Secure zero-touch device provisioning in Bluetooth mesh networks

Loading...
Thumbnail Image
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu | Master's thesis
Date
2020-08-18
Department
Major/Subject
Security and Cloud Computing
Mcode
SCI3084
Degree programme
Master’s Prorgamme in Security and Cloud Computing (SECCLO)
Language
en
Pages
47+2
Series
Abstract
Connected devices in smart homes and offices promise benefits from energy conservation to enhanced user experience. Secure zero-touch provisioning, which requires no user interaction after the devices have arrived on-site, is essential to overcome the limitations posed by the scale of such networks and the minimal user interfaces on the devices. Bluetooth mesh profile v1.1 introduces certificate-based provisioning, which is a key enabler for zero-touch provisioning, but not sufficient by itself. This thesis analyzes the possible choices in each different aspect of implementing such a system and demonstrates a functional prototype. It makes concrete recommendations on how to assign device identities and bootstrap them during manufacturing, identifies two approaches to authorizing devices and delivering certificate status information, and argues against including secret values in device certificates. Reducing the cost of implementing security is determined to be essential for avoiding the security of the system being undermined by the users, and design choices in aspects such as physical device identifiers, certificate policies, device installation workflow and user interfaces are proposed to meet that goal. The presented prototype validates and demonstrates some of the recommendations using a Bluetooth development board as the device and an Android application as the provisioner. The documented implications of different alternatives and justified recommendations can help inform the design of future real-world implementations of zero-touch provisioning systems. Simplifying the process of securely provisioning devices can help avoid deployments opting for insecure networks, therefore preventing potentially devastating consequences and aiding faster adoption of these applications.
Description
Supervisor
Aura, Tuomas
Thesis advisor
Mallat, Hannu
Keywords
Bluetooth mesh, provisioning, PKI, IoT
Other note
Citation