Internet of Things (IoT) is becoming the largest computing platform [1]. With recent developed applications such as Smart Transportation [2], Smart City [3], Smart House [4], and Smart Grid [5], IoT technologies are significantly changing our life style [6, 7]. The pervasive interconnection of smart IoT things which are physically distributed extends the computation and communication to IoT things with various specifications. Sensing capability of these devices helps collect real-time data from the physical world directly or remotely. The analysis of the collected data provides us the ability of building an intelligent world and making better decisions to manage it. IoT devices are becoming pervasive and they extend the Cyber world to the physical world, which creates new types of and more complex security issues and concerns. If those security concerns cannot be adequately addressed, wider adoption of IoT applications will be greatly hindered. For example, considering two of the typical application domains of IoT, i.e., Smart Home and Smart Healthcare, it is essential to protect the sensitive information moving around the system and the critical assets in the system [8, 9, 10]. The characteristics of the IoT devices, however, make the security design in IoT more challenging than before. These characteristics include extremely large scale, low cost design, resource constraints, device heterogeneity, preference of functions over security, higher privacy requirements, and harder trust managements. To be more specific, resource constraints often include limited computation power, energy supply, and memory capacity. These features make it difficult to apply many traditional security solutions to IoT, including the widely used public key scheme and IP-based security solution. Due to insufficient IoT security design, it is often easier to compromise IoT devices than conventional computers. For example, Forbes.com reports a successful hack into a baby monitor in Houston area [11]. Someone also demonstrated how to hack and remotely control 25 and stop a Jeep car on the road when the driver is in operation [12]. It is also reported by CNN Money that hackers have found volatilities in most smart home devices [13], including Smart Plugs [14, 15], Smart Cameras [16, 17], DVRs [18] as well as vulnerabilities revealed by researchers [19, 20, 21, 22, 23, 24, 25].