Toward a Lightweight Authentication and Authorization Framework for Smart Objects

Hernández-Ramos, José L.; Pawlowski, Marcin Piotr; Jara, Antonio J.; Skarmeta, Antonio F.; Ladid, Latif

doi:10.1109/jsac.2015.2393436

Cited by 125 publications

(57 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Hernandez-Ramos et al have designed an authentication and authorization framework for smart objects [23]. Their authentication approach is based on EAP over LAN (EAPOL) [24] for security bootstrapping in order to establish keys for DTLS.…”

Section: Related Workmentioning

confidence: 99%

S3K: Scalable Security With Symmetric Keys—DTLS Key Establishment for the Internet of Things

Raza¹,

Seitz²,

Sitenkov³

et al. 2016

IEEE Trans. Automat. Sci. Eng.

View full text Add to dashboard Cite

Abstract-DTLS is becoming the de facto standard for communication security in the Internet of Things. In order to run the DTLS protocol one needs to establish keys between the communicating devices. The default method of key establishment requires X.509 certificates and a Public Key Infrastructure, an approach which is often too resource consuming for small IoT devices. DTLS also supports the use of pre-shared keys and raw public keys. These modes are more lightweight, but they are not scalable to a large number of devices.We present Scalable Security with Symmetric Keys (S3K), a key management architecture for the resource constrained Internet of Things. S3K provides a flexible and scalable way of establishing keys between resource constrained IoT devices. S3K enables devices that have no previous, direct security relation to use DTLS with either pre-shared symmetric keys or raw public keys established and authorized during the DTLS handshake. We implement S3K in the Contiki OS and evaluate it on real IoT hardware. Our evaluation shows that S3K is feasible in constrained environment and at the same time scalable to a large number of devices.Note to Practitioners: Key management is one of the hardest problems in cyber security. It is even more challenging in the Internet of IoT considering that most things are resourceconstrained. Therefore, IoT devices either end-up using the symmetric cryptography with pre-shared key mode or asymmetric cryptography with raw public keys (RPK) mode. These modes either require a pre-provisioning of all expected trusted clients in individual nodes before deployment or requires outof-band validation of RPKs. Also, if the number of clients that a node would communicate with varies dynamically, this would demand frequent re-provisioning of each trusted client to the individual nodes. The approach based on preprovisioning and re-provisioning of trusted keys is certainly not scalable and requires a continuous management of security policies. We therefore propose a solution that is scalable and does not require pre-provisioning or re-provisioning the individual nodes with keys for all future trusted clients. The basic approach is to establish shared keys between resource servers and a trust anchor. When a client wants to establish a trust relationship with a resource server it requests a key from a trust anchor. The trust anchor asserts a secret key or a public key of the client that can be conveyed to the resource server.

show abstract

Section: Related Workmentioning

confidence: 99%

S3K: Scalable Security With Symmetric Keys—DTLS Key Establishment for the Internet of Things

Raza¹,

Seitz²,

Sitenkov³

et al. 2016

IEEE Trans. Automat. Sci. Eng.

View full text Add to dashboard Cite

show abstract

“…EAP-over-CoAP [11] bootstraps key material and deals with node authentication. The authorization problem for IoT, normally involving authentication, has been also studied thoroughly; [12] offers a comprehensive solution based on EAP-methods and timestamps. [13] solves the authentication problem building on top of 3GPP Generic Bootstrapping Architecture (GBA) using asymmetric cryptography and HTTP.…”

Section: A Related Workmentioning

confidence: 99%

Nonce-based authenticated key establishment over OAuth 2.0 IoT proof-of-possession architecture

Navas¹,

Lagos²,

Toutain³

et al. 2016

2016 IEEE 3rd World Forum on Internet of Things (WF-IoT)

View full text Add to dashboard Cite

To cite this version:Renzo Efrain Navas, Manuel Lagos, Laurent Toutain, Kumaran Vijayasankar. Nonce-based authenticated key establishment over OAuth 2. Abstract-The Internet of Things will scale to billions of devices in the next coming years. A secure communication framework is needed to interconnect all these objects, by taking into account their intrinsic constrained in terms of energy, cpu and memory; Several proposals relying on adapting existing well-known and standardized security solutions exist, but we believe there is still a gap for most-constrained nodes to provide fine-grained authorization and secure establishment of fresh cryptographic keys. We propose a mechanism that runs on top of the OAuth Authorization architecture and provides the bootstrapping of fresh authenticated symmetric cryptographic material between previously unknown parties using a noncebased protocol. We set up an energy measurement platform to evaluate our proposal and compare it with existing work.

show abstract

“…There is a desire need to investigate how to make symmetric and asymmetric algorithms lightweight for IoT. Most recently, various efforts for lightweight solution for IoT can be found in [19], [20], [19], [21]. Some of the existing lightweight cryptographic solutions includes HIGHT, RC5 and PRESENT.…”

Section: B Lightweight Cryptographic Framework For Iotmentioning

confidence: 99%

Software Defined Security Service Provisioning Framework for Internet of Things

Khan¹,

Hameed²

2016

ijacsa

View full text Add to dashboard Cite

Abstract-Programmable management framework have paved the way for managing devices in the network. Lately, emerging paradigm of Software Defined Networking (SDN) have revolutionized programmable networks. Designers of networking applications i.e. Internet of things (IoT) have started investigating potentials of SDN paradigm in improving network management. IoT envision interconnecting various embedded devices surrounding our environment with IP to enable internet connectivity. Unlike traditional network architectures, IoT are characterized by constraint in resources and heterogeneous inter connectivity of wireless and wired medium. Therefore, unique challenges for managing IoT are raised which are discussed in this paper. Ubiquity of IoT have raised unique security challenges in IoT which is one of the aspect of management framework for IoT. In this paper, security threats and requirements are summarized in IoT extracted from the state of the art efforts in investigating security challenges of IoT. Also, SDN based security service provisioning framework for IoT is proposed.

show abstract

Toward a Lightweight Authentication and Authorization Framework for Smart Objects

Cited by 125 publications

References 47 publications

S3K: Scalable Security With Symmetric Keys—DTLS Key Establishment for the Internet of Things

S3K: Scalable Security With Symmetric Keys—DTLS Key Establishment for the Internet of Things

Nonce-based authenticated key establishment over OAuth 2.0 IoT proof-of-possession architecture

Software Defined Security Service Provisioning Framework for Internet of Things

Contact Info

Product

Resources

About