Abstract
Domain Name Service (DNS) and its certification related resource records are appealing alternative to the standard X.509 certification framework, in provision of identities for Internet of Things (IoT) smart devices. We propose to also use DNS to store device owner identification data in device certificates. A working demonstration software has been developed as proof of this concept, which uses an external identity provider run by national authorities. As a result, smart devices are equipped with certificates that safely identify both the device and its owner. Hardware requirements make such a framework applicable to constrained devices. It stimulates mutual trust in machine-to-machine and man-to-machine communication, and creation of a friendlier environment for sale, lease, and data exchange. Further extensions of the proposed architecture are also discussed.
Highlights
While the rollout of the Internet of Things (IoT) is gaining its momentum, with so many new kinds of devices being equipped with data processing capabilities, one may find strange the fact that in practice, most of those things need some centralized service to interact properly, which is contrary to the original IoT vision
Other existing trust chains are essentially unaffected. Such an architecture addresses the existing inconveniences of DNSSec + domain owners issue certificates for all Extension (DANE): the domain registrar and owner are relieved from device owner identity check; the device owner is relieved from the certificate generation task
They mostly used TXT resource record; we propose that Canonical Name (CNAME)
Summary
While the rollout of the Internet of Things (IoT) is gaining its momentum, with so many new kinds of devices being equipped with data processing capabilities, one may find strange the fact that in practice, most of those things need some centralized service to interact properly, which is contrary to the original IoT vision. Patents [7,8] introduce a concept of IoT identity and relationship service that stores the IoT device public key in TLSA record or its equivalent meant to use for e-mail messages authentication This allows device-to-device secure communication worldwide over untrusted channels, for example, message queues. Other existing trust chains are essentially unaffected (green and red arrows in Figures 1 and 2) Such an architecture addresses the existing inconveniences of DNSSec + DANE: the domain registrar and owner are relieved from device owner identity check (which is delegated to IdP); the device owner is relieved from the certificate generation task (delegated to IoT signer).
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
