Application Layer Key Establishment for End-to-End Security in IoT

In most of Internet of Things (IoT) deployments, intermediate entities are usually employed for efficiency and scalability reasons. These intermediate proxies break end-to-end security when using event the state-of-the-art transport layer security (TLS) solutions. In this direction, the recent object security for constrained RESTful environment (OSCORE) has been standardized to enable end-to-end security even in the presence of malicious proxies. In this article, we focus on the key establishment process based on application-layer techniques. In particular, we evaluate the Ephemeral Diffie-Hellman over COSE (EDHOC), the de facto key establishment protocol for OSCORE. Based on EDHOC, we propose CompactEDHOC, as a lightweight alternative, in which negotiation of security parameters is extracted from the core protocol. In addition to providing end-to-end security properties, we perform extensive evaluation using real IoT hardware and simulation tools. Our evaluation results prove EDHOC-based proposals as an effective and efficient approach for the establishment of a security association in IoT constrained scenarios.

PEREZ Salvador;  HERNANDEZ RAMOS Jose Luis;  RAZA Shahid;  SKARMETA Antonio; 

2020-03-26

IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC

JRC112578

2327-4662 (online),   

http://ieeexplore.ieee.org/document/8932424,    https://publications.jrc.ec.europa.eu/repository/handle/JRC112578,   

10.1109/JIOT.2019.2959428 (online),