1.

INTRODUCTION
During the past few years, in the area of wireless communications and networking, a novel
paradigm named the Internet of Things (IoT) which was first introduced by Kevin Ashton in the year
1998, has gained increasingly more attention in the academia and industry. By embedding short-range
mobile transceivers into a wide array of additional gadgets and everyday items, enabling new forms of
communication between people and things, and between things themselves, IoT would add a new
dimension to the world of information and communication.
Unquestionably, the main strength of the IoT vision is the high impact it will have on several
aspects of every-day life and behaviour of potential users. From the point of view of a private user, the
most obvious effects of the IoT will be visible in both working and domestic fields. In this context,
assisted living, smart homes and offices, e-health, enhanced learning is only a few examples of possible
application scenarios in which the new paradigm will play a leading role in the near future. Similarly,
from the perspective of business users, the most apparent consequences will be equally visible in fields
such as automation and industrial manufacturing, logistics, business process management, intelligent
transportation of people and goods.
However, many challenging issues still need to be addressed and both technological as well as
social knots need to be united before the vision of IoT becomes a reality. The central issues are how to
achieve full interoperability between interconnected devices, and how to provide them with a high degree
of smartness by enabling their adaptation and autonomous behaviour, while guaranteeing trust, security,
and privacy of the users and their data. More-over, IoT will pose several new problems concerning issues
related to efficient utilization of resources in low-powered resource constrained objects.
Several industrial, standardization and research bodies are currently involved in the activity of
development of solutions to fulfill the technological requirements of IoT. The objective of this paper is to
provide the reader a comprehensive discussion on the current state of the art of IoT, with particular focus
on what have been done in the areas of protocol, algorithm and system design and development, and what
are the future research and technology trends.

Definition: The Internet of Things (IoT) is a computing concept that describes a future where everyday
physical objects will be connected to the Internet and will be able to identify themselves to other devices.
The term is closely identified with RFID as the method of communication, although it could also include
other sensor technologies, other wireless technologies, QR codes, etc.
In the context of Internet of Things a thing could be defined as a real/physical or digital/virtual
entity that exists and move in space and time and is capable of being identified. Things are commonly
identified either by assigned identification numbers, names and/or location addresses.
The Internet of Things allows people and things to be connected Anytime, Anyplace, with
Anything and Anyone, ideally using Any path/network and Any service.
TheIoT has been defined from various different perspectives and hence numerous definitions for IoT
exist in the literature. The reason for apparent fuzziness of the definition stems from the fact that it is
syntactically composed of two termsInternet and things. The first one pushes towards a network
oriented vision of IoT, while the second tends to move the focus on generic objects to be integrated into
a common framework. However, the terms Internet and things, when put together assume a meaning
which introduces a disruptive level of innovation into the ICT world.
The Internet of Things implies a symbiotic interaction among the real/physical, the digital/virtual
worlds: physical entities have digital counterparts and virtual representation; things become context aware
and they can sense, communicate, interact, exchange, data, information and knowledge.
The sequel of this report is structured as follows: Section 2 explains the literature survey,two major
components in the Internet of Things Global Sensor Networks and RFID,Three research results from
other fields that we believe are worth investigating for the Internet of Things are introduced and an
analysis of the components in the Internet of Things, their sensitivity to security and privacy, as well as an
analysis of the state in research for topics considered as highly sensitive. In Section3, Webinos approach is
introduced and detailed on related security and privacy work using Createnotes and Baseline in Section 4.
In Section 5,Challenges and future trends are explained. Concluding remarks are given in Section 6.
Future works are mentioned in section 7.

2. LITERATURE SURVEY
In the research communities, IoT has been defined from various different perspectives and hence
numerous definitions for IoT exist in the literature. In fact, IoT semantically means a world-wide
network of interconnected objects uniquely addressable, based on standard communication protocols .
This implies that a huge number of possibly heterogeneous objects are involved in the process. In
IoT, unique identification of objects and the representation and storing of exchanged information is the
most challenging issue. This brings the perspective of IoTsemantic perspective.
2.1Government, Academia and Industry:
Rodrigo Roman , Jianying Zhou , Javier Lopez On the features and challenges of security and
privacy in distributed internet of things Institute for Infocomm Research, ,in Elsevier
journal,Malaga 29071,spain
In this work,the author is of the opinion that, the concept of a distributedIoT is not novel. In fact, various
official documents consider it as one of the possible strategies that can push the dream of the IoT into the
real world, and it has been explicitly mentioned that the development of decentralized autonomic
architectures and the location of intelligence at the very edge of the networks are issues that need to be
addressed.Still,some key questions have been answered to make the most of this strategy in the real
world, such as the specific situations on which the network intelligence should be distributed.In order to
answer these questions, it is necessary tostudy the specific requirements of applications. For exam ple,
whether an application needs support for distributed ownership of data. This and other issues that have
been raised by these governmental studies are being carefully considered by the research community.
There are various research articles that study different instances of distributed IoT architectures.
A.Gmez-Goiri, D. Lpez-de-Ipia, On the complementarity of Triple Spaces and the Web of
Things, in: 2nd International Workshop on Web of Things (WoT11), San Francisco, USA, 2011.
In this work, the authorsGo mez-Goiri and Lpez-de-Ipia combine the concept of the web of things
(using web protocols to implement the IoT) with the concept of triple spaces (using semantic web
techniques to exchange knowledge in a distributed local shared space) to create a distributed environment
where devices located in two or more spaces can collaborate with each other through Internet services.In
another example, which follows a more holistic point of view, describe a heterogeneous system known as
U2IoT that comprises two subsystems: Unit IoTs, which are basic local cells that provide solutions for
special applications, and Ubiquitous IoT, which comprises the different Unit IoTs plus other managers
and controls the collaboration between all entities.
There are also many research projects funded by various government bodies that, directly or

indirectly, are studying as of 2012 the needs of a distributed IoT architecture. Precisely, one of these
projects, IoT-A, is aiming to provide an architectural reference model for the interoperability of Internet
of Things systems. Note that such a reference architecture does not mandate how all entities
should collaborate, or who should analyze the data andprovide the different services.
Still, the communication model provides the foundations for the creation of distributed applications,
allowing digital entities to directly connect and interact with other digital entities. Moreover, the location
of intelligence at the edge of the network is implicitly considered, as digital entities range from simple
devices to abstract entities made up of various distributed devices. Therefore, its building blocks could
be used in the future to create fully distributed IoT applications.
Some concrete building blocks, which can help to build a distributed IoT, have been indirectly studied
in other research projects. For example, the HYDRA project developed an open source middleware that
allows legacy devices to provide web services over the Internet directly or indirectly. HYDRA also
provides some tools that can be used to enable collaboration, such as a device and service discovery
interface. This interface can make use of anontology to describe the available services, achieving
semantic consistency. Another project, SENSEI, was more focused on providing a consistent interface to
access the services of Wireless Sensor Networks (WSN) islands. But it produced other relevant results,
such as semantically-enabled resource directories, and local management systems that benefit of the
existence of such directories.
Finally, other projects, like CUBIQ and SMARTPRODUCTS,studied and developed various P2Pbased distributedmechanisms, such as a distributed publish/subscribe system and a distributed storage
system.
Beyond theoretical research, there are numerous companies and start-ups that are making use of cloud
technologies to provide IoT services. The key idea is that all edge devices and intranet of things will send
their information periodically to an application platform located in the cloud. This platform stores all the
data and provides specialized API interfaces that can be used by 3rd parties to create their IoT
applications.
There are various approaches for implementing these types of platforms: from closed environments
where even the sensors are controlled by the company to more open platforms that allow the integration
of external devices and databases. Most of these solutions are completely centralized: edge systems act
mainly as data acquisition networks, and application plat forms from different vendors are not prepared to
interact with each other.
Yet there are some platforms that, pursuing the idea of creating private and hybrid clouds, can be
deployed in a local environment. These platforms not only enable the existence of local intelligence but
also can exchange information and services with external systems, thus they can easily become instances
of the distributed IoT.

2.2Research from other Domains :

The current Internet has failed in many ways to provide adequate security and privacy. We present three
research results that are worth considering in the Internet of Things. We shortly present these approaches
and motivate in investigating them for the use in the Internet of Things.
B. Schneier,Weitzner et alThe Future of Privacy, Presentation at RSA Conference Europe, Oct.
2008
In this work, the author describes the concept of Information Accountability relating it to the
concepts in Internet of Things.Since first information systems have been set up and the Web has taken its
way to reach millions of people, the dilemma of privacy in the digital world has begun. Using the same
techniques to protect privacy of people and maybe the privacy of things in the Internet of Things
will maybe end in the same results: uncontrolled information flow and uncontrolled privacy. The current
large-scale databases storing personal data will get filled up even more in the days of the Internet of
Things and record our every steps.
As Schneierexplained we have quite no way of controlling the collection and use of personal data.
Worse, lots of data is linked to personal information which is often not necessary. All of this data is
collected and stored, but not deleted, which inevitably result in data garbage that goes uncontrolled.
Weitzner et al. present a new concept to privacy which they call Information Accountability The
main principle of information accountability is not to try to prevent the leakage of data and being
helpless once data leaks but rather being able to control the usage of the data. Therewith being able to
call persons to account that misuse the data which is not able with the current concept of privacy that
is based on keeping information secret
G. Montenegro, C. Castelluccia Crypto-based Identifiers(CBIDs): Concepts and Applications.
ACM Transactions on Information and System Security 7(1):97-127 Feb.2004
Here, the authors present a concept which known as Cryptographic Identifiers.Cryptographic
Identifiers are used within several newer networking protocols to prove ownership of an address. The
IPv6 Secure Neighbour Discovery (Send), e. g., uses Cryptographically Generated Addresses to prevent
address spoofing, as possible in the Address Resolution Protocol (ARP) used in LANs. Furthermore,
given the large size of Overlay identifiers, the use of Cryptographic Identifiers can there be used to
prove the ownership of ones identifier. The Host Identity Protocol (HIP), e. g., bases its security highly
on Cryptographic Identifiers.
The Cryptographic Identifiers as RFID IDs would enable tags to prove that they really ownthe
ID. With current RFID solutions mainly deployed in self-contained systems, the need to ownership proof
does hardly arise. Having public databases that store all information about a tags and are publicly
queriable, brings up the problem of tag ID spoofing as an attacked can gather all tag information from

the database and then prepare a tag that spoofs its identity as some other tag. Cryptographic Identifiers
can help detect tags that spoof their ID as other tags. Furthermore, the scheme can be deployed for
sensor nodes that take part in an overlay network where identifiers are long enough to use Cryptographic
Identifiers. These nodes can then prove ownership of their identifier. This allows to detect rogue sensors
that spoof as another tag and possible give out corrupted sensing data.
E.Blab, M. Zitterbart.Towards Acceptable Public-Key Encryption in Sensor Networks.In
roceedings of 2ndInterntional Workshop on Ubiquitous Computing.Pp. 88-93. May 2005
In this work, the authors has given a menthod of solving the Cryptographic Identifiers. These
Cryptographic Identifiers are based on asymmetric-key cryptography and therefore have a large
overhead compared to symmetric-key cryptography in terms of computational power and key-size. As it
has been shown that sensor nodes can be able to perform asymmetric-key cryptography, the use of
Cryptographic Identifiers in sensor nodes is possible. RFID tags are quite some time away from
performing asymmetric-key cryptography, but will eventually be able. Therefore, interesting results are
to arise when using the RFID tags ID in combination with Cryptographic Identifiers.
S. Mathur, W. Trappe, N. Mandayam, C. Ye, A. Reznik. Radio-telepathy: Extracting a Security
Key from anUnauthendicated Wireless Channel. In Proceedings of MobiCom. Pp. 128-139. Sept.
2008
Here, S. Mathur has given an approach for Key Extraction from Wireless Channel Characteristics. As
a large part of communication in the Internet of Things will occur over wireless channels that are
susceptible to eavesdropping key establishment is necessary to provide confidential communication.
The work of Mathur et al.provides the establishment of a common cryptographic key for two users by
the use of characteristics of the wireless channel. As the wireless channel characteristics for a
communication context between A and B are the same only for exactly A and B, it is possible to use this
characteristic to extract bits from stochastic processes. These bits can then be used to form a symmetric
cryptographic key. So, A and B independently calculate the same symmetric key for their
communication solely through the fact that A talks to B and B talks to A.This scheme seems promising
when it comes to wireless communication in the Internet of Things, because (1) it is based only on
symmetric-key cryptography, and (2) it would be expensive to establish key infrastructures or distribute
keys in the Internet of Things that is made up of such large numbers of things.

Fig 2.1: Shows convergence of different visions of IoT

While the perspective of things (shown in figure1) focuses on integrating generic objects into a
common framework, the perspective of Internet pushes towards a network-oriented definition.
According to IPSO (IP for Smart Objects) alliance , a forum formed inthe year 2008, the IP stack is a
light-weight protocol that already connects a large number of communicating devices and runs on batteryoperated devices.
This guarantees that IP has all the qualities to make IoT a reality. It is likely that through an
intelligent adaptation of IP and by incorporating IEEE 802.15.4 protocol into the IP architecture, and by
adoption of 6LoWPAN, a large-scale deployment of IoT will be a reality.
As mentioned earlier in this section, semantic oriented IoT visions have also been proposed in the
literature . The idea behind this proposition is that the number of items involved in the future Internet is
designed to become extremely high. Therefore, issues pertaining how to represent, store, interconnect,
search, and organize information generated by the IoT will become very challenging. In this context,
semantic technologies will play a key role. in fact, these technologies can exploit appropriate modelling
solutions for things description, reasoning over data generated by IoT, semantic execution environments
and architectures that accommodate IoT requirements and scalable storing and communication
infrastructure .
Marina ruggieri, homayounnikookarInternet of Things:Converging Technologies for Smart
Environments and Integrated Ecosystems,University of Roma Tor Vergata Delft University of
Technology,ItalyThe Netherlands
The authors ofClusterbook 2012,

did research on IoT technologies. They clearlystated

thattheInternetofThings(IoT)hasreachedmanydifferentplayersandgained further recognition. Out of the

potential Internet of Things application areas, Smart Cities (and regions), Smart Car and mobility, Smart
Home and assisted living, Smart Industries, Public safety, Energy & environmental protection,

Agriculture and Tourism as part of a future IoT Ecosystem(shown in figure2) have acquired high
attention.

Fig 2.2: IoT Ecosystem

As the Internet of Things continues to develop, further potential is estimated by a combination with
related technology approaches and concepts such as Cloud computing, Future Internet, Big Data, robotics
and Semantictechnologies. The idea is of course not new as such but becomes now evident as those
related concepts have started to reveal synergies by combining them.
2.3Security And Privacy Issues:
Christoph P. Mayer Security and Privacy Challenges in the Internet of Things Institute of
Telematics Universitat Karlsruhe (TH), Germany
In this work, Mayer explains the IoT categorization which serves as base to detail on the security and
privacy sensitivity in the respective fields. The Internet of Things can be categorized into eight topics(see
figure2.1):

Communication to enable information exchange between devices

Sensors for capturing and representing the physical world in the digital world

Actuators to perform actions in the physical world triggered in the digital world

Storage for data collection from sensors, identification and tracking systems

Devices for interaction with humans in the physical world

Processing to provide data mining and services

Localization and Tracking for physical world location determination and tracking

Identification to provide unique physical object identification in the digital world

Fig2.3: Categorization of topics and technologies in the Internet of Things

Rodrigo Roman , Jianying Zhou , Javier Lopez On the features and challenges of security and
privacy in distributed internet of things Institute for Infocomm Research, ,in Elsevier
journal,Malaga 29071,spain
Here, the author presents one of the major challenges that must be overcome in order to push
the Internet of Things into the real world is security. IoT architectures are supposed to deal with an
estimated population of billions of objects, which will interact with each other and with other entities,
such as human beings or virtual entities. And all these interactions must be secured somehow, protecting
the information and service provisioning of all relevant actors and limiting the number of incidents that
will affect the entire IoT.
However, protecting the Internet of Things is a complex and difficult task. The number of
attack vectors available to malicious attackers might become staggering, as global connectivity (access
anyone) and accessibility (access anyhow, anytime) are key tenets of the IoT. The threats that can
affect the IoT entities are numerous, such as at tacks that target diverse communication channels, physical
threats, denial of service, identity fabrication, and others.Finally, the inherent complexity of the IoT,
wheremultiple heterogeneous entities located in different con texts can exchange information with each
other, further complicates the design and deployment of efficient, inter operable and scalable security
mechanisms.

Some of the previously mentioned challenges, alongside with the security mechanisms that
should be integrated into the Internet of Things, have been already enumerated by the research
community. They are as follows:

Heterogeneity has a great influence over the protocol and network security services that must be
implemented in the IoT. These protocols require credentials, thus optimal key management systems
must be implemented to distribute these credentials and to help in establishing the necessary session
keys between peers.

The existence of billions of heterogeneous objects also affects identity management. Another
important aspect related to authentication is authorization. If there is no access control whatsoever,
everything will be accessed by everyone, which is neither viable nor realistic.

The size and heterogeneity of the IoT also affects its trust and governance. There are actually two
dimensions of trust: (a) trust in the interaction between entities, where we have to deal with
uncertainty about the future actions of all collaborating entities, and (b) trust in the system from the
point of view of the user, as users must be able to manage their things so as to not feel under some
unknown external control.

The number of vulnerable systems and attacks vectors will surely increase in the context of the IoT,
thus fault tolerance becomes essential. Not only we must strive for security by default (robust
implementations, usable systems, etc.) in the IoT, but also we need to develop awareness mechanisms
that can be used to create the foundations of intrusion detection and prevention mechanisms, which
will help IoT entities to protect or even gracefully degrade their services. Finally, recovery services
must be able to locate unsafe zones (i.e. zones affected by attacks) and redirect the functionality of the
systems to other trusted zones.
Rodrigo Roman , Jianying Zhou , Javier Lopez On the features and challenges of security and
privacy in distributed internet of things Institute for Infocomm Research, ,in Elsevier
journal,Malaga 29071,spain
As aforementioned, in order to understand how the different approaches presented in Section 2.3should
be secured in the future, it is firstly necessary to enumerate and analyze the attacker models. These
models have been defined in a way that they can be applied to both centralized and distributed IoT
approaches. Note, however, that the concept of perimeter in the Internet of Things is a bit fuzzy: an
attacker can control part of the network, but due to the inherent distributed nature of the IoT, it is nearly
impossible for an attacker to fully control the whole system. As a result, an attacker can be both internal
and external at the same time. These attacker models, categorized by threats, are introduced in the
following paragraph.

Denial of service (DoS): There are a wide number of DoS attacks that can be launched against

the IoT. Beyond traditional Internet DoS attacks that exhaust service provider resources and network
bandwidth, the actual wireless communication infrastructure of most data acquisition networks can
also be targeted (e.g. jamming the channels). Malicious internal attackers that take control of part of

the infrastructure can create even more mayhem.

Physical damage: This threat can be seen as a subset of the DoS threat. In this attacker model,
active attackers usually lack technical knowledge, and can only hinder the provisioning of IoT services
by destroying the actual things. This is a realistic attack in the IoT context, because things might be
easily accessible to anyone (e.g. a street light). If that is not possible, the attacker can simply target the

hardware module in charge of creating the virtual persona of the thing.

Eavesdropping: Passive attackers can target various communication channels (e.g. wireless
networks, local wired networks, Internet) in order to extract data from the information flow.
Obviously, an internal attacker that gains access to a particular infrastructure will be able to extract the

information that circulates within that infrastructure.

Node Capture: As aforementioned, things (e.g. household appliances, street lights) are
physically located in a certain environment. Instead of destroying them, an active attacker can try to
extract the information they contain. Note also that, instead of things, active attackers can also target

other infrastructures that store information, such as data processing or data storage entities.
Controlling: As long as there is an attack path, active attackers can try to gain partial or full
control over an IoT entity. The scope of the damage caused by these attackers depends mainly on (a)
the importance of the data managed by that particular entity, (b) the services that are provided by that
particular entity.
However, the Internet of Things is still maturing, in particular due to a number of factors, which

limit the full exploitation of the IoT. Among those factors the following appear to be most relevant:

No clear approach for the utilisation of unique identifiers and numbering spaces for various

kinds of persistent and volatile objects at a global scale.

No accelerated use and further development of IoT reference architectures like for example the

Architecture Reference Model(ARM) of the project IoT-A.

Less rapid advance in semantic interoperability for exchanging sensor information in

heterogeneous environments.
Difficulties in developing a clear approach for enabling innovation, trust and ownership of data

in the IoT while at the same time respecting security and privacy in a complex environment.
Difficulties in developing business which embraces the full potential of the Internet of Things.

Overcoming those hurdles would result in a better exploitation of the Internet of Things potential by a
stronger cross-domain interactivity, increased real-worldawarenessand utilization ofaninfiniteproblemsolvingspace.

In addition eight new projects from the recent call on SMARTCITIES in the scope of the European
Research Program FP7, including a support and coordination action on technology road-mapping, will
reinforce this year the research and innovation on a safe/reliable and smart Internet of Things, and
complete the direct IoT related funding of 70M in FP7. Furthermore, a project resulting from a joint call
with Japan will explore the potential of combining IoT and Cloud technologies. The further vision
correlated with the IoT is the so called web of things(Webinos).According to this vision of IoT, web
standards are reused to connect and integrate into the web every-day-life objects that contain an
embedded device or computer.

3. PROPOSED SYSTEM
Webinos is a collective project to make the web work for applications. Webinos has a vision to build a
multi-device, applications platform based on web technology that:

 allows web apps to run seamlessly across multiple devices and to use resources across devices
allows web applications to communicate with other web applications and (non web components)
over multiple device
links the application experience with the social network
achieves all of the above in a security preserving manner
explicitly targets the four distinct screens: the mobile, the PC, the in-car (automotive) and the
home media (TV) devices
The intent in webinos is to translate the success of the web as a distributed document publishing system
into a successful, distributed applications platform.
The webinos platform should be built upon and move forward the required open standards. This platform
should have a concrete implementation that is accessible to all as an open source asset.
Technically, all of this should be achieved reusing the core development technologies that have already
proven themselves on the Web (HTML and JavaScript), affording the benefits of speed of development
and access to a large developer talent pool.
The innovation webinos brings shall not just be technical; by embracing an open web culture, we hope to
create an application framework that does not favour any particular corporation, and on which may
parties can collaborate, and from which many companies benefit.
Webinos approach is an EU-funded approach aiming to define and deliver an Open Source Platform and
software components for the Future Internet in the form of web runtime extensions, to enable web
applications and services to be used and shared consistently and securely over a broad spectrum of
converged and connected devices, including mobile, PC, home media (TV) and in-car units.
By promoting a single service for every device vision, webinos will move the existing baseline of web
development from installed applications to services, running consistently across a wide range of
connected devices, ensuring that the technologies for describing, negotiating, securing, utilizing device
functionalities and adapting to context are fit to purpose.
One of the main focuses for Telefnica R&D in webinosapproach is to provide SMEs with innovative
tools to help them to work more efficiently. This motivation is alignedwith the interests of different
business units at Telefnica for SMEs and several initiatives which have been already launched such as
Wayra andAmrigo.
Benefits provided by webinos platform enabling web applications and services to be used and shared
consistently and securely over a broad spectrum of converged and connected devices, Telefnica R&D is
being developing an innovative collaboration tool to be used by SMEs.
Webinos platform provides developers with integrated and powerful tools and interfaces to create
applications able to work in different contexts of use. It is therefore easy to devise a huge range of
possible use cases suitable to use this platform, such as:

A new vision of social networks interaction, i.e., collaboratively writing of tweets with the
help of a large TV screen as visualization device and using two or more mobile phones or tabs as

input devices to enter the data through them.

Integrating mobile phone to control the home entertainment, i.e. using the mobile phone to

replace the TV remote control, providing different functionalities such as channel selection.
Device-to-device communication, i.e. using the geolocation capabilities of devices with built-in
GPS to provide another device (such as a camera) with that information.

3.1 Webinos architecture

Webinos architecture (see Figure 3.1) is based on the concept of personal zones. A personal zone
includes all the devices associated to a specific user and it provides a framework for managing all these
devices, together with the services able to run on them.
To enable external access to personal zones as well as managing communications, Webinos implements
a Personal Zone Hub (PZH). The rest of the devices have a Web Runtime (WRT), e.g. a browser,
intended to present the applications, and a Personal Zone Proxy (PZP) that might be connected to the
PZH to offer specific local services to the rest of components of the personal area.
The interaction between devices is implemented through a common discovery service and an event
system. The discovery service is in charge of finding the services offeredby remote devices, and once
they have been identified, accessing them through specific APIs. The event system is used for solving the
different communication needs among the applications. An application could either publish its own
events or subscribe to a type of event published by others.
Webinos APIs can be categorized as follows :

Webinos base and generic objects/interfaces: for example, the webinos core module that

defines a common interface which all webinos APIs can be accessed through.
APIs for service discovery and remote access: APIs allowing applications to discover other

devices and services/applications on other devices and on network servers.

Hardware resources APIs: APIs to access information and functionality relating to specific

device hardware such as GPS, camera, microphone, sensors, etc.

Application data APIs: application capabilities such as contact items, calendar information,

messages, files, etc.

Communication APIs: APIs allowing applications to communicate with other applications in the

same or another device.

Application execution APIs: in order to let webinosapplications to launch other webinos and

native applications.
User profile and context APIs: APIs allowing applications access to user profile data and user

context.

Fig3.1: Webinos architecture overview

4. TOOLS AND TECHNOLOGIES

4.1 Creativenotes :
CreativeNotes has been designed taking advantage of several features of webinosplatform, namely:

Webinos apps are implemented using the most modern web technology (e.g. HTML5 or
Javascript), taking advantage of all the interactive capabilities offered by these technologies.
Besides, the User Interfaces (UIs) developed using webinos are written in standard languages such

as HTML5, making it possible an easy migration to another environments if needed.

Webinos extends the capabilities offered by traditional Web technologies. In this sense,
webinos allows the developers to access to services offered by the devices such as the browsing of
own personal files. On the contrary, this flexibility would not be allowed using HTML5 due to its

security policies.
A single service for every device" vision. UIs are implemented once, and they are able to run
on several different devices. This vision is extremely useful nowadays, because of the great amount

of existing heterogeneous devices.

Webinos platform offers interesting security features including a policy of access control for
APIs, multi-level authentication modelling and encrypted communication channels. These features
are actually quite useful for the creation of different layers of allowed people & devices able to
access several different personal services (e.g. different teams involved in a creativity/brainstorming

process could access to the services related with a specific creation process).
Furthermore, Webinos API is intended to support the information collection from the users
perspective (e.g. the temperature to that some food is being boiled, the anxiety level experienced
from the participants in an evaluation session, etc.). Thanks to the incorporation of users
perspective, application designed will have a much higher acceptance degree among their users

4.1.1CreativenotesApplication Workflow:
The basic scenario of CreativeNotes(see figure 4.1) consists of a session of creativity or brainstorming
where several participants are involved. The participants would have mobile devices (e.g. tablets or
smart phones) in order to create individually contents through several input modalities such as voice,
photos or videos. Besides the different devices used by the different users involved in the creation
process, there will be a large main screen where certain contents can be sent and it will be used for
sharing ideas among the participants. This main screen would be present in the creation lab and it is not
needed that all participants were physically present there, on the contrary, some of them would
contribute remotely to the brainstorming process, but their contributions and ideas will be displayed in
the main screen.

In this scenario, special attention should be paid to the information sharing, the event handling and the
privacy management. The workflow supporting this scenario would be the following:
The information sharing will be supported by a web server which will be in charge of storing the
contents provided by the different participants. Once a note is sent to the server, it will inform to the
content creator about the resource location (i.e. a URL).
Then, using the event handling mechanisms implemented in the webinosplatform, the creator will let the
other participants know about the new provided content and its location. At this point, it would be very
important that thecontent creator could have the possibility to manage the privacy profile to be applied.
For example, according to aspecific profile, the access to the notifications sent can be restricted to only
some specific users or group of users.
In the figure, workflow about a simple case of note sharing is represented, showing the different
components and their interactions in the process.

Fig4.1: Workflow diagram of notes sharing

The workflow would be:

Firstly, the PZP (Personal Zone Proxy) uploads a note into the Web Server
After that, the web server sends back to the PZP a URL for the note previously uploaded.
An event is sent to the PZH (Personal Zone Hub)
The PZH will inform another participants about the just created content

4.2 Implementation of security in Baseline

The following architectural details(see figure 4.2) are a snapshot of current work in progress. The key
technologies are still under development and therefore subject to change. This should, however, give a
strong indication of direction and technology.

Fig4.2: Security implementation in Baseline architecture

The baseline of webinos architecture - existing and already used today - is informed by the current state
of the art, this encompasses BONDI, WAC, ChromeOS, HP WebOS, Nokia implementations and is the
most probable implementation for the W3C Widget and DAP specifications.
It resolves all the challenges raised in IoT throughits four coarse grained conceptual layers:
1.

A packaging layer for physically distributing the web application, adding descriptive meta data
to the application and embedding identity and least privilege security elements to a web

application.
2.
Web interpretation layer: this maps closely to a chrome-less web browsing component, such as
can be found within Webkit or Mozilla code bases. It consists of HMTL interpretation, and
JavaScript interpreted and an object model on to key dynamic elements of the web page,
including the XHR communication mechanism
3.
There exists a policy layer, to mediate security sensitive action. A basic security layer is to be
found in standard browser. This is the policy element that can intercept popups, file downloads or
inhibit scripts or plugins running on the web runtime. More advanced policy mechanisms are to
be found in widget implementations and extended runtimes. These advanced policy layers will
mediate access to remote network components (e.g. WARP) on a least privileged basis. Or may
implement global (user preferences) on access to sensitive capabilities such a location access or
4.

contacts etc.
Finally there exists an extensible framework for adding new and exciting APIs that enhance the

standard web browsing experience.

These layers are copiously documented with respect to current state of the art implementation in the
webinos state of the art analysis documents .
4.3 Relationship to existing initiatives
Webinos does not exist in a vacuum. It explicitly recognises and has a concrete plan to coordinate with
the other bodies and technologies that are relevant to its execution. These include but are not limited to
W3C HTML5
The HTML5 emergent standards, are one of the foundations upon which webinos is built. HTML5 itself
is a vital part, but insufficient in itself to address all the issues that webinos has identified as vital for
multi device web applications to be successful. webinos will actively feedback implementation
experience on some of the wider multi device problems to the HTML5 working group to facilitate wider
and long term adoption.
W3C DAP
Similarly, the Device APIs and Policy working group, forms one of the principle foundations of
webinosspecifically definitions of APIs, but is insufficient in its own right to deliver web applications.
webinos will engage to provide direct implementation feedback to this process as it evolves.
W3C Widgets
The 1.0 widget specifications are complete and form one of the principle cornerstones of a web
application: how to package and secure a web application. To deliver the innovations webinos envisions,
these specifications will have to be enhanced and webinos shall feed into the Widget 2.0 specifications
to make this happen.
WAC (BONDI-JIL)
The WAC specifications, which subsume both the BONDI and JIL specifications, shall be used as a
basis for delivering the first version of the webinos platform.
4.4Web Technology and Web Foundations:
webinos, is of course based upon pre-existing web standards. In the course of its development it will
review and make change recommendations to some of these foundation components. Likely areas for
consideration are:

Widget related:

To attempt to reconcile the use of local JavaScript APIs with access to remotely define web
based APIS. webinos will look to creating common abstractions, delivered as local JavaScript,
but implemented in both remotely and locally, but dealing with the security and performance

optimization issues in sensible ways.

Extending the outreach of a widget to other devices
Provide possibility to make 1:1 installations of web applications/widgets on another device
(transportable widgets) which allows to use an application further on another device (which
might have some special additional features needed by the application)
Partially code outsourcing to another device which only contains code suitable for a given
task, e.g., take a picture or send an SMS (including code created at runtime). Here we could
have an API that allows the creation of widgets on the client site. The newly created widget
can then be installed on other devices where it is executed. Providing the application to
outsource as common web pages may also an approach in conjunction with HTML5 app

cache. However, this may also influences W3C Widget Update over HTTP procedure.
To make dynamically created or statically provided widgets available to other devices we could
provide web server functionality via JavaScript to widgets. Thus widgets could act as common

web server and provide the code exchange/widget download functionality by their own.
Even if we allow very huge payload sizes for the webinosEventing/Messaging/Notification API
it would not allow streaming communication between widgets. For proper Widget2Widget
communication, especially for streaming data communication, we could provide some kind of

data pipe / socket API to widgets.

With socket and http/web server APIs we would enable web applications to be first class
citizens in the web like native applications.

5.RESULT
Webinos is a powerful but well balanced consortium, bringing together key players (industry and
academia) across the four domains. It currently comprises 22 organisations and secured funding to the
tune of 14 million over 3 years. It is made up from

Mobile Operators: Telecom Italia, Telefonica, Docomo, Deutsche Telekom

Handset/Vehicle Manufacturers: Samsung, Sony Ericson and BMW
Universities: University of Oxford, InstitutoSuperiore Mario Boella, National Technical
University of Athens, Politecnico di Torino, TechnischeUniversittMnchen, Universit di

Catania
Research Insititutes: Fraunhofer-Institute FOKUS, IBBT , TNO
Analyst houses and Consultancies: VisionMobileFuturetext
SME: AmbieSense, Antenna Volantis Systems, Impleo
Standards bodies: W3C
This approach has proved successful, as demonstrated by the number of implementations now

employing it; however, it has been designed with the single application on the single device, connected to
a standard web server in mind.
And this sums up the technical scope of webinos: to build upon the existing foundations of web
applications, and to extend this with the architectural elements necessary

to allow web apps to run seamlessly across multiple devices and to use resources across

devices
to allow web applications to communicate with other web applications and (nonweb
components) over multiple device

to link the application experience with the social network

and to do all of this in a security preserving manner.

In the new world of the cloud where provenance of data and applications can be hard to detect, the
fundamentals that bridge the gaps become essential. It is notainsignificant challenge!
So some of the key components through which webinos is achieved are as follows:

Webinos Browsers features:

The webinos Platform extends the browser with new capabilities to discover and access services on
other devices whether they are local or remote. This allows your tablet to stream audio to your room's
speakers, or to work in tandem with your TV to enrich the viewing experience with live discussions with
your friends including access to ancillary information, e.g. where to locally get the ingredients for a
cooking program. The webinos Platform enables applications to expose services for other devices to use

through lightweight discovery and connection mechanisms. The browser thus also acts as a server.
Webinos Servers features:
Not all webinos devices will include a browser. Some will instead provide specific services, such as the
room's speakers above. Other roles include communication hubs that bridge different interconnect
technologies; basic sensors and actuators, e.g. to control heating and lighting; media servers, and context
managers. Public servers are needed to support wide scale discovery and access to services, including
establishing P2P communication paths.
webinos creates a world where:

A mobile device runs a web application, e.g. an Electronic Program Guide (EPG) viewer, and
the set-top box runs a web application (also an EPG viewer). But the mobile would like to make use
of the set-top box data, so it must also act as a server providing information to the mobile. This
scenario is not a new one. On Android and iPhone you can find an ecosystem of mobile native
applications, set-top box native applications, and background set-top box servers that deliver this
service. The
webinos vision is to bring this basic use case and deliver it all through a single technology, and an

integrated, easy to build web technology. But all of this delivered under a common security model.
A second example shows how, again using web technology, we have a media player a rich
HTML5 based application wants to make use a dumb device a set of speakers. In this scenario
the mobile device runs the master, but using web technology HTTP, can securely connect to and
stream to the speakers, as a webinos server. It is also worth noting here that what makes a webinos
browser is its ability to interpret an execute webinos packaged programming script, and the server is
remotely executable services. We can also fit native applications into this model, which may not be
able to execute webinos script (cannot be the browser) but can expose services, ie act as a server.

A third and final example, simply shows how a classic web server can be thought of as
webinosserver. webinos service exposure, is little more than a web service or restful interfaces,
packed more effectively. This is the traditional model. However, we can start to see some interesting
opportunities when we enhance the classic server role so that it can act as a browser role also.
Interestingly a web server implemented using node.js has almost all the technical components
required to allow it to act in browser mode.

. Discovery, messaging and identity are three distinct concepts, and are developed as such within the

webinosproject .
Download any remote application from app-store and you will see this familiar experience

Discovery: usually enter the raw IP address of the set-top box on the mobile phone. If you are
lucky, a local network name will resolve.

Identify: generally the server generates a secret pin that has to be entered manually on the
phone, and this doubles as security (policy) also.

Messaging: is either a custom made asymmetric protocol over HTTP, or a symmetric protocol
implemented over TCP.
However, this is only the start. To succeed webinos must cast its net wider. The long term vision

is to create the webinos foundation, to which organisations can join. This shall be the long term
resourcing model, to evolve and administer the webinos collective assets. In the shorter term the
webinos consortium shall be opening its doors to external parties through two different models:

webinos affiliate program: whereby organisation can apply, get access and contribute to

webinos deliveries, code assets and meetings

Invited expert program: for individuals with profound expertise and vision who wish to
participate and contribute to the work program

6.CONCLUSION
The Internet of Things is quickly coming closer. The incremental deployment of the technologies that
will make up the Internet of Things must not fail what the Internet has failed to do: provide adequate

security and privacy mechanisms from the start. The introduction of e-passports, e. g., has been pushed
by politics into deployment with back then insufficient privacy mechanism.We must be sure that
adequate security and privacy is available before the technology gets deployed and becomes part of our
daily live.
In this report, we presented a categorization of topics and technologies in the Internet of Things with
analysis of sensitivity and state in research to different security and privacy properties. We see this (1) as
a basis for coming up with an integrated systems approach for security and privacy in the Internet of
Things, and (2) as stimulator for discussion on the categorization and sensitivity rating in the Internet of
Things. Furthermore, we presented research in security and privacy for two major technologies in the
Internet of Things GSN and RFID and finally pointed out research from other fields that is worth
considering for use in the Internet of Things.
An innovative application running under the Webinos platform has been created to enhance
collaborative working and information sharing.
This application is able to run in different mobile devices and in the ultimate touch-screen tablets,
following the principle of a single service for every device.
Given the flexible approach, the application could be adapted to many different domains, making it
possible that SMEs form different business sectors could benefit from the developed architecture and
approach.

FUTURE WORK

There are several areas in which further research is needed for making deployment of the concept of
Webinos approach reliable, robust and efficient. Some of the areas are identified in the following. In
identification technology domain, further research is needed in development of new technologies that
address the global ID schemes, identity management, identity encoding/ encryption, pseudonimity,
revocable anonymity, authentication of parties, repository management using identification,
authentication and addressing schemes and the creation of global directory lookup services and
discovery services for webinos applications with various identifier schemes.
In architecture design domain, some of the issues that need attention are: design of distributed
open architecture with end-to-end characteristics, interoperability of heterogeneous systems, neutral
access, clear layering and resilience to physical network disruption, decentralized autonomic
architectures based on peering of nodes etc. In communication protocol domain, the issues that need to
be addressed are: design of energy efficient communication by multi frequency protocol, communication
spectrum and frequency allocation, software defined radios to remove the needs for hardware upgrades
for new protocols, and design of high performance, scalable algorithms and protocols.
In network technology domain further research is needed on network on chip technology
considering on chip communication architectures for dynamic configurations design time parameterized
architecture with a dynamic routing scheme and a variable number of allowed virtual connections at
each output.
In addition, power-aware network design that turns on and off the links in response to burst and
dips of traffic on demand, scalable communication infrastructures design on chip to dynamically support
the communication among circuit modules based on varying workloads and /or changing constraints are
some of the important research issues.
Security objectives (requirements) were assigned to assets using the CIA (Confidentiality, Integrity, and
Availability) model:

Confidentiality means that the asset (or informationabout the asset) must only be accessible by
authorized parties.

Integrity means that the asset must not bemodifiable; in case of software, it must not deviate
from normal operation.

Availability means that the asset must be ready foruse whenever it is needed.

webinos is still in its first year. The first batch of use cases, requirements and landscape technology
analysis deliveries has been produced. This is just the first step; a necessary one in order to generate the
consensus and shared vision to help such a diverse community in a common direction. The next 6 -12

months shall be essential in driving forward the technical platform, at a concrete implementation level.
Future measures can be analyzed as follows:

Table: Future technological developments

Development

Identification
Technology

Internet of
Things
Architecture
Technology

URIs

IoT1architecture
developments
architecture in the FI

Internet of
Things
Infrastructure

20122015
Unified framework for
unique identifiers Open
framework for the IoT

20162020
Identity management

Soft Identities
Semantics
Privacy awareness

Adaptive,
context
based architectures
Self- properties

Integrated
IoT
infrastructures
Multi
application
infrastructures
Multi
provider
infrastructures

Network of networks
architectures
F-O-T
platforms
interoperability
Special
purpose
IoT
infrastructures
Application
specific
deployment
Operator
specific
deployment

Beyond 2020
Thing/Object
DNA identifier

Cognitive
architectures
Experimental
architectures

Global,
genera
purpose
IoT
infrastructures
Global discover
mechanism

REFERENCES
[1]E.Blab, M. Zitterbart.Towards Acceptable Public-Key Encryption in Sensor Networks.In proceedings of
2ndInterntionalWorkshop on Ubiquitous Computing.Pp. 88-93. May 2005
[2]B. Schneier, The Future of Privacy. Presentation at RSA Conference Europe, Oct. 2008
[3]S. Mathur, W. Trappe, N. Mandayam, C. Ye, A. Reznik. Radio-telepathy: Extracting a Security Key from
anUnauthendicated Wireless Channel. In Proceedings of MobiCom. Pp. 128-139. Sept. 2008
[4]G. Montenegro, C. Castelluccia Crypto-based Identifiers(CBIDs): Concepts and Applications. ACM
Transactions on Information and System Security 7(1):97-127 Feb.2004
[5]Ro4drigo Roman, Jianying Zhou, Javier Lopez:On the features and challenges of security and privacy in
distributed internet of things.Institute for Infocomm Research,in Elsevier journal,singapore 2013
[6]Chakib Bekera:Security and challenges for IOT,center for development and technologies,in Elsevier
journal,Baba Hassen,Alger,Algeria,2014
[7]Antonio
Marcos
Alberti,Dhananjaysingh:Internetofthings:perspectives.challenges
and
opportunitiesInstituto nacional de telecommunicacoes,MinasGerais,Brazil,Department of Electronics
engineering,south korea
[8]Hui Suo,Jiafu Wan,Caifeng Zou,Jianqi Liu:Security in the Internet of thingsGuangzhou,china
[9]Kevin Ashton: That 'Internet of Things' Thing. In: RFID Journal, 22. Juli 2009.
2011

Abgerufen am 8. April

[10]Tobias Heer,Oscar Garcia-Morchon,Rene Hummen,Sye Loong Keoh,Sandeep S.Kumar and Klaus

Wehrle:Security challenges in the IP based Internet of things,In sringer journal,Netherlands
[11]H. Chan, A. Perrig, and D Song. Random key predistribution schemes for sensor networks.In in
Proceedings of the 2003 IEEE Symposium on Security and Privacy, 2003.
[12]Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D Tygar. Spins: Security protocols for sensor networks. In in
Wireless Networks Journal, September 2002, 2002.
[13]R. H. Weber, Internet of things new security and privacy challenges, Computer Law & Security Review,
vol. 26, pp. 23-30, 2010.
[14]J. F. Wan, H. H. Yan, H. Suo, and F. Li, Advances in cyber-physical systems research, KSII Transactions
on Internet and Information Systems, 2011, 5(11): 1891-1908.
[15]M. Chen, J. F. Wan, and F. Li, Machine-to-machine communications: architectures, standards, and
applications, KSII Transactions on Internet and Information Systems, to appear, January 2012.
[16]G. Yang, J. Xu, W. Chen, Z. H. Qi, and H. Y. Wang, Security characteristic and technology in the internet
of things, Journal of Nanjing University of Posts and Telecommunications (Natural Science), vol. 30,
no. 4, Aug 2010.
[17]Z. H. Hu, The research of several key question of internet of things, in Proc. of 2011 Int. Conf. on

Intelligence Science and Information Engineering, pp. 362-365.

[18]G. Gan, Z. Y. Lu, and J. Jiang, Internet of Things Security Analysis, in Proc. of 2011 Int. Conf. on
Internet Technology and Applications (iTAP), Aug. 2011.
[19]M. Langheinrich, Privacy by design-principles of privacy-aware ubiquitous systems, In Proc. of
Ubicomp, pp. 273-291, Oct. 2001.
[20]C. P. Mayer, Security and privacy challenges in the internet of things, Electronic Communications of the
EASST, vol. 17, 2009.
[21]T. Polk, and S. Turner. Security challenges for the internet of things, http://www.iab.org/wp-content/IABuploads/2011/03/Turner.pdf
[22]C. Ding, L. J. Yang, and M. Wu, Security architecture and key technologies for IoT/CPS, ZTE
Technology Journal, vol. 17, no. 1, Feb. 2011.
[23]D. Evans. Internet of Things, Cisco, white paper, https://www.cisco.com/.../IoT_IBSG_0411FINAL.pdf
(accessed on 5/02/2014)
[24]CERP-IoT Cluster, Visions and Challenges for Realising the Internet of Things, European Commission,
2010.
[25]O. Vermesan, P. Friess, P. Guillemin, S. Gusmeroli, H. Sundmaeker, A. Bassi, I.S. Jubert, M. Mazura, M.
Harrison, M. Eisenhauer, P. Doody, Internet of Things Strategic Research Roadmap, Cluster of European
Research Projects on the Internet of Things, CERP-IoT, 2011.
[26]Gmez-Goiri, D. Lpez-de-Ipia, On the complementarity of Triple Spaces and the Web of Things, in: 2nd
International Workshop on Web of Things (WoT11), San Francisco, USA, 2011.
[27]H. Ning, H. Liu, Cyber-physical-social based security architecture for future internet of things, Advances in
Internet of Things 2 (1) (2012) 17.
[28]Cisco: Over 50 billions of devices connected to Internet http://blogs.cisco.com/news/the-internet-ofthings-infographic/
[29]Telefnica bets on tech with venture capital Amrigo related news. Accessible
http://in.reuters.com/article/2012/09/04/telefonica-venture - capital-idINL6E8K42TB20120904

at:

[30]Grief I. (Ed) 'Computer Supported Cooperative Work: A Book of Readings', Morgan Kaufmann Publishers,
San Mateo CA., 1988, ISBN 0-934613-57-5.
[31]H. Sundmaeker, P. Guillemin, P Friess, S. WoelfflCerpIoT: Vision and Challenges forRealising the
Internet of Things, 2010(http://www.grifsproject.eu/data/File/CERPIoT%20SRA_IoT_v11.pdf)
[32]Website: http://www.webinos.org