Toward the inclusion of end-to-end security in the OM2M platform

Abstract

The exponential growth in the number of Internet of things (IoT) devices and their potential in many applications in a vast number of domains fuelled the development of different IoT platforms, supported by big companies and industry groups. These platforms are able to provide reliable services to IoT devices and reduce the time to market for the targeted applications. Unfortunately, these proprietary solutions fragment the IoT market and hamper horizontal integration. The need to interoperate the different IoT platforms and communication protocols pushed the Standards Developing Organizations (SDOs) to the specification of a machine-to-machine (M2M) service layer, published as the oneM2M (OM2M) standard. Although the OM2M standard provides generic guidelines to implement security solutions which include authentication, authorization, confidentiality and data integrity, more efficient security schemes should be investigated when constrained IoT devices are concerned. This paper presents two main contributions. First, a CoAPS binding for the OM2M platform is provided that enables secure and reliable communication with constrained IoT devices. Second, a lightweight dynamic access control system is designed, developed and integrated in a OM2M-based architecture. It allows to dynamically grant or revoke access permission in an anonymous way to constrained IoT devices for controlling some actuators. From the experimental results, we can conclude that the computational complexity of the proposed security scheme is extremely low for the client device which requests data access. We show that a constrained IoT device establishes a trust relationship with the OM2M server in few seconds.