15.4  standard, which uses IP version 6 over Low power Wireless Personal Area Networks (6LoWPAN)  to integrate IP version 6 (IPv6)-based connectivity in constrained devices.In certain cases, the nodes that form these networks may require Internet connectivity through a border router (e.g., a sensor sending a measurement to a central server on the Internet), which, in turn, may need to authenticate the node to provide network connectivity. This is typically performed through an authentication process carried out using an existing authentication, authorization and accounting (AAA) server deployed in some Internet organizations. As depicted in Figure 1, node number 1 is able to send information to the Internet through the gateway, as it is an authenticated node.
In the same way, this node could also send data to another authenticated node within the constrained network. In contrast, node 3 is not authenticated, and node 2 (authenticated) does not allow it to send any traffic to either the multi-hop network or the Internet.Figure 1.Network connectivity and access control.In particular, the Extensible Authentication Protocol (EAP)  is widely used to provide flexible authentication involving AAA infrastructures. With the use of EAP and AAA and thanks to some initial pre-established credentials, a successful authentication and authorization process can provide cryptographic material and configuration parameters to different network layers with a single authentication. This enables secure access to the Internet. This general process is typically known as bootstrapping.
However, this aspect has been an open issue until now for multi-hop networks, mainly due to a lack of a network access authentication protocol that operates at any link layer of multi-hop networks and supports AAA inter-working.To carry out this type Entinostat of operation, it is recommended to use a protocol that operates on top of IP to transport EAP between a node and the border router through several relay nodes (hops). There are two standardized protocols to transport EAP in these conditions: the Protocol for Carrying Authentication for Network Access (PANA)  and Internet Key Exchange v2 (IKEv2) . As analyzed in , PANA represents a lighter option to transport EAP, which is an important feature, considering the constrained resources of theses small devices.
Furthermore, PANA has been designed to perform network access control, while the purpose of IKEv2 is to establish IPSec security associations. Indeed, PANA has been chosen as the protocol to carry out network access authentication and is being adopted by ZigBee IP  and European Telecommunications Standards Institute (ETSI) Machine-to-Machine (M2M) .In this paper, we present, to the best of our knowledge, the first attempt to analyze and explore the usage of PANA in real constrained devices (i.e., Internet of Things (IoT) devices).