RIOT-AKA: cellular-like authentication over IoT devices

2021 IEEE 29th International Conference on Network Protocols (ICNP) Pub Date : 2021-11-01 DOI:10.1109/ICNP52444.2021.9651952

G. Bianchi, A. L. Rosa, Gabriele Restuccia

{"title":"RIOT-AKA: cellular-like authentication over IoT devices","authors":"G. Bianchi, A. L. Rosa, Gabriele Restuccia","doi":"10.1109/ICNP52444.2021.9651952","DOIUrl":null,"url":null,"abstract":"Many Internet-connected appliances are often moved to different environments, such as when they are re-located. And even when they are buried in a given physical environment, their ownership \"moves\", such as when a home or smart space changes hands. This calls for roaming-friendly IoT authentication devised to circumvent the need to deploy long-term authentication credentials across different visited domains. Noting that this issue has been very extensively addressed since at least three decades in cellular network, in this paper we integrate, within the RIOT IoT Operating system, an authentication and key agreement protocol designed to be as close as possible to the standard one used by 4G/5G cellular systems. Our design accounts for a few technical improvements made possible since, unlike the case of cellular networks, we are here free from back-ward compatibility issues. Our proof-of-concept implementation is built on COAP for the radio interface, and on HTTPS for the core network signaling parts, and can be further configured to use two different types of secret keys: pre-shared or on-demand, (re)generated via a SRAM-PUF API available in RIOT.","PeriodicalId":343813,"journal":{"name":"2021 IEEE 29th International Conference on Network Protocols (ICNP)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE 29th International Conference on Network Protocols (ICNP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICNP52444.2021.9651952","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Many Internet-connected appliances are often moved to different environments, such as when they are re-located. And even when they are buried in a given physical environment, their ownership "moves", such as when a home or smart space changes hands. This calls for roaming-friendly IoT authentication devised to circumvent the need to deploy long-term authentication credentials across different visited domains. Noting that this issue has been very extensively addressed since at least three decades in cellular network, in this paper we integrate, within the RIOT IoT Operating system, an authentication and key agreement protocol designed to be as close as possible to the standard one used by 4G/5G cellular systems. Our design accounts for a few technical improvements made possible since, unlike the case of cellular networks, we are here free from back-ward compatibility issues. Our proof-of-concept implementation is built on COAP for the radio interface, and on HTTPS for the core network signaling parts, and can be further configured to use two different types of secret keys: pre-shared or on-demand, (re)generated via a SRAM-PUF API available in RIOT.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

IoT -又名:物联网设备上的类似蜂窝的身份验证

许多连接互联网的设备经常被移动到不同的环境中，例如当它们重新定位时。即使它们被埋在一个特定的物理环境中，它们的所有权也会“移动”，比如当一个家或一个智能空间易手时。这需要漫游友好的物联网身份验证，以避免在不同访问域部署长期身份验证凭据的需要。注意到这个问题已经在蜂窝网络中被广泛解决了至少三十年，在本文中，我们在RIOT物联网操作系统中集成了一个认证和密钥协议，该协议旨在尽可能接近4G/5G蜂窝系统使用的标准协议。我们的设计考虑了一些技术上的改进，因为与蜂窝网络的情况不同，我们在这里没有向后兼容性问题。我们的概念验证实现建立在无线电接口的COAP和核心网络信令部分的HTTPS上，并且可以进一步配置为使用两种不同类型的密钥:预共享或按需，(重新)通过RIOT中可用的SRAM-PUF API生成。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2021 IEEE 29th International Conference on Network Protocols (ICNP)

自引率

0.00%

发文量