The Internet of Things (IoT) [1] faces challenges [2] to enable scalable, safe and secure systems, possibly with resource constraints. Since the IoT interacts with humans, machines and environments, failures in the IoT can lead to very serious consequences. This fact makes safety of the IoT particularly important. Safety extends to security in the sense that security guarantees (e.g., protection from intrusion or unauthorized access) can help prevent an adversary from damaging safety. Safety measures such as Airbus flight envelope protection [3], which prohibits pilots from performing risky maneuvers, can help prevent a successful intruder from doing damage. The security of the traditional Internet has been enhanced by well-developed security measures such as the SSL/TLS (Secure Socket Layer / Transport Layer Security) protocol suites1. However, the IoT has unique characteristics that distinguish it from the traditional Internet, and these characteristics lead to special requirements for a secure network architecture of the IoT. Widely used network security measures do not adapt oneto-one to the IoT because of these special requirements. For example, IoT components including electric vehicles (EVs) and EV charging infrastructure in Fig. 1 are considered safety-critical. Unlike servers in data centers, EVs and EV charging stations are physically accessible not only by valid users but also by potential adversaries. This leads to the increased number of physical points of access, thus, there can be a higher risk of being subverted. Therefore, the secure network architecture for the IoT must have ways to revoke authorization of the devices within a short amount of time to limit the damage when they are under control of adversaries. In addition, mobile phones or EVs can migrate from one network to another, possibly making network connection unstable. There are also IoT devices with constrained resources and the number of IoT devices is expected to grow rapidly. Therefore, the secure network architecture should work well with unstable connection and resource-constrained devices at a great scale. However, with security measures such as TLS based on certificates provided by certificate authorities, it will be very difficult to have control over authorization of a huge number of devices, possibly with resource constraints. We also claim that the secure network architecture for the IoT should be able to provide security guarantees at a comparable level as TLS, at least for some devices, for safety. Therefore, it is not enough to simply adapt lightweight security solutions for wireless sensor networks (WSNs) that make tradeoffs in terms of security guarantees.