Link-layer protocols often provide some basic security mechanisms to guarantee authentication of the client connecting to a specific network, and encrypt data by using symmetric keys such as AES. In most cases, authentication at the link layer is sufficient to guarantee a basic level of security. Nevertheless, pre-shared, well-known keys often used in LR-WPAN network stacks may be vulnerable to multiple kinds of attacks, and using a pre-shared key would give an attacker the opportunity to decipher any traffic that has been previously captured on the same link.

A device that takes part in an IoT-distributed system is required to implement a higher grade of security, especially in embedded devices not protecting the memory in any way, where any backdoor means that attackers can take control of the device, and retrieve all the sensitive information, such as private keys used for authentication and encryption in the communication with remote systems.

Transport Layer Security...