ASOP: A Sovereign and Secure Device Onboarding Protocol for Cloud-based IoT Services
2022 6th Cyber Security in Networking Conference (CSNet)(2024)
摘要
The existing high-friction device onboarding process hinders the promise and
potentiality of Internet of Things (IoT). Even after several attempts by
various device manufacturers and working groups, no widely adopted standard
solution came to fruition. The latest attempt by Fast Identity Online (FIDO)
Alliance promises a zero touch solution for mass market IoT customers, but the
burden is transferred to the intermediary supply chain (i.e. they have to
maintain infrastructure for managing keys and digital signatures called
`Ownership Voucher' for all devices). The specification relies on a `Rendezvous
Server' mimicking the notion of Domain Name System (DNS) server'. This
essentially means resurrecting all existing possible attack scenarios
associated with DNS, which include Denial of Service (DoS) attack, and
Correlation attack. `Ownership Voucher' poses the risk that some intermediary
supply chain agents may act maliciously and reject the transfer of ownership or
sign with a wrong key. Furthermore, the deliberate use of the weak elliptic
curve SECP256r1/SECP384r1 (also known as NIST P-256/384) in the specification
raises questions. We introduce ASOP: a sovereign and secure device onboarding
protocol for IoT devices without blindly trusting the device manufacturer,
supply chain, and cloud service provider. The ASOP protocol allows onboarding
an IoT device to a cloud server with the help of an authenticator owned by the
user. This paper outlines the preliminary development of the protocol and its
high-level description. Our `zero-trust' and `human-in-the-loop' approach
guarantees that the device owner does not remain at the mercy of third-party
infrastructures, and it utilises recently standardized post-quantum
cryptographic suite (CRYSTALS) to secure connection and messages.
更多查看译文
关键词
Application-layer onboarding,Device onboarding,FIDO Specification,CRYSTALS,Post Quantum Cryptography
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要