Abstract
With connected things, one service can be used with more than one device, all sharing the same user identity. In this context, the need to figure out whether the service is being used through a desktop computer, a smartphone, or a more constrained device is essential in order to better manage user identity. Given that constrained devices are less tamper resistant, they are more vulnerable to attacks than other appliances. We identified two challenges which make it difficult to apply robusts security mechanisms: the limited resources available on devices and the sharing of a user’s identity with the device. To address these challenges, we propose, a DIscovery and REgistration (DIRE) protocol that ensures secure device and person identities management. Our protocol has been formally proven and implemented. The runtime of the whole protocol is short and the code the device must embed is lightweight. As a result of our experiment, we produced a command line client for a user, a device firmware and a server handling the filiation of a user and its devices.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gubbi, J., Buyya, R., Marusic, S., Palaniswami, M.: Internet of Things (IoT): a vision, architectural elements, and future directions. Future Gener. Comput. Syst. 29(7), 1645–1660 (2013). Including special sections: cyber-enabled distributed computing for ubiquitous cloud and network services & cloud computing and scientific applications – Big Data, scalable analytics, and beyond
Evans, D.: “The Internet of Things”: how the next evolution of the internet is changing everything. Whitepaper, Cisco Internet Business Solutions Group (IBSG) (2011)
Mirai (malware): April 2017. Page version ID: 775046665
Hunt, S.T.E.: Cyber attack: hackers ‘weaponised’ everyday devices with malware. The Guardian, October 2016
Attacks on IoT devices more than doubled in 2015, study shows - HOT for Security
thenextweb: Fitbit users are unwittingly sharing details of their sex lives with the world (2013)
Cheshire, S., Krochmal, M.: DNS-based service discovery. Technical report (2013)
Hardt, D.: The OAuth 2.0 Authorization Framework (2012)
Gerdes, S., Seitz, L., Selander, G., Bormann, D.C.: An architecture for authorization in constrained environments. Internet-Draft draft-ietf-ace-actors-03, Internet Engineering Task Force, Work in Progress, March 2016
Khodadadi, F., Dastjerdi, A.V., Buyya, R.: Simurgh: a framework for effective discovery, programming, and integration of services exposed in IoT. In: 2015 International Conference on Recent Advances in Internet of Things (RIoT), pp. 1–6. IEEE (2015)
MQTT Version 3.1.1
Messaging: Power Profiling: HTTPS Long Polling vs. MQTT with SSL, on Android (MQdev Blog)
Eugster, P.T., Felber, P.A., Guerraoui, R., Kermarrec, A.-M.: The many faces of publish/subscribe. ACM Comput. Surv. (CSUR) 35(2), 114–131 (2003)
Butler, M., Yadav, D.: An incremental development of the Mondex system in Event-B. Formal Aspects Comput. 20(1), 61–77 (2008)
Kobeissi, N., Bhargavan, K., Blanchet, B.: Automated verification for secure messaging protocols and their implementations: a symbolic and computational approach. In: 2nd IEEE European Symposium on Security and Privacy (EuroS&P2017), Paris, France, pp. 435–450. IEEE, April 2017
The AVISPA Project
Cervesato, I.: The Dolev-Yao intruder is the most powerful attacker. In: 16th Annual Symposium on Logic in Computer Science–LICS, vol. 1. Citeseer (2001)
Arduino Client for MQTT
Flask-OAuthlib – Flask-OAuthlib 0.9.3 documentation
Raza, S., Shafagh, H., Hewage, K., Hummen, R., Voigt, T.: Lithe: lightweight secure CoAP for the internet of things. IEEE Sens. J. 13(10), 3711–3720 (2013)
ACE Working Group: Authentication and authorization for constrained environments (ACE) (2017)
Tschofenig, H.: The OAuth 2.0 Internet of Things (IoT) Client Credentials Grant
Raza, S., Trabalza, D., Voigt, T.: 6LoWPAN compressed DTLS for CoAP. In: 2012 IEEE 8th International Conference on Distributed Computing in Sensor Systems, pp. 287–289. IEEE (2012)
Erdtman, S.: Certificate credentials for ACE framework. Internet-Draft draft-erdtman-ace-certificate-credential-00, Internet Engineering Task Force, Work in Progress, April 2016
Kothmayr, T., Schmitt, C., Hu, W., Brünig, M., Carle, G.: DTLS based security and two-way authentication for the Internet of Things. Ad Hoc Netw. 11(8), 2710–2723 (2013)
User Managed Access - Kantara Initiative
Fremantle, P., Aziz, B., Kopecky, J., Scott, P.: Federated identity and access management for the Internet of Things. In: 2014 International Workshop on Secure Internet of Things (SIoT), pp. 10–17. IEEE (2014)
Gerdes, S., Bergmann, O., Bormann, C.: Delegated CoAP Authentication and Authorization Framework (DCAF)
Cirani, S., Picone, M., Gonizzi, P., Veltri, L., Ferrari, G.: IoT-OAS: an OAuth-based authorization service architecture for secure services in IoT scenarios. IEEE Sens. J. 15(2), 1224–1234 (2015)
Bradley, J., Denniss, W., Tschofenig, H., Jones, M.: OAuth 2.0 Device Flow for Browserless and Input Constrained Devices
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Kome, M.L., Graa, M., Cuppens-Boulahia, N., Cuppens, F., Frey, V. (2017). DIscovery and REgistration Protocol. In: Shyamasundar, R., Singh, V., Vaidya, J. (eds) Information Systems Security. ICISS 2017. Lecture Notes in Computer Science(), vol 10717. Springer, Cham. https://doi.org/10.1007/978-3-319-72598-7_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-72598-7_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72597-0
Online ISBN: 978-3-319-72598-7
eBook Packages: Computer ScienceComputer Science (R0)