and diagnostics, architecture is formed on Semantic Model and the Device and Service Discovery.

Another project which is to increase the user trust is uTRUSTit [23]. uTRUSTit [23] stands for, Usable Trust in the IoT (EU FP7 project). It is actually a trust feedback toolkit to potentially increase the user trust. It empowers the system manufacturers and system integrators, to express the security ideas. It has agreed to create effective decisions on the trustworthiness.

iCore [26] is another EU project. iCore [26] has a management framework with very significant security protocols/functionalities. These protocols/functionalities are having relation with the ownership and privacy of data and the access to objects. This management framework has three levels of functionality: virtual objects (VOs), composite virtual objects (CVOs), and functional blocks. The iCore solution can be part of various smart environs, like supply chain management, smart-office, smart-transportation, and ambient-assisted living.

1.1.2 DARPA and NSF Projects

Now very well-known Defense Advanced Research Projects Agency (DARPA) project is HACMS [27]. It stands for High Assurance Cyber Military Systems. This project actually has tried to have patch of the security vulnerabilities of IoT. This project takes account of drones, medical equipment, and military vehicles. HACMS [27] provides the seeds for future security protocols, achieves sufficient standardization and security.

National Science Foundation (NSF) has a multi-institutional project [28]. This project is actually working for the security in the cyber-physical systems. This multi-institutional project is working on several solutions, like trying to discover the efficient resolutions, finding novel network architectures and networking conceptions, trying to invent new communication protocols. They are bearing in mind about the trade-offs of between mobility and scalability, technical challenges, trusted data and the integrity. Along with that, they are also bearing in mind about authentication, trust models, and use of network resources on mobile environments.

1.1.3 EU, Chinese, Japanese and Korean Projects

The EU, China and Korea are working together in a project called FIRE [29, 30]. It stands for Future Internet Research and Experimentation. The FIRE [29, 30] works for discovering resolutions, for the setting out of IoT technologies in numerous application areas, like medical and health service, urban management, social security, people livelihood, public safety. They are also trying to give proper focus on intellectual property right, privacy and information security.

Another EU and Japan collaborative project is EU Japan ICT Cooperation project [22]. They have already made the common global standards, to make sure, about seamless communications and shared ways to accumulate and have right to use the information. They are also trying to confirm the of highest security and energy efficiency standards.

1.1.4 Digital Twin

Now we have more practical focused new technique called “Digital Twin”. It is not an astonishing thing that most vendors of IoT Platforms have implemented some form of a digital twin. We can say in other word where digital twin models need data, IoT feeds those data. These are usually named as twins, shadows, device virtualization, etc. The term “Digital Twin” was defined by Dr. Michael Grieves at the University of Michigan around 2001–2002. He at the beginning defined this in the context of Product Lifecycle Management. Here we use three very specialized tools like- conceptualization, comparison, and collaboration. These three very special attributes contribute to make the foundation for the next generation of problem solving and innovation. The Digital Twin concept model is consisting of three main parts: (a) physical products in Real Space, (b) virtual products in Virtual Space, and (c) the connections of data and information that bind the virtual and real products together. But this twin model has a problem, when data are exchanged between Real space and Virtual space and information are processed, those data and information are totally insecure. So some sort of secure communications are needed here also. Any kind of lightweight cipher can be incorporated here to make a secure communication protocol for those data exchanges.

1.2 Security Features IoT Projects

Some of the well-known existing research projects are: Internet of Things at Work (IoT@Work) [11], Building the environment for the Things as a Service (BeTaaS) [23], Open source cloud solution for the Internet of Things (OpenIoT) and Internet of Things Architecture (IoT-A) [11]. These are some important case studies also [7, 11,12,13,14,15,16,17,18,19, 21,22,23,24,25,26,27,28,29,30]. Let’s discuss one by one.

1.2.1 IoT-A

IoT-A (Internet-of-Things Architecture) [8, 11] is developed with an EU FP7 project until 2013. It is, an architecture reference model, advanced with already running community progress. This architecture actually uses the conceptions of views and perspectives to direct the generation of architecture cases, from business objectives via necessities. This kind of views and perspectives consist of the information view for static structures, along with dynamic information flows. Furthermore, it consists of the performance and scalability viewpoint, and the trust and security standpoint. Depend on the business objectives, the necessities are the outcomes, just from a multitude of unified necessities. Afterwards these necessities are transformed into fine-grained necessities, for an architecture instance. The unified necessities are presently 38 and they are focusing on the security and privacy viewpoints. Furthermore, IoT-A [8, 11] encompasses numerous models that are self-regulating from a specific architecture. These models have various types of models, like the communication model and the trust, security and privacy model etc.

IoT‐A Reference Model as a Common Ground

Founding the common platform or ground, incorporates the explanation of IoT entities and description of the basic exchanges and relations with each other [31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46]. The Architecture Reference Model (ARM) is actually provided that same kind of common platform or ground for the IoT field. Hence, it is well understood that, any party envisioning to form an IoT system, which is IoT-A (Internet of Things Architecture) [8, 11] compatible, requisites to be built on the common conceptions, already present in the IoT-A Reference Model. IoT-A is the European Lighthouse Integrated Project and it has addressed for three years the Internet-of-Things Architecture.

One more advantage is that, we ca use the IoT-A Architecture Reference Model (ARM), for the generation of compliant architectures for particular systems. This is very easy, just by use of tool support; we just have to enable this tool support.

The advantages of this kind of generation scheme for IoT architectures [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30], are like it gives the automatism of this process, and as a result saving the R&D efforts. The created architecture will offer intrinsic interoperability of the resulting IoT systems. Another aspect is that, if we are using the above system-generation tools, totally modelled on the IoT-A ARM, then we have one outcome. Outcome fact is that, any variances in the derived architectures can be attributed to the discrimination of the relevant use case. In the case when we are applying the IoT-A ARM, then one thing is that, the estimates of system complexity, etc. are accessible, for the system parts to be implemented. So as some outcomes, the judgment process of the overall execution and implementation work for use case execution and implementation becomes much easier.

Moreover, another indirect good advantage is that, some of the projects that might not have been understood clearly, by reason of uncertainties in the project plan, can become possible to understand for implementing it. As a whole the total implementation effort is definitely less than developing an architecture, which is devoid of the help of an architectural reference model.

Another significant use can be bench-marking. One of the real-time example can be a reference architecture for new exploration vehicle, which was used by NASA. It was just to have better bench-marking tenders; it was going to obtain for the duration of a public bidding procedure. At the time the reference model recommends the language, for using in the systems/architectures to be evaluated, the reference architecture states the least (functional) prerequisite on the systems/architectures. By standardizing the explanation and also the arrangement and marking out of system components and facets, it also offers a high level of transparency and integral comparability to the bench-marking procedure.

Figure 1 has shown the high-level taxonomy of the discussed reference-architecture process. In the real-time scenario, the derivation of IoT-A-consenting domain-specific architectures from the reference architecture, is a best practice. Necessary inputs for defining the IoT reference model are, existing architectures, business scenarios, and stakeholder concerns. The most important and obligatory thing is that, to generate a common considerate of the IoT domain from the diverse inputs, it is nothing but a modelling exercise. In this process the specialists have to work in an organized way and they have to extract the key concepts and their associations of the IoT domain from existing knowledge. Moreover, stakeholder worries, in effect architectures, and business developments, can be converted into application-oriented necessities as shown in Fig. 1. When we try to get conclusions from those, then these necessities produce a set of unified necessities, or we can call it as unified requirements as shown in Fig. 1. Unified requirements then define the IoT Reference Architecture as shown in Fig. 1. In the interior of the Architecture Reference Model (ARM), the IoT Reference Model controls the explanation of the IoT Reference Architecture [21,22,23,24,25,26,27,28,29,30]. It actually forms the dependencies among the Reference Architecture and the Reference Model as shown in Fig. 1. As soon as the change is projected in the Reference Model, then we can have a clear chain of dependencies and this can give a direction to have succeeding changes in the interior of the Reference Architecture as shown in Fig. 1. As an outcome, an overall consistency of the IoT-A (Internet of Things Architecture) Architecture Reference Model (ARM) is retained.

Fig. 1
figure 1

High-level taxonomy of the IoT-Reference-Model and IoT Reference-Architecture dependencies and model effects

Full size image

In our daily life, we have a requirement for a detailed architecture process that recognizes single tasks inside the development process. This gives the actual insight in the dependencies of the mentioned tasks, and that offers a dynamic model of the development process step by step. The Architecture Reference Model (ARM) development process comprises of one key process that is the ARM derivation. There are two actions models, inside the ARM derivation, the domain modelling and the functional modelling. The domain modelling is responsible for forming the IoT Reference Model. The functional modelling is the key provider to the IoT Reference Architecture. This procedure accepts input from the requisite-collection procedure, which in sequence obtains input from external stakeholders and the state-of-the-art surveys executed for the period of the initial stages of IoT-A. In order to improve the impact of the architectural reference model in a best way, we have to recognize the circumstances, where IoT technologies have an exact importance. Here we already considered that, these scenarios regularly share the same users, stakeholders, sensors, and applications. In fact, the IoT Reference Model gives us the super vision, for the explanation of the IoT Reference Architecture as shown in Fig. 1.

Now let’s consider some of the scenarios.

IoT-A [8, 11] encompasses five logical security constituents for addressing the security necessities. Key Exchange and Management (KEM) component is responsible for the Network security issue. KEM controls the cryptographic keys. These keys are actually being used for the authenticity, integrity and addition to those confidentiality also. For the resource constrained devices, IP Security (IPSec) tunnels among (unconstrained) gateways is used by the KEM. It’s a very integrated conception to get the maximum coverage of network security. But one big issue is that, the connections among constrained devices and the gateway always been defenceless. Moreover, KEM does not work on the obtain-ability in the perspective of network connections. Another good point is that the KEM also addresses functional necessities, for instance lawful interception.

IoT-A [8, 11] encompasses three modules those deal with the necessities of identity management. The module Identity Management (IM) actually focuses on the generic management, but does not focus on the specific security requisites. The module Authentication (AuthN) deals with the authentication necessities for users and services. Also it deals with the accountability and non-repudiation. The module Authorization (AuthZ) deals with the authorization necessities for services, by use of the role-based access control (RBAC) along with attribute-based access control (ABAC). Revocation is based on the specific access control model which is being used.

The privacy issue is managed by Pseudonymisation (PN). It uses the pseudonymization for services, users, and devices. Pseudonyms substitute real identities, which are obtained from KEM, but still retain pairing of identities and pseudonyms to guarantee accountability. Pseudonyms can additionally deliver unlinkability, given a new pseudonym for each and every action is used. But the Pseudonymisation (PN) does not deal with complete anonymity and data privacy. However, AuthZ offers some way to have the right to use the granularity that may resolve data privacy to a definite level.

The module Trust & Reputation (TRA) manages the trust obligation for entity and device trust. In specific, the module describes the gathering of the user reputation for doing the calculation of the service trust. IoT-A (Internet of Things Architecture) defines the fault handling model, or functional group correspondingly. Necessities and measures of this model comprises repairing the system, spotting existing failures, decrease of effects of failures and forecasting possible failures. Therefore, the first method deals with avoidance, while the latter three deal with a life-cycle for mitigation.

1.2.2 BeTaaS

IoT and Machine-to-machine (M2M) [14] communication can be done very well with one architecture called as Building the environment for the Things as a Service (BeTaaS) [7]. The architecture empowers running applications over a local cloud of gateways. The highlighting feature is that, each BeTaaS [7] instance forms its own cloud of gateways that incorporates numerous heterogeneous M2M  systems in a seamless way. The Things as a Service (TaaS) reference model is the main formation inspiration for the BeTaaS [7]. The architecture encompasses of four layers. The Physical Layer which is the first layer, encompasses the M2M systems which are connected to the platform. The Second layer is the Adaptation Layer, it deals with the connection to the physical layer. Moreover, it works for abstracting from peculiarities of the each and every M2M systems [14]. The third layer the TaaS Layer, depends on the abstraction layer and offers network-wide right to use to the devices, which are the M2M layer. Last but not the least, the Service layer controls the functionalities and services of BeTaaS applications. But one highlighting issue is that, the BeTaaS architecture is dealing with the security necessities, by offering distinct mechanisms for all of its layers excluding the physical layer.

If we think about Network Security, the Key Management component work with that by associating entities, by executing authentication, managing user sessions, and offers encrypted communication. Meanwhile the BeTaaS [7] instances comprise of various gateways. The BeTaaS makes use of the public key infrastructure (PKI) along with a Certificate Authority (CA) to accomplish keys and guarantee integrity, authenticity and confidentiality through the secure communication channels. BeTaaS also can work with circumstances, where several involved organizations, e.g., external entities that are not administered by the internal CA. This kind of cross-organization key management is managed by the BeTaaS directory service. Moreover, BeTaaS deals with resourced constrained devices by making use of the computationally more efficient cryptographic schemes for instance Elliptic Curve Cryptography (ECC).

For Identity Management, BeTaaS [7] offers authentication by making use of a dedicated architectural component. For this purpose, the dedicated architectural component separates two circumstances: gateway level authentication and service level authentication. In case of the gateway level authentication, the gateway joins a BeTaaS instance, and in case of application or service level authentication, a user uses an application. In case of the first circumstances, the authentication module makes use of the key management, while for the latter case; OAuth can be taken into consideration for authentication and authorization. Authorization is protected by a dedicated component as well. But one disadvantage is that the accountability obligation still unclear.

As we know that, the Privacy is specified as an important feature of the security procedures in BeTaaS, but there is no indication of how this prerequisite is achieved. Managing the distinctiveness of sensors and gateways, are the main work responsibilities of the identity management component. But no care about data anonymity or pseudonymity is here. The trust and reputation component is responsible for the dealing of the Trust issue. The model actually works like it, tries to get input from distinct trust characteristics: security mechanisms (for example it comprises of information concerning the encryption algorithms, the certificates, etc.), Quality of service (QoS) satisfaction, dependability enactment, battery load and stability in supplied data. These trust features are then collected to calculate the final trust value.

Here the resilience is managed with four dissimilar pillars: fault prevention, removal, tolerance and forecasting. Finding the reason for the potential reasons of failures and for offering resolutions to appropriately controlling them, is the works of the Failure Analysis Approach. The Failure Modes Effects and Critically Analysis process is executed on the functional items of the system. Here at the beginning, the fault modes for each IoT device are identified and corresponding effort on the analysis and operations is computed. Moreover, after evaluating the probability of failure happening, it allocates the criticality of the failure. Now here, the Reliability Architectural Approach module intends to offer resolutions for resolving the likely system failure, relating to the above-mentioned analysis.

1.2.3 OpenIoT

The EU FP7 OpenIoT research project (2012–2014) [23], has projected an IoT architecture which is formed on IoT-A’s well-defined Architectural Reference Model (ARM). It takes the key ARM ideas and functional building blocks. Nevertheless, OpenIoT focuses on offering a cloud-based middleware infrastructure. Therefore, this architecture can offer an on-request right to use the IoT or the IoT services, which is actually framed over several infrastructure suppliers. OpenIoT also proposals an open source implementation that is mainly focused on forming principles for the IoT applications, with the use of cloud-based characteristics for instance on demand or pay-as-you-go service delivery. So in a nutshell, the architecture pacts with IoT/cloud convergence. The OpenIoT architecture description defines two security modules, the security & privacy module and the trustworthiness module. Inside the security module, one sub module works with secure messaging and the other one works with authentication and authorization. But one thing is to mention is that, the privacy features are not in existent in the public code, which is not as per the specification. The trustworthiness module works for evaluating the trustworthiness of sensor data, which are taken as input (data trust).

OpenIoT [23] depends on the HTTP along with the TLS protocol, for ensuring secure and encrypted messaging. OpenIoT uses a centralized security and privacy module for identity management, which offers authentication and authorization with the help of OAuth. Here for managing the authorization, the role-based access control (RBAC) model is being used. One point to make clear is that, the trust module is an independent module in OpenIoT. The trust module works for the provisions of trust for both, data and device. To attain the device trust, spatial correlation of sensors is used by the OpenIoT. One of the examples can be, close sensors in alike environs always must yield alike sensor readings. At the time when the device trust is established, data records can be marked up with the trust labels.

1.2.4 IoT@Work

For establishing an IoT architecture for the industrial automation domain, one of the very renowned project is IoT@Work [23]. It is a European Commission FP 7 project, which was completed in 2013. The project was started to deal with security, auto-configuration, and interoperable and reliable network communication. For resolutions to deal with those, IoT@Work [23] brings together several concepts. Some of the example can be the concept of network slices, a combination of virtualization, resource management, and security. In real time, IoT@Work is handling network security via usually used technologies. Extensible Authentication Protocol (EAP) as an IEEE 802.1X implementation, guarantees authentication in the low network layer, like for switch ports. EAP-TLS also safeguards the confidentiality feature. The concept of network slices is allowed for being virtual in the network, and as a result, fast network link fail-over to defend availability. At the same time IoT@Work takes care about the device integrity but not about network integrity mechanisms. Authentication is primarily offered by network security in IoT@Work. Additionally, authorization is achieved by Capability-Based Access Control (CBAC). Moreover, it supports for revocation, accountability, and delegation. CBAC has some good advantages like it works perfectly with many entities along with the situation when connection failure occurs to the central authorization service.

IoT@Work does not give more focus on privacy for the reason; it actually has main focus on the industrial automation. Nevertheless, some data privacy is offered with the modelling of granularities in access abilities. Moreover, for pseudonymous right to use by delegating abilities to a pseudonym, the access delegation tactic can be a very good option for use. Henceforth, entities can manage the anticipated level of unlink-ability on their own. Nevertheless, no clear provision for unlink-ability is specified. Using the Zero Knowledge Proofs (ZKPs), the ability for getting the anonymity can be attained. As a result, no identifiers must be displayed for getting the right to use a device or service. One point to make clear is that, IoT@Work does not have mechanism to defend the trust-based requirements. Resilience with main focus on failure handling is a core prerequisite for IoT@Work. The virtual network links are used by the network slice method, that are forceful against failures. Furthermore, live-reconfiguration is conceivable and therefore permits for recovery in the sense of resilience. Though, the IoT@Work keeps a strong network emphasis and almost not focus on the devices and services.

The IoT@Work architecture has been advanced through an agile process, as depicted in the Fig. 2, which can be considered as the model-driven architecture development method.

Fig. 2
figure 2

IoT@Work architecture definition process

Full size image

The initial point for the architecture design is nothing but with making use of scenario-driven requirements. These scenarios used to form the system model. This system model presents that how the Internet of Things is anticipated to affect the factory and automation systems precisely in a generic way. These necessities are also nothing but displays of the specificities and constraints of current systems. Here along with that top-down architecture design methodology, an early technology testing activity has also been started for the purpose of the deeper considerations of the available methods and techniques and the higher-level abstractions, these can upkeep. The technology testing activity is a bottom-up design methodology. This methodology permits testing the present technologies with regards of satisfaction of IoT@Work architecture [23] necessities or of outlining the desirable extensions.

Currently the project has offered a new way to form an IoT reference model, typically with the specifications of the IEEE Standard 1471–2000 software architecture approvals. The IoT-A project just make an use of the diversified visions of the all stakeholders of an IoT-system. So as a result, we actually get quite a few models comprising an IoT functional model. Depend on the classical ISO-OSI layer model, the latter model collects the functions to form the functional groups deprived of, where the function groups are not essentially layered. Therefore, this kind of alike method is implemented in the IoT@Work project. Here actually, grouping is done as per the functionalities for particular functions consistent with what their specialism. A practical example can be like the group of functions, who are responsible for making the network of things running and works for adjusting the communication as per the application requirements. Another function group works for handling application layer actions created by things and it’s as per the logic of the application.

The architecture which is the outcomes from this is comprises of numerous functions, which are applied by numerous constituents. Here the cross-cutting issues are organized into planes and they are orthogonal to the layers. The layers are well-defined as abstractions and function groups. Hence, it is well understood that, these layers are responsible for overall management for handling the IoT infrastructure from the lowermost layer to the top most layer where, IoT applications run. Furthermore, another focusing point is that, among these two, the function groups comprise management and orchestration functions. These functions work for the formation and also works for application’s constant running, on uppermost part of the resources and services existing in the IoT infrastructure. The functional grouping projected with three functional layers as follows:

  1. 1.

    The device and network embedded services. It is the first abstraction of the infrastructure, along with associated management functions also. These functions comprise securing physical constituents, managing communication interfaces, allocating identifiers and accumulating device semantics and context etc.

  2. 2.

    The second abstraction layer works for handling embedded resources and services with a special type of policy like in a sum up way. Moreover, it works for hiding some of the specifics of single constituents or devices. Here the functions comprise security administration, network abstractions, low-level system observing and service directories.

  3. 3.

    The third layer of abstraction provisions straightway the application with the use of particular middleware facilities, which are for IoT setups. As this architecture is exclusively for the automation field, so these functions comprise a messaging bus, application resource explanations (e.g., ask for trustworthy communication or security setting is interpreted here). The application logic is interpreted at formation or runtime. Also, the interfaces to the dissimilar IoT management constituents are well-defined here. Semantic reasoning functions, along with other supportive functions can be also put here.

The IoT-centered architecture is well-defined inside the area of automation systems. Hence, there is a concentration on those functional parts that should offer trustworthy and communication with security, which is obligatory by some automation applications. The IoT tactic to the embedded systems is depend on the model, that virtual and physical are interlinked and reinforced by self-managing features of the Internet protocols. Numerous functions and resources obtainable by embedded devices (subset of smart objects or things), can be encapsulated into virtual objects. These are invoked or made accessible to a range of applications and services, which contended to have the right to use and use the things, for example, their physical and virtual resources. An IoT architecture in point of fact has to afford trustworthy communication and assured security, as per the automation systems requisite it.

The main focusing areas of the IoT@Work methodology are:

  1. 1.

    Assured Quality of service (QoS) using resource reservations as opposed to relative priorities.

  2. 2.

    Decoupling of concept and implementation is another focused work. Here except DiffServ/IntServ, IoT@Work do not blend the QoS abilities of the IP or Ethernet layer with the interface to the higher layers. Therefore, they can afford a solution, which works for a wide variety of technologies and topologies, along with present Industrial-Ethernet standards. It also means that, this architecture can work over a mix of layer-3 and layer-2 networks.

  3. 3.

    Central management considers real resource obtainability along with application networking requirements for instance QoS, trustworthiness and service reputation. Central management can offer optimizations that are very hard to accomplish, by use of a distributed hop-by-hop reservation system. We should know that, central management does not essentially necessitate a central implementation, distribution using domain controllers and device agents. It is promising and can be well-thought-out. A slice can be well-defined for collections instead of just-per-flow reservations.

  4. 4.

    Another main focusing area is Path manipulations; it is another way for accomplishing the traffic engineering objectives. Here the customer of the network takes his/her own path selection judgments.

2 Other IoT Application Areas

2.1 Transportation/Logistics

In transport logistics, IoT progresses the material flow systems. Moreover, it advances the global positioning and auto identification of freights [2]. Furthermore, it upsurges the energy efficiency and as an outcome, it cuts the energy consumption. In a nutshell, in intelligent cargo movement, by use of IoT, can make revolution, in the global supply chain. This revolution can be accomplished by dint of nonstop process synchronization of supply-chain information, and continuous real-time tracking and locating of objects. As an outcome, the supply chain will be controllable nature, noticeable and transparent and it will empower intelligent communication among people and cargo.

2.2 Smart Home

In near future the smart homes will consider mainly three issues: the real time resource usage scenario (for example water conservation and energy consumption), security issues, and comfort issues. Our smart home objective should be attaining better levels of comfort, even though cutting the overall expenditure. At the same-time, the smart homes also should deal with the security issues. It should have complex security systems for identifying the theft, fire or illegal entries in the inside of smart home. The participants included in this scenario form a very heterogeneous group [19, 53]. It is very well understood that, in this kind of scenario, there are dissimilar players that will collaborate in the user’s home, for instance media-service suppliers, electric-service companies, telecommunications operators, Internet establishments, device makers, security firms etc.

2.3 Smart City

In a generic way, we understand that, the smart city highlighting area [13] will be living, governance, environment, economy, mobility and off-course people. Strong human along with social capital and ICT set-up a boost for all these smart city highlights. If we consider an example of a city of 1 million people, in next stages, a first business scrutiny determines that, numerous sectors/industries will get direct advantage from more and more digitalized and intelligent cities like as follows-

  • Smart metering, 600.000 m, US $120 million prospect.

  • Infrastructure for recharging electric vehicles, 45.000 electric vehicles, US $225 million prospect.

  • Remote patient monitoring (diabetes), 70.000 people, US $14 million prospect.

  • Smart retail, 4.000 stores, US $200 million prospect.

  • Smart-bank branches, 3.200 PTMs, US $160 million prospect.

2.4 Retail

The customer requirements and business prerequisites are both the matters, IoT has to realize. One of the examples can be Price evaluation and identifying the differences of a product. Another example can be, finding for further goods of the same class but much cheaper. Therefore, it’s well understood that, having this information in real time, benefits enterprises for advancing their business and to fulfil the customer requisites. It’s well understood that, the existing big retail chains will try their best to take benefit of their leading position with the intention of enforcing the future IoT retail market. The same thing happened in that past like, as it occurred with RFID acceptance, which was applied by WalMart in 2004. Mainly, companies with governing spots, for instance Metro AG, WalMart, Carrefour, etc. are capable to push the acceptance of IoT technology due to their considerable market power.

2.5 E‐Health

The main objective of the e‐Health in near future will be controlling and stopping health problems. Nowadays we already have wearable tracking devices, so it’s well understood that, we can have the option of being tracked and monitored by consultants even though locations are not same [3]. Health history of the marked peoples is another point that transforms the IoT-aided eHealth very versatile. So in near future we can have lots of business applications, that could give proposition for the opportunity of medical service for the patients as well as for the specialists, who requisite information to carry on their medical assessment. So it’s well understood that, IoT makes human interaction much more capable with very high efficiency, as it not only empower localization, but also empower the tracking and monitoring of patients. An example can be, supplying information about the status of a patient, automatically result in more efficient process and makes people much more contented. The most significant stakeholders in this situation will be public, private hospitals and institutes along with that its well-established fact that the telecommunications operators are moderately active in e-health. But system security and operational information security are still a big problem [3, 4].

2.6 Environment

In the environmental domain, applications have numerous commonalities with other set-ups. Example can be smart home and smart city. The significant matter in these circumstances is to identify the way to save more and more energy. Smart Grid is the one of the most projecting domain in recent time. We need to take lots of initiatives that will entail a much more distributed energy production. In the present time we can see that, many houses have a solar panel. Also, smart meter is a main component of the Smart grid. Therefore, it is well understood that, smart metering is nothing but a pre-condition for empowering intelligent communication, intelligent controller and smart monitoring in grid applications. Therefore, the fact is that, if we use the IoT platforms in Smart Metering, it will offer us following advantages:

  1. 1.

    The smart meters with an efficient network, empowers faster outage detection and re-establishment of service. A simple example can be, abilities rebound to the benefit of consumers.

  2. 2.

    All consumers always want to have lower bill and controlling of energy or water etc. So IoT platform in smart metering offers consumers, with greater power to controlling their energy or water consumption. Furthermore, it can offer them more selections for handling their bills.

  3. 3.

    IoT platforms in Smart Metering are anticipated to decrease the requirement of constructing power plants. Construction of power plants will be only very much needed, when we will have very expensive occasional peak demand. A more cost-effective method is to figure-out the demand, by either to give incentive to the consumers to decrease their demand, through rates depend on time or other programs. Furthermore, it can be by service-level contracts that permit switching off devices temporarily, which are not required.

3 Security Focuses

3.1 Security Aspects of Existing Projects

In the past work, we have a work that represented an intelligent Service Security Application Protocol. It puts together cross-platform communications with authentication, signature, and encryption, to increase IoT apps development abilities. The first fully applied two-way authentication security scheme for IoT [54], was described also. It was the Datagram Transport Layer Security (DTLS) protocol, depends on RSA and it is developed for IPv6 over Low Power Wireless Personal Area Networks (6LoWPANs) [6]. Typically, it is positioned in between transport and app layer. It offers message authenticity, confidentiality, and integrity. Some authors have categorized the Key Management System (KMS) protocols in four main groups: key pool framework, mathematical framework, negotiation framework, and public key framework. The combinatorics-based KMS protocols have some issues, like connectivity and scalability, along with these authentications also.

Now we can have another two appropriate KMS protocols for IoT environs, like Blom and the polynomial schema. In these schemes, numerous counter-measures are obligatory, to be able to have authentication and MitM attacks (man-in-the-middle attack). A framework for IoT depends on Public Key Infrastructure (PKI) is also there. A transmission model with signature-encryption schemes is also available now. It deals with the issues like the IoT security requirements (anonymity, trustworthy and attack resistance) with use of Object Naming Service (ONS) queries. It offers some key requirements, data integrity, platform creditability and identities authentication. As we know confidentiality is a major requirement, it was projected with a model with a unique and well resolution, which can guarantee the confidentiality. But this confidentiality in the IoT context is still not so good. Moreover, some good efforts have been experimented in the Wireless sensor network (WSN) field. An authentication protocol by use of lightweight [18, 35] encryption based on XOR was proposed also. The main idea is manipulation for anti-counterfeiting and privacy protection, coped with constrains IoT devices. A user authentication and key agreement scheme [19, 20] for Wireless sensor network (WSN) was proposed also. The main idea is to use hash and XOR computations and this technique safeguards, mutual authentication amid gateway nodes (GWN), users and sensor nodes. The authentication and access control method were projected [19, 20]. The idea is to establish a session key on a lightweight [18, 35] encryption mechanism, Elliptic Curve Cryptography (ECC). This scheme explains access control policies based on attribute and it is controlled by an attribute authority, to increase authentication. In IoT, access control denotes to the approvals in the usage of resources, allocated to diverse actors of a wide IoT network. We can see that, these recognized two subjects: data holders—feed data accumulators with an exact target, and data collectors—identifying and authenticating users and things from the information, which have been acquired.

Some authors [19, 54] have highlighted on the layer, liable for data gathering and also described a categorized access control scheme for the highlighted layer. It offers a single key and needed keys [19, 54] by making use of a deterministic key derivation algorithm. It helps to boost the security and dropping nodes storage costs. Also we got a system depends on an identity, for identifying personal location in emergency circumstances. It comprises of registration, users authentication, policy, and client subsystems [19, 54].

The EU FP7 IoT Work project [23] has projected the Capability Based Access Control (Cap-BAC), which is in use to control the access control processes to services and info with least-privilege operations. The others work is with identity concerns of exact identity management structure for IoT, about authentication and access control in the IoT framework (it was projected an authorization scheme for constrained devices- this scheme actually, integrate Physical Unclonable Functions (PUFs) with Embedded Subscriber Identity Module (eSIM)). This Physical Unclonable Functions (PUFs) based work offers us, authentication, scalability, interoperability, tamper-proof secret keys, compliance with security protocols and it is cheap, secure. Also, one author has described a method for multicast communication secured by use of a common secret key [19, 54] referred as group key. It decreases overhead, network traffic. The highlighting points are, the Protocol can be applied in (1) secure data aggregation in IoT and (2) Vehicle-to-Vehicle (V2V) communications in Vehicular Ad hoc Networks (VANETs).

3.2 Privacy and Trust in IoT

Now let’s discuss the current scenario of privacy in IoT [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19]. Some techniques [21,22,23,24,25,26,27,28,29,30,31,32, 34,35,36,37,38,39,40, 52,53,54,55,56,57,58,59,60] are there for Data tagging, techniques for the Information Flow Control. This technique has contributed for managed privacy [3, 42,43,44, 54, 56, 58], and it empowers the system to reserve privacy of individuals. Another one is the User-controlled privacy-preserved access control protocol. It is based on context-aware k-anonymity privacy policies, privacy defense mechanisms [3, 42,43,44, 54, 56, 58]. A new approach is called, continuously Anonymizing STreaming, data via adaptive cLustEring (CASTLE). It is actually a cluster-based scheme and it takes care about, delay constraints of data streams, freshness, enhance privacy preserve techniques and anonymity. The Privacy mechanism can be, like Discretionary Access and Limited Access. The minimum privacy risk is addressed by this work and also it has a mechanism, to protect the disclosure or cloning of data and avoid attacks. Another idea is the Privacy protection enhanced DNS (Domain Name System). It is capable to analyze the privacy risks. This scheme is able to offer the identity authentication and it can protect illegitimate access.

Attribute-based Signature (ABS) scheme, ePASS [57] was also projected. They classify the Attribute based encryption (ABE) into two parts- Key Policy ABE and Cipher-text Policy ABE. Hence, this is actually a public key encryption scheme, empowers a fine-gained access control, flexible data distribution and scalable key management. It promises privacy in IoT, offers attribute privacy for the signer. Another idea is Key-changed mutual authentication protocol [54], for Wireless sensor network (WSN) and Radio-frequency identification (RFID) systems. This protocol integrated a random number generator and a one-way hash function, reduces risks of replay, replication, DOS, spoofing, and tag tracking.

Trust in IoT [31, 32] can be achieved in different ways. Trust assessments have been carried out in many areas- like—Social networking, Fuzzy technique, Cooperative approach and Identity-based method.

Enforcement in IoT is a big issue. One idea is to deal with various issues like- network security, security policies, policy enforcement, and firewall policy management system. This idea has to project to use, various security services, like protecting data confidentiality, integrity, antivirus software, firewalls, authentication, encryption, and availability. Another idea is Policy enforcement languages. This work actually targeted at uniting policy enforcement and analysis languages and as an outcome it offers, correct policies. Another idea is Web Service Policy (WSP) and eXtensible Access Control Markup Language (XACML). This idea implemented a simulation environment: Web Ontology Language (OWL). It makes use of both policy languages and enforcement mechanisms. Another idea is the Hierarchical Policy Language, for Distributed System (HiPoLDS). It shows us, policy enforcement in distributed reference monitors and how it can manage the flow of info. Another approach can be the enforcement of privacy issues in E-commerce applications. In these paradigms, the approach defends user anonymity, user trustworthiness and customer privacy. Another idea is a formal and modular framework. This framework can have lots of good features, like it permits to enforce security strategy on concurrent system, generates fault negative and positive. Another idea can be use of algebra for Communication Process (ACP) and Basic Process Algebra (BPA) language. This idea is able to monitor the requests. Moreover, it can show the satisfaction of correlated rules with an enforcement operator. Another idea is Access control framework and Policy Machine (PM). This idea is nothing but integration of enforces policy objectives, expresses and secure framework. But it can be attacked by Trojan attacks.

Another idea is about Discretionary Access Control (DAC) Models, Mandatory Access Control (MAC) and Chinese Wall Security Policy Model. This idea shows us that, Policy Model (PM) is able to impose policy aims. Another approach is about, semantic web framework and meta-control model. Their work is combining the policy reasoning with identification and right of entry to the sources of information. Another idea is an enforcement resolution, denoted as SecKit. The SeeKit is depend on Model-based Security Toolkit. The work is, integrated with MQ Telemetry Transport (MQTT) protocol layer. It also guarantees enforcement of security and privacy policies. Another idea is the VIRTUS Middleware, which is able to offer, reliable and secure communication channel for distributed apps. It has an eXtensible Messaging and Presence Protocol (XMPP).

Another idea is Aml Framework and Otsopack. It can run on various platforms (Java SE, Android) and it’s extensible, modular and simple. Another idea is Trivial File Transfer Protocol (TFTP). It has more and more techniques for increasing the trust, privacy, and security in embedded system infrastructures. Naming, Addressing and Profile Server (NAPS) is another idea. It can work as a main module at the back-end data centre, to downstream from apps content-based data filtering, matching and support the upstream. Another idea is about A security architecture for IoT transparent middleware. The main contribution is that, it is depend on the existing security approaches (AES, TLS and oAuth). The architecture offers, a perfect blend of confidentiality, authenticity, integrity and privacy. Another idea is Heterogeneity Inclusion and Mobility Adaptation through Locator ID Separation (HIMALIS), which has three much related main contributions- privacy vulnerabilities, supports scalable inter-domain authentication, and solves security issue.

Another idea is an Ultra-lightweight and privacy preserving authentication protocol, which offers privacy and protects from many attacks. Another idea is the Mobile Intrusion Prevention System (m-IPS). It offers specific access control. Another idea is Mobile Sensor Data Processing Engine (MOSDEN). It empowers to acquire, and process sensor data and it works fine with push and pull data streaming mechanisms.

Also, NSF, National Science Foundation—has multi-institutional projects [28] on security with more highlight on Cyber physical security. They are trying to find ideal network architectures and networking with very high efficiency. Moreover, they are working with new kind of communication protocols with features like trusted data, trusted models, integrity and authentication. They are also trying to resolve issues like use of network assets on mobile environs, technical challenges, and the trade-offs of among mobility and scalability.

FIRE, Future Internet Research and Experimentation [29, 30] is a multi-nation project of EU, China and Korea. They are exploring several resolutions for the positioning of IoT technologies in numerous application areas. Some of the prominent application areas are people livelihood, medical and health service, urban management, public safety and social security. Their major concerning areas are intellectual property right, information security and privacy.

EU with Japan have launched an ICT Cooperation project [22]. They are trying to offer common global standards. These common global standards have firm target, to confirm an all-in-one communications and common ways to store and have right to use the information. These global standards can ensure us the highest security and energy efficiency standards.

4 Our Approach

What we have found in the above projects discussed, some have efficiency but not more secure, then some have just some sort of security, which can be broken very easily. Some projects have privacy but not proper authentications. Similarly, End to End secure communication is missing in some of those projects. Moreover, some projects security is good in security aspects but it’s not lightweight, so we know for IoT and IoE, we need lightweight cipher. We need a cipher for End to End encrypted communication, which can be much more secure and more authenticated. Furthermore, very popular public-key cryptosystem RSA (made of the initial letters of the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman) has many backlogs like.

  1. 1.

    Exploitation of multiplicative property and exploitation of Homomorphic property.

  2. 2.

    Difficulty of the integer factorization problem and Computational modular exponentiation complexity problem.

  3. 3.

    Partial key exposure vulnerability and Low Modular complexity with Effortlessness and speediness problem.

  4. 4.

    Real-time Key negotiation between each peers’ problem and parallel protection to Sniffing attacks.

  5. 5.

    Chosen Cipher text attacks (CCA), Brute force key search, and Timing attacks.

  6. 6.

    Asymptotic very low speed of decryption etc.

We have developed a Secure Hybrid RSA (SHRSA) messaging system for End to End encrypted messaging [46,47,48,49,50,51] with solutions to many bottlenecks of RSA and with high efficiency and lightweight architecture. We first took some of the RSA variants and insert them in our SHRSA encryption and decryption [46,47,48,49,50,51], with some other algorithms, to resolve some of the major problems with main RSA, as shown in Fig. 3. As an outcome, we have developed a SHRSA messaging scheme with SHRSA End to End Encryption and SHRSA Decryption.

Fig. 3
figure 3

Our SHRSA Messaging system scheme

Full size image

Instant Messaging (IMs) schemes nowadays have many backlogs. Some of the Instant Messaging (IMs) schemes’ backlogs are-

  1. 1.

    Centralized system, so single point failure can occur anytime, anyplace.

  2. 2.

    Only messages are encrypted, not strong encryption for communicating party’s communication protocol.

  3. 3.

    Decryption is not faster. Statistical complexity is less and vulnerable to chosen text cipher attacks and other attacks.

  4. 4.

    Authentication is by only password.

  5. 5.

    The requirement of a third party is considered a disadvantage and even when a third-party is present, it is often considered as a disinterested party. Nowadays lots of Instant Messaging (IMs) schemes have third party security.

  6. 6.

    Insecure default settings on Instant Messaging (IMs) schemes for clients are a big problem.

  7. 7.

    Sharing Instant Messaging (IMs) features with other applications introduce significant security risks.

  8. 8.

    Impersonation using a stolen/compromised password cannot generally be prevented in password-only systems, as a password is the only piece of secret shared between a user and the IM server.

  9. 9.

    Denial of Service (DoS) attack is a big problem.

  10. 10.

    Pure Peer to Peer scheme is used in very less cases.

  11. 11.

    Using Secure Sockets Layer (SSL)-based solutions for public IM service has drawbacks, while it is a step forward in terms of security.

  12. 12.

    The use of unpublished, non-standard proprietary protocols and non-centralized peer-to-peer file transfer makes it difficult to monitor IM traffic.

  13. 13.

    Almost all popular Instant Messaging (IMs) connections lack authentication (except in the login message), confidentiality and integrity. This opens the door to many other security vulnerabilities including impersonation, denial of service (DoS), man-in-the-middle, replay, etc.

Our SHRSA messaging system [46,47,48,49,50,51] will replace these following disadvantages of existing Instant Messaging schemes and protocols which are in use now-

  1. 1.

    Its distributed, no single point failure with SHRSA and its peer to peer connection, works with n*n SHRSA servers and clients.

  2. 2.

    SHRSA Decryption is 9 time faster.

  3. 3.

    SHRSA encryption is much more complex between each peer.

  4. 4.

    PH (Pohlig-Hellman) key exchange and Diffie-Hellman Exchange key ensure three-way authentications peer to peer.

  5. 5.

    Optimal Asymmetric Encryption Padding (OAEP) with some random salts added on runtime with synchronize time gap in our SHRSA scheme, protects Chosen Cipher Text Attack and short plaintext attack, Man-in the Middle attack and other attacks.

  6. 6.

    SHRSA works with End to end encryption with full mesh topology.

  7. 7.

    No SSL used and also no external digital certificates are used, we have our own SHRSA’s complex security, authentication and very strong confidentiality.

  8. 8.

    No default settings are shared with others, so less vulnerable.

  9. 9.

    No need of any third-party security, so cost saving.

  10. 10.

    It’s more reliable, more efficient and stronger due to variants of RSA integration.

  11. 11.

    No need to install IMSecure.

  12. 12.

    No need of use of any password as we have our own three-way four layers authentications for peers and then SHRSA encryption.

Our SHRSA messaging system [46,47,48,49,50,51], works with an End to End encryption model with Full Mesh networked architecture to ensure pure peer to peer nature. We have designed our SHRSA messaging scheme, with nine layers protocol stack as shown in Fig. 4.

Fig. 4
figure 4

Our SHRSA nine-layer protocol stack

Full size image

Moreover, in our past [46,47,48,49,50,51] work, we have shown that our SHRSA is a perfect combination of strong security, authentication, and reliability. In the encryption level, our SHRSA encryption with 1024 Bit RSA modulus, is helping us to resolve some of the scientific problems like,

  1. (a)

    The exploitation of multiplicative property.

  2. (b)

    The exploitation of homomorphic property (meet-in-the-middle attack).

  3. (c)

    Difficulty of the integer factorization problem of RSA.

  4. (d)

    The very high computationally costly exponentiation modulo N problem.

  5. (e)

    Low modular complexity with effortlessness and speediness problem.

Moreover, our SHRSA encryption scheme, have proper protection from Chosen Plaintext Attack and short plaintext attack etc., along with protection to Sniffing attacks and resolving the real-time Key negotiation issue also. Brute force attack is countered by randomly altering the keys in synchronous time slot with 1024 Bit value.

In the decryption level of SHRSA, our SHRSA decryption is helping us to resolve some of the scientific problems like,

  1. (a)

    Computational modular exponentiation complexity.

  2. (b)

    Partial key exposure vulnerability.

  3. (c)

    Asymptotic very low speed of decryption of RSA problem. We are gaining almost 9 times faster asymptotic decryption speed.

Cost estimation comparisons of variants of RSA, CRT-RSA and our SHRSA system’s decryption is here Fig. 4. (where k = 3(no. of primes)). We have found that SHRSA scheme’s decryption time is near about 290 ms (average running of decryption class 5 times of RSA, CRT-RSA and SHRSA APIs for decryption during messaging), whereas CRT-RSA decryption has taken time near about 652 ms and RSA decryption has taken 2611 ms. But all cipher’s encryption time is same (Fig. 5).

Fig. 5
figure 5

Speed-up comparison of RSA variants and SHRSA

Full size image

Hence, it iss a complex secure, efficient and lightweight system for use it in present IoT and in near future in Future Internet of everything (IoE), though we have used our SHRSA cipher for secure and efficient messaging scheme as on time [46,47,48,49,50,51]. It’s a distributed system, so no chance of central failure without depending upon third party for authentication and security. As it’s implemented in Java, so it’s interoperable also.

5 Conclusions

To have a proper secure and privacy protected proliferation of IoT services, we need architectures with ciphers or other security approaches to entail customized security and privacy levels. In this paper we have discussed several existing models of IoT, it has given us a wide-range overview of many open issues with future directions in the IoT security field. We have discussed various issues here like, trust, privacy and security rules in the middleware environs and for mobile devices, diverse technologies and communication standards, the security and privacy necessities and appropriate security resolutions. In precise, the secured IoT necessitate compliance with well-defined security and privacy strategies, privacy for users and things, confidentiality, access control, and trustworthiness among devices and users. We also have described our SHRSA messaging scheme with 9-layered protocol stack, which has many real-time applications and it is ready for use as our system is installable software now. Our SHRSA messaging scheme’s encryption and decryption have not only replaced many bottlenecks of popular cipher RSA but also has resolved many problems of existing Instant Messaging (IM) schemes. In the real-time testing results, we have found that SHRSA scheme’s decryption time is near about 290 ms (average running of decryption class 5 times of RSA, CRT-RSA and SHRSA APIs for decryption during messaging), whereas CRT-RSA decryption has taken time near about 652 ms and RSA decryption has taken 2611 ms. Here we have gained practically 9 times in decryption by our SHRSA than RSA. But RSA, CRT-RSA and SHRSA’s encryption time is same. Due to multiple cipher integration it has already strong security, authentication and privacy. Our implementation has allowed ubiquitous and automatic encryption available to all users without any need of understanding the complications involved. Our architecture also affords a hassle-free, secure, peer-to-peer, unconventionally strong and reliable platform with End to End -encryption for people and organizations who are concerned about their privacy and security. Future researches in the security concerns of the Internet of Things would mostly quintessence on the consequential characteristics like: terminal security function, related laws for the security of the Internet of Things, the open security system, single privacy protection mode, etc. It is unconditional that, the security of the Internet of Things is more than a technical difficulty, which also has necessities for series of policies, laws and regulations, perfect security management system for mutual collocation.