Resource-aware Security Configuration for Constrained IoT Devices

The Internet of Things (IoT) is the enabler for new innovations in several domains. It allows the connection of digital services with entities in the physical world. These entities are devices of different sizes ranging from large machinery to tiny sensors. In the latter case, devices are typically characterized by limited resources in terms of computational power, available memory and sometimes limited power supply. As a consequence, the use of security algorithms requires of them to work within the limited resources. This means to find a suitable implementation and configuration for a security algorithm, that performs properly on the device, which may become a challenging task. On the other side, there is the desire to protect valuable assets as strong as possible. Usually, security goals are recorded in security policies, but they do not consider resource availability on the involved device and its power consumption while executing security algorithms. This paper presents an IoT security configuration tool that helps the designer of an IoT environment to experiment with the trade-offs between maximizing security and extending the lifetime of a resource constrained IoT device. The tool is controlled with high-level description of security goals in the form of policies. It allows the designer to validate various (security) configurations for a single IoT device up to a large sensor network.