A Secure Network Architecture for the Internet of Things Based on Local Authorization Entities
Hokeun Kim, Armin Wasicek, Benjamin Mehne, Edward A. Lee

Citation
Hokeun Kim, Armin Wasicek, Benjamin Mehne, Edward A. Lee. "A Secure Network Architecture for the Internet of Things Based on Local Authorization Entities". Talk or presentation, 13, January, 2016; Talk or presentation, 13, January, 2016; Presented at the Urban Heartbeat Workshop, Berkeley.

Abstract
Security is essential to enable the Internet of Things (IoT). The security of the traditional Internet has been enhanced by well-developed security measures, for example, the SSL/TLS protocol suites. However, authentication based on certificates provided by certificate authorities (CA) cannot, in current form, scale to the expected 50 billion devices. To make TLS with CAs more scalable, the Let's Encrypt project(https://letsencrypt.org) launches free and automated CAs. Nevertheless, the point-to-point nature of TLS connections and overhead of managing certificates still make it challenging to apply TLS for all IoT devices, possibly with resource constraints and one-to-many communication requirements. Moreover, TLS itself is not designed for frequent authorization/revocation which might be necessary for some safety-critical IoT devices. To address these issues, we propose a secure network architecture with key distribution mechanisms using local, automated authorization entities. The architecture provides security guarantees while addressing IoT-specific issues including resource constraints. By evaluation, we show that the architecture's overhead scales sublinearly and works well with resource-constrained devices. We also expect the proposed architecture can be integrated easily with free, automated, and scalable CAs by the Let's Encrypt project.

Electronic downloads


Internal. This publication has been marked by the author for TerraSwarm-only distribution, so electronic downloads are not available without logging in.
Citation formats  
  • HTML
    Hokeun Kim, Armin Wasicek, Benjamin Mehne, Edward A. Lee.
    <a
    href="http://www.terraswarm.org/pubs/715.html"
    ><i>A Secure Network Architecture for the Internet
    of Things Based on Local Authorization
    Entities</i></a>, Talk or presentation,  13,
    January, 2016; Talk or presentation, 13, January, 2016;
    Presented at the
    <a
    href="http://www.terraswarm.org/urbanheartbeat/wiki/Main/2016-01-13"
    >Urban Heartbeat Workshop</a>, Berkeley.
  • Plain text
    Hokeun Kim, Armin Wasicek, Benjamin Mehne, Edward A. Lee.
    "A Secure Network Architecture for the Internet of
    Things Based on Local Authorization Entities". Talk or
    presentation,  13, January, 2016; Talk or presentation, 13,
    January, 2016; Presented at the
    <a
    href="http://www.terraswarm.org/urbanheartbeat/wiki/Main/2016-01-13"
    >Urban Heartbeat Workshop</a>, Berkeley.
  • BibTeX
    @presentation{KimWasicekMehneLee16_SecureNetworkArchitectureForInternetOfThingsBasedOnLocal,
        author = {Hokeun Kim and Armin Wasicek and Benjamin Mehne
                  and Edward A. Lee},
        title = {A Secure Network Architecture for the Internet of
                  Things Based on Local Authorization Entities},
        day = {13},
        month = {January},
        year = {2016},
        note = {Talk or presentation, 13, January, 2016; Presented
                  at the
    <a
                  href="http://www.terraswarm.org/urbanheartbeat/wiki/Main/2016-01-13"
                  >Urban Heartbeat Workshop</a>, Berkeley.},
        abstract = {Security is essential to enable the Internet of
                  Things (IoT). The security of the traditional
                  Internet has been enhanced by well-developed
                  security measures, for example, the SSL/TLS
                  protocol suites. However, authentication based on
                  certificates provided by certificate authorities
                  (CA) cannot, in current form, scale to the
                  expected 50 billion devices. To make TLS with CAs
                  more scalable, the Let's Encrypt
                  project(https://letsencrypt.org) launches free and
                  automated CAs. Nevertheless, the point-to-point
                  nature of TLS connections and overhead of managing
                  certificates still make it challenging to apply
                  TLS for all IoT devices, possibly with resource
                  constraints and one-to-many communication
                  requirements. Moreover, TLS itself is not designed
                  for frequent authorization/revocation which might
                  be necessary for some safety-critical IoT devices.
                  To address these issues, we propose a secure
                  network architecture with key distribution
                  mechanisms using local, automated authorization
                  entities. The architecture provides security
                  guarantees while addressing IoT-specific issues
                  including resource constraints. By evaluation, we
                  show that the architecture's overhead scales
                  sublinearly and works well with
                  resource-constrained devices. We also expect the
                  proposed architecture can be integrated easily
                  with free, automated, and scalable CAs by the
                  Let's Encrypt project.},
        URL = {http://terraswarm.org/pubs/715.html}
    }
    

Posted by Hokeun Kim on 12 Jan 2016.
Groups: pw

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.