Securing Complex IoT Platforms with Token Based Access Control and Authenticated Key Establishment

Timothy Claeys, Franck Rousseau, Bernard Tourancheau
<span title="">2017</span> <i title="IEEE"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/qtncbuws4rbhlijo5prownll4a" style="color: black;">2017 International Workshop on Secure Internet of Things (SIoT)</a> </i> &nbsp;
In this paper we propose a new authorization and authentication framework for the IoT that combines the security model of OAuth 1.0a with the lightweight building blocks of ACE. By designing self-securing tokens the security of the framework no longer depends on the security of the network stack. We use basic PKI functionalities to bootstrap a chain-of-trust between the devices which simplifies future token exchanges. Finally, we propose an alternate key establishment scheme for use cases where
more &raquo; ... devices cannot directly communicate. We test our proposal by implementing the critical aspects on a STM32L4 microcontroller. The results indicate that our framework guarantees a strong level of security for IoT devices with basic asymmetric cryptography capabilities.
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1109/siot.2017.00006">doi:10.1109/siot.2017.00006</a> <a target="_blank" rel="external noopener" href="https://dblp.org/rec/conf/siot/ClaeysRT17.html">dblp:conf/siot/ClaeysRT17</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/dxakuxhfobcw7bhpzm2p4fdy34">fatcat:dxakuxhfobcw7bhpzm2p4fdy34</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20190502221425/https://hal.archives-ouvertes.fr/hal-01596135/file/siot_auth.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/56/e1/56e1ef2f73da92e3de2398454764b015354c54d3.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1109/siot.2017.00006"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> ieee.com </button> </a>