COMPNW 4247 No. of Pages 19, Model 3G 31 May 2010 Computer Networks xxx (2010) xxx–xxx 1 Contents lists available at ScienceDirect

Computer Networks

journal homepage: www.elsevier.com/locate/comnet

2 The Internet of Things: A survey

a b c, 3 Luigi Atzori , Antonio Iera , Giacomo Morabito *

4 a DIEE, University of Cagliari, Italy 5 b University ‘‘Mediterranea” of Reggio Calabria, Italy 6 c University of Catania, Italy

7 article info abstract 219 10 Article history: This paper addresses the Internet of Things. Main enabling factor of this promising para- 22 11 Received 10 December 2009 digm is the integration of several technologies and communications solutions. Identifica- 23 12 Received in revised form 27 April 2010 tion and tracking technologies, wired and wireless sensor and actuator networks, 24 13 Accepted 14 May 2010 enhanced communication protocols (shared with the Next Generation Internet), and dis- 25 14 Available online xxxx tributed intelligence for smart objects are just the most relevant. As one can easily imagine, 26 15 Responsible Editor: E. Ekici any serious contribution to the advance of the Internet of Things must necessarily be the 27 result of synergetic activities conducted in different fields of knowledge, such as telecom- 28 16 Keywords: munications, informatics, electronics and social science. In such a complex scenario, this 29 17 Internet of Things 18 Pervasive computing survey is directed to those who want to approach this complex discipline and contribute 30 19 RFID systems to its development. Different visions of this Internet of Things paradigm are reported 31 20 and enabling technologies reviewed. What emerges is that still major issues shall be faced 32 by the research community. The most relevant among them are addressed in details. 33 Ó 2010 Published by Elsevier B.V. 34

35 36 37 1. Introduction leading role in the near future. Similarly, from the perspec- 55 tive of business users, the most apparent consequences 56 38 The Internet of Things (IoT) is a novel paradigm that is will be equally visible in fields such as, automation and 57 39 rapidly gaining ground in the scenario of modern wireless industrial manufacturing, logistics, business/process man- 58 40 telecommunications. The basic idea of this concept is the agement, intelligent transportation of people and goods. 59 41 pervasive presence around us of a variety of things or By starting from the considerations above, it should not 60 42 objects – such as Radio-Frequency IDentification (RFID) be surprising that IoT is included by the US National Intel- 61 43 tags, sensors, actuators, mobile phones, etc. – which, ligence Council in the list of six ‘‘Disruptive Civil Technol- 62 44 through unique addressing schemes, are able to interact ogies” with potential impacts on US national power [2]. 63 45 with each other and cooperate with their neighbors to NIC foresees that ‘‘by 2025 Internet nodes may reside in 64 46 reach common goals [1]. everyday things – food packages, furniture, paper docu- 65 47 Unquestionably, the main strength of the IoT idea is the ments, and more”. It highlights future opportunities that 66 48 high impact it will have on several aspects of everyday-life will arise, starting from the idea that ‘‘popular demand 67 49 and behavior of potential users. From the point of view of a combined with technology advances could drive wide- 68 50 private user, the most obvious effects of the IoT introduc- spread diffusion of an Internet of Things (IoT) that could, 69 51 tion will be visible in both working and domestic fields. like the present Internet, contribute invaluably to eco- 70 52 In this context, domotics, assisted living, e-health, en- nomic development”. The possible threats deriving from 71 53 hanced learning are only a few examples of possible appli- a widespread adoption of such a technology are also 72 54 cation scenarios in which the new paradigm will play a stressed. Indeed, it is emphasized that ‘‘to the extent that 73 everyday objects become information security risks, the 74 Q1 * Corresponding author. Tel.: +39 095 7382355; fax: +39 095 7382397. IoT could distribute those risks far more widely than the 75 E-mail addresses: [email protected] (L. Atzori), antonio.iera@unirc. Internet has to date”. 76 it (A. Iera), [email protected] (G. Morabito).

1389-1286/$ - see front matter Ó 2010 Published by Elsevier B.V. doi:10.1016/j.comnet.2010.05.010

Please cite this article in press as: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010 COMPNW 4247 No. of Pages 19, Model 3G 31 May 2010 2 L. Atzori et al. / Computer Networks xxx (2010) xxx–xxx

77 Actually, many challenging issues still need to be ad- itself, which syntactically is composed of two terms. The 133 78 dressed and both technological as well as social knots have first one pushes towards a network oriented vision of IoT, 134 79 to be untied before the IoT idea being widely accepted. while the second one moves the focus on generic ‘‘objects” 135 80 Central issues are making a full interoperability of inter- to be integrated into a common framework. 136 81 connected devices possible, providing them with an always Differences, sometimes substantial, in the IoT visions 137 82 higher degree of smartness by enabling their adaptation and raise from the fact that stakeholders, business alliances, re- 138 83 autonomous behavior, while guaranteeing trust, privacy, search and standardization bodies start approaching the is- 139 84 and security. Also, the IoT idea poses several new problems sue from either an ‘‘Internet oriented” or a ‘‘Things 140 85 concerning the networking aspects. In fact, the things com- oriented” perspective, depending on their specific inter- 141 86 posing the IoT will be characterized by low resources in ests, finalities and backgrounds. 142 87 terms of both computation and energy capacity. Accord- It shall not be forgotten, anyway, that the words ‘‘Inter- 143 88 ingly, the proposed solutions need to pay special attention net” and ‘‘Things”, when put together, assume a meaning 144 89 to resource efficiency besides the obvious scalability which introduces a disruptive level of innovation into to- 145 90 problems. day ICT world. In fact, ‘‘Internet of Things” semantically 146 91 Several industrial, standardization and research bodies means ‘‘a world-wide network of interconnected objects 147 92 are currently involved in the activity of development of uniquely addressable, based on standard communication 148 93 solutions to fulfill the highlighted technological require- protocols” [3]. This implies a huge number of (heteroge- 149 94 ments. This survey gives a picture of the current state of neous) objects involved in the process. 150 95 the art on the IoT. More specifically, it: The object unique addressing and the representation 151 and storing of the exchanged information become the most 152 96 provides the readers with a description of the different challenging issues, bringing directly to a third, ‘‘Semantic 153 97 visions of the Internet of Things paradigm coming from oriented”, perspective of IoT. 154 98 different scientific communities; In Fig. 1, the main concepts, technologies and standards 155 99 reviews the enabling technologies and illustrates which are highlighted and classified with reference to the IoT vi- 156 100 are the major benefits of spread of this paradigm in sion/s they contribute to characterize best. From such an 157 101 everyday-life; illustration, it clearly appears that the IoT paradigm shall 158 102 offers an analysis of the major research issues the scien- be the result of the convergence of the three main visions 159 103 tific community still has to face. addressed above. 160 The very first definition of IoT derives from a ‘‘Things 161 104 The main objective is to give the reader the opportunity of oriented” perspective; the considered things were very 162 105 understanding what has been done (protocols, algorithms, simple items: Radio-Frequency IDentification (RFID) tags. 163 106 proposed solutions) and what still remains to be The terms ‘‘Internet of Things” is, in fact, attributed to 164 107 addressed, as well as which are the enabling factors of this The Auto-ID Labs [4], a world-wide network of academic 165 108 evolutionary process and what are its weaknesses and risk research laboratories in the field of networked RFID and 166 109 factors. emerging sensing technologies. These institutions, since 167 110 The remainder of the paper is organized as follows. In their establishment, have been targeted to architect the 168 111 Section 2, we introduce and compare the different visions IoT, together with EPCglobal [5]. Their focus has primar- 169 112 of the IoT paradigm, which are available from the litera- ily been on the development of the Electronic Product 170 113 ture. The IoT main enabling technologies are the subject Code™ (EPC) to support the spread use of RFID in 171 114 of Section 3, while the description of the principal applica- world-wide modern trading networks, and to create 172 115 tions, which in the future will benefit from the full deploy- the industry-driven global standards for the EPCglobal 173 116 ment of the IoT idea, are addressed in Section 4. Section 5 Network™. These standards are mainly designed to im- 174 117 gives a glance at the open issues on which research should prove object visibility (i.e. the traceability of an object 175 118 focus more, by stressing topics such as addressing, net- and the awareness of its status, current location, etc.). 176 119 working, security, privacy, and standardization efforts. This is undoubtedly a key component of the path to 177 120 Conclusions and future research hints are given in Section the full deployment of the IoT vision; but it is not the 178 121 6. only one. 179 In a broader sense, IoT cannot be just a global EPC sys- 180 tem in which the only objects are RFIDs; they are just a 181 122 2. One paradigm, many visions part of the full story! And the same holds for the alterna- 182 tive Unique/Universal/Ubiquitous IDentifier (uID) architec- 183 123 Manifold definitions of Internet of Things traceable with- ture [6], whose main idea is still the development of 184 124 in the research community testify to the strong interest in (middleware based) solutions for a global visibility of ob- 185 125 the IoT issue and to the vivacity of the debates on it. By jects in an IoT vision. It is the authors’ opinion that, starting 186 126 browsing the literature, an interested reader might experi- from RFID centric solutions may be positive as the main as- 187 127 ence a real difficulty in understanding what IoT really pects stressed by RFID technology, namely item traceabil- 188 128 means, which basic ideas stand behind this concept, and ity and addressability, shall definitely be addressed also 189 129 which social, economical and technical implications the by the IoT. Notwithstanding, alternative, and somehow 190 130 full deployment of IoT will have. more complete, IoT visions recognize that the term IoT im- 191 131 The reason of today apparent fuzziness around this plies a much wider vision than the idea of a mere objects 192 132 term is a consequence of the name ‘‘Internet of Things” identification. 193

Please cite this article in press as: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010 COMPNW 4247 No. of Pages 19, Model 3G 31 May 2010 L. Atzori et al. / Computer Networks xxx (2010) xxx–xxx 3

“Things”- oriented visions RFID Everyday UID NFC objects Spimes Wireless Smart Items Se n s o r s a n d WISP Actuators

Connectivity for anything

Communicating things INTERNET IPSO (IP for OF Semantic Smart THINGS Technologies Objects) Reasoning Internet 0 over data Web of Smart Things Semantic Semantic execution Middleware environments

“Internet”-oriented “Semantic”-oriented visions visions

Fig. 1. ‘‘Internet of Things” paradigm as a result of the convergence of different visions.

194 According to the authors of [7], RFID still stands at the equipped with usual wireless communication, memory, 227 195 forefront of the technologies driving the vision. This a con- and elaboration capabilities, but also with new poten- 228 196 sequence of the RFID maturity, low cost, and strong sup- tials. Autonomous and proactive behavior, context 229 197 port from the business community. However, they state awareness, collaborative communications and elabora- 230 198 that a wide portfolio of device, network, and service tech- tion are just some required capabilities. 231 199 nologies will eventually build up the IoT. Near Field Com- The definitions above paved the way to the ITU vision of 232 200 munications (NFC) and Wireless Sensor and Actuator the IoT, according to which: ‘‘from anytime, anyplace con- 233 201 Networks (WSAN) together with RFID are recognized as nectivity for anyone, we will now have connectivity for 234 202 ‘‘the atomic components that will link the real world with anything” [10]. A similar vision is available from docu- 235 203 the digital world”. It is also worth recalling that major pro- ments and communications of the European Commission, 236 204 jects are being carried out with the aim of developing rel- in which the most recurrent definition of IoT involves 237 205 evant platforms, such as the WISP (Wireless Identification ‘‘Things having identities and virtual personalities operat- 238 206 and Sensing Platforms) project. ing in smart spaces using intelligent interfaces to connect 239 207 The one in [7] is not the only ‘‘Things oriented” vision and communicate within social, environmental, and user 240 208 clearly speaking of something going beyond RFID. Another contexts” [3]. 241 209 one has been proposed by the United Nations, which, dur- An IoT vision statement, which goes well beyond a mere 242 210 ing the 2005 Tunis meeting, predicted the advent of IoT. A ‘‘RFID centric” approach, is also proposed by the consor- 243 211 UN Report states that a new era of ubiquity is coming tium CASAGRAS [11]. Its members focus on ‘‘a world where 244 212 where humans may become the minority as generators things can automatically communicate to computers and 245 213 and receivers of traffic and changes brought about by the each other providing services to the benefit of the human 246 214 Internet will be dwarfed by those prompted by the net- kind”. CASAGRAS consortium (i) proposes a vision of IoT 247 215 working of everyday objects [8]. as a global infrastructure which connects both virtual 248 216 Similarly, other relevant institutions have stressed the and physical generic objects and (ii) highlights the impor- 249 217 concept that IoT has primarily to be focused on the tance of including existing and evolving Internet and net- 250 218 ‘‘Things” and that the road to its full deployment has work developments in this vision. In this sense, IoT 251 219 to start from the augmentation in the Things’ intelli- becomes the natural enabling architecture for the deploy- 252 220 gence. This is why a concept that emerged aside IoT is ment of independent federated services and applications, 253 221 the spime, defined as an object that can be tracked characterized by a high degree of autonomous data cap- 254 222 through space and time throughout its lifetime and that ture, event transfer, network connectivity and 255 223 will be sustainable, enhanceable, and uniquely identifi- interoperability. 256 224 able [9]. Although quite theoretical, the spime definition This definition plays the role of trait d’union between 257 225 finds some real-world implementations in so called what we referred to as a ‘‘Things oriented” vision and an 258 226 Smart Items. These are a sort of sensors not only ‘‘Internet oriented” vision. 259

Please cite this article in press as: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010 COMPNW 4247 No. of Pages 19, Model 3G 31 May 2010 4 L. Atzori et al. / Computer Networks xxx (2010) xxx–xxx

260 Within the latter category falls the IoT vision of the IPSO However, the reduction in terms of size, weight, energy 316 261 (IP for Smart Objects) Alliance [11], a forum formed in Sep- consumption, and cost of the radio can take us to a new era 317 262 tember 2008 by 25 founding companies to promote the where the above ratio increases of orders of magnitude. 318 263 Internet Protocol as the network technology for connecting This will allow us to integrate radios in almost all objects 319 264 Smart Objects around the world. According to the IPSO vi- and thus, to add the world ‘‘anything” to the above vision, 320 265 sion, the IP stack is a light protocol that already connects a which leads to the IoT concept. 321 266 huge amount of communicating devices and runs on tiny In this context, key components of the IoT will be RFID 322 267 and battery operated embedded devices. This guarantees systems [20], which are composed of one or more reader(s) 323 268 that IP has all the qualities to make IoT a reality. By reading and several RFID tags. Tags are characterized by a unique 324 269 IPSO whitepapers, it seems that through a wise IP adapta- identifier and are applied to objects (even persons or ani- 325 270 tion and by incorporating IEEE 802.15.4 into the IP archi- mals). Readers trigger the tag transmission by generating 326 271 tecture, in the view of 6LoWPAN [12], the full an appropriate signal, which represents a query for the 327 272 deployment of the IoT paradigm will be automatically possible presence of tags in the surrounding area and for 328 273 enabled. the reception of their IDs. Accordingly, RFID systems can 329 274 Internet Ø [13] follows a similar approach of reducing be used to monitor objects in real-time, without the need 330 275 the complexity of the IP stack to achieve a protocol de- of being in line-of-sight; this allows for mapping the real 331 276 signed to route ‘‘IP over anything”. In some forums this is world into the virtual world. Therefore, they can be used 332 277 looked at as the wisest way to move from the Internet of in an incredibly wide range of application scenarios, span- 333 278 Devices to the Internet of Things. According to both the ning from logistics to e-health and security. 334 279 IPSO and Internet Ø approaches, the IoT will be deployed From a physical point of view a RFID tag is a small 335 280 by means of a sort of simplification of the current IP to microchip1 attached to an antenna (that is used for both 336 281 adapt it to any object and make those objects addressable receiving the reader signal and transmitting the tag ID) in 337 282 and reachable from any location. a package which usually is similar to an adhesive sticker 338 283 As said before, it is worth noticing that ‘‘Semantic ori- [21]. Dimensions can be very low: Hitachi has developed a 339 284 ented” IoT visions are available in the literature [14–17]. tag with dimensions 0.4 mm 0.4 mm 0.15 mm. 340 285 The idea behind them is that the number of items involved Usually, RFID tags are passive, i.e., they do not have on- 341 286 in the Future Internet is destined to become extremely board power supplies and harvest the energy required for 342 287 high. Therefore, issues related to how to represent, store, transmitting their ID from the query signal transmitted 343 288 interconnect, search, and organize information generated by a RFID reader in the proximity. In fact, this signal gener- 344 289 by the IoT will become very challenging. In this context, ates a current into the tag antenna by induction and such a 345 290 semantic technologies could play a key role. In fact, these current is utilized to supply the microchip which will 346 291 can exploit appropriate modeling solutions for things transmit the tag ID. Usually, the gain (power of the signal 347 292 description, reasoning over data generated by IoT, seman- received by the reader divided by the power of the signal 348 293 tic execution environments and architectures that accom- transmitted by the same reader) characterizing such sys- 349 294 modate IoT requirements and scalable storing and tems is very low. However, thanks to the highly directive 350 295 communication infrastructure [14]. antennas utilized by the readers, tags ID can be correctly 351 296 A further vision correlated with the IoT is the so called received within a radio range that can be as long as a 352 297 ‘‘Web of Things” [18], according to which Web standards few meters. Transmission may occur in several frequency 353 298 are re-used to connect and integrate into the Web every- bands spanning from low frequencies (LF) at 124– 354 299 day-life objects that contain an embedded device or 135 kHz up to ultra high frequencies (UHF) at 860– 355 300 computer. 960 MHz that have the longest range. 356 Nevertheless, there are also RFID tags getting power 357 supply by batteries. In this case we can distinguish semi- 358 301 3. Enabling technologies passive from active RFID tags. In semi-passive RFIDs batter- 359 ies power the microchip while receiving the signal from 360 302 Actualization of the IoT concept into the real world is the reader (the radio is powered with the energy harvested 361 303 possible through the integration of several enabling tech- by the reader signal). Differently, in active RFIDs the bat- 362 304 nologies. In this section we discuss the most relevant ones. tery powers the transmission of the signal as well. Obvi- 363 305 Note that it is not our purpose to provide a comprehensive ously the radio coverage is the highest for active tags 364 306 survey of each technology. Our major aim is to provide a even if this is achieved at the expenses of higher produc- 365 307 picture of the role they will likely play in the IoT. Interested tion costs. 366 308 readers will find references to technical publications for Sensor networks will also play a crucial role in the IoT. 367 309 each specific technology. In fact, they can cooperate with RFID systems to better 368 track the status of things, i.e., their location, temperature, 369 310 3.1. Identification, sensing and communication technologies movements, etc. As such, they can augment the awareness 370 of a certain environment and, thus, act as a further bridge 371 311 ‘‘Anytime, anywhere, anymedia” has been for a long between physical and digital world. Usage of sensor net- 372 312 time the vision pushing forward the advances in communi- 313 cation technologies. In this context, wireless technologies 314 have played a key role and today the ratio between radios 1 New RFID tags, named chipless tags, are under study which do not use 315 and humans is nearing the 1 to 1 value [19]. microchips so as to decrease production cost [Ted09]. Q2

Please cite this article in press as: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010 COMPNW 4247 No. of Pages 19, Model 3G 31 May 2010 L. Atzori et al. / Computer Networks xxx (2010) xxx–xxx 5

373 works has been proposed in several application scenarios, Sensing RFID systems will allow to build RFID sensor 424 374 such as environmental monitoring, e-health, intelligent networks [26], which consist of small, RFID-based sensing 425 375 transportation systems, military, and industrial plant and computing devices, and RFID readers, which are the 426 376 monitoring. sinks of the data generated by the sensing RFID tags and 427 377 Sensor networks consist of a certain number (which can provide the power for the network operation. 428 378 be very high) of sensing nodes communicating in a wire- Table 1 compares the characteristics of RFID systems 429 379 less multi-hop fashion. Usually nodes report the results (RFID), wireless sensor networks (WSN), and RFID sensor 430 380 of their sensing to a small number (in most cases, only networks (RSN) [26]. Observe that the major advantages 431 381 one) of special nodes called sinks. A large scientific litera- of: 432 382 ture has been produced on sensor networks in the recent 383 past, addressing several problems at all layers of the proto- RFID systems are the very small size and the very low 433 384 col stack [22]. Design objectives of the proposed solutions cost. Furthermore, their lifetime is not limited by the 434 385 are energy efficiency (which is the scarcest resource in battery duration; 435 386 most of the scenarios involving sensor networks), scalabil- wireless sensor networks are the high radio coverage 436 387 ity (the number of nodes can be very high), reliability (the and the communication paradigm, which does not 437 388 network may be used to report urgent alarm events), and require the presence of a reader (communication is 438 389 robustness (sensor nodes are likely to be subject to failures peer-to-peer whereas, it is asymmetric for the other 439 390 for several reasons). types of systems); 440 391 Today, most of commercial wireless sensor network RFID sensor network are the possibility of supporting 441 392 solutions are based on the IEEE 802.15.4 standard, which sensing, computing, and communication capabilities 442 393 defines the physical and MAC layers for low-power, low in a passive system. 443 394 bit rate communications in wireless personal area net- 444 395 works (WPAN) [23]. IEEE 802.15.4 does not include speci- 3.2. Middleware 445 396 fications on the higher layers of the protocol stack, which is 397 necessary for the seamless integration of sensor nodes into The middleware is a software layer or a set of sub-lay- 446 398 the Internet. This is a difficult task for several reasons, the ers interposed between the technological and the applica- 447 399 most important are given below: tion levels. Its feature of hiding the details of different 448 technologies is fundamental to exempt the programmer 449 400 Sensor networks may consist of a very large number of from issues that are not directly pertinent to her/his fo- 450 401 nodes. This would result in obvious problems as today cus, which is the development of the specific application 451 402 there is a scarce availability of IP addresses. enabled by the IoT infrastructures. The middleware is 452 403 The largest physical layer packet in IEEE 802.15.4 has gaining more and more importance in the last years due 453 404 127 bytes; the resulting maximum frame size at the to its major role in simplifying the development of new 454 405 media access control layer is 102 octets, which may fur- services and the integration of legacy technologies into 455 406 ther decrease based on the link layer security algorithm new ones. This excepts the programmer from the exact 456 407 utilized. Such sizes are too small when compared to knowledge of the variegate set of technologies adopted 457 408 typical IP packet sizes. by the lower layers. 458 409 In many scenarios sensor nodes spend a large part of As it is happening in other contexts, the middleware 459 410 their time in a sleep mode to save energy and cannot architectures proposed in the last years for the IoT often 460 411 communicate during these periods. This is absolutely follow the Service Oriented Architecture (SOA) approach. 461 412 anomalous for IP networks. The adoption of the SOA principles allows for decompos- 462 ing complex and monolithic systems into applications 463 413 Integration of sensing technologies into passive RFID tags consisting of an ecosystem of simpler and well-defined 464 414 would enable a lot of completely new applications into components. The use of common interfaces and standard 465 415 the IoT context, especially into the e-health area [24]. protocols gives a horizontal view of an enterprise system. 466 416 Recently, several solutions have been proposed in this Thus, the development of business processes enabled by 467 417 direction. As an example, the WISP project is being carried the SOA is the result of the process of designing work- 468 418 out at Intel Labs to develop wireless identification and sens- flows of coordinated services, which eventually are asso- 469 419 ing platforms (WISP) [25]. WISPs are powered and read by ciated with objects actions. This facilitates the 470 420 standard RFID readers, harvesting the power from the interaction among the parts of an enterprise and allows 471 421 reader’s querying signal. WISPs have been used to measure for reducing the time necessary to adapt itself to the 472 422 quantities in a certain environment, such as light, temper- changes imposed by the market evolution [27]. A SOA ap- 473 423 ature, acceleration, strain, and liquid level. proach also allows for software and hardware reusing, be- 474

Table 1 Comparison between RFID systems, wireless sensor networks, and RFID sensor networks.

Processing Sensing Communication Range (m) Power Lifetime Size Standard RFID No No Asymmetric 10 Harvested Indefinite Very small ISO18000 WSN Yes Yes Peer-to-peer 100 Battery <3 years Small IEEE 802.15.4 RSN Yes Yes Asymmetric 3 Harvested Indefinite Small None

Please cite this article in press as: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010 COMPNW 4247 No. of Pages 19, Model 3G 31 May 2010 6 L. Atzori et al. / Computer Networks xxx (2010) xxx–xxx

475 cause it does not impose a specific technology for the ser- workflows of business processes, using workflow lan- 511 476 vice implementation [28]. guages. In this context, a frequent choice is to adopt stan- 512 477 Advantages of the SOA approach are recognized in most dard languages such as the Business Process Execution 513 478 studies on middleware solutions for IoT. While a com- Language (BPEL) and Jolie [29,30]. Workflow languages de- 514 479 monly accepted layered architecture is missing, the pro- fine business processes that interact with external entities 515 480 posed solutions face essentially the same problems of through Web Service operations, defined by using the Web 516 481 abstracting the devices functionalities and communica- Service Definition Language (WSDL) [31]. Workflows can 517 482 tions capabilities, providing a common set of services and be nested, so it is possible to call a workflow from inside 518 483 an environment for service composition. These common another one. The creation of complex processes can be rep- 519 484 objectives lead to the definition of the middleware sketch resented as a sequence of coordinated actions performed 520 485 shown in Fig. 2. It tries to encompass all the functionalities by single components. 521 486 addressed in past works dealing with IoT middleware is- 487 sues. It is quite similar to the scheme proposed in [29], 3.2.3. Service management 522 488 which addresses the middleware issues with a complete This layer provides the main functions that are expected 523 489 and integrated architectural approach. It relies on the fol- to be available for each object and that allow for their man- 524 490 lowing layers. agement in the IoT scenario. A basic set of services encom- 525 passes: object dynamic discovery, status monitoring, and 526 491 3.2.1. Applications service configuration. At this layer, some middleware pro- 527 492 Applications are on the top of the architecture, export- posals include an expanded set of functionalities related to 528 493 ing all the system’s functionalities to the final user. Indeed, the QoS management and lock management, as well as 529 494 this layer is not considered to be part of the middleware some semantic functions (e.g., police and context manage- 530 495 but exploits all the functionalities of the middleware layer. ment) [32]. This layer might enable the remote deploy- 531 496 Through the use of standard web service protocols and ser- ment of new services during run-time, in order to satisfy 532 497 vice composition technologies, applications can realize a application needs. A service repository is built at this layer 533 498 perfect integration between distributed systems and so as to know which is the catalogue of services that are 534 499 applications. associated to each object in the network. The upper layer 535 can then compose complex services by joining services 536 provided at this layer. 537 500 3.2.2. Service composition 501 This is a common layer on top of a SOA-based middle- 3.2.4. Object abstraction 538 502 ware architecture. It provides the functionalities for the The IoT relies on a vast and heterogeneous set of ob- 539 503 composition of single services offered by networked ob- jects, each one providing specific functions accessible 540 504 jects to build specific applications. On this layer there is through its own dialect. There is thus the need for an 541 505 no notion of devices and the only visible assets are ser- abstraction layer capable of harmonizing the access to 542 506 vices. An important insight into the service landscape is the different devices with a common language and proce- 543 507 to have a repository of all currently connected service in- dure. Accordingly, unless a device offers discoverable 544 508 stances, which are executed in run-time to build composed web services on an IP network, there is the need to intro- 545 509 services. The logic behind the creation and the manage- duce a wrapping layer, consisting of two main sub-layers: 546 510 ment of complex services, can be expressed in terms of the interface and the communication sub-layers. The first 547 one provides a web interface exposing the methods avail- 548 able through a standard web service interface and is 549 responsible for the management of all the incoming/out- 550 coming messaging operations involved in the communica- 551 tion with the external world. The second sub-layer 552 implements the logic behind the web service methods 553 and translates these methods into a set of device-specific 554 commands to communicate with the real-world objects. 555 Some works proposed the embedding of TCP/IP stacks 556 in the devices, such as the TinyTCP, the mIP and the IwIP 557 (see [33] and references herein), which provide a socket 558 like interface for embedded applications. Embedded web 559 servers can then be integrated in the objects, performing 560 the function of this object abstraction layer. However, 561 more often this wrapping function is provided through a 562 proxy, which is then responsible to open a communication 563 socket with the device’s console and send all the com- 564 mands to it by using different communication languages. 565 It is then responsible to make the conversion into a stan- 566 dard web service language and, sometimes, elaborate the 567 request to reduce the complexity of the operations re- 568 Fig. 2. SOA-based architecture for the IoT middleware. quired by the end-device [30]. 569

Please cite this article in press as: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010 COMPNW 4247 No. of Pages 19, Model 3G 31 May 2010 L. Atzori et al. / Computer Networks xxx (2010) xxx–xxx 7

570 3.2.5. Trust, privacy and security management so as to provide a trusted and secure environment for all 631 571 The deployment of automatic communication of objects applications [38]. The middleware layer in this architec- 632 572 in our lives represents a danger for our future. Indeed, un- ture mostly focuses on: (i) the secure long-term logging 633 573 seen by users, embedded RFID tags in our personal devices, of the collected environmental data over time and over 634 574 clothes, and groceries can unknowingly be triggered to re- some regions (TinyPEDS), (ii) functions that provides the 635 575 ply with their ID and other information. This potentially nodes in the network with the abstraction of shared mem- 636 576 enables a surveillance mechanism that would pervade ory (TinyDSM), (iii) the implementation of distributed 637 577 large parts of our lives. The middleware must then include information storage and collection (DISC) protocol for 638 578 functions related to the management of the trust, privacy wireless sensor networks. 639 579 and security of all the exchanged data. The related func- 580 tions may be either built on one specific layer of the previ- 4. Applications 640 581 ous ones or (it happens more often) distributed through 582 the entire stack, from the object abstraction to the service Potentialities offered by the IoT make possible the 641 583 composition, in a manner that does not affect system per- development of a huge number of applications, of which 642 584 formance or introduce excessive overheads. only a very small part is currently available to our society. 643 585 While most of the proposed middleware solutions make Many are the domains and the environments in which new 644 586 use of the SOA approach, some others have followed a dif- applications would likely improve the quality of our lives: 645 587 ferent way, especially if developed for a specific scenario at home, while travelling, when sick, at work, when jog- 646 588 (target application, specific set of objects or limited geo- ging and at the gym, just to cite a few. These environments 647 589 graphical scenario). One remarkable project is the Fosstrak are now equipped with objects with only primitive intelli- 648 590 one, which is specifically focused on the management of gence, most of times without any communication capabil- 649 591 RFID related applications [34]. It is an open source RFID ities. Giving these objects the possibility to communicate 650 592 infrastructure that implements the interfaces defined in with each other and to elaborate the information perceived 651 593 the EPC Network specifications. It provides the following from the surroundings imply having different environ- 652 594 services related to RFID management: data dissemination, ments where a very wide range of applications can be de- 653 595 data aggregation, data filtering, writing to a tag, trigger ployed. These can be grouped into the following domains: 654 596 RFID reader from external sensors, fault and configuration 597 management, data interpretation, sharing of RFID triggered Transportation and logistics domain. 655 598 business events, lookup and directory service, tag identifier Healthcare domain. 656 599 management, and privacy [35]. All these functions are Smart environment (home, office, plant) domain. 657 600 made available to the application layer to ease the deploy- Personal and social domain. 658 601 ment of RFID-related services. In [36], the authors present 602 another RFID-related middleware which relies on three Among the possible applications, we may distinguish 659 603 functionalities: the tag, the place, and the scenic managers. between those either directly applicable or closer to our 660 604 The first allows the user to associate each tag to an object; current living habitudes and those futuristic, which we 661 605 the second supports creating and editing location informa- can only fancy of at the moment, since the technologies 662 606 tion associated to RFID antennas; the third one is used to and/or our societies are not ready for their deployment 663 607 combine the events collected by the antennas and the (see Fig. 3). In the following subsections we provide a 664 608 developed related applications. review of the short-medium term applications for each of 665 609 Another architecture that does not follow the SOA ap- these categories and a range of futuristic applications. 666 610 proach is proposed in the e-SENSE project, which focuses 611 on issues related to capturing ambient intelligence through 612 wireless sensor networks. The proposed architecture is di- 4.1. Transportation and logistics domain 667 613 vided into four logical subsystems, namely the application, 614 management, middleware, and connectivity subsystems. Advanced cars, trains, buses as well as bicycles along 668 615 Each subsystem comprises various protocol and control with roads and/or rails are becoming more instrumented 669 616 entities, which offer a wide range of services and functions with sensors, actuators, and processing power. Roads 670 617 at service access points to other subsystems [37]. This en- themselves and transported goods are also equipped with 671 618 tire stack is implemented in a full function sensor node and tags and sensors that send important information to traffic 672 619 in a gateway node; while a reduced-function sensor node control sites and transportation vehicles to better route the 673 620 has fewer functions. In the e-SENSE vision the middleware traffic, help in the management of the depots, provide the 674 621 subsystem has the only purpose to develop and handle an tourist with appropriate transportation information, and 675 622 infrastructure where information sensed by nodes is pro- monitor the status of the transported goods. Below, the 676 623 cessed in a distributed fashion and, if necessary, the result main applications in the transportation and logistics do- 677 624 is transmitted to an actuating node and/or to the fixed main are described. 678 625 infrastructure by means of a gateway. The other functions 626 that we have assigned to the middleware shown in Fig. 2 4.1.1. Logistics 679 627 are attributed to other components and layers. The project Real-time information processing technology based on 680 628 UbiSec&Sens was also aimed at defining a comprehensive RFID and NFC can realize real-time monitoring of almost 681 629 architecture for medium and large scale wireless sensor every link of the supply chain, ranging from commodity de- 682 630 networks, with a particular attention to the security issues sign, raw material purchasing, production, transportation, 683

Please cite this article in press as: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010 COMPNW 4247 No. of Pages 19, Model 3G 31 May 2010 8 L. Atzori et al. / Computer Networks xxx (2010) xxx–xxx

Fig. 3. Applications domains and relevant major scenarios.

684 storage, distribution and sale of semi-products and prod- goods together with information about the type and status 714 685 ucts, returns’ processing and after-sales service..It is also of the goods can integrated to provide important informa- 715 686 possible to obtain products related information, promptly, tion about the delivery time, delivery delays, and faults. 716 687 timely, and accurately so that enterprises or even the whole This information can be also combined with the status of 717 688 supply chain can respond to intricate and changeable mar- the warehouses in order to automate the refilling of the 718 689 kets in the shortest time. The application result is that the magazines. 719 690 reaction time of traditional enterprises is 120 days from 691 requirements of customers to the supply of commodity 692 while advanced companies that make use of these technol- 4.1.3. Mobile ticketing 720 693 ogies (such as Wal-mart and Metro) only needs few days Posters or panels providing information (description, 721 694 and can basically work with zero safety stock [39,40]. Addi- costs, schedule) about transportation services can be 722 695 tionally, real-time access to the ERP program helps the shop equipped with an NFC tag, a visual marker and a numeric 723 696 assistants to better inform customers about availability of identifier. The user can then get information about several 724 697 products and give them more product information in gen- categories of options from the web by either hovering his 725 698 eral [41]. mobile phone over the NFC tag, or pointing the mobile 726 phone to the visual markers. The mobile phone automati- 727 cally gets information from the associated web services 728 699 4.1.2. Assisted driving (stations, numbers of passengers, costs, available seats 729 700 Cars, trains, and buses along with the roads and the rails and type of services) and allows the user to buy the related 730 701 equipped with sensors, actuators and processing power tickets [42]. 731 702 may provide important information to the driver and/or 703 passengers of a car to allow better navigation and safety. 704 Collision avoidance systems and monitoring of transporta- 4.1.4. Monitoring environmental parameters 732 705 tion of hazardous materials are two typical example func- Perishable goods such as fruits, fresh-cut produce, meat, 733 706 tions. Governmental authorities would also benefit from and dairy products are vital parts of our nutrition. From the 734 707 more accurate information about road traffic patterns for production to the consumption sites thousands of kilome- 735 708 planning purposes. Whereas the private transportation ters or even more are covered and during the transporta- 736 709 traffic could better find the right path with appropriate tion the conservation status (temperature, humidity, 737 710 information about the jam and incidents. Enterprises, such shock) need to be monitored to avoid uncertainty in qual- 738 711 as freight companies, would be able to perform more effec- ity levels for distribution decisions. Pervasive computing 739 712 tive route optimization which allows energy savings. Infor- and sensor technologies offer great potential for improving 740 713 mation about the movement of the vehicles transporting the efficiency of the food supply chain [43,44]. 741

Please cite this article in press as: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010 COMPNW 4247 No. of Pages 19, Model 3G 31 May 2010 L. Atzori et al. / Computer Networks xxx (2010) xxx–xxx 9

742 4.1.5. Augmented maps (including data entry and collection errors), automated 798 743 Touristic maps can be equipped with tags that allow care and procedure auditing, and medical inventory man- 799 744 NFC-equipped phones to browse it and automatically call agement. This function also relates to integrating RFID 800 745 web services providing information about hotels, restau- technology with other health information and clinical 801 746 rants, monuments and events related to the area of interest application technologies within a facility and with poten- 802 747 for the user [45]. There is a collection of Physical Mobile tial expansions of such networks across providers and 803 748 Interaction (PMI) techniques that can be employed to aug- locations. 804 749 ment the information of the map: 4.2.4. Sensing 805 750 hovering within read range of a tag so that additional Sensor devices enable function centered on patients, 806 751 information regarding the marker is displayed on the and in particular on diagnosing patient conditions, provid- 807 752 phone screen; ing real-time information on patient health indicators. 808 753 single selection/de-selection of tags by pressing a spe- Application domains include different telemedicine solu- 809 754 cific key when the tag is hovered; tions, monitoring patient compliance with medication reg- 810 755 multi-selection/de-selection of different tags; iment prescriptions, and alerting for patient well-being. In 811 756 polygon drawing by selecting the tags in a polygon that this capacity, sensors can be applied both in in-patient and 812 757 delimits an area of interest; out-patient care. Heterogeneous wireless access-based re- 813 758 picking-and-dropping, so that selected markers that mote patient monitoring systems can be deployed to reach 814 759 have been ‘picked up’ using the phone can be dropped the patient everywhere, with multiple wireless technolo- 815 760 in the itinerary of interest; gies integrated to support continuous bio-signal monitor- 816 761 context menu displaying when a marker is hovered ing in presence of patient mobility [48]. 817 762 [46]. 763 4.3. Smart environments domain 818 764 4.2. Healthcare domain A smart environment is that making its ‘‘employment” 819 765 Many are the benefits provided by the IoT technologies easy and comfortable thanks to the intelligence of con- 820 766 to the healthcare domain and the resulting applications tained objects, be it an office, a home, an industrial plant, 821 767 can be grouped mostly into: tracking of objects and people or a leisure environment. 822 768 (staff and patients); identification and authentication of 769 people; automatic data collection and sensing [47]. 4.3.1. Comfortable homes and offices 823 Sensors and actuators distributed in houses and offices 824 770 4.2.1. Tracking can make our life more comfortable in several aspects: 825 771 Tracking is the function aimed at the identification of a rooms heating can be adapted to our preferences and to 826 772 person or object in motion. This includes both real-time the weather; the room lighting can change according to 827 773 position tracking, such as the case of patient-flow monitor- the time of the day; domestic incidents can be avoided 828 774 ing to improve workflow in hospitals, and tracking of mo- with appropriate monitoring and alarm systems; and en- 829 775 tion through choke points, such as access to designated ergy can be saved by automatically switching off the elec- 830 776 areas. In relation to assets, tracking is most frequently ap- trical equipments when not needed. For instance, we may 831 777 plied to continuous inventory location tracking (for exam- think of energy providers that use dynamically changing 832 778 ple for maintenance, availability when needed and energy prices to influence the overall energy consumption 833 779 monitoring of use), and materials tracking to prevent in a way that smoothes load peaks. An automation logic 834 780 left-ins during surgery, such as specimen and blood may optimize the power consumption costs throughout 835 781 products. the day by observing when the prices, which are provided 836 by an external web service and are set according to the cur- 837 782 4.2.2. Identification and authentication rent energy production and consumption, are cheap and by 838 783 It includes patient identification to reduce incidents considering the specific requirements of each appliances at 839 784 harmful to patients (such as wrong drug/dose/time/proce- home (battery charger, refrigerator, ovens) [30]. 840 785 dure), comprehensive and current electronic medical re- 786 cord maintenance (both in the in- and out-patient 4.3.2. Industrial plants 841 787 settings), and infant identification in hospitals to prevent Smart environments also help in improving the auto- 842 788 mismatching. In relation to staff, identification and authen- mation in industrial plants with a massive deployment of 843 789 tication is most frequently used to grant access and to im- RFID tags associated to the production parts. In a generic 844 790 prove employee morale by addressing patient safety scenario, as production parts reach the processing point, 845 791 issues. In relation to assets, identification and authentica- the tag is read by the RFID reader. An event is generated 846 792 tion is predominantly used to meet the requirements of by the reader with all the necessary data, such as the RFID 847 793 security procedures, to avoid thefts or losses of important number, and stored on the network. The machine/robot 848 794 instruments and products. gets notified by this event (as it has subscribed to the ser- 849 vice) and picks up the production part. By matching data 850 795 4.2.3. Data collection from the enterprise system and the RFID tag, it knows 851 796 Automatic data collection and transfer is mostly aimed how to further process the part. In parallel, a wireless sen- 852 797 at reducing form processing time, process automation sor mounted on the machine monitors the vibration and if 853

Please cite this article in press as: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010 COMPNW 4247 No. of Pages 19, Model 3G 31 May 2010 10 L. Atzori et al. / Computer Networks xxx (2010) xxx–xxx

854 it exceeds a specific threshold an event is raised to imme- using the Google Charts API to display where, how, and 910 855 diately stop the process (quality control). Once such an with whom or what they have spent their time over some 911 856 emergency event is propagated, devices that consume it arbitrary period. 912 857 react accordingly. The robot receives the emergency shut- 858 down event and immediately stops its operation. The plant 4.4.3. Losses 913 859 manager also immediately sees the status of the so called A search engine for things is a tool that helps in finding 914 860 Enterprise Resource Planning (ERP) orders, the production objects that we don’t remember where have been left. The 915 861 progress, the device status, as well as a global view on all simplest web-based RFID application is a search engine for 916 862 the elements and the possible side effects of a production things that lets users view the last recorded location for 917 863 line delay due to shop-floor device malfunctions [29]. their tagged objects or search for a particular object’s loca- 918 tion. A more proactive extension of this application lever- 919 864 4.3.3. Smart museum and gym ages user-defined events to notify users when the last 920 865 As to smart leisure environments, the museum and the recorded object location matches some conditions. 921 866 gym are two representative examples where the IoT tech- 867 nologies can help in exploiting their facilities at the best. In 4.4.4. Thefts 922 868 the museum, for instance, expositions in the building may An application similar to the previous one may allow 923 869 evoke various historical periods (Egyptian period or ice the user to know if some objects are moved from a re- 924 870 age) with widely diverging climate conditions. The build- stricted area (the owner house or office), which would 925 871 ing adjusts locally to these conditions while also taking indicate that the object is being stolen. In this case, the 926 872 into account outdoor conditions. In the gym, the personal event has to be notified immediately to the owner and/or 927 873 trainer can upload the exercise profile into the training to the security guards. For example, the application can 928 874 machine for each trainee, who is then automatically recog- send an SMS to the users when the stolen objects leave 929 875 nized by the machine through the RFID tag. Health param- the building without any authorization (such as a laptop, 930 876 eters are monitored during the whole training session and a wallet or an ornament). 931 877 the reported values are checked to see if the trainee is 878 overtraining or if she/he is too relaxed when doing the 4.5. Futuristic applications domain Q3 932 879 exercises. The applications described in the previous sections are 933 880 4.4. Personal and social domain realistic as they either have been already deployed or can 934 be implemented in a short/medium period since the re- 935 881 The applications falling in this domain are those that quired technologies are already available. Apart from 936 882 enable the user to interact with other people to maintain these, we may envision many other applications, which 937 883 and build social relationships. Indeed, things may auto- we herein define futuristic since these rely on some (com- 938 884 matically trigger the transmission of messages to friends munications, sensing, material and/or industrial processes) 939 885 to allow them to know what we are doing or what we have technologies that either are still to come or whose imple- 940 886 done in the past, such as moving from/to our house/office, mentation is still too complex. These applications are even 941 887 travelling, meeting some common mates or playing soccer more interesting in terms of required research and poten- 942 888 [36]. The following are the major applications. tial impact. An interesting analysis of this kind of applica- 943 tions is provided by SENSEI FP7 Project [49] from which we 944 889 4.4.1. Social networking have taken the three most appealing applications. 945 890 This application is related to the automatic update of 891 information about our social activities in social networking 4.5.1. Robot taxi 946 892 web portals, such as Twitter and Plazes. We may think of In future cities, robot taxis swarm together, moving in 947 893 RFIDs that generate events about people and places to give flocks, providing service where it is needed in a timely 948 894 users real-time updates in their social networks, which are and efficient manner. The robot taxis respond to real-time 949 895 then gathered and uploaded in social networking websites. traffic movements of the city, and are calibrated to reduce 950 896 Application user interfaces display a feed of events that congestion at bottlenecks in the city and to service pick-up 951 897 their friends have preliminarily defined and the users can areas that are most frequently used. With or without a hu- 952 898 control their friend lists as well as what events are dis- man driver, they weave in and out of traffic at optimum 953 899 closed to which friends. speeds, avoiding accidents through proximity sensors, 954 which repel them magnetically from other objects on the 955 900 4.4.2. Historical queries road. They can be hailed from the side of the street by 956 901 Historical queries about objects and events data let pointing a mobile phone at them or by using hand ges- 957 902 users study trends in their activities over time. This can tures. The user’s location is automatically tracked via GPS 958 903 be extremely useful for applications that support long- and enables users to request a taxi to be at a certain loca- 959 904 term activities such as business projects and collabora- tion at a particular time by just pointing it out on a detailed 960 905 tions. A digital diary application can be built that records map. On the rare occasions they are not in use, the taxis 961 906 and displays events for example in a Google Calendar for head for ‘pit-stops’ where they automatically stack them- 962 907 later perusal. This way, users can look back over their dia- selves into tight bays which are instrumented with sensors 963 908 ries to see how and with whom they’ve spent their time. where actuators set off recharging batteries, perform sim- 964 909 Historical trends plots can also be automatically generated ple maintenance tasks and clean the cars. The pit-stops 965

Please cite this article in press as: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010 COMPNW 4247 No. of Pages 19, Model 3G 31 May 2010 L. Atzori et al. / Computer Networks xxx (2010) xxx–xxx 11

966 communicate with each other to ensure no over or under- the game keeps track of their achievements. Their con- 1002 967 utilization [49]. troller recognizes RFID tags on objects in the room. To 1003 score, they have to touch the object with it. As the game 1004 progresses, the system gradually makes it more difficult. 1005 968 4.5.2. City information model At first the objects they have to reach are nearby and easy 1006 969 The idea of a City Information Model (CIM) is based on to reach. At some point it gets too difficult and both play- 1007 970 the concept that the status and performance of each build- ers must touch the floor with their feet. Then the game 1008 971 ings and urban fabrics – such as pedestrian walkways, cy- makes a loud noise to indicate that this was wrong. The 1009 972 cle paths and heavier infrastructure like sewers, rail lines, room now notices that one player is a bit taller and faster 1010 973 and bus corridors – are continuously monitored by the city than the other so it starts putting the objects a bit closer 1011 974 government operates and made available to third parties to him, so that he can keep up. The game then adapts the 1012 975 via a series of APIs, even though some information is con- difficulty level and the target according to the achieve- 1013 976 fidential. Accordingly, nothing can be built legally unless it ments of the players so that to keep high the excitement 1014 977 is compatible with CIM. The facilities management services level perceived by the console through the sensing 1015 978 communicate with each other and the CIM, sharing energy devices. 1016 979 in the most cost-effective and resource-efficient fashion. 980 They automatically trade surplus energy with each other 981 and prices are calculated to match supply and demand. 5. Open issues 1017 982 In this sense, planning and design is an ongoing social pro- 983 cess, in which the performance of each item is being re- Although the enabling technologies described in Section 1018 984 ported in real-time and compared with others. 3 make the IoT concept feasible, a large research effort is 1019 985 Population changes can be inferred, as can movement pat- still required. In this section, we firstly review the stan- 1020 986 terns, environmental performance, as well as the overall dardization activities that are being carried out on different 1021 987 efficiency of products and buildings. IoT-related technologies (Section 5.1). Secondly, we show 1022 the most important research issues that need to be ad- 1023 dressed to meet the requirements characterizing IoT sce- 1024 988 4.5.3. Enhanced game room narios. More specifically, in Section 5.2 we focus on 1025 989 The enhanced game room as well as the players are addressing and networking issues, whereas in Section 5.3 1026 990 equipped with a variety of devices to sense location, we describe the problems related to security and privacy. 1027 991 movement, acceleration, humidity, temperature, noise, In Table 2 we summarize the open research issues, the 1028 992 voice, visual information, heart rate and blood pressure. causes for which they are specifically crucial for IoT scenar- 1029 993 The room uses this information to measure excitement ios and the sections when such issues will be discussed in 1030 994 and energy levels so that to control the game activity detail. 1031 995 according to status of the player. Various objects are also 996 placed throughout the room and the point of the game is 997 to crawl and jump from one to the other without touch- 5.1. Standardization activity 1032 998 ing the floor. Points are awarded for long jumps and dif- 999 ficult places to reach. The game also puts a target on the Several contributions to the full deployment and stan- 1033 1000 wall-mounted screen. Whoever reaches that target first, dardization of the IoT paradigm are coming from the scien- 1034 1001 wins. As the players work their way around the room, tific community. Among them, the most relevant are 1035

Table 2 Open research issues.

Open issue Brief description of the cause Details in Standards There are several standardization efforts but they are not integrated in a comprehensive framework Section 5.1 Mobility support There are several proposals for object addressing but none for mobility support in the IoT scenario, Section 5.2 where scalability and adaptability to heterogeneous technologies represent crucial problems Naming Object Name Servers (ONS) are needed to map a reference to a description of a specific object and the Section 5.2 related identifier, and vice versa Transport protocol Existing transport protocols fail in the IoT scenarios since their connection setup and congestion control Section 5.2 mechanisms may be useless; furthermore, they require excessive buffering to be implemented in objects Traffic characterization The IoT will generate data traffic with patterns that are expected to be significantly different from those Section 5.2 and QoS support observed in the current Internet. Accordingly, it will also be necessary to define new QoS requirements and support schemes Authentication Authentication is difficult in the IoT as it requires appropriate authentication infrastructures that will Section 5.3 not be available in IoT scenarios. Furthermore, things have scarce resources when compared to current communication and computing devices. Also man-in-the-middle attack is a serious problem Data integrity This is usually ensured by protecting data with passwords. However, the password lengths supported by Section 5.3 IoT technologies are in most cases too short to provide strong levels of protection Privacy A lot of private information about a person can be collected without the person being aware. Control on Section 5.3 the diffusion of all such information is impossible with current techniques Digital forgetting All the information collected about a person by the IoT may be retained indefinitely as the cost of Section 5.3 storage decreases. Also data mining techniques can be used to easily retrieve any information even after several years

Please cite this article in press as: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010 COMPNW 4247 No. of Pages 19, Model 3G 31 May 2010 12 L. Atzori et al. / Computer Networks xxx (2010) xxx–xxx

1036 provided by the different sections of the Auto-ID Lab scat- of the so called ‘‘Informal working group on the implemen- 1077 1037 tered all over the world [50,51,34], by the European Com- tation of the RFID”. This is composed of stakeholders 1078 1038 mission [52] and European Standards Organisations (ETSI, (industry, operators, European standard organisations, civil 1079 1039 CEN, CENELEC, etc.), by their international counterparts society organisations, data protection authorities, etc.) 1080 1040 (ISO, ITU), and by other standards bodies and consortia required ‘‘to be familiar with RFID in general, the Data Pro- 1081 1041 (IETF, EPCglobal, etc.). Inputs are particularly expected tection Directive and the RFID Recommendation”. 1082 1042 from the Machine-to-Machine Workgroup of the European One of these stakeholders, CEN (European Committee 1083 1043 Telecommunications Standards Institute (ETSI) and from for Standardization) [55], although does not conduct any 1084 1044 some Internet Engineering Task Force (IETF) Working activity specifically related to the IoT, is interested in RFID 1085 1045 Groups. 6LoWPAN [53], aiming at making the IPv6 protocol evolution towards IoT. Among its Working Groups (WGs), 1086 1046 compatible with low capacity devices, and ROLL [54], more the most relevant to the IoT are WG 1-4 BARCODES, WG 1087 1047 interested in the routing issue for Internet of the Future 5 RFID, and the Global RFID Interoperability Forum for 1088 1048 scenarios, are the best candidates. Standards (GRIFS). This latter is a two-year-project coordi- 1089 1049 In Table 3 we summarize the fundamental characteris- nated by GS1, ETSI, and CEN and aimed at defining stan- 1090 1050 tics of the main standards of interest in terms of objectives dards related to physical objects (readers, tags, sensors), 1091 1051 of the standard, status of the standardization process, com- communications infrastructures, spectrum for RFID use, 1092 1052 munication range, data rate, and cost of devices. In the ta- privacy and security issues affecting RFID [56]. 1093 1053 ble we highlight the standards that are discussed in detail Differently from these projects, ISO [57] focuses on 1094 1054 in this section. technical issues such as the frequencies utilized, the mod- 1095 1055 With regards to the RFID technology, it is currently slo- ulation schemes, and the anti-collision protocol. 1096 1056 wed down by fragmented efforts towards standardization, With regards to the IoT paradigm at large, a very inter- 1097 1057 which is focusing on a couple of principal areas: RFID fre- esting standardization effort is now starting in ETSI [58] 1098 1058 quency and readers-tags (tags-reader) communication (the European Telecommunications Standards Institute, 1099 1059 protocols, data formats placed on tags and labels. The ma- which produces globally-applicable ICT related stan- 1100 1060 jor standardization bodies dealing with RFID systems are dards). Within ETSI, in fact, the Machine-to-Machine 1101 1061 EPCglobal, ETSI, and ISO. (M2M) Technical Committee was launched, to the pur- 1102 1062 More specifically, EPCglobal is a subsidiary of the global pose of conducting standardization activities relevant to 1103 1063 not-for-profit standards organization GS1. It mainly aims M2M systems and sensor networks (in the view of the 1104 1064 at supporting the global adoption of a unique identifier IoT). M2M is a real leading paradigm towards IoT, but 1105 1065 for each tag, which is called Electronic Product Code there is very little standardization for it, while the multi- 1106 1066 (EPC), and related industry-driven standards. The produc- plicity of the solutions on the market use standard Inter- 1107 1067 tion of a recommendation for the ‘‘EPCglobal Architecture net, Cellular, and Web technologies. Therefore, the goals 1108 1068 Framework” is a EPCglobal objective, shared with a com- of the ETSI M2M committee include: the development 1109 1069 munity of experts and several organizations, including and the maintenance of an end-to-end architecture for 1110 1070 Auto-ID Labs, GS1 Global Office, GS1 Member Organiza- M2M (with end-to-end IP philosophy behind it), strength- 1111 1071 tions, government agencies, and non-governmental orga- ening the standardization efforts on M2M, including sen- 1112 1072 nizations (NGOs). Interesting results are already available sor network integration, naming, addressing, location, 1113 1073 [5]. QoS, security, charging, management, application, and 1114 1074 As for the European Commission efforts, the event that hardware interfaces [59]. 1115 1075 might have the strongest influence on the future RFID stan- As for the Internet Engineering Task Force (IETF) activi- 1116 1076 dardization process is undoubtedly the official constitution ties related to the IoT, we can say that recently the IPv6 1117

Table 3 Characteristics of the most relevant standardization activities.

Standard Objective Status Comm. Data rate Unitary range (m) (kbps) cost ($) Standardization activities discussed in this section EPCglobal Integration of RFID technology into the electronic product code (EPC) framework, Advanced 1 102 0.01 which allows for sharing of information related to products GRIFS European Coordinated Action aimed at defining RFID standards supporting the Ongoing 1 102 0.01 transition from localized RFID applications to the Internet of Things M2M Definition of cost-effective solutions for machine-to-machine (M2M) Ongoing N.S. N.S. N.S. communications, which should allow the related market to take off 6LoWPAN Integration of low-power IEEE 802.15.4 devices into IPv6 networks Ongoing 10–100 102 1 ROLL Definition of routing protocols for heterogeneous low-power and lossy networks Ongoing N.S. N.S. N.S. Other relevant standardization activities NFC Definition of a set of protocols for low range and bidirectional communications Advanced 102 Up to 424 0.1 Wireless Definition of protocols for self-organizing, self-healing and mesh architectures over Advanced 10–100 102 1 Hart IEEE 802.15.4 devices ZigBee Enabling reliable, cost-effective, low-power, wirelessly networked, monitoring and Advanced 10–100 102 1 control products

Please cite this article in press as: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010 COMPNW 4247 No. of Pages 19, Model 3G 31 May 2010 L. Atzori et al. / Computer Networks xxx (2010) xxx–xxx 13

1118 over Low-Power Wireless Personal Area Networks (6LOW- prefix are used to address the gateway between the RFID 1177 1119 PAN) IETF group was born [53]. 6LOWPAN is defining a system and the Internet. 1178 1120 set of protocols that can be used to integrate sensor nodes Accordingly, the gateway will handle messages gener- 1179 1121 into IPv6 networks. Core protocols composing the 6LOW- ated by RFID tags that must leave the RFID system and en- 1180 1122 PAN architecture have been already specified and some ter the Internet as follows. A new IPv6 packet will be 1181 1123 commercial products have been already released that created. Its payload will contain the message generated 1182 1124 implement this protocol suite. The 6LOWPAN working by the tag, whereas its source address will be created by 1183 1125 group is currently moving four Internet-Drafts towards last concatenating the gateway ID (which is copied into the 1184 1126 call in the standards track (Improved Header Compression, network prefix part of the IPv6 address) and the RFID tag 1185 1127 6LoWPAN Neighbour Discovery) and informational track identifier (which is copied into the interface identifier part 1186 1128 (Use Cases, Routing Requirements) [60]. of the IPv6 address). Analogously, the gateway will handle 1187 1129 A further relevant IETF Working Group is named Rout- IPv6 packets coming from the Internet and directed to- 1188 1130 ing Over Low power and Lossy networks (ROLL). It has re- wards a certain RFID tag as follows. The specific RFID tag, 1189 1131 cently produced the RPL (pronounced ‘‘ripple”) routing which represents the destination of the message, will be 1190 1132 protocol draft. This will be the basis for routing over low- easily recognized as its identifier is reported into the inter- 1191 1133 power and lossy networks including 6LoWPAN, which still face identifier part of the IPv6 address; the specific mes- 1192 1134 needs lots of contributions to reach a full solution. sage (which in most cases represents the request of a 1193 1135 We clearly understand, from what is described above, certain operation) will be, instead, notified to the relevant 1194 1136 that an emerging idea is to consider the IoT standardisation RFID reader(s). 1195 1137 as an integral part of the Future Internet definition and This approach, however, cannot be used if the RFID tag 1196 1138 standardisation process. This assertion was recently made identifier is long 96 bits, as allowed by the EPCglobal stan- 1197 1139 by the cluster of European R&D projects on the IoT dard. To solve this problem, in [64] a methodology is pro- 1198 1140 (CERP-IoT). According to it, the integration of different posed that uses an appropriate network element, called 1199 1141 things into wider networks, either mobile or fixed, will al- agent, that maps the RFID identifier (regardless of its 1200 1142 low their interconnection with the Future Internet [61]. length) into a 64 bits field which will be used as the inter- 1201 1143 What is worth pointing out in the cited standardization face ID of the IPv6 address. Obviously, the agent must keep 1202 1144 areas is the tight collaboration between standardization updated a mapping between the IPv6 addresses generated 1203 1145 Institutions and other world-wide Interest Groups and Alli- and the RFID tag identifier. 1204 1146 ances. It seems that the whole industry is willing to coop- A complete different approach is illustrated in [65], 1205 1147 erate on achieving the IoT. IPSO, but also the ZigBee where the RFID message and headers are included into 1206 1148 Alliance, the IETF and the IEEE work in the same direction the IPv6 packet payload as shown in Fig. 4. 1207 1149 of IP standards integration [61]. It is important to note, however, that in all the above 1208 cases RFID mobility is not supported. In fact, the common 1209 1150 5.2. Addressing and networking issues basic assumption is that each RFID can be reached through 1210 a given gateway between the network and the RFID system. 1211 1151 The IoT will include an incredibly high number of It follows that appropriate mechanisms are required to 1212 1152 nodes, each of which will produce content that should be support mobility in the IoT scenarios. In this contexts, the 1213 1153 retrievable by any authorized user regardless of her/his po- overall system will be composed of a large number of sub- 1214 1154 sition. This requires effective addressing policies. Cur- systems with extremely different characteristics. In the 1215 1155 rently, the IPv4 protocol identifies each node through a past, several solutions have been proposed for the mobility 1216 1156 4-byte address. It is well known that the number of avail- management [66]; however, their validity in the IoT sce- 1217 1157 able IPv4 addresses is decreasing rapidly and will soon narios should be proven as they may have problems in 1218 1158 reach zero. Therefore, it is clear that other addressing pol- terms of scalability and adaptability to be applied in such 1219 1159 icies should be used other than that utilized by IPv4. a heterogeneous environment. To this purpose it is impor- 1220 1160 In this context, as we already said in Section 5.1, IPv6 tant to note that higher scalability can be achieved by solu- 1221 1161 addressing has been proposed for low-power wireless tions based on the utilization of a home agent (like Mobile 1222 1162 communication nodes within the 6LOWPAN context. IPv6 IP [67]), rather than by solutions based on home location 1223 1163 addresses are expressed by means of 128 bits and there- registers (HLR) and visitor location registers (VLR), which 1224 1164 fore, it is possible to define 1038 addresses, which should are widely used in cellular networks. In fact, Mobile IP-like 1225 1165 be enough to identify any object which is worth to be ad- protocols do not use central servers, which are critical from 1226 1166 dressed. Accordingly, we may think to assign an IPv6 ad- a scalability point of view. 1227 1167 dress to all the things included in the network. However, Another issue regards the way in which addresses are 1228 1168 since RFID tags use 64–96 bits identifiers, as standardized obtained. In the traditional Internet any host address is 1229 1169 by EPCglobal, solutions are required for enabling the identified by querying appropriate servers called domain 1230 1170 addressing of RFID tags into IPv6 networks. Recently, inte- name servers (DNS). Objective of DNSs is to provide the 1231 1171 gration of RFID tags into IPv6 networks has been investi- IP address of a host from a certain input name. In the 1232 1172 gated [62] and methodologies to integrate RFID IoT, communications are likely to occur between (or 1233 1173 identifiers and IPv6 addresses have been proposed. For with) objects instead of hosts. Therefore, the concept of 1234 1174 example, in [63] authors propose to use the 64 bits of the Object Name Service (ONS) must be introduced, which 1235 1175 interface identifier of the IPv6 address to report the RFID associates a reference to a description of the specific ob- 1236 1176 tag identifier, whereas the other 64 bits of the network ject and the related RFID tag identifier [68,5]. In fact, the 1237

Please cite this article in press as: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010 COMPNW 4247 No. of Pages 19, Model 3G 31 May 2010 14 L. Atzori et al. / Computer Networks xxx (2010) xxx–xxx

Fig. 4. Encapsulation of RFID message into an IPv6 packet.

1238 tag identifier is mapped into a Internet Uniform Reference can be retransmitted in case it is lost. At the destination 1282 1239 Locator (URL), which points to relevant information of data should be buffered to provide ordered delivery of 1283 1240 the object. In the IoT, the ONS should operate in both data to the application. Management of such buffers 1284 1241 directions, i.e., should be able to associate the description may be too costly in terms of required energy for bat- 1285 1242 of the object specified to a given RFID tag identifier, and tery-less devices. 1286 1243 vice versa. Inverting the function is not easy and requires 1244 an appropriate service, which is called Object Code Map- As a consequence, TCP cannot be used efficiently for the 1287 1245 ping Service (OCMS). Desired characteristics for OCMSs end-to-end transmission control in the IoT. Up to date, 1288 1246 are reported in [69], where a P2P approach is suggested no solutions have been proposed for the IoT and therefore, 1289 1247 in order to improve scalability. However, note that de- research contributions are required. 1290 1248 sign and assessment of OCMS in complex operational Furthermore, we do not know what will be the charac- 1291 1249 environments, such as the IoT, is still an open issue. teristics of the traffic exchanged by smart objects in the 1292 1250 Also a new conception of the transport layer is required IoT. Whereas it is fundamental to investigate such charac- 1293 1251 for the IoT. Major goals of the transport layer are to guar- teristics as they should be the basis for the design of the 1294 1252 antee end-to-end reliability and to perform end-to-end network infrastructures and protocols. 1295 1253 congestion control. In the traditional Internet, the protocol Accordingly, another important research issue concern- 1296 1254 utilized at the transport layer for reliable communications ing the networking aspects is related to traffic character- 1297 1255 is the Transmission Control Protocol (TCP) [70]. It is obvious ization. It is well known that traffic characteristics in 1298 1256 that TCP is inadequate for the IoT, due to the following wireless sensor networks strongly depend on the applica- 1299 1257 reasons: tion scenario (see [72], for example). This was not a prob- 1300 lem as the interest was focused on the traffic flow inside 1301 1258 1. Connection setup: TCP is connection oriented and each the wireless sensor network itself. Complications arise 1302 1259 session begins with a connection setup procedure (the when, according to the IoT paradigm, sensor nodes become 1303 1260 so called three ways handshake). This is unnecessary, part of the overall Internet. In fact, in this scenario, the 1304 1261 given that most of the communications within the IoT Internet will be traversed by a large amount of data gener- 1305 1262 will involve the exchange of a small amount of data ated by sensor networks deployed for heterogeneous pur- 1306 1263 and, therefore, the setup phase would last for a consid- poses and thus, with extremely different traffic 1307 1264 erable portion of the session time. Furthermore, the characteristics. Furthermore, since the deployment of large 1308 1265 connection setup phase involves data to be processed scale, distributed RFID systems is still at the very begin- 1309 1266 and transmitted by end-terminals, which in most cases ning, the characteristics of the related traffic flows have 1310 1267 are limited in terms of both energy and communication not been studied so far, and therefore, the traffic which will 1311 1268 resources, such as sensor nodes and RFID tags. traverse the IoT is completely unknown. 1312 1269 2. Congestion control: TCP is responsible of performing On the contrary characterization of the traffic is very 1313 1270 end-to-end congestion control. In the IoT this may cause important as it is necessary to network providers for plan- 1314 1271 performance problems as most of the communications ning the expansion of their infrastructures (if needed). 1315 1272 will exploit the wireless medium, which is known to Finally, traffic characterization and modeling together 1316 1273 be a challenging environment for TCP [71]. Furthermore, with a list of traffic requirements is needed to devise 1317 1274 if the amount of data to be exchanged in a single session appropriate solutions for supporting quality of service 1318 1275 is very small, TCP congestion control is useless, given (QoS). In fact, if some work has been done for supporting 1319 1276 that the whole TCP session will be concluded with the QoS in wireless sensor networks [73], the problem is still 1320 1277 transmission of the first segment and the consequent completely unexplored in RFID systems. Accordingly, a 1321 1278 reception of the corresponding acknowledgement. large research effort is needed in the field of QoS support 1322 1279 3. Data buffering: TCP requires data to be stored in a mem- in the IoT. We believe that there will be several analogies 1323 1280 ory buffer both at the source and at the destination. In with QoS for machine-to-machine communications. Since 1324 1281 fact, at the source data should be buffered so that it such types of communications have been already ad- 1325

Please cite this article in press as: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010 COMPNW 4247 No. of Pages 19, Model 3G 31 May 2010 L. Atzori et al. / Computer Networks xxx (2010) xxx–xxx 15

1326 dressed in recent years [74], we can apply to the IoT sce- mechanism and that an attacker wants to stole the identity 1384 1327 narios QoS management schemes proposed for M2M sce- of the element B (please note that that B can be any IoT ele- 1385 1328 narios. Obviously, this should be just a starting point and ment capable of computing and communicating). The at- 1386 1329 specific solutions for the IoT should be introduced in the tacker will position two transceivers. The first close to A, 1387 1330 future. which we call B0 and the second close to B, which we call 1388 A0. The basic idea is to make A believe that B0 is B, and make 1389 1331 5.3. Security and privacy B believe that A0 is A. To this purpose, node B0 will transmit 1390 the query signal received by the authenticating node A to 1391 1332 People will resist the IoT as long as there is no public the transceiver A0. The transceiver A0 will transmit such sig- 1392 1333 confidence that it will not cause serious threats to privacy. nal so that B can receive it. Observe, that the signal trans- 1393 1334 All the talking and complains (see [75] for example) fol- mitted by A0 is an exact replica of the signal transmitted by 1394 1335 lowing the announcement by the Italian retailer Benetton A. Accordingly, it is impossible for node B to understand 1395 1336 on the plan to tag a complete line of clothes (around 15 that the signal was not transmitted by A and therefore, it 1396 1337 million RFIDs) has been the first, clear confirmation of this will reply with its identification. Node A0 receives such re- 1397 1338 mistrust towards the use that will be done of the data col- ply and transmits it to node B0, that will transmit it to node 1398 1339 lected by the IoT technologies [76]. A. Node A cannot distinguish that such reply was not trans- 1399 1340 Public concerns are indeed likely to focus on a certain mitted by B, and therefore, will identify the transceiver B0 1400 1341 number of security and privacy issues [21,77]. as the element B and provide access accordingly. Observe 1401 that this can be done regardless of the fact that the signal 1402 1342 5.3.1. Security is encrypted or not. 1403 1343 The IoT is extremely vulnerable to attacks for several Data integrity solutions should guarantee that an adver- 1404 1344 reasons. First, often its components spend most of the time sary cannot modify data in the transaction without the sys- 1405 1345 unattended; and thus, it is easy to physically attack them. tem detecting the change. The problem of data integrity 1406 1346 Second, most of the communications are wireless, which has been extensively studied in all traditional computing 1407 1347 makes eavesdropping extremely simple. Finally, most of and communication systems and some preliminary results 1408 1348 the IoT components are characterized by low capabilities exist for sensor networks, e.g., [79]. However, new prob- 1409 1349 in terms of both energy and computing resources (this is lems arise when RFID systems are integrated in the Inter- 1410 1350 especially the case for passive components) and thus, they net as they spend most of the time unattended. Data can 1411 1351 cannot implement complex schemes supporting security. be modified by adversaries while it is stored in the node 1412 1352 More specifically, the major problems related to secu- or when it traverses the network [80]. To protect data 1413 1353 rity concern authentication and data integrity. Authentica- against the first type of attack, memory is protected in 1414 1354 tion is difficult as it usually requires appropriate most tag technologies and solutions have been proposed 1415 1355 authentication infrastructures and servers that achieve for wireless sensor networks as well [81]. For example, 1416 1356 their goal through the exchange of appropriate messages both EPCglobal Class-1 Generation-2 and ISO/IEC 18000–3 1417 1357 with other nodes. In the IoT such approaches are not feasi- tags protect both read and write operations on their mem- 1418 1358 ble given that passive RFID tags cannot exchange too many ory with a password. In fact, EPCglobal Class-1 Generation-2 1419 1359 messages with the authentication servers. The same rea- tags have five areas of memory, each of which can be pro- 1420 1360 soning applies (in a less restrictive way) to the sensor tected in read or write with a password independently of 1421 1361 nodes as well. each others. Whereas, ISO/18000–3 tags define a pointer 1422 1362 In this context, note that several solutions have been to a memory address and protect with a password all 1423 1363 proposed for sensor networks in the recent past [78]. How- memory areas with a lower memory address. To protect 1424 1364 ever, existing solutions can be applied when sensor nodes data against the second type of attack, messages may be 1425 1365 are considered as part of a sensor network connected to the protected according to the Keyed-Hash Message Authentica- 1426 1366 rest of the Internet via some nodes playing the roles of tion Code (HMAC) scheme [82]. This is based on a common 1427 1367 gateways. In the IoT scenarios, instead, sensor nodes must 1368 be seen as nodes of the Internet, so that it becomes neces- 1369 sary to authenticate them even from nodes not belonging 1370 to the same sensor network. 1371 In the last few years, some solutions have been pro- 1372 posed for RFID systems, however, they all have serious 1373 problems as described in [21]. 1374 Finally, none of the existing solutions can help in solv- 1375 ing the proxy attack problem, also known as the man-in- 1376 the-middle attack. Consider the case in which a node is uti- 1377 lized to identify something or someone and, accordingly, 1378 provides access to a certain service or a certain area (con- 1379 sider an electronic passport for example, or some keys 1380 based on RFID). The attack depicted in Fig. 5 could be suc- 1381 cessfully performed. 1382 Consider the case in which A is the node that wants to 1383 authenticate other system elements through some RF Fig. 5. Man in the middle attack.

Please cite this article in press as: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010 COMPNW 4247 No. of Pages 19, Model 3G 31 May 2010 16 L. Atzori et al. / Computer Networks xxx (2010) xxx–xxx

1428 secret key shared between the tag and the destination of For example, consider the application scenario regarding 1488 1429 the message, which is used in combination with a hash Comfortable homes and offices described in Section 4.3, 1489 1430 function to provide authentication. and focus on the case of a building where several offices 1490 1431 Observe that the above solutions proposed to support are located. In this case, some sensing capabilities will be 1491 1432 data integrity when RFID systems are considered have seri- deployed in the environment to track position of people 1492 1433 ous problems. In fact, the password length supported by and control the lighting or heating accordingly. If the track- 1493 1434 most tag technologies is too short to provide strong levels ing system is deployed only for increasing comfort of the 1494 1435 of protections. Moreover, even if longer passwords are sup- offices while reducing energy consumption, then, appro- 1495 1436 ported, still their management remains a challenging task, priate policies to protect privacy should be applied guaran- 1496 1437 especially when entities belonging to different organiza- teeing that: 1497 1438 tions, as in the case of the IoT, are involved. 1439 Finally, please note that that all the solutions proposed the tracking system does not collect information about 1498 1440 to support security use some cryptographic methodolo- the position and movements of individual users but 1499 1441 gies. Typical cryptographic algorithms spend large amount only considers aggregate users (position and move- 1500 1442 of resources in terms of energy and bandwidth both at the ments of people should not be linkable to their 1501 1443 source and the destination. Such solutions cannot be ap- identities); 1502 1444 plied to the IoT, given that they will include elements (like people are informed of the scope and the way in which 1503 1445 RFID tags and sensor nodes) that are seriously constrained their movements are tracked by the system (taking peo- 1504 1446 in terms of energy, communications, and computation ple informed about possible leaks of their privacy is 1505 1447 capabilities. It follows that new solutions are required able essential and required by most legislations); 1506 1448 to provide a satisfactory level of security regardless of the data collected by the tracking system should be pro- 1507 1449 scarcity of resources. In this context, a few solutions have cessed for the purposes of controlling the lighting and 1508 1450 been proposed for light symmetric key cryptographic heating and then deleted by the storage system. 1509 1451 schemes (see [83,84] for RFID scenarios and [78] for sensor 1452 network scenarios). However, as we already said, key man- To handle the data collection process appropriate solutions 1510 1453 agement schemes are still at an early stage (especially in are needed in all the different subsystems interacting with 1511 1454 the case of RFID) and require large research efforts. human beings in the IoT. For example, in the context of tra- 1512 ditional Internet services the W3C group has defined the 1513 1455 5.3.2 Privacy Platform for Privacy Preferences (P3P) [85], which provides 1514 1456 The concept of privacy is deeply rooted into our civiliza- a language for the description of the privacy preferences 1515 1457 tions, is recognized in all legislations of civilized countries and policies and therefore, allows automatic negotiation 1516 1458 and, as we already said, concerns about its protection have of the parameters concerning privacy based on the needs 1517 1459 proven to be a significant barrier against the diffusion of of personal information for running the service and the pri- 1518 1460 the technologies involved in the IoT [75]. People concerns vacy requirements set by the user. Always in the context of 1519 1461 about privacy are indeed well justified. In fact, the ways traditional Internet services, through appropriate settings 1520 1462 in which data collection, mining, and provisioning will be of the applications run on the user terminals, the time 1521 1463 accomplished in the IoT are completely different from instants when personal information are being released 1522 1464 those that we now know and there will be an amazing can be easily detected and the entity collecting such data 1523 1465 number of occasions for personal data to be collected. can be identified through well established authentication 1524 1466 Therefore, for human individuals it will be impossible to procedures. 1525 1467 personally control the disclosure of their personal The problem becomes impossible to be solved in the 1526 1468 information. case of sensor networks. In fact, individuals entering in 1527 1469 Furthermore, the cost of information storage continues an area where a sensor network is deployed cannot con- 1528 1470 to decrease and is now approaching 109 euro per byte. trol what information is being collected about them- 1529 1471 Accordingly, once information is generated, will most selves. For example, consider a sensor network 1530 1472 probably be retained indefinitely, which involves denial composed of cameras deployed in a certain area. The 1531 1473 of digital forgetting in people perspective. only way an individual can avoid such cameras not to 1532 1474 It follows that the IoT really represents an environment take her/his image is not to enter into the area. In this 1533 1475 in which privacy of individuals is seriously menaced in context, a possible solution that can reduce privacy prob- 1534 1476 several ways. Furthermore, while in the traditional Inter- lems might be to restrict the network’s ability to gather 1535 1477 net problems of privacy arise mostly for Internet users data at a detail level that could compromise privacy [86]. 1536 1478 (individuals playing an active role), in the IoT scenarios pri- For example, a sensor network might anonymize data by 1537 1479 vacy problems arise even for people not using any IoT reporting only approximate locations of sensed individu- 1538 1480 service. als and tradeoff privacy requirements with the level of 1539 1481 Accordingly, privacy should be protected by ensuring details required by the application. Another example 1540 1482 that individuals can control which of their personal data regarding sensor networks composed of cameras de- 1541 1483 is being collected, who is collecting such data, and when ployed for video surveillance purposes. In this case, 1542 1484 this is happening. Furthermore, the personal data collected images of people can be blurred in order to protect their 1543 1485 should be used only in the aim of supporting authorized privacy [87]. If some event occurs, then the image of rel- 1544 1486 services by authorized service providers; and, finally, the evant people can be reconstructed by the law enforce- 1545 1487 above data should be stored only until it is strictly needed. ment personnel. 1546

Please cite this article in press as: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010 COMPNW 4247 No. of Pages 19, Model 3G 31 May 2010 L. Atzori et al. / Computer Networks xxx (2010) xxx–xxx 17

1547 In the case of RFID systems, the problem is twofold. In 6. Conclusions 1608 1548 fact, on the one hand usually RFID tags are passive and re- 1549 ply to readers queries regardless of the desire of their pro- The Internet has changed drastically the way we live, 1609 1550 prietary. On the other hand an attacker can eavesdrop the moving interactions between people at a virtual level in 1610 1551 reply from a tag to another authorized reader. Solutions to several contexts spanning from the professional life to 1611 1552 the first type of problems proposed so far are based on social relationships. The IoT has the potential to add a 1612 1553 authentication of authorized readers (which have been dis- new dimension to this process by enabling communica- 1613 1554 cussed above). However, such solutions require tags that tions with and among smart objects, thus leading to 1614 1555 are able to perform authentication procedures. This in- the vision of ‘‘anytime, anywhere, anymedia, anything” 1615 1556 volves higher costs and an authentication infrastructure, communications. 1616 1557 which, as we have already said, cannot be deployed in To this purpose, we observe that the IoT should be con- 1617 1558 complex systems like those expected in IoT scenarios. sidered as part of the overall Internet of the future, which 1618 1559 Accordingly, solutions have been recently proposed (see is likely to be dramatically different from the Internet we 1619 1560 [88] for example) that use a new system that, on the basis use today. In fact, it is clear that the current Internet para- 1620 1561 of preferences set by the user, negotiates privacy on her/his digm, which supports and has been built around host-to- 1621 1562 behalf. The privacy decisions taken by the above system host communications, is now a limiting factor for the cur- 1622 1563 can be enforced by creating collisions in the wireless chan- rent use of the Internet. It has become clear that Internet is 1623 1564 nel with the replies transmitted by the RFID tags, which mostly used for the publishing and retrieving of informa- 1624 1565 should not be read [89]. tion (regardless of the host where such information is pub- 1625 1566 Avoiding eavesdropping by attacker in RFID systems lished or retrieved from) and therefore, information should 1626 1567 can be accomplished through protecting the communica- be the focus of communication and networking solutions. 1627 1568 tion with encryption as explained above. However, these This leads to the concept of data-centric networks, which 1628 1569 types of solutions still allow malicious readers to detect has been investigated only recently [94]. According to such 1629 1570 the presence of the RFID tags scanned by the authorized a concept, data and the related queries are self-addressable 1630 1571 reader. To fix this problem, there is a new family of solu- and self-routable. 1631 1572 tions in which the signal transmitted by the reader has In this perspective, the current trend, which we have 1632 1573 the form of a pseudo-noise. Such noisy signal is modulated highlighted in Section 5.2, of assigning an IPv6 address to 1633 1574 by the RFID tags and therefore, its transmission cannot be each IoT element so as to make it possible to reach them 1634 1575 detected by malicious readers [90]. from any other node of the network, looks more suitable 1635 1576 In order to ensure that the personal data collected is for the traditional Internet paradigm. Therefore, it is possi- 1636 1577 used only to support authorized services by authorized ble that the Internet evolution will require a change in the 1637 1578 providers, solutions have been proposed that usually rely above trend. 1638 1579 on a system called privacy broker [91]. The proxy inter- Another interesting paradigm which is emerging in the 1639 1580 acts with the user on the one side and with the services Internet of the Future context is the so called Web Squared, 1640 1581 on the other. Accordingly, it guarantees that the provider which is an evolution of the Web 2.0. It is aimed at inte- 1641 1582 obtains only the information about the user which is grating web and sensing technologies [95] together so as 1642 1583 strictly needed. The user can set the preferences of the to enrich the content provided to users. This is obtained 1643 1584 proxy. When sensor networks and RFID systems are in- by taking into account the information about the user con- 1644 1585 cluded in the network, then the proxy operates between text collected by the sensors (microphone, cameras, GPS, 1645 1586 them and the services. However, note that in this case etc.) deployed in the user terminals. In this perspective, ob- 1646 1587 the individual cannot set and control the policies utilized serve that Web Squared can be considered as one of the 1647 1588 by the privacy brokers. Moreover, observe that such applications running over the IoT, like the Web is today 1648 1589 solutions based on privacy proxies suffer from scalability an (important) application running over the Internet. 1649 1590 problems. In this paper, we have surveyed the most important as- 1650 1591 Finally, studies are still at the beginning regarding dig- pects of the IoT with emphasis on what is being done and 1651 1592 ital forgetting as this has been recognized as an important what are the issues that require further research. Indeed, 1652 1593 issue only recently [92]. In fact, as the cost of storage de- current technologies make the IoT concept feasible but 1653 1594 creases, the amount of data that can be memorized in- do not fit well with the scalability and efficiency require- 1654 1595 creases dramatically. Accordingly, there is the need to ments they will face. We believe that, given the interest 1655 1596 create solutions that periodically delete information that shown by industries in the IoT applications, in the next 1656 1597 is of no use for the purpose it was generated. Accordingly, years addressing such issues will be a powerful driving fac- 1657 1598 the new software tools that will be developed in the future tor for networking and communication research in both 1658 1599 should support such forgetting functionalities. For exam- industrial and academic laboratories. 1659 1600 ple, a few experimental solutions have been developed 1601 and released for public use in the recent past that allow References 1660 1602 users to insert and share pictures and other types of files 1603 over the Internet with the assurance that such pictures will [1] D. Giusto, A. Iera, G. Morabito, L. Atzori (Eds.), The Internet of Things, 1661 1604 expire at a certain date and will be deleted afterwards (see Springer, 2010. ISBN: 978-1-4419-1673-0. 1662 1663 1605 drop.io and the Guest Pass features on Flickr for example [2] National Intelligence Council, Disruptive Civil Technologies – Six Technologies with Potential Impacts on US Interests Out to 2025 – 1664 1606 [93]). Porting of such solutions to the IoT context is not Conference Report CR 2008-07, April 2008, . 1666

Please cite this article in press as: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010 COMPNW 4247 No. of Pages 19, Model 3G 31 May 2010 18 L. Atzori et al. / Computer Networks xxx (2010) xxx–xxx

1667 [3] INFSO D.4 Networked Enterprise & RFID INFSO G.2 Micro & [32] Hydra Middleware Project, FP6 European Project, . 1747 1669 the ETP EPOSS, Internet of Things in 2020, Roadmap for the Future, [33] S. Duquennoy, G. Grimaud, J.-J. Vandewalle, The web of things: 1748 1670 Version 1.1, 27 May 2008. interconnecting devices with high usability and performance, in: 1749 1671 [4] Auto-Id Labs, . Proceedings of ICESS ’09, HangZhou, Zhejiang, China, May 2009. 1750 1672 [5] The EPCglobal Architecture Framework, EPCglobal Final Version 1.3, [34] . 1751 1673 Approved 19 March 2009, . [35] C. Floerkemeier, C. Roduner, M. Lampe, RFID application 1752 1674 [6] K. Sakamura, Challenges in the age of ubiquitous computing: a case development with the Accada middleware platform, IEEE System 1753 1675 study of T-engine – an open development platform for embedded Journal 1 (2) (2007) 82–94. 1754 1676 systems, in: Proceedings of ICSE’06, Shanghai, China, May 2006. [36] E. Welbourne, L. Battle, G. Cole, K. Gould, K. Rector, S. Raymer, M. 1755 1677 [7] M. Presser, A. Gluhak, The Internet of Things: Connecting the Real Balazinska, G. Borriello, Building the internet of things using RFID: 1756 1678 World with the Digital World, EURESCOM mess@ge – The Magazine the RFID ecosystem experience, IEEE Internet Computing 13 (3) 1757 1679 for Telecom Insiders, vol. 2, 2009, . [37] . 1759 1681 [8] M. Botterman, for the European Commission Information Society [38] . 1760 1682 and Media Directorate General, Networked Enterprise & RFID Unit – [39] R. Yuan, L. Shumin, Y. Baogang, Value Chain Oriented RFID System 1761 1683 D4, Internet of Things: An Early Reality of the Future Internet, Report Framework and Enterprise Application, Science Press, Beijing, 2007. 1762 1684 of the Internet of Things Workshop, Prague, Czech Republic, May [40] METRO Group Future Store Initiative, . 1764 1686 [9] B. Sterling, Shaping Things – Mediawork Pamphlets, The MIT Press, [41] S. Karpischek, F. Michahelles, F. Resatsch, E. Fleisch, Mobile sales 1765 1687 2005. assistant – an NFC-based product information system for 1766 1688 [10] ITU Internet Reports, The Internet of Things, November 2005. retailers, in: Proceedings of the First International Workshop on 1767 1689 [11] A. Dunkels, J.P. Vasseur, IP for Smart Objects, Internet Protocol for Near Field Communications 2009, Hagenberg, Austria, February 1768 1690 Smart Objects (IPSO) Alliance, White Paper #1, September 2008, 2009. 1769 1691 . [42] G. Broll, E. Rukzio, M. Paolucci, M. Wagner, A. Schmidt, H. Hussmann, 1770 1692 [12] J. Hui, D. Culler, S. Chakrabarti, 6LoWPAN: Incorporating IEEE PERCI: pervasive service interaction with the internet of things, IEEE 1771 1693 802.15.4 Into the IP Architecture – Internet Protocol for Smart Internet Computing 13 (6) (2009) 74–81. 1772 1694 Objects (IPSO) Alliance, White Paper #3, January 2009, . carbon footprint of perishable goods, IEEE Pervasive Computing 8 (1) 1774 1696 [13] N. Gershenfeld, R. Krikorian, D. Cohen, The internet of things, (2009) 22–29. 1775 1697 Scientific American 291 (4) (2004) 76–81. [44] A. Dada, F. Thiesse, Sensor applications in the supply chain: the 1776 1698 [14] I. Toma, E. Simperl, Graham Hench, A joint roadmap for semantic example of quality-based issuing of perishables, in: Proceedings of 1777 1699 technologies and the internet of things, in: Proceedings of the Third Internet of Things 2008, Zurich, Switzerland, May 2008. 1778 1700 STI Roadmapping Workshop, Crete, Greece, June 2009. [45] D. Reilly, M. Welsman-Dinelle, C. Bate, K. Inkpen, Just point and 1779 1701 [15] A. Katasonov, O. Kaykova, O. Khriyenko, S. Nikitin, V. Terziyan, click? Using handhelds to interact with paper maps, in: Proceedings 1780 1702 Smart semantic middleware for the internet of things, in: of ACM MobileHCI’05, University of Salzburg, Austria, September 1781 1703 Proceedings of the Fifth International Conference on Informatics 2005. 1782 1704 in Control, Automation and Robotics, Funchal, Madeira, Portugal, [46] R. Hardy, E. Rukzio, Touch & interact: touch-based interaction of 1783 1705 May 2008. mobile phones with displays, in: Proceedings of ACM MobileHCI ’08, 1784 1706 [16] W. Wahlster, Web 3.0: Semantic Technologies for the Internet of Amsterdam, The Netherlands, September 2008. 1785 1707 Services and of Things, Lecture at the 2008 Dresden Future Forum, [47] A.M. Vilamovska, E. Hattziandreu, R. Schindler, C. Van Oranje, H. De 1786 1708 June 2008. Vries, J. Krapelse, RFID Application in Healthcare – Scoping and 1787 1709 [17] I. Vázquez, Social Devices: Semantic Technology for the Internet of Identifying Areas for RFID Deployment in Healthcare Delivery, RAND 1788 1710 Things, Week@ESI, Zamudio, Spain, June 2009. Europe, February 2009. 1789 1711 [18] D. Guinard, T. Vlad, Towards the web of things: web mashups for [48] D. Niyato, E. Hossain, S. Camorlinga, Remote patient monitoring 1790 1712 embedded devices, in: Proceedings of the International World Wide service using heterogeneous wireless access networks: architecture 1791 1713 Web Conference 2009 (WWW 2009), Madrid, Spain, April 2009. and optimization, IEEE Journal on Selected Areas in Communications 1792 1714 [19] L. Srivastava, Pervasive, ambient, ubiquitous: the magic of radio, in: 27 (4) (2009) 412–423. 1793 1715 European Commission Conference ‘‘From RFID to the Internet of [49] SENSEI FP7 Project, Scenario Portfolio, User and Context 1794 1716 Things”, Bruxelles, Belgium, March 2006. Requirements, Deliverable 1.1, . 1795 1717 [20] K. Finkenzeller, RFID Handbook, Wiley, 2003. [50] C. Floerkemeier, R. Bhattacharyya, S. Sarma, Beyond RFID, in: 1796 1718 [21] A. Jules, RFID security and privacy: a research survey, IEEE Journal on Proceedings of TIWDC 2009, Pula, Italy, September 2009. 1797 1719 Selected Areas in Communications 24 (2) (2006) 381–394. [51] J. Sung, T. Sanchez Lopez, D. Kim, The EPC sensor network for RFID 1798 1720 [22] I.F. Akyildiz, W. Su, Y. Sankarasubramaniam, E. Cayirci, Wireless and WSN integration infrastructure, in: Proceedings of IEEE 1799 1721 sensor networks: a survey, Computer Networks 38 (4) (2002) 393– PerComW’07, White Plains, NY, USA, March 2007. 1800 1722 422. [52] Commission of the European Communities, Early Challenges 1801 1723 [23] . Regarding the ‘‘Internet of Things”, 2008. 1802 1724 [24] G. Marrocco, C. Occhiuzzi, F. Amato, Sensor-oriented passive RFID, [53] N. Kushalnagar, G. Montenegro, C. Schumacher, IPv6 Over Low- 1803 1725 in: Proceedings of TIWDC 2009, Pula, Italy, September 2009. Power Wireless Personal Area Networks (6LoWPANs): Overview, 1804 1726 [25] . Assumptions, Problem Statement, and Goals, IETF RFC 4919, August 1805 1727 [26] M. Buettner, B. Greenstein, A. Sample, J.R. Smith, D. Wetherall, 2007. 1806 1728 Revisiting smart dust with RFID sensor networks, in: Proceedings of [54] M. Weiser, The computer for the 21st century, ACM Mobile 1807 1729 ACM HotNets 2008, Calgary, Canada, October 2008. Computing and Communications Review 3 (3) (1999) 3–11. 1808 1730 [27] S. De Deugd, R. Carroll, K. Kelly, B. Millett, J. Ricker, SODA: service [55] . 1809 1731 oriented device architecture, IEEE Pervasive Computing 5 (3) (2006) [56] A. Nilssen, Security and privacy standardization in internet of things, 1810 1732 94–96. in: eMatch’09 – Future Internet Workshop, Oslo, Norway, September 1811 1733 [28] J. Pasley, How BPEL and SOA are changing web services 2009. 1812 1734 development, IEEE Internet Computing 9 (3) (2005) 60–67. [57] . 1813 1735 [29] P. Spiess, S. Karnouskos, D. Guinard, D. Savio, O. Baecker, L. Souza, V. [58] . 1814 1736 Trifa, SOA-based integration of the internet of things in enterprise [59] Z. Shelby, ETSI M2M Standardization, March 16, 2009, . 1816 1738 July 2009. [60] Z. Shelby, News from the 75th IETF, August 3, 2009, . 1818 1740 Schmitt, Services to the field: an approach for resource constrained [61] G. Santucci, Internet of the future and internet of things: what is at 1819 1741 sensor/actor networks, in: Proceedings of WAINA’09, Bradford, stake and how are we getting prepared for them? in: eMatch’09 – 1820 1742 United Kingdom, May 2009. Future Internet Workshop, Oslo, Norway, September 2009. 1821 1743 [31] OASIS, Web Services Business Process Execution Language Version [62] Y.-W. Ma, C.-F. Lai, Y.-M. Huang, J.-L. Chen, Mobile RFID with IPv6 for 1822 1744 2.0, Working Draft, . 2009. 1824

Please cite this article in press as: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010 COMPNW 4247 No. of Pages 19, Model 3G 31 May 2010 L. Atzori et al. / Computer Networks xxx (2010) xxx–xxx 19

1825 [63] S.-D. Lee, M.-K. Shin, H.-J. Kim, EPC vs. IPv6 mapping mechanism, in: [91] G.V. Lioudakis, E.A. Koutsoloukas, N. Dellas, S. Kapellaki, G.N. 1902 1826 Proceedings of Ninth International Conference on Advanced Prezerakos, D.I. Kaklamani, I.S. Venieris, A proxy for privacy: the 1903 1827 Communication Technology, Phoenix Park, South Korea, February discreet box, in: EUROCON 2007, Warsaw, Poland, September 2007. 1904 1828 2007. [92] V. Mayer-Schönberger, Delete: The Virtue of Forgetting in the Digital 1905 1829 [64] D.G. Yoo, D.H. Lee, C.H. Seo, S.G. Choi, RFID networking mechanism Age, Princeton University Press, 2009. 1906 1830 using address management agent, in: Proceedings of NCM 2008, [93] C. Thompson, 25 Ideas for 2010: Digital Forgetting, Wired UK, 1907 1831 Gyeongju, South Korea, September 2008. November 2009. 1908 1832 [65] . [94] T. Koponen, M. Chawla, B.-G. Chun, A. Ermolinskiy, K.H. Kim, S. 1909 1833 [66] I.F. Akyildiz, J. Xie, S. Mohanty, A survey on mobility management in Shenker, I. Stoica, A data-oriented (and beyond) network 1910 1834 next generation All-IP based wireless systems, IEEE Wireless architecture, in: Proceedings of ACM SIGCOMM’07, Kyoto, Japan, 1911 1835 Communications Magazine 11 (4) (2004) 16–28. August 2007. 1912 1836 [67] C. Perkins, IP Mobility Support for IPv4, IETF RFC 3344, August 2002. [95] T. O’Reilly, J. Pahlka, The ‘Web Squared’ Era, Forbes, September 2009. 1913 1837 [68] M. Mealling, Auto-ID Object Name Service (ONS) v1.0, Auto-ID 1914 1838 Center Working Draft, August 2003. 1839 [69] V. Krylov, A. Logvinov, D. Ponomarev, EPC Object Code Mapping 1917 1840 Service Software Architecture: Web Approach, MERA Networks Luigi Atzori is assistant professor at the Uni- 1918 1841 Publications, 2008. versity of Cagliari (Italy) since 2000. His main 1842 [70] V. Cerf, Y. Dalal, C. Sunshine, Specification of Internet Transmission research topics of interest are in multimedia 1919 1843 Control Program, IETF RFC 675, December 1974. networking: error recovery and concealment, 1920 1844 [71] T. V Lakshman, U. Madhow, The performance of TCP/IP for networks IP Telephony, video streaming, network QoS 1921 1845 with high bandwidth-delay products and random loss, IEEE/ACM management. He has published more than 80 1922 1846 Transactions on Networking 5 (3) (1997) 336–350. journal articles and refereed conference 1923 1847 [72] I. Demirkol, F. Alagoz, H. Deliç, C. Ersoy, Wireless sensor networks for papers. He has been awarded a Fulbright 1924 1848 intrusion detection: packet traffic modeling, IEEE Communication Scholarship (11/2003–05/2004) to work on 1925 1849 Letters 10 (1) (2006) 22–24. video at the University of Arizona. He is editor 1926 1850 [73] D. Chen, P.K. Varshney, QoS support in wireless sensor networks: a for the ACM/Springer Wireless Networks 1927 1851 survey, in: Proceedings of International Conference on Wireless Journal and is involved in the organization of 1928 1852 Networks 2004, Las Vegas, NE, USA, June 2004. several International Conferences on Multimedia Networking. 1929 1853 [74] T. Van Landegem, H. Viswanathan, Anywhere, Anytime, Immersive 1854 Communications, Enriching Communications, vol. 2, No. 1, 2008, 19161916 1855 . 1856 [75] . 1930 1857 [76] Benetton to tag 15 million items, RFID Journal (March) (2003), 1858 . Antonio Iera is a Full Professor of Telecom- 1933 1859 [77] J. Bukley, From RFID to the internet of things: final report, in: munications at the University ‘‘Mediterranea” 1934 1860 European Commission Conference ‘‘From RFID to the Internet of of Reggio Calabria, Italy. He graduated in 1935 1861 Things”, Brussels, Belgium, March 2006. Computer Engineering at the University of 1936 1862 [78] L. Eschenauer, V.D. Gligor, A key-management scheme for Calabria in 1991; then he received a Master 1937 1863 distributed sensor networks, in: Proceedings of the Ninth ACM Diploma in Information Technology from 1938 1864 Conference on Computer and Communications Security, CEFRIEL/Politecnico di Milano and a Ph.D. 1939 1865 Washington, DC, USA, November 2002. degree from the University of Calabria. From 1940 1866 [79] R. Acharya, K. Asha, Data integrity and intrusion detection in 1941 1867 wireless sensor networks, in: Proceedings of IEEE ICON 2008, New 1994 to 1995 he has been with Siemens AG in 1868 Delhi, India, December 2008. Munich, Germany to participate to the RACE II 1942 1869 [80] T. Karygiannis, B. Eydt, G. Barber, L. Bunn, T. Phillips, Guidelines for ATDMA (Advanced TDMA Mobile Access) 1943 1870 Securing Radio Frequency Identification (RFID) Systems, NIST Special project under a CEC Fellowship Contract. 1944 1871 Publication 800-98, April 2007. Since 1997 he has been with the University Mediterranea, Reggio Cala- 1945 1872 [81] R. Kumar, E. Kohler, M. Srivastava, Harbor: software-based memory bria, where he currently holds the positions of scientific coordinator of 1946 1873 protection for sensor nodes, in: Proceedings of IPSN 2007, the local Research Units of the National Group of Telecommunications 194719321932 1874 Cambridge, MA, USA, April 2007. and Information Theory (GTTI) and of the National Inter-University 1948 1875 [82] H. Krawczyk, M. Bellare, R. Canetti, HMAC: Keyed-Hashing for Consortium for Telecommunications (CNIT), Director of the ARTS – Lab- 1949 1876 Message Authentication, IETF RFC 2104, February 1997. oratory for Advanced Research into Telecommunication Systems, and 1950 1877 [83] M. Feldhofer, S. Dominikus, J. Wolkerstorfer, Strong authentication Head of the Department DIMET. His research interests include: new 1951 1878 for RFID systems using AES algorithm, in: Proceedings of Workshop generation mobile and wireless systems, broadband satellite systems, 1952 1879 on Cryptographic Hardware and Embedded Systems, Cambridge, Internet of Things. Elevated to the IEEE Senior Member status in 2007. 1953 1880 MA, USA, August 2004. 1881 [84] B. Calmels, S. Canard, M. Girault, H. Sibert, Low-cost cryptography 1954 1882 for privacy in RFID systems, in: Proceedings of IFIP CARIDS 2006, 1883 Terragona, Spain, April 2006. Giacomo Morabito was born in Messina, 1957 1884 [85] L. Cranor, et al., The Platform for Privacy Preferences 1.1 (P3P1.1) Sicily (Italy) on March 16, 1972. He received 1958 1885 Specification, W3C Working Group Note, November 2006. the laurea degree in Electrical Engineering 1959 1886 [86] H. Chan, A. Perrig, Security and privacy in sensor networks, IEEE and the Ph.D. in Electrical, Computer and 1960 1887 Computer 36 (10) (2003) 103–105. Telecommunications Engineering from the 1961 1888 [87] J. Wickramasuriya, M. Datt, S. Mehrotra, N. Venkatasubramanian, Istituto di Informatica e Telecomunicazioni, 1962 1889 Privacy protecting data collection in media spaces, in: Proceedings of 1963 1890 ACM International Conference on Multimedia 2004, New York, NY, University of Catania, Catania (Italy), in 1996 1891 USA, October 2004. and 2000, respectively. From November 1999 1964 1892 [88] C.M. Medaglia, A. Serbanati, An overview of privacy and security to April 2001, he was with the Broadband and 1965 1893 issues in the internet of things, in: Proceedings of TIWDC 2009, Pula, Wireless Networking Laboratory of the Geor- 1966 1894 Italy, September 2009. gia Institute of Technology as a Research 1967 1895 [89] O. Savry, F. Vacherand, Security and privacy protection of contactless Engineer. Since April 2001 he is with the 1968 1896 devices, in: Proceedings of TIWDC 2009, Pula, Italy, September 2009. Dipartimento di Ingegneria Informatica e delleTelecomunicazioni of the 1969 1897 [90] O. Savry, F. Pebay-Peyroula, F. Dehmas, G. Robert, J. Reverdy, RFID University of Catania where he is currently Associate Professor. His 1970 1898 noisy reader: how to prevent from eavesdropping on the research interests focus on analysis and solutions for wireless networks. 197119561956 1899 communication? in: Proceedings of Workshop on Cryptographic 1900 Hardware and Embedded Systems 2007, Vienna, Austria, September 1972 1901 2007.

Please cite this article in press as: L. Atzori et al., The Internet of Things: A survey, Comput. Netw. (2010), doi:10.1016/ j.comnet.2010.05.010All in-text references underlined in blue are linked to publications on ResearchGate, letting you access and read them immediately.