Enterprise security for the internet of things (IOT)

Loading...
Thumbnail Image
Journal Title
Journal ISSN
Volume Title
A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
Date
2020-11-01
Major/Subject
Mcode
Degree programme
Language
en
Pages
23
1-23
Series
Sensors (Switzerland), Volume 20, issue 21
Abstract
The emergence of radio technologies, such as Zigbee, Z-Wave, and Bluetooth Mesh, has transformed simple physical devices into smart objects that can understand and react to their environment. Devices, such as light bulbs, door locks, and window blinds, can now be connected to, and remotely controlled from, the Internet. Given the resource-constrained nature of many of these devices, they have typically relied on the use of universal global shared secrets for the initial bootstrapping and commissioning phase. Such a scheme has obvious security weaknesses and it also creates undesirable walled-gardens where devices of one ecosystem do not inter-operate with the other. In this paper, we investigate whether the standard Extensible Authentication Protocol (EAP) framework can be used for secure bootstrapping of resource-constrained devices. EAP naturally provides the benefits of per-device individual credentials, straightforward revocation, and isolation of devices. In particular, we look at the Nimble out-of-band authentication for EAP (EAP-NOOB) as a candidate EAP authentication method. EAP-NOOB greatly simplifies deployment of such devices as it does not require them to be pre-provisioned with credentials of any sort. Based on our implementation experience on off-the-shelf hardware, we demonstrate that lightweight EAP-NOOB is indeed a way forward to securely bootstrap such devices.
Description
| openaire: EC/H2020/779852/EU//IoTCrawler
Keywords
Bootstrapping, Contiki, EAP-NOOB, IoT, Security
Other note
Citation
Peltonen , A , Inglés , E , Latvala , S , Garcia-Carrillo , D , Sethi , M & Aura , T 2020 , ' Enterprise security for the internet of things (IOT) : Lightweight bootstrapping with EAP-NOOB ' , Sensors (Switzerland) , vol. 20 , no. 21 , 6101 , pp. 1-23 . https://doi.org/10.3390/s20216101