%% You should probably cite draft-mattsson-core-coap-attacks instead of this I-D. @techreport{mattsson-core-coap-actuators-06, number = {draft-mattsson-core-coap-actuators-06}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-mattsson-core-coap-actuators/06/}, author = {John Preuß Mattsson and John Fornehed and Göran Selander and Francesca Palombini and Christian Amsüss}, title = {{Controlling Actuators with CoAP}}, pagetotal = 18, year = 2018, month = sep, day = 17, abstract = {Being able to trust information from sensors and to securely control actuators are essential in a world of connected and networking things interacting with the physical world. In this memo we show that just using COAP with a security protocol like DTLS, TLS, or OSCORE is not enough. We describe several serious attacks any on-path attacker can do, and discusses tougher requirements and mechanisms to mitigate the attacks. While this document is focused on actuators, some of the attacks apply equally well to sensors.}, }