Towards viable certificate-based authentication for the Internet of Things

• The vision of the Internet of Things considers smart objects in the physical world as first-class citizens of the digital world. Especially IP technology and RESTful web services on smart objects promise simple interactions with Internet services in the Web of Things, e.g., for building automation or in e-health scenarios. Peer authentication and secure data transmission are vital aspects in many of these scenarios to prevent leakage of personal information and harmful actuating tasks. While standard security solutions exist for traditional IP networks, the constraints of smart objects demand for more lightweight security mechanisms. Thus, the use of certificates for peer authentication is predominantly considered impracticable. In this paper, we investigate if this assumption is valid. To this end, we present preliminary overhead estimates for the certificate-based DTLS handshake and argue that certificates - with improvements to the handshake - are a viable method of authentication in many network scenarios. We propose three design ideas to reduce the overheads of the DTLS handshake. These ideas are based on (i) pre-validation, (ii) session resumption, and (iii) handshake delegation. We qualitatively analyze the expected overhead reductions and discuss their applicability. 

Nyckelord

Authentication

Certificates

Internet of Things

TLS

Building automation

Internet of Things (IOT)

Lightweight securities

Overhead reductions

Personal information

RESTful Web services

Cost reduction

Intelligent buildings

Internet

Web services

Wireless networks

Network security

Publikations- och innehållstyp

ref (ämneskategori)

kon (ämneskategori)