Delegation-based Authentication and Authorization for the IP-based IoT

Delegation-based Authentication and Authorization

for the IP-based IoTEmbedded Security Lab.

Park Joon-young

Contents

• DTLS Protocol

• Motive

• Design

• Evaluation

• Conclusion

About Paper

• 2014, IEEE SECON(Sensing, Communication, and Networking)

Introduction

Limited Processing Power

Limited Storage

Low Bandwidth

Inefficient Energy

Unreliable Environment

Sensors will have..

DTLS Protocol

• TLS on Datagram

• 6 Message Flight

• Public-key-based + Symmetric-key-based

• Verifies correctness

Public-key in DTLS

•Computation

•Transmission

•Memory Overheads

Run-time Req. (RAM)

• Public-key Calculation + Certificate Parsing (1.4kB)

• DTLS handshake (1.3kB) + stack size (1.8kB)

6.2kB + 1.8kB10kB10kB

OSAPP

Implementation Size (ROM)

•DTLS handshake (relic toolkit, 16kB)

•Certificate Parsing (1.5kB) + Certificate Verification + Time Synchronization

64kB RAM + ROM

Design

Original This Paper

Design

•Delegation Server- Key Distribution Center- DTLS handshake with remote end-point

Bootstrapping a constrained Device

D

DS R

D

D

Physical contact or Wireless communication

Delegation

D

DS R

D

D

DTLS handshake

Delegation

D

DS R

D

D

Session Resumption

Revocation

D

DS R

D

D

Revocation

D

DS R

D

D

Revocation

D

DS R

D

D

symmetric-key-based DTLS handshake

Evaluation• symmetric-key-based tinyDTLS (openSSL)

• WiSMote platform (Arduino, raspberry pi..)

• 16MHz MSP430 µ-controller (intel i3-2500, ARM..)

• 16kB RAM, 128kB ROM

• Contiki OS (Windows, Linux..)

• FlockLab (oscilloscope)

EvaluationRAM / ROM

RAM

ROM

EvaluationRun-time

Client-side Computation Server-side Computation

Verification / Decryption of Session Ticket Generating new Session Ticket

EvaluationRun-time

Transmission

EvaluationRun-time

Certificate Symmetric Delegation

Conclusion

• Proposed delegation architecture

• Provides comprehensive, compact solution for authentication, authorization, secure transmission