当前位置: X-MOL 学术IEEE Internet Things J. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Application Layer Key Establishment for End-to-End Security in IoT
IEEE Internet of Things Journal ( IF 10.6 ) Pub Date : 2020-03-01 , DOI: 10.1109/jiot.2019.2959428
Salvador Perez , Jose L. Hernandez-Ramos , Shahid Raza , Antonio Skarmeta

In most Internet of Things (IoT) deployments, intermediate entities are usually employed for efficiency and scalability reasons. These intermediate proxies break end-to-end security when using even the state-of-the-art transport layer security (TLS) solutions. In this direction, the recent object security for constrained RESTful environments (OSCORE) has been standardized to enable end-to-end security even in the presence of malicious proxies. In this article, we focus on the key establishment process based on application-layer techniques. In particular, we evaluate the ephemeral Diffie–Hellman over COSE (EDHOC), the de facto key establishment protocol for OSCORE. Based on EDHOC, we propose CompactEDHOC, as a lightweight alternative, in which negotiation of security parameters is extracted from the core protocol. In addition to providing end-to-end security properties, we perform extensive evaluation using real IoT hardware and simulation tools. Our evaluation results prove EDHOC-based proposals as an effective and efficient approach for the establishment of a security association in IoT-constrained scenarios.

中文翻译:

物联网端到端安全的应用层密钥建立

在大多数物联网(IoT)部署中,通常出于效率和可伸缩性的原因而采用中间实体。这些中间代理甚至在使用最新的传输层安全性(TLS)解决方案时也会破坏端到端的安全性。在这个方向上,最近针对受约束的RESTful环境(OSCORE)的对象安全性已经标准化,即使在存在恶意代理的情况下也可以实现端到端的安全性。在本文中,我们重点介绍基于应用程序层技术的密钥建立过程。特别是,我们评估了基于COSE的临时Diffie-Hellman(EDHOC),这是OSCORE的事实上的密钥建立协议。基于EDHOC,我们提出了CompactEDHOC,作为一种轻量级替代方案,其中从核心协议中提取了安全参数的协商。除了提供端到端的安全属性外,我们还使用真实的IoT硬件和仿真工具进行了广泛的评估。我们的评估结果证明,基于EDHOC的建议是在物联网受限的情况下建立安全关联的有效途径。
更新日期:2020-03-01
down
wechat
bug