Security of Web of Things: A Survey (Short Paper)

  • Wei XieEmail author
  • Yong Tang
  • Shuhui Chen
  • Yi Zhang
  • Yuanming Gao
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9836)


Web of Things (WoT) is the most promising application model of Internet of Things (IoT). Current IoT systems urgently need extendibility and loose coupling, which are easily provided by WoT. However, some concerns about WoT security have been raised by academic researchers as well as industrial engineers. This paper provides a review of WoT literature especially on security issues. Moreover, this paper proposes an architecture that regards smart gateways as ideal devices to achieve WoT security. Smart gateways are classified into five types, and security functions are suggested for each type.


Web of things Security Architecture Smart gateway 



This work is partially supported by the National Natural Science Foundation of China under Grant nos. 61379148 and 61472437.


  1. 1.
    Leiba, B.: OAuth web authorization protocol. Internet Comput. IEEE 16, 74–77 (2012)CrossRefGoogle Scholar
  2. 2.
    Duquennoy, S., Grimaud, G., Vandewalle, J.J.: The Web of Things: interconnecting devices with high usability and performance. In: International Conference on Embedded Software and Systems, 2009, ICESS 2009, pp. 323–330 (2009)Google Scholar
  3. 3.
    Castro, M., Jara, A.J., Skarmeta, A.F.: Enabling end-to-end CoAP-based communications for the Web of Things. J. Netw. Comput. Appl. 59, 230–236 (2016)CrossRefGoogle Scholar
  4. 4.
    Bormann, C., Castellani, A.P., Shelby, Z.: CoAP: an application protocol for billions of tiny internet nodes. IEEE Internet Comput. 16, 62–67 (2012)CrossRefGoogle Scholar
  5. 5.
    Levä, T., Mazhelis, O., Suomi, H.: Comparing the cost-efficiency of CoAP and HTTP in Web of Things applications. Decis. Support Syst. 63, 23–38 (2014)CrossRefGoogle Scholar
  6. 6.
    Guinard, D., Trifa, V.: Towards the web of things: Web mashups for embedded devices. In: Workshop on Mashups, Enterprise Mashups and Lightweight Composition on the Web (MEM 2009), in proceedings of WWW (International World Wide Web Conferences), Madrid, Spain, p. 15 (2009)Google Scholar
  7. 7.
    Guinard, D., Trifa, V., Pham, T., Liechti, O.: Towards physical mashups in the web of things. In: 2009 Sixth International Conference on Networked Sensing Systems (INSS), pp. 1–4. IEEE (2009)Google Scholar
  8. 8.
    Fielding, R.: Representational state transfer. In: Architectural Styles and the Design of Network-based Software Architecture, pp. 76–85 (2000)Google Scholar
  9. 9.
    Guinard, D., Trifa, V., Karnouskos, S., Spiess, P., Savio, D.: Interacting with the SOA-based internet of things: Discovery, query, selection, and on-demand provisioning of web services. IEEE Trans. Serv. Comput. 3, 223–235 (2010)CrossRefGoogle Scholar
  10. 10.
    Stirbu, V.: Towards a restful plug and play experience in the web of things. In: 2008 IEEE International Conference on Semantic Computing, pp. 512–517. IEEE (2008)Google Scholar
  11. 11.
    Pfisterer, D., Römer, K., Bimschas, D., Kleine, O., Mietz, R., Truong, C., Hasemann, H., Kröller, A., Pagel, M., Hauswirth, M.: SPITFIRE: toward a semantic web of things. IEEE Commun. Mag. 49, 40–48 (2011)CrossRefGoogle Scholar
  12. 12.
    Scioscia, F., Ruta, M.: Building a Semantic Web of Things: issues and perspectives in information compression. In: 2009 IEEE International Conference on Semantic Computing, pp. 589–594. IEEE (2009)Google Scholar
  13. 13.
    Ruta, M., Scioscia, F., Di Sciascio, E.: Enabling the semantic Web of Things: framework and architecture. In: 2012 IEEE Sixth International Conference on Semantic Computing, pp. 345–347. IEEE (2012)Google Scholar
  14. 14.
    Guinard, D., Fischer, M., Trifa, V.: Sharing using social networks in a composable web of things. In: 2010 8th IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 702–707. IEEE (2010)Google Scholar
  15. 15.
    Cheng, C., Zhang, C., Qiu, X., Ji, Y.: The Social Web of Things (SWoT)-structuring an integrated social network for human, things and services. J. Comput. 9, 345–352 (2014)Google Scholar
  16. 16.
    Guinard, D., Trifa, V., Wilde, E.: A resource oriented architecture for the web of things. In: Internet of Things (IOT), 2010, pp. 1–8. IEEE (2010)Google Scholar
  17. 17.
    Dillon, T.S., Zhuge, H., Wu, C., Singh, J., Chang, E.: Web-of-things framework for cyber–physical systems. Concurrency Comput. Pract. Exp. 23, 905–923 (2011)CrossRefGoogle Scholar
  18. 18.
    Lee, E.A.: Cyber physical systems: design challenges. In: 2008 11th IEEE International Symposium on Object Oriented Real-Time Distributed Computing (ISORC), pp. 363–369. IEEE (2008)Google Scholar
  19. 19.
    Ostermaier, B., Schlup, F., Romer, K.: Webplug: a framework for the web of things. In: 2010 8th IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 690–695. IEEE (2010)Google Scholar
  20. 20.
    Chen, Y., Xu, M., Gu, Y., Li, P., Shi, L., Xiao, X.: Empirical study on spatial and temporal features for vehicular wireless communications. EURASIP J. Wireless Commun. Netw. 2014, 1–12 (2014)CrossRefGoogle Scholar
  21. 21.
    Lv, P., Wang, X., Xue, X., Xu, M.: SWIMMING: seamless and efficient WiFi-based internet access from moving vehicles. IEEE Trans. Mob. Comput. 14, 1085–1097 (2015)CrossRefGoogle Scholar
  22. 22.
    Lu, X., Dong, D., Liao, X., Li, S., Liu, X.: PathZip: a lightweight scheme for tracing packet path in wireless sensor networks. Comput. Netw. 73, 1–14 (2014)CrossRefGoogle Scholar
  23. 23.
    Guinard, D., Trifa, V., Mattern, F., Wilde, E.: From the internet of things to the web of things: resource-oriented architecture and best practices. In: Architecting the Internet of Things, pp. 97–129. Springer (2011)Google Scholar
  24. 24.
    Guinard, D., Floerkemeier, C., Sarma, S.: Cloud computing, REST and mashups to simplify RFID application development and deployment. In: Proceedings of the Second International Workshop on Web of Things, p. 9. ACM (2011)Google Scholar
  25. 25.
    Bröring, A., Remke, A., Lasnia, D.: SenseBox – a generic sensor platform for the web of things. In: Puiatti, A., Gu, T. (eds.) MobiQuitous 2011. LNICST, vol. 104, pp. 186–196. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  26. 26.
    Turner, S.: Transport layer security. IEEE Internet Comput. 18(6), 60–63 (2014)CrossRefGoogle Scholar
  27. 27.
    Rescorla, E., Modadugu, N.: Datagram transport layer security, RFC 4347, in progress, IETF draft-rescorla-dtls-04 5246 (2006)Google Scholar
  28. 28.
    Raza, S., Shafagh, H., Hewage, K., Hummen, R., Voigt, T.: Lithe: Lightweight secure CoAP for the internet of things. Sens. J. IEEE 13, 3711–3720 (2013)CrossRefGoogle Scholar
  29. 29.
    Kushalnagar, N., Montenegro, G., Schumacher, C.: IPv6 over low-power wireless personal area networks (6LoWPANs): overview, assumptions, problem statement, and goals. RFC 4919 (Informational), Internet Engineering Task Force (2007)Google Scholar
  30. 30.
    Hummen, R., Ziegeldorf, J.H., Shafagh, H., Raza, S., Wehrle, K.: Towards viable certificate-based authentication for the internet of things. In: Proceedings of the 2nd ACM workshop on Hot topics on wireless network security and privacy, pp. 37–42. ACM (2013)Google Scholar
  31. 31.
    Heuer, J., Hund, J., Pfaff, O.: Toward the web of things: applying web technologies to the physical world. Computer 48(5), 34–42 (2015)CrossRefGoogle Scholar
  32. 32.
    Gerdes, S., Bergmann, O., Bormann, C.: Delegated CoAP authentication and authorization framework (DCAF). Laryngoscope 108, 679–682 (1998)CrossRefGoogle Scholar
  33. 33.
    Oh, S.W., Kim, H.S.: Decentralized access permission control using resource-oriented architecture for the Web of Things. In: 2014 16th International Conference on Advanced Communication Technology (ICACT), pp. 749–753. IEEE (2014)Google Scholar
  34. 34.
    Jindou, J., Xiaofeng, Q., Cheng, C.: Access control method for web of things based on role and SNS. In: 2012 IEEE 12th International Conference on Computer and Information Technology (CIT), pp. 316–321. IEEE (2012)Google Scholar
  35. 35.
    Bai, G., Yan, L., Gu, L., Guo, Y., Chen, X.: Context-aware usage control for web of things. Secur. Commun. Netw. 7, 2696–2712 (2014)CrossRefGoogle Scholar
  36. 36.
    Barka, E., Mathew, S.S., Atif, Y.: Securing the web of things with role-based access control. In: El Hajji, S., Nitaj, A., Carlet, C., Souidi, E.M. (eds.) C2SI 2015. LNCS, vol. 9084, pp. 14–26. Springer, Heidelberg (2015)Google Scholar
  37. 37.
    Raggett, D.: The web of things: challenges and opportunities. Computer 48, 26–32 (2015)CrossRefGoogle Scholar
  38. 38.
    Cheng, C., Zhang, C., Qiu, X.: A security-enhanced discovery model for WoT system based on reputation. Adv. Inf. Sci. Serv. Sci. 4, 434–442 (2012)Google Scholar
  39. 39.
    Chang, E., Dillon, T.: Trust, reputation, and risk in cyber physical systems. In: Papadopoulos, H., Andreou, A.S., Iliadis, L., Maglogiannis, I. (eds.) AIAI 2013. IFIP AICT, vol. 412, pp. 1–9. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  40. 40.
    Baronti, P., Pillai, P., Chook, V.W., Chessa, S., Gotta, A., Hu, Y.F.: Wireless sensor networks: survey on the state of the art and the 802.15. 4 and ZigBee standards. Comput. Commun. 30, 1655–1695 (2007)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Wei Xie
    • 1
    Email author
  • Yong Tang
    • 1
  • Shuhui Chen
    • 1
  • Yi Zhang
    • 1
  • Yuanming Gao
    • 1
  1. 1.College of ComputerNational University of Defense TechnologyChangshaChina

Personalised recommendations