The Internet of Things envisages connecting all physical objects or things to the Internet, using devices as diverse as smartphones, coffee makers, washing machines, automobiles, lamps, and wearable devices, among many others. The explosive growth of Internet-connected sensing and actuating devices has bridged the gap between the physical and the digital world, with new solutions bringing benefits to people, processes, and businesses. However, security will be a major challenge in enabling most of such applications. The lack of secure links exposes data exchanged by devices to theft and attacks, with hackers already showing a keen interest in this area. Secure communication in the IoT will require a multifaceted approach, in particular, targeting aspects as relevant as the communications' protocols and data that need to be secured. One of the major aspects among these is how keys are bootstrapped in devices, for the purpose of supporting secure communications. In this paper, we survey the state of the art in key bootstrapping protocols based on public-key cryptography in the Internet of Things. Due to its inherent scalability, such protocols are particularly relevant for the implementation of distributed identity and trust management mechanisms on the IoT, in the context of which devices may be authenticated and trusted. The reviewed proposals are analyzed and classified on the basis of the key delivery method, the underlying cryptographic primitive, and the authentication mechanism supported. We also identify and discuss the main challenges of implementing such methods in the context of IoT applications and devices, together with the main avenues for conducting further research in the area.
