A First Step Towards Security for Internet of Small Things

Namhi Kang
2016 International Journal of Security and Its Applications  
Industrial and research organizations expect that tens of billions of daily life objects can communicate with each other in the near future for realizing a hyper connected society that is called Internet of Things (IoT). They also agree that security is one of the most important concerns to provide smart and intelligent services successfully in the IoT. The author notes in this paper that the first step towards a secure IoT is the initial configuration of connected objects and networks in a
more » ... re fashion. As a solution, this paper proposes a secure configuration (i.e., bootstrapping) scheme for resource constrained devices such as sensors or actuators. The scheme is activated when a new object (or node) initially installs and re-installs to a network that is currently in operation. The method is suitable for a scenario, where resource constrained small things are interconnected with each other and thus formed Internet of Things. Several technologies have been proposed in the literature to support secure pairing between devices in machine to machine communication (for example, see [15] for more information). In such technologies, various OOB channels were used in the authentication phase. Jennings proposed a scheme to configure a new device and register the device to the controller using a QR code [8] . In his scheme, as shown in Figure 1 , an introducer, which might be a smart phone, of a network reads QR code printed on or contained in the box of a device. That is, when the device is installed, the introducer derives secret parameters, such as OTP and secret key, of the device by scanning the QR code (message 1 in Figure 1 ). OTP is a one time password generated by a manufacturer for the device registration and the secret is the secret value generated by a manufacturer for enabling the communication between the device and the controller. Next, the introducer delivers the network information of the network and OTP used by the device to the transfer agent which is handled by the manufacturer (message 2). The introducer transmits the secret to the controller (message 3). When the device is booted up for the first time and the network connection is made, it connects to the transfer agent. The transfer agent transmits the network information of the controller to the device (message 4). Since the device knows the network information of the controller, the device can communicate with the controller directly in the subsequent device operation (message 5).
doi:10.14257/ijsia.2016.10.6.02 fatcat:ml5pfiwg7jd3fpbd5kzdcxsf4e