The communication layer.item Application security guarantees an encapsulation

The Internet of Things (IoT) is the system defined by interconnecting highly heterogeneous networked entities. IoT networks follow a number of communication patterns depending on the nature of the nodes: a node can be either considered a human or a thing and a communication might be 1-to-1, 1-to-n or n-to-n. The IoT must handle as any developing domain security challenges. The solutions are highly dependent of the proposed architecture and design. Also, IoT security must handle the heavy usage of IPv6 technology and the web requirements.Taxonomy studies split the search for IoT security solutions in five module – management, node security, security bootstraping, network security and application security cite{intro_chall} as follows: egin{itemize}item The security architecture manages the security relationships and connections.item The security model of a node does an evaluation of parameters and how the SO manages the applications or the processes.item Security bootstrapping it is the the process that connects two nodes together and authenticate them.item Network security describes the mechanisms developed to the communication layer.item Application security guarantees an encapsulation of the applications so that only trusted users can have access to their data.end{itemize}We use in solution design these categories as a guideline, but we have to take in consideration a set of restrictions. IoT design face face tight resource-constraints: lossy and low-bandwidth channels, use of small packets (e.g., IEEE 802.15.4 supports 127-byte sized packets at the physical layer) may result in fragmentation of larger packets of security protocols cite{intro_hw}, scarce CPU and memory resources limit the use of resource-demanding crypto primitives, such as public-key cryptography as used in most Internet security standards. Another restriction that tight memory and processing constraints of nodes naturally alleviate resource exhaustion attack prevention (DOS resistance)  cite{intro_ddos}. The gap between Internet protocols and the IoT can easily be bridged with protocol translators at gateways, but they become major obstacles if end-to-end security measures between IoT devices and Internet hosts are used. Also, user tracking becomes a big issue as privacy invasion/stalking is easy to make (find out if user is home) and we have to take into account mobility of nodes in a dynamic network.The main security features offered by main players in IoT framework market are not yet shaped as complete packages :egin{itemize}item Z-Wave offers collision detection and overuses ACK messagesitem Thread: offers network key encryptionitem Zig-Bee: offers Symmetric Key exchange AES128, no routing, no certificates and no asymmetric encryptionitem ZigBee IP (2017): features 6LoWPAN, TLS v1.2, AES128,  DigiCert and PANend{itemize} Also, the main security solutions proposed by scientific literature are IKE/IPSec optimized for Mobile Environment (MOBIke), DTLS (TLS for IoT compressed header, PANA/EAP or HIP for authentication, use of certificates (Public Key Environment), use of Trust Systems exhaustively researched but not implemented as off-the-shelf solutions, SSH with Card Access and Access List Control frameworks (e.g ACL/RBAC/Kerberos).In order to find the best security solutions we propose the following division between IoT systems: centralized, fully decentralized and server-less. As long as you have a hierarchy and a set of master-slave relationships the previous stated solutions are available. However, in a fully decentralized environment other solutions are needed in order to fulfil security requirements. In this paper, we embark for the search for security solutions that can be applied to IoT networks that are fully decoupled from a central coordinator and propose our own certificate-based solution. We confirm it in a simulated environment using a tool for mobile node emulation.