Internet of Things (IoT) is a term commonly used today to refer to a current information technology trend towards a networked society, wherein anything that can benefit from a connection will be connected using Internet protocols. This means that in contrast to the past where mainly mobile phones and computers were globally interconnected over the Internet, now all kinds of electronic equipment are about to come online. This trend is expected to accelerate over the coming years due to the decrease of hardware and network costs as well as the Internet technology maturity.
A central property of IoT devices is that these devices have an Internet protocol (IP) address and are connected to the Internet. Moreover, these devices are often resource constrained, for instance due to slow central processing units or due to a limited energy source of the device. Common protocols by the Internet Engineering Task Force (IETF) for request/response, such as for example HyperText Transfer Protocol (HTTP), are considered to be inefficient or even too complex to handle for simple IoT devices.
Hence, to limit the processing and power consumption, new Internet standards are emerging. IETF is working with defining a new light weight application protocol for Representation State Transfer (REST)-ful message exchange, named Constrained Application Protocol (CoAP), which is based on User Datagram Protocol (UDP) to avoid the need to set up and keep the Transmission Control Protocol (TCP) state. In short, RESTful is a software architecture for distributed systems, such as the World Wide Web (WWW), in which a uniform interface separates clients from stateless servers.
Although CoAP is much more efficient than HTTP, to limit energy consumption, it is important to minimize unnecessary processing and, in particular, unnecessary message exchange. It is known that the energy consumption for message transmission and reception of wireless devices is one or more magnitudes higher than typical cryptographic operations of a corresponding message.
For CoAP, Datagram Transport Layer Security (DTLS) protocol may be used for protocol security. The DTLS protocol provides communication security to datagram protocols, such as User Datagram Protocol (UDP) and is similar to the Transport Layer Security (TLS) protocol used with connection oriented protocols, such as Transmission Control Protocol (TCP).
The TLS protocol is divided into a handshake protocol phase and a record protocol phase. The handshake protocol phase performs authentication and establishes a security context, whereas the record protocol phase protects the payload using the established security context. The TLS handshake protocol typically comprises a 4-pass message exchange.
FIG. 1 schematically presents a TLS protocol between a client 102 and a server 104. In 106, the client sends a Client hello message to the server. In 108, the server responds and sends a Server hello message. In 110, a client certificate, key exchange, is sent to the server. If the server 104 trusts the client, security is established, and a server finished message is sent in 112. The handshake protocol hence comprises 106-112, whereas the record protocol phase comprises 114 in which application data is sent by using the established security context.
FIGS. 2A and 2B illustrate protocol relationships between different transport layer protocols and application layer protocols. The HTTP application protocol 202 uses the TLS protocol 204, which uses transmission control protocol (TCP) 206. FIG. 2B illustrates that CoAP 208 uses the DTLS protocol 210, which uses the UDP protocol 212 in the transport layer.
The server 104 of FIG. 1, can be CoAP/DTLS server. Verification of integrity of alleged clients takes place in the third message pass 110, “Client Finished Message” of the handshake protocol. A client pretending to be a legitimate client will be detected in this step and the protocol is aborted.
To minimize processing for constrained devices, pre-shared keys (PSKs) may be deployed as initial key material to bootstrap the security of DTLS.
For very constrained resource devices, such as a micro-controller with 8 bit/16 MHz processor with 8-16 kB of Random Access Memory (RAM), the DTLS pre-shared key handshake could still take the order of seconds to complete in processing only, and significantly more if wireless communication is assumed. It is noted that the DTLS protocol is not designed with constrained devices in mind.
Now, in current CoAP there is no difference between authentication and authorization. Constrained resource devices are typically provided with “access control lists” of trusted clients which the constrained resource device can start DTLS sessions with.
However, restricting access to pre-provisioned trusted users is not flexible.
There is hence a need for alternative security mechanisms for key provisioning, authentication and authorization.