The Internet of Things (IoT) is the system defined by interconnecting highly heterogeneous networked entities. IoT networks follow a number of communication patterns such as: human-to-human (H2H), human-to-thing (H2T), thing-to-thing (T2T), or thing-to-things (T2Ts) . The IoT must handle as any developing domain security challenges. The solutions are highly dependent of the proposed architecture and design. Also, IoT security must handle the introduction of IPv6 and web services as fundamental building blocks for IoT applications.Taxonomy studies split the search for IoT security solutions in five module s- management, node security, security bootstraping, network security and application security cite{intro_chall} as follows: egin{itemize}item The security architecture refers to the system elements involved in the management of the security relationships.item The security model of a node describes how the security parameters, processes, and applications are managed.item Security bootstrapping denotes the process by which a thing securely joins the IoT at a given location and point in timeitem Network security describes the mechanisms applied within a network to ensure trusted operation of the IoT.item Application security guarantees that only trusted instances of an application running in the IoT can communicate with each otherend{itemize}We use in solution design these categories as a guideline, but we have to take in consideration a set of restrictions. IoT design face face tight resource-constraints: lossy and low-bandwidth channels, use of small packets (e.g., IEEE 802.15.4 supports 127-byte sized packets at the physical layer) may result in fragmentation of larger packets of security protocols cite{intro_hw}, scarce CPU and memory resources limit the use of resource-demanding crypto primitives, such as public-key cryptography as used in most Internet security standards. Another restriction that tight memory and processing constraints of nodes naturally alleviate resource exhaustion attack prevention (DOS resistance)  cite{intro_ddos}. The gap between Internet protocols and the IoT can easily be bridged with protocol translators at gateways, but they become major obstacles if end-to-end security measures between IoT devices and Internet hosts are used. Also, user tracking becomes a big issue as privacy invasion/stalking is easy to make (find out if user is home) and we have to take into account mobility of nodes in a dynamic network.The main security features offered by main players in IoT framework market are not yet shaped as complete packages :egin{itemize}item Z-Wave offers collision detection and overuses ACK messagesitem Thread: offers network key encryptionitem Zig-Bee: offers Symmetric Key exchange AES128, no routing, no certificates and no asymmetric encryptionitem ZigBee IP (2017): features 6LoWPAN, TLS v1.2, AES128,  DigiCert and PANend{itemize} Also  the main security solutions proposed by scientific literature are IKE/IPSec optimized for Mobile Environment (MOBIke), DTLS (TLS for IoT compressed header, PANA/EAP or HIP for authentication, use of certificates (Public Key Environment), use of Trust Systems exhaustively researched but not implemented as off-the-shelf solutions, SSH with Card Access and Access List Control frameworks (e.g ACL/RBAC/Kerberos).In order to find the best security solutions we propose the following division between IoT systems: centralized and fully decentralized and server-less. As long as you have a hierarchy and a set of master-slave relationships the previous stated solutions are available. However, in a fully decentralized environment other solutions are needed in order to fulfil security requirements. In this paper, we embark for the search for security solutions that can be applied to IoT networks that are fully decoupled from a central coordinator and propose our own certificate-based solution. We confirm it in a simulated environment using a tool for mobile node emulation. The Internet of Things (IoT) is the system defined by interconnecting highly heterogeneous networked entities. IoT networks follow a number of communication patterns such as: human-to-human (H2H), human-to-thing (H2T), thing-to-thing (T2T), or thing-to-things (T2Ts) . The IoT must handle as any developing domain security challenges. The solutions are highly dependent of the proposed architecture and design. Also, IoT security must handle the introduction of IPv6 and web services as fundamental building blocks for IoT applications.Taxonomy studies split the search for IoT security solutions in five module s- management, node security, security bootstraping, network security and application security cite{intro_chall} as follows: egin{itemize}item The security architecture refers to the system elements involved in the management of the security relationships.item The security model of a node describes how the security parameters, processes, and applications are managed.item Security bootstrapping denotes the process by which a thing securely joins the IoT at a given location and point in timeitem Network security describes the mechanisms applied within a network to ensure trusted operation of the IoT.item Application security guarantees that only trusted instances of an application running in the IoT can communicate with each otherend{itemize}We use in solution design these categories as a guideline, but we have to take in consideration a set of restrictions. IoT design face face tight resource-constraints: lossy and low-bandwidth channels, use of small packets (e.g., IEEE 802.15.4 supports 127-byte sized packets at the physical layer) may result in fragmentation of larger packets of security protocols cite{intro_hw}, scarce CPU and memory resources limit the use of resource-demanding crypto primitives, such as public-key cryptography as used in most Internet security standards. Another restriction that tight memory and processing constraints of nodes naturally alleviate resource exhaustion attack prevention (DOS resistance)  cite{intro_ddos}. The gap between Internet protocols and the IoT can easily be bridged with protocol translators at gateways, but they become major obstacles if end-to-end security measures between IoT devices and Internet hosts are used. Also, user tracking becomes a big issue as privacy invasion/stalking is easy to make (find out if user is home) and we have to take into account mobility of nodes in a dynamic network.The main security features offered by main players in IoT framework market are not yet shaped as complete packages :egin{itemize}item Z-Wave offers collision detection and overuses ACK messagesitem Thread: offers network key encryptionitem Zig-Bee: offers Symmetric Key exchange AES128, no routing, no certificates and no asymmetric encryptionitem ZigBee IP (2017): features 6LoWPAN, TLS v1.2, AES128,  DigiCert and PANend{itemize} Also  the main security solutions proposed by scientific literature are IKE/IPSec optimized for Mobile Environment (MOBIke), DTLS (TLS for IoT compressed header, PANA/EAP or HIP for authentication, use of certificates (Public Key Environment), use of Trust Systems exhaustively researched but not implemented as off-the-shelf solutions, SSH with Card Access and Access List Control frameworks (e.g ACL/RBAC/Kerberos).In order to find the best security solutions we propose the following division between IoT systems: centralized and fully decentralized and server-less. As long as you have a hierarchy and a set of master-slave relationships the previous stated solutions are available. However, in a fully decentralized environment other solutions are needed in order to fulfil security requirements. In this paper, we embark for the search for security solutions that can be applied to IoT networks that are fully decoupled from a central coordinator and propose our own certificate-based solution. We confirm it in a simulated environment using a tool for mobile node emulation. The distinctive features of ad hoc networks (MANETs), including dynamic topology and open wireless medium, may lead to MANETs suffering from many security vulnerabilities. Tang and Wei propose a trust management scheme cite{related_trust} that enhances the security in MANETs. In the proposed trust management scheme, the trust model has two components: trust from direct observation using Baesyan inference scheme and trust from indirect observation derived using the Dempster–Shafer theory . 6thSense is a context-aware intrusion detection system which enhances the security of smart devices by observing changes in sensor data for different tasks of users and creating a contextual model to distinguish benign and malicious behaviour of sensors. cite{related_sense} 6th Sense utilizes three different Machine Learning based detection mechanisms (i.e., Markov Chain, Naive Bayes,and LMT)to detect malicious behaviour associated with sensors.SmartAuth automatically collects security-relevant information from an IoT app’s description cite{related_auth_centered}, code and annotations and generates an authorization user interface to bridge the gap between the functionalities explained to the user and the operations the app actually performs. Through the interface, security policies can be generated and enforced by enhancing existing platforms.Demmler, Thomas Schneider and Michael Zohner cite{related_tokens} optimize and implement the secure computation protocol by Goldreich-MicaliWigderson (GMW) on mobile phones.  They extend the protocol by a trusted hardware token (i.e., a smart-card), develop and analyse a proof of-concept implementation of generic secure two-party computation on Android smart phones.A system for verifying in near real-time that a cryptographic client’s message sequence is consistent with its known implementation was implemented by Chi and Cochran cite{related_Crypto}. They accomplish this without knowing all of the client-side inputs driving its behaviour. The used tool-chain for verifying a client’s messages explores multiple candidate execution paths in the client concurrently, an innovation useful for aspects of certain cryptographic protocols such as message padding from TLS 1.3 .We tackle in this paper the problem of public-key distribution. We can summarize the issue in the following question: How can a user u obtain the authentic public key of another user v in the presence of an active attacker?We implement a solution presented by JP Hubaux based on public key certificates. cite{certs_quest} A public-key certificate acknowledges the identity of the issuer of the certificate. When user u wants to obtain the authentic public key of user v, it acquires a chain of public-key certificate such that leads to the public key of u. We use a public-key distribution system suitable for self-organized mobile ad-hoc networks in which  public-key certificates are issued by the users. We do not rely on certificate directories for the distribution of certificates, users store and distribute certificates. Each user has maintains a certificate repository that contains a set of certificates selected by the user according to an algorithm. When user u wants to obtain the public key of user v, they merge their local certificate repositories, and u tries to find an appropriate certificate chain from u to v in the merged repository.In our public-key distribution system, each user maintains a local repository of public-key certificates. This repository has two parts. First, each userstores the certificates that she issued. This is needed in order to store all the certificates issued in the system in a decentralized way. Second, each user stores a set of selected certificates issued by other users in the system. In terms of our model, this means that each user u stores the outgoing edges (with the corresponding vertices) from vertex u and an additional set of selected edges (with the corresponding vertices) of the trust graph. We refer to the set of selected edges (and vertices) as the sub-graph that belongs to u. When user u wants to verify the public key of user v, u and v merge their repositories of selected certi cates, and u tries to fi nd an appropriate certificate chain from u to v in the merged repository. In the model, u and v merge their sub-graphs, and u tries to nd a path from vertex u to vertex v in the merged sub graph. An example is shown in Figure.The algorithm selects a sub graph that consists of two logically distinct parts: an out-bound and an in-bound path. The paths are selected in multiple rounds. When selecting the out-bound path of user u, the algorithm starts from vertex u, and in each round, it selects an outgoing edge (with its terminating vertex) that belongs to the last selected vertex. In practice, this means that u must ask the user of the last selected vertex for a list of her outgoing edges. This list can easily be provided, because each user stores her outgoing edges. The selection of the in-bound path of u is similar: thealgorithm starts from vertex u, and in each round, it selects an incoming edge (with its originating vertex) that belongs to the last selected vertex. In order to make this possible, each user must also know about her incoming edges. For this reason, our algorithm requires that each user is notified whenever another user issues a certificate to her.includegraphics{algo.jpg}We implement this algorithm in MobEmu emulator. The emulator is designed to parse the data traces with schema conforming to CRAWDAD well-known formats. It further performs various actions at every given time interval, depending on the structure of the traces. As such, the emulators is capable to compute and report results on: total contacts per node, number of encounters with external or internal nodes and contact durations. MobEmu is implemented in Java and each participant is assigned a corresponding Node object; each Node is attributed with a unique ID, as well as with all other tracing information(battery statistics, load, frequency, etc.). Right after an interaction, a Contact object is created containing the unique IDs of the peers, the time stamp and the duration of the contact.We do so by initializing each node with a new certificate object defined as a class holding three parameters: a hash, the signer’s hash and a list of hashes that were signed by the node. We also embed in the node encounter procedure a merge method that links the two certificate graphs and find the shortest path between two opposed vertices. We import from github a project that implements the Hunter Algorithm for building each node certificate chain.