Related papers: ASOP: A Sovereign and Secure Device Onboarding Protocol for Cloud-based IoT Services

ASOP: A Sovereign and Secure Device Onboarding Protocol for Cloud-based IoT Services

URL: http://arxiv.org/abs/2403.13020v1
Date: Mon, 18 Mar 2024 15:45:14 GMT
Title: ASOP: A Sovereign and Secure Device Onboarding Protocol for Cloud-based IoT Services
Authors: Khan Reaz, Gerhard Wunder,
Abstract summary: ASOP is a sovereign and secure protocol for IoT devices without blindly trusting the device manufacturer, supply chain, and cloud service provider. Our zero-trust' and human-in-the-loop' approach guarantees that the device owner does not remain at the mercy of third-party infrastructures.
Score: 1.4732811715354452
License: http://creativecommons.org/licenses/by/4.0/
Abstract: The existing high-friction device onboarding process hinders the promise and potentiality of Internet of Things (IoT). Even after several attempts by various device manufacturers and working groups, no widely adopted standard solution came to fruition. The latest attempt by Fast Identity Online (FIDO) Alliance promises a zero touch solution for mass market IoT customers, but the burden is transferred to the intermediary supply chain (i.e. they have to maintain infrastructure for managing keys and digital signatures called `Ownership Voucher' for all devices). The specification relies on a `Rendezvous Server' mimicking the notion of Domain Name System (DNS) server'. This essentially means resurrecting all existing possible attack scenarios associated with DNS, which include Denial of Service (DoS) attack, and Correlation attack. `Ownership Voucher' poses the risk that some intermediary supply chain agents may act maliciously and reject the transfer of ownership or sign with a wrong key. Furthermore, the deliberate use of the weak elliptic curve SECP256r1/SECP384r1 (also known as NIST P-256/384) in the specification raises questions. We introduce ASOP: a sovereign and secure device onboarding protocol for IoT devices without blindly trusting the device manufacturer, supply chain, and cloud service provider. The ASOP protocol allows onboarding an IoT device to a cloud server with the help of an authenticator owned by the user. This paper outlines the preliminary development of the protocol and its high-level description. Our `zero-trust' and `human-in-the-loop' approach guarantees that the device owner does not remain at the mercy of third-party infrastructures, and it utilises recently standardized post-quantum cryptographic suite (CRYSTALS) to secure connection and messages.

Related papers

KESIC: Kerberos Extensions for Smart, IoT and CPS Devices [11.898833102736255]
Kerberos is not directly suitable for IoT devices due to its heavy-weight protocols and the resource-constrained nature of the devices. This paper presents KESIC, a system that enables efficient and secure multi-user access for IoT devices.
arXiv Detail & Related papers (2024-07-05T22:22:54Z)
Towards Credential-based Device Registration in DApps for DePINs with ZKPs [46.08150780379237]
We propose a credential-based device registration (CDR) mechanism that verifies device credentials on the blockchain. We present a general system model, and technically evaluate CDR using zkSNARKs with Groth16 and Marlin.
arXiv Detail & Related papers (2024-06-27T09:50:10Z)
zk-IoT: Securing the Internet of Things with Zero-Knowledge Proofs on Blockchain Platforms [0.0]
This paper introduces the zk-IoT framework, a novel approach to enhancing the security of Internet of Things (IoT) ecosystems. Our framework ensures the integrity of firmware execution and data processing in potentially compromised IoT devices.
arXiv Detail & Related papers (2024-02-13T09:34:23Z)
HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z)
Tamper-Evident Pairing [55.2480439325792]
Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard. TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent. This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
arXiv Detail & Related papers (2023-11-24T18:54:00Z)
A Lightweight and Secure PUF-Based Authentication and Key-exchange Protocol for IoT Devices [0.0]
Device Authentication and Key exchange are major challenges for the Internet of Things. PUF appears to offer a practical and economical security mechanism in place of typically sophisticated cryptosystems like PKI and IBE. We present a system in which the IoT device does not require a continuous active internet connection to communicate with the server in order to Authenticate itself.
arXiv Detail & Related papers (2023-11-07T15:42:14Z)
SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes. SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices. We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z)
Caveat (IoT) Emptor: Towards Transparency of IoT Device Presence (Full Version) [12.842258850026878]
Hidden IoT devices can snoop (via sensing) on nearby unsuspecting users, and impact the environment where unaware users are present, via actuation. This paper constructs a privacy-agileuation RootofTrust architecture for devices, called PAISA. It guarantees timely and secure announcements about IoT devices' presence and their capabilities.
arXiv Detail & Related papers (2023-09-07T09:08:31Z)
IoT Device Identification Based on Network Communication Analysis Using Deep Learning [43.0717346071013]
The risk of attacks on an organization's network has increased due to the growing use of less secure IoT devices. To tackle this threat and protect their networks, organizations generally implement security policies in which only white listed IoT devices are allowed on the network. In this research, deep learning is applied to network communication for the automated identification of IoT devices permitted on the network.
arXiv Detail & Related papers (2023-03-02T13:44:58Z)
Smart Home, security concerns of IoT [91.3755431537592]
The IoT (Internet of Things) has become widely popular in the domestic environments. People are renewing their homes into smart homes; however, the privacy concerns of owning many Internet connected devices with always-on environmental sensors remain insufficiently addressed. Default and weak passwords, cheap materials and hardware, and unencrypted communication are identified as the principal threats and vulnerabilities of IoT devices.
arXiv Detail & Related papers (2020-07-06T10:36:11Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.