Internet of Things

Internet of Things: Standards and Guidance from the IETF

By: Ari Keränen, Carsten Bormann

Date: April 17, 2016

line break image

A true Internet of Things (IoT) requires “things” to be able to use Internet Protocols. Various “things” have always been on the Internet, and general-purpose computers at data centers and homes are usually capable of using the Internet protocols as they have been defined for them. However, there is considerable value in extending the Internet to more constrained devices that often need optimized versions or special use of these protocols.


During the past ten years there have been a variety of IETF activities initiated to enable a wide range of things to use interoperable technologies for communicating with each other—from quite small microcontroller-enabled sensors to large computers in datacenters.

When we wrote about IoT in the IETF Journal in 2010, there were three IETF working groups (WGs) focusing on IoT with constrained devices and networks: 6LoWPAN, which defined IPv6 adaption layer and header compression suitable for constrained radio links; ROLL, which focuses on routing protocols for constrained-node networks; and CoRE, which aims to extend the Web architecture to most constrained networks and embedded devices. The activity around IoT has increased since 2010 and today we have seven WGs actively looking into various aspects of IoT (an additional two are completed), as well as an Internet Research Task Force (IRTF) research group focusing on open IoT research issues.

IETF IoT Activities

The first IETF IoT WG, IPv6 over Low-power WPAN (6LoWPAN), was chartered in March 2005. It defined methods for adapting IPv6 to IEEE 802.15.4 (WPAN) networks that use very small packet sizes by means of header compression and optimizations for neighbor discovery. The 6LoWPAN WG concluded in 2014, and the 6Lo WG that replaced it applies similar adaption mechanisms to a wider range of radio technologies, including “Bluetooth Low Energy” (RFC 7668), ITU-T G.9959 (as used in Z-Wave, RFC 7428), and the Digital Enhanced Cordless Telecommunications (DECT) Ultra Low Energy (ULE) cordless phone standard and the low-cost wired networking technology Master-Slave/Token-Passing (MS/TP) that is widely used over RS-485 in building automation.

The Routing Over Low-power and Lossy networks (ROLL) WG produced specifications for both the RPL protocol “IPv6 Routing Protocol for Low-Power and Lossy Networks” (RFC 6550) and a set of related extensions for various routing metrics, objective functions, and multicast. Another output of ROLL was a number of requirements documents and applicability statements, a terminology document, and a security threat analysis.

The Constrained RESTful Environments (CoRE) WG is still one of the most active IoT groups. Its main output centers around the “Constrained Application Protocol” (CoAP, RFC 7252), a radically simplified UDP-based analog to HTTP. Extensions to CoAP enable group communications (RFC 7390) and low-complexity server-push for the observation of resources (RFC 7641). This is complemented by a discovery and self-description mechanism based on a weblink format suitable for constrained devices (RFC 6690). Current WG activities focus on extensions that enable transfer of large resources, use of resource directories for coordinating discovery, reusable interface descriptions, and the transport of CoAP over TCP and TLS. The CoRE WG is being rechartered to include RESTCONF-style management functions and publish-subscribe style communication over CoAP. CoRE is also looking at a data format to represent sensor measurements, which will benefit from the “Concise Binary Object Representation” (CBOR) (RFC 7049), a JSON analog optimized for binary data and low-resource implementations.

Since 2010, it has become clear that IoT will not work without good security. Accordingly, most new IoT WGs have been added in the Security Area. The DTLS In Constrained Environments (DICE) WG (already completed) produced a TLS/DTLS profile that is suitable for constrained IoT devices. The Authentication and Authorization for Constrained Environments (ACE) WG is working on authenticated authorization mechanisms for accessing resources hosted on servers in constrained environments and a comprehensive use case document (RFC 7744) was recently completed. This work is supported by the recently chartered COSE WG that is building simplified CBOR analogs for the JSON object signing and encryption methods that were developed in the JOSE WG.

As a special development somewhat beyond the usual 6Lo work, the 6TiSCH WG (IPv6 over the TSCH mode of IEEE 802.15.4e) was chartered in 2014 to enable IPv6 for the Time-Slotted Channel Hopping (TSCH) mode that was recently added to IEEE 802.15.4 networks. This work aims to capitalize on the deterministic, real-time oriented features of TSCH, and includes architecture, information model, and configuration aspects. The 6TiSCH overview and problem statement document (RFC 7554) was published in 2015; a specification for a minimal configuration interface is next in line.

In addition to the new protocols and other mechanisms developed by IETF working groups, Internet protocols for constrained environments often benefit from additional guidance for efficient implementation techniques and other considerations. The Lightweight Implementation Guidance (LWIG) WG is working on such documents, including ones for CoAP and IKEv2 protocols, asymmetric cryptography, and CoAP in cellular networks. The LWIG WG published RFC 7228, which defines common terminology for constrained-node networks.

Beyond the IETF work specifically focusing on IoT scenarios, the whole Web protocol stack is evolving fast and many of the new technologies developed in other IETF working groups will likely end up being used also for IoT. The HTTPbis WG recently finalized the specification for the HTTP/2 protocol that is more suitable for IoT scenarios than earlier versions of HTTP, thanks to a more-compact wire format and simplified processing rules. The TLS WG is defining TLS version 1.3, including DTLS 1.3, which can establish secure transport sessions more efficiently and will therefore be better suited for IoT. The Homenet WG is working on enabling automatic configuration of IPv6 networks in homes and beyond. In parallel to IETF’s standardization work, two IRTF research groups are of special interest: ICNRG (Information-Centric Networking) that explores the applicability of their technologies for IoT scenarios, and CFRG (Crypto Forum) that progresses advanced cryptographical foundations, such as new elliptic curve cryptography (ECC) curves that will be more appropriate for IoT use cases. Finally, the Internet Architecture Board (IAB) is organizing multiple related workshops (e.g., about security, architecture, and semantic interoperability) and has published informational documents such as “Architectural Considerations in Smart Object Networking” (RFC 7452).

While the IoT-oriented IETF working groups have already produced the first wave of mature standards for IoT, new research questions are emerging based on the use of those standards. The IRTF Thing-to-Thing Research Group (T2TRG) was chartered in 2015 to investigate open research issues in IoT, focusing on issues that exhibit standardization potential at the IETF. Topics being explored include the management and operation of constrained-node networks, security and lifecycle management, ways to use the REST paradigm in IoT scenarios, and semantic interoperability. There is also a strong interest in following and contributing to other groups that are active in the IoT area. For example, the W3C Web of Things (WoT) interest group recently began activities and the two groups have been working together to explore the future of IoT and Web technologies.


The IETF already has a decade of history specifying and documenting key IoT standards and guidance, and today there is more activity than ever around IoT. Other organizations and consortia working on IoT have adopted the Internet protocol stack as the basis of their solutions. IP and specifically IPv6 are the obvious choice for networking, but the rest of the IETF IoT stack, including CoAP and DTLS, are also widely used. The base IETF IoT protocol stack as published in RFCs today is mature and suitable for deployment. Additional needs are emerging for standardization, and the active groups at the IETF and the IRTF are working hard to ensure that they are identified and addressed.

  • A fundamental shortcoming of IoT deployments today is the lack of a standardized mechanism to update the device firmware/software. Device OEMs tend to implement proprietary protocols and solutions for this problem. OMA has developed LwM2M (over CoAP) which can be used. However there is not as much traction to utilize LwM2M for device firmware/software updates. The IETF has the skillset and capability to develop a protocol that can address the needs of the IoT ecosystem.