SlideShare a Scribd company logo

509286-Aki_Koivu-Review

A
Aki Koivu

This document discusses cryptography and security implementations for Internet of Things (IoT) devices. It begins with an introduction to IoT and the need for security protocols as IoT devices collect and transmit large amounts of sensitive data. Challenges to IoT security include the diversity of devices which makes vulnerabilities complex, and limited computational resources. The document then explores using symmetric and public key cryptography algorithms as well as proposed lightweight cryptography solutions for IoT security. It concludes that while traditional security solutions are inadequate, lightweight cryptography protocols have the potential to help secure IoT communications and address current challenges if standardized for diverse IoT hardware.

Related slideshows

SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACTSECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
 
IRJET - A Study on Smart Way for Securing IoT Devices
IRJET - A Study on Smart Way for Securing IoT DevicesIRJET - A Study on Smart Way for Securing IoT Devices
IRJET - A Study on Smart Way for Securing IoT Devices
 
Internet of Things Forensics
Internet of Things ForensicsInternet of Things Forensics
Internet of Things Forensics
 
1 of 3
Download to read offline
1 Cryptography and security implementations in the Internet of Things Aki Koivu, B.Sc University of Turku Email: aki.i.koivu@utu.fi Abstract—Internet of Things (IoT) device is defined as a device that is embedded with network connectivity among others. When an IoT device has network connectivity, in today’s standards it needs to have at least the basic security protocols implemented. The need for solid network security protocols increases when the devices operate at an environment that produces confidential data, industry or military environments for example. IoT devices can differ from each other a lot, but usually they are small and portable by nature. This means the cost of computation is a critical factor. Implementing too many features will decrease the systems computational power to an unacceptable state. This makes standardizing a set of security protocols tough. So how these protocols are best utilized in IoT devices is a conundrum. In this review article we will explore the nature of IoT, the fundamentals of IoT security, the possible security risk factors and their challenges, focusing on cryptosystems and their protocol implementations considering network security. Symmetric and public key algorithms are presented and Lightweight Cryptog- raphy as a new solution for IoT security. Index Terms—IoT, security, protocol, lightweight, cryptogra- phy. I. INTRODUCTION A. IoT The Internet of Things is the new innovative technology that promises to enhance and optimize our many aspects of our life with intelligent sensors and smart objects working together [Keoh et al., 2014]. It contains of a plethora of dif- ferent devices with embedded features. These features main responsibilities are to collect data and to transfer said data to other devices. The use of IoT devices is increasing rapidly, with es- timations of 50 billion connected devices by 2020. Areas of application are numerous, from health analysis devices around peoples arms to industrial implementations designed for monitoring or remote control. The potential of these devices is inspiring organizations to invest into Industrial Internet and Machine-to-Machine (M2M) communications. [Schurgot et al., 2015]. The fundamental feature of IoT is to share information. The benefit of this feature can be seen in home automation for example, where a system can improve the energy efficiency of your home and improve costs on other areas. This is done by installing sensors and controllers throughout the house. The sensors can work with our smartphones, lowering the heat when the phones user is outside or open the front door when the user is outside for example. The connectivity of these devices enable constant and sometimes even real-time sharing of information. [Schurgot et al., 2015]. B. Data The concept of IoT has been that numerous physical devices or objects with different kinds of sensors and actuators are con- nected to the Internet. This is done via heterogeneous access networks, which are enabled with technologies like embedded sensing and actuating, radio frequency identification (RFID), Bluetooth Low Energy (BTLE), wireless sensor networks, and real-time and semantic web services among others. IoT could be categorized as a network of networks. [Wang et al., 2013]. Since the number of connected ”Things” is estimated to be colossal in nature, so is the amount of raw data trans- ferred and processed. The raw data is analyzed and mined to abstract factual information such as correlations among things [Wang et al., 2013]. With all of this data collecting, there is also a risk that emerges. This data, if not correctly secured, can be collected by a nefarious entity to exploit the situation. Since the usage of IoT devices is gaining popularity, the occurrence of nefarious usage also grows. This is why securing the continuous stream of data and hardware of IoT is important. II. IOT SECURITY A. Security risk factors The factors that contribute to IoT security problems can be categorized in to two, the diversity of IoT and the com- munication of IoT. The problem of diversity embodies itself as vulnerabilities produced by careless program design. This enables the usage of malware and backdoor installations in the device. Because of the diversity of devices, these security problems are more complex compared to traditional systems. [Zhang et al., 2014]. The communication of IoT can cause security complications when we consider the core concepts of information security; integrity, confidentiality, and availability of the data (Figure 1). Integrity can be compromised by modifying the data midway of transfer, thus altering the results of a process that takes said data as an input. Confidentiality can be broken by simply reading the transferred data midway. Availability can be denied if the transferred data never reaches its target destination. Because IoT devices are by design well connected to multiple other devices and that they collect and transfer large amounts of data, securing the M2M communication
2 Figure 1. Fundamental concepts of information security especially is crucial. This is however a considerable challenge given the restrictions of IoT. The lack of security in IoT devices can manifest itself as privacy problems, when a good amount of data is collected based on your behavior. An attacker with an unauthorized access to a smart homes sensor data could know when the owner leaves the house. The lack of security could also be fatal, for example when a pacemaker could be wirelessly hacked to malfunction [Storm, 2015]. B. Challenges of Secure Software IoT can be abstracted to three layers, they are the sensing layer, transport layer, and application layer [Guicheng and Zhen, 2013]. Software vulnerability in the application layer is one of the most important aspects of current security research. When a new vulnerability is found in software, attackers can use it to exploit every machine that has the software installed. With traditional computer systems this is not a big problem, because when a fix is found it can be applied quickly to numerous different systems. This is because modern system architectures tend to be similar. Security awareness on software programming is almost effortless to impose thanks to this. [Zhang et al., 2014]. In the heterogeneous IoT environment things are not as simple. Because of the diverse pool of hardware platforms and modified operating systems it is difficult to apply even the most common security features to all devices. It also makes it difficult for programmers to keep up with security awareness because of the numerous distinct implementations on multiple differing platforms. Programmers are also faced with more and more complex software solutions in IoT devices, so considering every aspect of secure programming can be brutal. [Zhang et al., 2014]. C. Challenges of Secure Communication The most commonly used types of connections in IoT are Local area network (LAN), Infrared, Bluetooth, RFID, wire- less fidelity (Wi-Fi), and Cellular broadband among others. Securing the communication of two devices requires working mechanisms to identify, authenticate, and authorize devices. To implement these abstract mechanisms in the transport layer, various cryptosystems and protocols are used. To identify a device in a network is the first important issue when it comes to secure communication. For IoT, in a TCP/IP utilized connection the Domain Name System (DNS) is mostly used as a way to identify a device in a network. This might change in the future, as the more specific Object Name Service (ONS) mechanism has been invented and it theoretically could be applied to IoT. After a device has been identified, it needs to be located within the network. The most popular way of doing this is the IPv4 and IPv6 protocols. [Zhang et al., 2014]. After identifying and locating a device, it is authenticated. At this point the security aspect of the connection starts. Verifying a device’s genuineness is vital when we consider the scale of IoT. Imagine a device that could imitate other devices, feeding false information to a server that creates decisions automatically based on said data. [Crossman and Liu, 2015]. The attacks can be made to the sensing layer of IoT as well, by controlling or blocking real nodes in a system with vicious nodes. Denial Of Service (DOS) attack is also a possibility, by attacking the gateways or servers of the overall system. [Guicheng and Zhen, 2013]. III. CRYPTOSYSTEMS AND PROTOCOLS Different organizations provide multiple architectures and models for network and information security. They include time-based protection, Prevention and Detection and Response model (PDR) and its variants, TCP/IP security mechanism, ISO/OSI system, and the Internet Engineering Task Force model (IETF) among others. The nature of IoT makes the implementation of these models and systems difficult, because the traditional architectures do not take into account the con- struction of entire networks and information security systems. They mostly concentrate on simple protection measures that can not be aimlessly implemented in mass [Zhang, 2006]. Because traditional solutions do not work in this environment, new ways to secure IoT devices are needed. [Liu et al., 2013]. A. Symmetric and Public Key algorithms A cryptosystem usually has mechanisms to generate a key, encrypt said key, and decrypt it. Because of the resource limitations of IoT devices, these mechanisms have to be lightweight. Although commonly used cryptosystems are too heavyweight to be implemented to IoT, there are versions of conventional cryptosystems that can pass this limitation and are specifically made to support constrained environments like IoT devices. Advanced Encryption Standard (AES) is an open encryption standard that has been successfully ported to a few of IoT devices. It uses symmetric cryptography, so that the en- cryption and decryption use the same key, and is considered to be secure enough when it is used with initialization vector that scrambles data before encryption, so that no two identical mes- sage do not result in identical encrypted data [Goluboff, 2015]. There are also new symmetric cryptography based solutions
3 Figure 2. Symmetric and public key algorithms proposed; block ciphers CLEFIA and PRESENT, stream ci- pher project eSTREAM and the lightweight hash algorithm SHA-3. [Katagi and Moriai, 2008]. Public key authentication (PKA) differs from symmetric ones that when symmetric key algorithms use the same key for encryption and decryption, PKA uses a paired set of keys that consist of a secret key for decryption and a public key for encryption (Figure 2) [Tatham, 2004]. PKA does not get broken if the one of the keys is discovered, thus it is more secure than symmetric algorithms. But this mechanism also requires great number of resources, and at this time there are no solutions that would be lightweight and secure enough to be a good fit for IoT. [Katagi and Moriai, 2008]. B. Lightweight Cryptography Lightweight Cryptography (LWC) could resolve the prob- lems that the conventional cryptosystems present. LWC is a cryptographic protocol made specificity to use with devices that have limited resources, RFID tags and sensors for ex- ample. LWC could be implemented in IoT, by standardiz- ing a general-purpose solution. ISO/IEC 29192 describes the lightweight properties based on target platform [ISO, 2012]. When implementing a protocol to an IoT device, energy con- sumption, and the amount of random access memory (RAM) used are good indications of lightweight or heavyweight solu- tions. LWC would have a smaller footprint when considering implementation compared to other network security protocols like TLS. The benefits would be more efficient end-to-end communication and smaller footprint of the cryptographic resources needed. LWC for IoT is currently only theorized, since standardization for a variety of devices is complex. [Katagi and Moriai, 2008]. IV. CONCLUSIONS IoT is an evergrowing technology and with it comes an everflowing stream of data. What follows is an acute need for better security implementations, as the data is presumed to preserve the fundamental aspects of information security. Secure communications and software present challenges, since traditional solutions are poor in the IoT environment. New cryptographic solutions like LWC are theorized, but not stan- dardized yet because of the diverse pool of IoT hardware. REFERENCES [Crossman and Liu, 2015] Crossman, M. A. and Liu, H. (2015). Study of authentication with iot testbed. In Technologies for Homeland Security (HST), 2015 IEEE International Symposium on, pages 1–7. ID: 1. [Goluboff, 2015] Goluboff, M. (2015). Aes vs ssl/tls: Encryption for the internet of things. Electronic Products. Lantronix. [Guicheng and Zhen, 2013] Guicheng, S. and Zhen, Y. (2013). Application of elliptic curve cryptography in node authentication of internet of things. Ninth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pages 452–455. [ISO, 2012] ISO (2012). Iso/iec 29192-1. [Katagi and Moriai, 2008] Katagi, M. and Moriai, S. (2008). Lightweight cryptography for the internet of things. Sony Corporation. [Keoh et al., 2014] Keoh, S. L., Kumar, S. S., and Tschofenig, H. (2014). Securing the internet of things: A standardization perspective. Internet of Things Journal, IEEE, 1(3):265–275. ID: 1. [Liu et al., 2013] Liu, C., Zhang, Y., and Zhang, H. (2013). A novel approach to iot security based on immunology. In Computational Intelligence and Security (CIS), 2013 9th International Conference on, pages 771–775. ID: 1. [Schurgot et al., 2015] Schurgot, M. R., Shinberg, D. A., and Greenwald, L. G. (2015). Experiments with security and privacy in iot networks. In World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2015 IEEE 16th International Symposium on a, pages 1–6. ID: 1. [Storm, 2015] Storm, D. (2015). Researchers hack a pacemaker, kill a man (nequin). (http://www.computerworld.com/article/2981527/cybercrime- hacking/researchers-hack-a-pacemaker-kill-a-man-nequin.html). [Tatham, 2004] Tatham, S. (2004). Using public keys for ssh authentication. PuTTY User Manual. [Wang et al., 2013] Wang, C., Daneshmand, M., Dohler, M., Mao, X., Hu, R. Q., and Wang, H. (2013). Guest editorial - special issue on internet of things (iot): Architecture, protocols and services. Sensors Journal, IEEE, 13(10):3505–3510. ID: 1. [Zhang, 2006] Zhang, C. Y. (2006). Network security architecture. University of Electronic Science and Technology of China Press. [Zhang et al., 2014] Zhang, Z.-K., Cho, M. C. Y., Wang, C.-W., Hsu, C.-W., Chen, C.-K., and Shieh, S. (2014). Iot security: Ongoing challenges and research opportunities. In Service-Oriented Computing and Applications (SOCA), 2014 IEEE 7th International Conference on, pages 230–234. ID: 1.

More Related Content

509286-Aki_Koivu-Review

  • 1. 1 Cryptography and security implementations in the Internet of Things Aki Koivu, B.Sc University of Turku Email: aki.i.koivu@utu.fi Abstract—Internet of Things (IoT) device is defined as a device that is embedded with network connectivity among others. When an IoT device has network connectivity, in today’s standards it needs to have at least the basic security protocols implemented. The need for solid network security protocols increases when the devices operate at an environment that produces confidential data, industry or military environments for example. IoT devices can differ from each other a lot, but usually they are small and portable by nature. This means the cost of computation is a critical factor. Implementing too many features will decrease the systems computational power to an unacceptable state. This makes standardizing a set of security protocols tough. So how these protocols are best utilized in IoT devices is a conundrum. In this review article we will explore the nature of IoT, the fundamentals of IoT security, the possible security risk factors and their challenges, focusing on cryptosystems and their protocol implementations considering network security. Symmetric and public key algorithms are presented and Lightweight Cryptog- raphy as a new solution for IoT security. Index Terms—IoT, security, protocol, lightweight, cryptogra- phy. I. INTRODUCTION A. IoT The Internet of Things is the new innovative technology that promises to enhance and optimize our many aspects of our life with intelligent sensors and smart objects working together [Keoh et al., 2014]. It contains of a plethora of dif- ferent devices with embedded features. These features main responsibilities are to collect data and to transfer said data to other devices. The use of IoT devices is increasing rapidly, with es- timations of 50 billion connected devices by 2020. Areas of application are numerous, from health analysis devices around peoples arms to industrial implementations designed for monitoring or remote control. The potential of these devices is inspiring organizations to invest into Industrial Internet and Machine-to-Machine (M2M) communications. [Schurgot et al., 2015]. The fundamental feature of IoT is to share information. The benefit of this feature can be seen in home automation for example, where a system can improve the energy efficiency of your home and improve costs on other areas. This is done by installing sensors and controllers throughout the house. The sensors can work with our smartphones, lowering the heat when the phones user is outside or open the front door when the user is outside for example. The connectivity of these devices enable constant and sometimes even real-time sharing of information. [Schurgot et al., 2015]. B. Data The concept of IoT has been that numerous physical devices or objects with different kinds of sensors and actuators are con- nected to the Internet. This is done via heterogeneous access networks, which are enabled with technologies like embedded sensing and actuating, radio frequency identification (RFID), Bluetooth Low Energy (BTLE), wireless sensor networks, and real-time and semantic web services among others. IoT could be categorized as a network of networks. [Wang et al., 2013]. Since the number of connected ”Things” is estimated to be colossal in nature, so is the amount of raw data trans- ferred and processed. The raw data is analyzed and mined to abstract factual information such as correlations among things [Wang et al., 2013]. With all of this data collecting, there is also a risk that emerges. This data, if not correctly secured, can be collected by a nefarious entity to exploit the situation. Since the usage of IoT devices is gaining popularity, the occurrence of nefarious usage also grows. This is why securing the continuous stream of data and hardware of IoT is important. II. IOT SECURITY A. Security risk factors The factors that contribute to IoT security problems can be categorized in to two, the diversity of IoT and the com- munication of IoT. The problem of diversity embodies itself as vulnerabilities produced by careless program design. This enables the usage of malware and backdoor installations in the device. Because of the diversity of devices, these security problems are more complex compared to traditional systems. [Zhang et al., 2014]. The communication of IoT can cause security complications when we consider the core concepts of information security; integrity, confidentiality, and availability of the data (Figure 1). Integrity can be compromised by modifying the data midway of transfer, thus altering the results of a process that takes said data as an input. Confidentiality can be broken by simply reading the transferred data midway. Availability can be denied if the transferred data never reaches its target destination. Because IoT devices are by design well connected to multiple other devices and that they collect and transfer large amounts of data, securing the M2M communication
  • 2. 2 Figure 1. Fundamental concepts of information security especially is crucial. This is however a considerable challenge given the restrictions of IoT. The lack of security in IoT devices can manifest itself as privacy problems, when a good amount of data is collected based on your behavior. An attacker with an unauthorized access to a smart homes sensor data could know when the owner leaves the house. The lack of security could also be fatal, for example when a pacemaker could be wirelessly hacked to malfunction [Storm, 2015]. B. Challenges of Secure Software IoT can be abstracted to three layers, they are the sensing layer, transport layer, and application layer [Guicheng and Zhen, 2013]. Software vulnerability in the application layer is one of the most important aspects of current security research. When a new vulnerability is found in software, attackers can use it to exploit every machine that has the software installed. With traditional computer systems this is not a big problem, because when a fix is found it can be applied quickly to numerous different systems. This is because modern system architectures tend to be similar. Security awareness on software programming is almost effortless to impose thanks to this. [Zhang et al., 2014]. In the heterogeneous IoT environment things are not as simple. Because of the diverse pool of hardware platforms and modified operating systems it is difficult to apply even the most common security features to all devices. It also makes it difficult for programmers to keep up with security awareness because of the numerous distinct implementations on multiple differing platforms. Programmers are also faced with more and more complex software solutions in IoT devices, so considering every aspect of secure programming can be brutal. [Zhang et al., 2014]. C. Challenges of Secure Communication The most commonly used types of connections in IoT are Local area network (LAN), Infrared, Bluetooth, RFID, wire- less fidelity (Wi-Fi), and Cellular broadband among others. Securing the communication of two devices requires working mechanisms to identify, authenticate, and authorize devices. To implement these abstract mechanisms in the transport layer, various cryptosystems and protocols are used. To identify a device in a network is the first important issue when it comes to secure communication. For IoT, in a TCP/IP utilized connection the Domain Name System (DNS) is mostly used as a way to identify a device in a network. This might change in the future, as the more specific Object Name Service (ONS) mechanism has been invented and it theoretically could be applied to IoT. After a device has been identified, it needs to be located within the network. The most popular way of doing this is the IPv4 and IPv6 protocols. [Zhang et al., 2014]. After identifying and locating a device, it is authenticated. At this point the security aspect of the connection starts. Verifying a device’s genuineness is vital when we consider the scale of IoT. Imagine a device that could imitate other devices, feeding false information to a server that creates decisions automatically based on said data. [Crossman and Liu, 2015]. The attacks can be made to the sensing layer of IoT as well, by controlling or blocking real nodes in a system with vicious nodes. Denial Of Service (DOS) attack is also a possibility, by attacking the gateways or servers of the overall system. [Guicheng and Zhen, 2013]. III. CRYPTOSYSTEMS AND PROTOCOLS Different organizations provide multiple architectures and models for network and information security. They include time-based protection, Prevention and Detection and Response model (PDR) and its variants, TCP/IP security mechanism, ISO/OSI system, and the Internet Engineering Task Force model (IETF) among others. The nature of IoT makes the implementation of these models and systems difficult, because the traditional architectures do not take into account the con- struction of entire networks and information security systems. They mostly concentrate on simple protection measures that can not be aimlessly implemented in mass [Zhang, 2006]. Because traditional solutions do not work in this environment, new ways to secure IoT devices are needed. [Liu et al., 2013]. A. Symmetric and Public Key algorithms A cryptosystem usually has mechanisms to generate a key, encrypt said key, and decrypt it. Because of the resource limitations of IoT devices, these mechanisms have to be lightweight. Although commonly used cryptosystems are too heavyweight to be implemented to IoT, there are versions of conventional cryptosystems that can pass this limitation and are specifically made to support constrained environments like IoT devices. Advanced Encryption Standard (AES) is an open encryption standard that has been successfully ported to a few of IoT devices. It uses symmetric cryptography, so that the en- cryption and decryption use the same key, and is considered to be secure enough when it is used with initialization vector that scrambles data before encryption, so that no two identical mes- sage do not result in identical encrypted data [Goluboff, 2015]. There are also new symmetric cryptography based solutions
  • 3. 3 Figure 2. Symmetric and public key algorithms proposed; block ciphers CLEFIA and PRESENT, stream ci- pher project eSTREAM and the lightweight hash algorithm SHA-3. [Katagi and Moriai, 2008]. Public key authentication (PKA) differs from symmetric ones that when symmetric key algorithms use the same key for encryption and decryption, PKA uses a paired set of keys that consist of a secret key for decryption and a public key for encryption (Figure 2) [Tatham, 2004]. PKA does not get broken if the one of the keys is discovered, thus it is more secure than symmetric algorithms. But this mechanism also requires great number of resources, and at this time there are no solutions that would be lightweight and secure enough to be a good fit for IoT. [Katagi and Moriai, 2008]. B. Lightweight Cryptography Lightweight Cryptography (LWC) could resolve the prob- lems that the conventional cryptosystems present. LWC is a cryptographic protocol made specificity to use with devices that have limited resources, RFID tags and sensors for ex- ample. LWC could be implemented in IoT, by standardiz- ing a general-purpose solution. ISO/IEC 29192 describes the lightweight properties based on target platform [ISO, 2012]. When implementing a protocol to an IoT device, energy con- sumption, and the amount of random access memory (RAM) used are good indications of lightweight or heavyweight solu- tions. LWC would have a smaller footprint when considering implementation compared to other network security protocols like TLS. The benefits would be more efficient end-to-end communication and smaller footprint of the cryptographic resources needed. LWC for IoT is currently only theorized, since standardization for a variety of devices is complex. [Katagi and Moriai, 2008]. IV. CONCLUSIONS IoT is an evergrowing technology and with it comes an everflowing stream of data. What follows is an acute need for better security implementations, as the data is presumed to preserve the fundamental aspects of information security. Secure communications and software present challenges, since traditional solutions are poor in the IoT environment. New cryptographic solutions like LWC are theorized, but not stan- dardized yet because of the diverse pool of IoT hardware. REFERENCES [Crossman and Liu, 2015] Crossman, M. A. and Liu, H. (2015). Study of authentication with iot testbed. In Technologies for Homeland Security (HST), 2015 IEEE International Symposium on, pages 1–7. ID: 1. [Goluboff, 2015] Goluboff, M. (2015). Aes vs ssl/tls: Encryption for the internet of things. Electronic Products. Lantronix. [Guicheng and Zhen, 2013] Guicheng, S. and Zhen, Y. (2013). Application of elliptic curve cryptography in node authentication of internet of things. Ninth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pages 452–455. [ISO, 2012] ISO (2012). Iso/iec 29192-1. [Katagi and Moriai, 2008] Katagi, M. and Moriai, S. (2008). Lightweight cryptography for the internet of things. Sony Corporation. [Keoh et al., 2014] Keoh, S. L., Kumar, S. S., and Tschofenig, H. (2014). Securing the internet of things: A standardization perspective. Internet of Things Journal, IEEE, 1(3):265–275. ID: 1. [Liu et al., 2013] Liu, C., Zhang, Y., and Zhang, H. (2013). A novel approach to iot security based on immunology. In Computational Intelligence and Security (CIS), 2013 9th International Conference on, pages 771–775. ID: 1. [Schurgot et al., 2015] Schurgot, M. R., Shinberg, D. A., and Greenwald, L. G. (2015). Experiments with security and privacy in iot networks. In World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2015 IEEE 16th International Symposium on a, pages 1–6. ID: 1. [Storm, 2015] Storm, D. (2015). Researchers hack a pacemaker, kill a man (nequin). (http://www.computerworld.com/article/2981527/cybercrime- hacking/researchers-hack-a-pacemaker-kill-a-man-nequin.html). [Tatham, 2004] Tatham, S. (2004). Using public keys for ssh authentication. PuTTY User Manual. [Wang et al., 2013] Wang, C., Daneshmand, M., Dohler, M., Mao, X., Hu, R. Q., and Wang, H. (2013). Guest editorial - special issue on internet of things (iot): Architecture, protocols and services. Sensors Journal, IEEE, 13(10):3505–3510. ID: 1. [Zhang, 2006] Zhang, C. Y. (2006). Network security architecture. University of Electronic Science and Technology of China Press. [Zhang et al., 2014] Zhang, Z.-K., Cho, M. C. Y., Wang, C.-W., Hsu, C.-W., Chen, C.-K., and Shieh, S. (2014). Iot security: Ongoing challenges and research opportunities. In Service-Oriented Computing and Applications (SOCA), 2014 IEEE 7th International Conference on, pages 230–234. ID: 1.