Delegation-based authentication and authorization for the IP-based Internet of Things

Hummen, René; Shafagh, Hossein; Raza, Shahid; Voigt, Thiemo; Wehrle, Klaus

doi:10.1109/sahcn.2014.6990364

Cited by 113 publications

(70 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Additionally, analyzes exist that investigate the technical challenges and limitations of the IP-based IoT [8,9], though the aspect of involving the user in the security of the connection between IoT devices is not considered. To our knowledge there is no known approach to involve the user in the wireless network security, particularly not for IoT devices.…”

Section: Related Workmentioning

confidence: 99%

MoDeNA: Enhancing User Security for Devices in Wireless Personal and Local Area Networks

Müller

Waldvogel

Schmitt

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Today most used devices are connected with each other building the Internet of Things (IoT). A variety of protocols are used depending on the underlying network infrastructure, application (e.g., Smart City, eHealth), and device capability. The judgment of the security feeling of the data sharing depends on personal settings (e.g., easy to use, encrypted transmission, anonymization support). MoDeNA -a Mobile Device Network Assistant -was developed offering an opportunity for understanding the judgment of security by bringing the user's concerns and their technology understanding of used devices and protocols into relation. MoDeNA provides a transparent overview over the used wireless security of the user's device giving concrete advices for improving the connection security and usability of mobile device security.

show abstract

Section: Related Workmentioning

confidence: 99%

MoDeNA: Enhancing User Security for Devices in Wireless Personal and Local Area Networks

Müller

Waldvogel

Schmitt

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Previously, solutions have been developed to protect communication between resource-constrained IoT by using lightweight IPsec [18], DTLS [17] [19], and link-layer security [18]. In addition to the communication security, network security in the IoT is also provided using an intrusion detection system [20], and an efficient solution to protect stored data inside a resource constrained node is also proposed [21].…”

Section: Related Workmentioning

confidence: 99%

S3K: Scalable Security With Symmetric Keys—DTLS Key Establishment for the Internet of Things

Raza¹,

Seitz²,

Sitenkov³

et al. 2016

IEEE Trans. Automat. Sci. Eng.

Self Cite

View full text Add to dashboard Cite

Abstract-DTLS is becoming the de facto standard for communication security in the Internet of Things. In order to run the DTLS protocol one needs to establish keys between the communicating devices. The default method of key establishment requires X.509 certificates and a Public Key Infrastructure, an approach which is often too resource consuming for small IoT devices. DTLS also supports the use of pre-shared keys and raw public keys. These modes are more lightweight, but they are not scalable to a large number of devices.We present Scalable Security with Symmetric Keys (S3K), a key management architecture for the resource constrained Internet of Things. S3K provides a flexible and scalable way of establishing keys between resource constrained IoT devices. S3K enables devices that have no previous, direct security relation to use DTLS with either pre-shared symmetric keys or raw public keys established and authorized during the DTLS handshake. We implement S3K in the Contiki OS and evaluate it on real IoT hardware. Our evaluation shows that S3K is feasible in constrained environment and at the same time scalable to a large number of devices.Note to Practitioners: Key management is one of the hardest problems in cyber security. It is even more challenging in the Internet of IoT considering that most things are resourceconstrained. Therefore, IoT devices either end-up using the symmetric cryptography with pre-shared key mode or asymmetric cryptography with raw public keys (RPK) mode. These modes either require a pre-provisioning of all expected trusted clients in individual nodes before deployment or requires outof-band validation of RPKs. Also, if the number of clients that a node would communicate with varies dynamically, this would demand frequent re-provisioning of each trusted client to the individual nodes. The approach based on preprovisioning and re-provisioning of trusted keys is certainly not scalable and requires a continuous management of security policies. We therefore propose a solution that is scalable and does not require pre-provisioning or re-provisioning the individual nodes with keys for all future trusted clients. The basic approach is to establish shared keys between resource servers and a trust anchor. When a client wants to establish a trust relationship with a resource server it requests a key from a trust anchor. The trust anchor asserts a secret key or a public key of the client that can be conveyed to the resource server.

show abstract

“…In order to mitigate DoS attacks, todays servers offload the corresponding security context toward clients. In [2], we introduce a constrained-device-friendly session resumption method that allows for offloading the security context towards the more powerful end-point.…”

Section: Framework Designmentioning

confidence: 99%

“…Traditionally, PKC has been considered not feasible for constrained devices [3]. Existing ECC libraries for constrained devices require few KBytes 2 Certificate Transparency (RFC 6962), http://www.certificatetransparency.org, log trace with 2.8 million entries retrieved at October 17, 2013 of static RAM and in order of 10 KBytes of ROM. Given that PKC is used only at session establishments, dedicating memory space during the whole life cycle of a smart device for PKC means less memory space for applications.…”

Section: Framework Designmentioning

confidence: 99%

Poster Abstract: Security Comes First, a Public-key Cryptography Framework for the Internet of Things

Shafagh

Hithnawi

2014

2014 IEEE International Conference on Distributed Computing in Sensor Systems

Self Cite

View full text Add to dashboard Cite

Abstract-Novel Internet services are emerging around an increasing number of sensors and actuators in our surroundings, commonly referred to as smart devices. Smart devices, which form the backbone of the Internet of Things (IoT), enable alternative forms of user experience by means of automation, convenience, and efficiency. At the same time new security and safety issues arise, given the Internet-connectivity and the interaction possibility of smart devices with human's proximate living space. Hence, security is a fundamental requirement of the IoT design. In order to remain interoperable with the existing infrastructure, we postulate a security framework compatible to standard IP-based security solutions, yet optimized to meet the constraints of the IoT ecosystem. In this ongoing work, we first identify necessary components of an interoperable secure End-to-End communication while incorporating Public-key Cryptography (PKC). To this end, we tackle involved computational and communication overheads. The required components on the hardware side are the affordable hardware acceleration engines for cryptographic operations and on the software side header compression and long-lasting secure sessions. In future work, we focus on integration of these components into a framework and the evaluation of an early prototype of this framework.

show abstract

Delegation-based authentication and authorization for the IP-based Internet of Things

Cited by 113 publications

References 23 publications

MoDeNA: Enhancing User Security for Devices in Wireless Personal and Local Area Networks

MoDeNA: Enhancing User Security for Devices in Wireless Personal and Local Area Networks

S3K: Scalable Security With Symmetric Keys—DTLS Key Establishment for the Internet of Things

Poster Abstract: Security Comes First, a Public-key Cryptography Framework for the Internet of Things

Contact Info

Product

Resources

About