It has been over a year since I wrote an article about the Internet of Things, and the technology around it has evolved considerably since then. In the year since my last writing on the subject, extensive trial and error testing on my part has revealed a few pitfalls with utilizing the Constrained Application Protocol (CoAP) with a Datagram Transport Layer Security (DTLS) connection:
Overall, the CoAP over DTLS concept was very elegant, but exceptionally complex and cumbersome for mass use outside of applications that require a high level of security (such as electric/water/gas utility use), and CoAP alone was very insecure, but provided everything you would ever need for communicating with embedded IoT devices, specifically sensors. To be more specific, the CoAP protocol on it's own was very well designed (utilizing a RESTful design which allows it to operate much like HTTP), but highly-tailored for interacting with sensor devices for reading data. While provisions were made for writing data to devices to control their sensors, this can be a dangerous thing to do when your communications are unsecured.
For the Internet of Things to truly catch on for global use, a new protocol needs to be developed that takes all of the best parts of CoAP, and expands on them to add native support for security. Until an open standard can be developed that will all devices to be secured out-of-the-box, the Internet of Things will be nothing more than a novel concept in a niche market, where there is always the fear that your device will be compromised (an excellent example of this is a case where a web-connected baby monitor was hacked in 2012, allowing the hacker to scream obscenities at a sleeping toddler. Nice work Foscam...)
As long as a new protocol is being defined and developed, the following points should be considered. The protocol should:
If these basic considerations are taken into consideration while the protocol is being defined, the Internet of Things could greatly benefit from the work, and finally have a common and secure base from which to start to grow. Without the development of a protocol that follows these guidelines, I fear that the Internet of Things will eventually grow into a mass of millions (or billions) of unsecured devices, all running their own proprietary protocols which are built on top of an already over-layered Internet architecture.