ASOP: A Sovereign and Secure Device Onboarding Protocol for Cloud-based IoT Services
- URL: http://arxiv.org/abs/2403.13020v1
- Date: Mon, 18 Mar 2024 15:45:14 GMT
- Title: ASOP: A Sovereign and Secure Device Onboarding Protocol for Cloud-based IoT Services
- Authors: Khan Reaz, Gerhard Wunder,
- Abstract summary: ASOP is a sovereign and secure protocol for IoT devices without blindly trusting the device manufacturer, supply chain, and cloud service provider.
Our zero-trust' and human-in-the-loop' approach guarantees that the device owner does not remain at the mercy of third-party infrastructures.
- Score: 1.4732811715354452
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The existing high-friction device onboarding process hinders the promise and potentiality of Internet of Things (IoT). Even after several attempts by various device manufacturers and working groups, no widely adopted standard solution came to fruition. The latest attempt by Fast Identity Online (FIDO) Alliance promises a zero touch solution for mass market IoT customers, but the burden is transferred to the intermediary supply chain (i.e. they have to maintain infrastructure for managing keys and digital signatures called `Ownership Voucher' for all devices). The specification relies on a `Rendezvous Server' mimicking the notion of Domain Name System (DNS) server'. This essentially means resurrecting all existing possible attack scenarios associated with DNS, which include Denial of Service (DoS) attack, and Correlation attack. `Ownership Voucher' poses the risk that some intermediary supply chain agents may act maliciously and reject the transfer of ownership or sign with a wrong key. Furthermore, the deliberate use of the weak elliptic curve SECP256r1/SECP384r1 (also known as NIST P-256/384) in the specification raises questions. We introduce ASOP: a sovereign and secure device onboarding protocol for IoT devices without blindly trusting the device manufacturer, supply chain, and cloud service provider. The ASOP protocol allows onboarding an IoT device to a cloud server with the help of an authenticator owned by the user. This paper outlines the preliminary development of the protocol and its high-level description. Our `zero-trust' and `human-in-the-loop' approach guarantees that the device owner does not remain at the mercy of third-party infrastructures, and it utilises recently standardized post-quantum cryptographic suite (CRYSTALS) to secure connection and messages.
Related papers
- A Comprehensive Framework for Building Highly Secure, Network-Connected Devices: Chip to App [1.4732811715354452]
This paper proposes a holistic approach to securing network-connected devices.
At the hardware level, we focus on secure key management, reliable random number generation, and protecting critical assets.
For secure communication, we emphasize TLS 1.3 and optimized cipher suites tailored for both standard and resource-constrained devices.
arXiv Detail & Related papers (2025-01-23T14:44:34Z) - OTA-Key: Over the Air Key Management for Flexible and Reliable IoT Device Provision [18.700561665322905]
IoT vendors frequently assign shared keys to batches of devices.
This practice can expose devices to risks, such as data theft by attackers.
We propose the OTA-Key scheme to address this issue.
arXiv Detail & Related papers (2024-12-16T08:50:00Z) - Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC)
ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic.
We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
arXiv Detail & Related papers (2024-11-21T18:26:05Z) - Lightweight and Resilient Signatures for Cloud-Assisted Embedded IoT Systems [2.156208381257605]
Lightweight and Resilient Signatures with Hardware Assistance (LRSHA) and its Forwardsecure version (FLRSHA)
We create two novel digital signatures called Lightweight and Resilient Signatures with Hardware Assistance (LRSHA) and its Forwardsecure version (FLRSHA)
They offer a nearoptimally efficient signing with small keys and signature sizes.
arXiv Detail & Related papers (2024-09-20T22:43:47Z) - Secure Ownership Management and Transfer of Consumer Internet of Things Devices with Self-sovereign Identity [1.6872118668817362]
The popularity of the Internet of Things (IoT) has driven its usage in our homes and industries over the past 10-12 years.
There have been some major issues related to identity management and ownership transfer involving IoT devices.
This article presents a Self-sovereign Identity (SSI) based system that facilitates a secure and user-centric ownership management and transfer of consumer IoT devices.
arXiv Detail & Related papers (2024-08-30T10:35:09Z) - KESIC: Kerberos Extensions for Smart, IoT and CPS Devices [11.898833102736255]
Kerberos is not directly suitable for IoT devices due to its heavy-weight protocols and the resource-constrained nature of the devices.
This paper presents KESIC, a system that enables efficient and secure multi-user access for IoT devices.
arXiv Detail & Related papers (2024-07-05T22:22:54Z) - Towards Credential-based Device Registration in DApps for DePINs with ZKPs [46.08150780379237]
We propose a credential-based device registration (CDR) mechanism that verifies device credentials on the blockchain.
We present a general system model, and technically evaluate CDR using zkSNARKs with Groth16 and Marlin.
arXiv Detail & Related papers (2024-06-27T09:50:10Z) - zk-IoT: Securing the Internet of Things with Zero-Knowledge Proofs on Blockchain Platforms [0.0]
This paper introduces the zk-IoT framework, a novel approach to enhancing the security of Internet of Things (IoT) ecosystems.
Our framework ensures the integrity of firmware execution and data processing in potentially compromised IoT devices.
arXiv Detail & Related papers (2024-02-13T09:34:23Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - Tamper-Evident Pairing [55.2480439325792]
Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard.
TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent.
This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
arXiv Detail & Related papers (2023-11-24T18:54:00Z) - A Lightweight and Secure PUF-Based Authentication and Key-exchange Protocol for IoT Devices [0.0]
Device Authentication and Key exchange are major challenges for the Internet of Things.
PUF appears to offer a practical and economical security mechanism in place of typically sophisticated cryptosystems like PKI and IBE.
We present a system in which the IoT device does not require a continuous active internet connection to communicate with the server in order to Authenticate itself.
arXiv Detail & Related papers (2023-11-07T15:42:14Z) - SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes.
SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices.
We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z) - Smart Home, security concerns of IoT [91.3755431537592]
The IoT (Internet of Things) has become widely popular in the domestic environments.
People are renewing their homes into smart homes; however, the privacy concerns of owning many Internet connected devices with always-on environmental sensors remain insufficiently addressed.
Default and weak passwords, cheap materials and hardware, and unencrypted communication are identified as the principal threats and vulnerabilities of IoT devices.
arXiv Detail & Related papers (2020-07-06T10:36:11Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.