Garcia-Carrillo Dan, Marin-Lopez Rafael
Department Information and Communication Engineering (DIIC), Faculty of Computer Science, University of Murcia, Murcia 30100, Spain.
Sensors (Basel). 2016 Mar 11;16(3):358. doi: 10.3390/s16030358.
The Internet of Things (IoT) is becoming increasingly important in several fields of industrial applications and personal applications, such as medical e-health, smart cities, etc. The research into protocols and security aspects related to this area is continuously advancing in making these networks more reliable and secure, taking into account these aspects by design. Bootstrapping is a procedure by which a user obtains key material and configuration information, among other parameters, to operate as an authenticated party in a security domain. Until now solutions have focused on re-using security protocols that were not developed for IoT constraints. For this reason, in this work we propose a design and implementation of a lightweight bootstrapping service for IoT networks that leverages one of the application protocols used in IoT : Constrained Application Protocol (CoAP). Additionally, in order to provide flexibility, scalability, support for large scale deployment, accountability and identity federation, our design uses technologies such as the Extensible Authentication Protocol (EAP) and Authentication Authorization and Accounting (AAA). We have named this service CoAP-EAP. First, we review the state of the art in the field of bootstrapping and specifically for IoT. Second, we detail the bootstrapping service: the architecture with entities and interfaces and the flow operation. Third, we obtain performance measurements of CoAP-EAP (bootstrapping time, memory footprint, message processing time, message length and energy consumption) and compare them with PANATIKI. The most significant and constrained representative of the bootstrapping solutions related with CoAP-EAP. As we will show, our solution provides significant improvements, mainly due to an important reduction of the message length.
物联网(IoT)在工业应用和个人应用的多个领域正变得越来越重要,比如医疗电子健康、智能城市等。针对该领域相关协议和安全方面的研究在不断推进,旨在通过设计时考虑这些方面,使这些网络更可靠、更安全。引导程序是一种用户获取密钥材料、配置信息及其他参数的过程,以便在安全域中作为经过身份验证的一方进行操作。到目前为止,解决方案主要集中在重新使用那些并非针对物联网限制而开发的安全协议。因此,在这项工作中,我们提出了一种为物联网网络设计并实现的轻量级引导服务,该服务利用了物联网中使用的一种应用协议:受限应用协议(CoAP)。此外,为了提供灵活性、可扩展性、支持大规模部署、可问责性和身份联合,我们的设计采用了诸如可扩展身份验证协议(EAP)和认证授权与计费(AAA)等技术。我们将此服务命名为CoAP-EAP。首先,我们回顾引导程序领域的现状,特别是针对物联网的现状。其次,我们详细介绍引导服务:具有实体和接口的架构以及流程操作。第三,我们获取CoAP-EAP的性能测量结果(引导时间、内存占用、消息处理时间、消息长度和能耗),并将它们与PANATIKI进行比较。PANATIKI是与CoAP-EAP相关的引导程序解决方案中最具代表性且受限的。正如我们将展示的,我们的解决方案有显著改进,主要是由于消息长度大幅减少。
