The Internet of Things (IoT) concept refers to the usage of standard
Internet protocols to allow for human-to-thing and thing-to-thing
communication. The security needs for IoT systems are well- recognized
and many standardization steps to provide security have been taken,
for example, the specification of Constrained Application Protocol
(CoAP) secured with Datagram Transport Layer Security (DTLS). However,
security challenges still exist, not only because there are some use
cases that lack a suitable solution, but also because many IoT devices
and systems have been designed and deployed with very limited security
capabilities. In this document, we first discuss the various stages in
the lifecycle of a thing. Next, we document the security threats to a
thing and the challenges that one might face to protect against these
threats. Lastly, we discuss the next steps needed to facilitate the
deployment of secure IoT systems. This document can be used by
implementors and authors of IoT specifications as a reference for
details about security considerations while documenting their specific
security challenges, threat models, and mitigations. This document is
a product of the IRTF Thing-to-Thing Research Group (T2TRG).