Object Security for Constrained RESTful Environments (OSCORE)

The Internet of Things (IoT) brings plenty of opportunities to enhance society’s activities, from improving a factory’s production chain to facilitating people’s household tasks. However, it has also brought new security breaches, compromising privacy and authenticity. IoT devices are vulnerable to being accessed from the Internet; they lack sufficient resources to face cyber-attack threats. Keeping a balance between access control and the devices’ resource consumption has become one of the highest priorities of IoT research. In this paper, we evaluate an access control architecture based on the IAACaaS (IoT application-Scoped Access Control as a Service) model with the aim of protecting IoT devices that communicate using the Publish/Subscribe pattern. IAACaaS is based on the OAuth 2.0 authorization framework, which externalizes the identity and access control infrastructure of applications. In our evaluation, we implement the model using FIWARE Generic Enablers and deploy them for a smart buildings use case with a wireless communication. Then, we compare the performance of two different approaches in the data-sharing between sensors and the Publish/Subscribe broker, using Constrained Application Protocol (CoAP) and Hypertext Transfer Protocol (HTTP) protocols. We conclude that the integration of Publish/Subscribe IoT deployments with IAACaaS adds an extra layer of security and access control without compromising the system’s performance.

Section: Discussionmentioning

confidence: 99%

Evaluation of an IoT Application-Scoped Access Control Model over a Publish/Subscribe Architecture Based on FIWARE

García-Pozo

Alonso

Salvachúa

2020

“…Furthermore, specific work has been recently done on Datagram TLS (DTLS) for constrained environments [ 54 ], as in fact DTLS is the default security protocol for the Constrained Application Protocol (CoAP), a lightweight application-layer protocol that has been designed for constrained devices and is therefore a good candidate for BLE devices [ 37 ]. Object security is another recent approach being developed for securing application-layer payloads (i.e., end-to-end) [ 55 ], which may be suitable for BLE mesh networks as well. Non-IP-based BLE mesh networks will need to develop end-to-end security functionality that might be equivalent to the approaches described.…”

Section: Discussion and Open Issuesmentioning

confidence: 99%

Bluetooth Low Energy Mesh Networks: A Survey

Darroudi

Gómez

2017

128

Bluetooth Low Energy (BLE) has gained significant momentum. However, the original design of BLE focused on star topology networking, which limits network coverage range and precludes end-to-end path diversity. In contrast, other competing technologies overcome such constraints by supporting the mesh network topology. For these reasons, academia, industry, and standards development organizations have been designing solutions to enable BLE mesh networks. Nevertheless, the literature lacks a consolidated view on this emerging area. This paper comprehensively surveys state of the art BLE mesh networking. We first provide a taxonomy of BLE mesh network solutions. We then review the solutions, describing the variety of approaches that leverage existing BLE functionality to enable BLE mesh networks. We identify crucial aspects of BLE mesh network solutions and discuss their advantages and drawbacks. Finally, we highlight currently open issues.

“…In addition to the IETF, other organizations and alliances such as Open Mobile Alliance (OMA) in their white paper Lightweight M2M 1.1 [15] integrate different technologies including LPWAN and consider new strategies and protocols to provide security, with the incorporation of OSCORE [16], a recent IETF standard, in their protocol stack to provide security at the application layer.…”

Section: Related Workmentioning

confidence: 99%

Secure Authentication and Credential Establishment in Narrowband IoT and 5G

Sánchez-Gómez

García-Carrillo²,

Marin-Perez³

et al. 2020

Security is critical in the deployment and maintenance of novel IoT and 5G networks. The process of bootstrapping is required to establish a secure data exchange between IoT devices and data-driven platforms. It entails, among other steps, authentication, authorization, and credential management. Nevertheless, there are few efforts dedicated to providing service access authentication in the area of constrained IoT devices connected to recent wireless networks such as narrowband IoT (NB-IoT) and 5G. Therefore, this paper presents the adaptation of bootstrapping protocols to be compliant with the 3GPP specifications in order to enable the 5G feature of secondary authentication for constrained IoT devices. To allow the secondary authentication and key establishment in NB-IoT and 4G/5G environments, we have adapted two Extensible Authentication Protocol (EAP) lower layers, i.e., PANATIKI and LO-CoAP-EAP. In fact, this approach presents the evaluation of both aforementioned EAP lower layers, showing the contrast between a current EAP lower layer standard, i.e., PANA, and one specifically designed with the constraints of IoT, thus providing high flexibility and scalability in the bootstrapping process in 5G networks. The proposed solution is evaluated to prove its efficiency and feasibility, being one of the first efforts to support secure service authentication and key establishment for constrained IoT devices in 5G environments.