One challenge in Internet of Things (IoT) networks is consistent security capabilities across a heterogeneous IoT network. IoT devices typically have security capabilities represented in various layers including security resources in the application layer, channel encryption in a session layer, multi-cast, broadcast and unicast encryption in the transport layer, algorithm types, key types and data structure encoding schemes such as distinguished encoding rules (DER), basic encoding rules (BER), concise binary object representation (CBOR), JavaScript object notation (JSON), extensible markup language (XML), etc. All these parameters and more affect security interoperability outcomes.
In IoT frameworks such as in a framework of the Open Interconnect Consortium (OIC), messages and resources may be exchanged between devices when all of the conditions of security interoperability are met. While consortiums and interoperability testing events may use industry standards to agree on interoperability requirements, areas of ambiguity nevertheless remain. For example, for a device to communicate with a less capable device a certain set of application layer, session layer or transport layer resources and protocols may be required, while for a second device a different set of these items may be required.
IoT devices are often implemented in constrained environments with limited memory, storage and compute power. Device manufacturers often remove as much functionality as possible to reduce cost, resulting in devices that may only be accessed using the choices prescribed at manufacturing. Still other less constrained devices may include more features to broaden connectivity options. Therefore, even standards-compliant IoT systems may have areas of interoperability gaps, including security interoperability gaps.