Securing Complex IoT Platforms with Token Based Access Control and Authenticated Key Establishment

Timothy Claeys, Franck Rousseau, Bernard Tourancheau
<span title="">2017</span> <i title="IEEE"> <a target="_blank" rel="noopener" href="" style="color: black;">2017 International Workshop on Secure Internet of Things (SIoT)</a> </i> &nbsp;
In this paper we propose a new authorization and authentication framework for the IoT that combines the security model of OAuth 1.0a with the lightweight building blocks of ACE. By designing self-securing tokens the security of the framework no longer depends on the security of the network stack. We use basic PKI functionalities to bootstrap a chain-of-trust between the devices which simplifies future token exchanges. Finally, we propose an alternate key establishment scheme for use cases where
more &raquo; ... devices cannot directly communicate. We test our proposal by implementing the critical aspects on a STM32L4 microcontroller. The results indicate that our framework guarantees a strong level of security for IoT devices with basic asymmetric cryptography capabilities.
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="">doi:10.1109/siot.2017.00006</a> <a target="_blank" rel="external noopener" href="">dblp:conf/siot/ClaeysRT17</a> <a target="_blank" rel="external noopener" href="">fatcat:dxakuxhfobcw7bhpzm2p4fdy34</a> </span>
<a target="_blank" rel="noopener" href="" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href=""> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> </button> </a>