Abstract
This paper examines dynamic identity, as it pertains to the Internet of Things (IoT), and explores the practical implementation of a mitigation technique for some of the key weaknesses of a conventional dynamic identity model. This paper explores human-centric and machine-based observer approaches for confirming device identity, permitting automated identity confirmation for deployed systems. It also assesses the advantages of dynamic identity in the context of identity revocation permitting secure change of ownership for IoT devices. The paper explores use-cases for human and machine-based observation for authentication of device identity when devices join a Command and Control(C2) network, and considers the relative merits for these two approaches for different types of system.
Highlights
One of the key aspects of any real-world deployment of Internet of Things (IoT) devices is the security of the system
In the context of Internet of Things (IoT), security requires that messages from devices have not been modified on route, and that they originate from a valid sender, as well as often requiring that the messages are protected from eavesdroppers
Since the device has the Secure Remote Update Protocol (SRUP) public key belonging to the default server, the server could use the extant DATA message within the SRUP protocol in order to send the identity of the observer that should be used, after the server has refused the initial simple join
Summary
One of the key aspects of any real-world deployment of Internet of Things (IoT) devices is the security of the system. SRUP enables secure, and authenticated Command and Control (C2) communication for IoT devices. The protocol is built on top of Message Queuing Telemetry Transport (MQTT) and utilizes a signed, binary message pattern which is used to send operational messages (such as data, commands, or instructions to receive software or firmware updates) between a C2 server and a series of IoT devices. In addition to these message types, the protocol supports a number of management messages, including facilitating the secure joining of devices to a C2 network. This paper builds upon a previous work [2] which described a scheme by which a human observer could confirm that a specified physical device was in possession of the logical identity it claimed to hold, and describes the implementation of a scheme to enable the automatic matching of a physical device, to its logical identity, via a trusted third-party: an observer node
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.