In the Internet of Things vision, every physical object has a virtual component that can produce and consume services. Such extreme interconnection will bring unprecedented convenience and economy, but it will also require novel approaches to ensure its safe and ethical use. In the Internet of Things (IoT), everything real becomes virtual, which means that each person and thing has a locatable, addressable, and readable counterpart on the Internet. These virtual entities can produce and consume services and collaborate toward a common goal. The user's phone knows about his physical and mental state through a network of devices that surround his body, so it can act on his behalf. The embedded system in a swimming pool can share its state with other virtual entities. With these characteristics, the IoT promises to extend "anywhere, anyhow, anytime" computing to "anything, anyone, any service." Several significant obstacles remain to fulfill the IoT vision, among them security. The Internet and its users are already under continual attack, and a growing economy-replete with business models that undermine the Internet's ethical use-is fully focused on exploiting the current version's foundational weaknesses. This does not bode well for the IoT, which incorporates many constrained devices. Indeed, realizing the IoT vision is likely to spark novel and ingenious malicious models. The challenge is to prevent the growth of such models or at least to mitigate and limit their impact. Meeting this challenge requires understanding the characteristics of things and the technologies that empower the IoT. Mobile applications are already intensifying users' interaction with the environment, and researchers have made considerable progress in developing sensory devices to provide myriad dimensions of information to enrich the user experience. However, without strong security foundations, attacks and malfunctions in the IoT will outweigh any of its benefits. Traditional protection mechanisms-lightweight cryptography, secure protocols, and privacy assurance-are not enough. Rather, researchers must discover the full extent of specific obstacles. They must analyze current security protocols and mechanisms and decide if such approaches are worth integrating into the IoT as is or if adaptations or entirely new designs will better accomplish security goals. The proper legal and technical framework is essential. To establish it, analysts must thoroughly understand the risks associated with various IoT scenarios, such as air travel, which has many interrelated elements, including safety, privacy, and economy [1]. Only then is it possible to justify the cost of developing security and privacy mechanisms. All these requirements underline some critical first steps in implementing IoT security measures successfully: understand the IoT conceptually, evaluate Internet security's current state, and explore how to move from solutions that meet current requirements and constraints to those that can reasonably assure a secure IoT.
