Łeska Sebastian, Furtak Janusz
Faculty of Cybernetics, Military University of Technology, 00-908 Warsaw, Poland.
Sensors (Basel). 2025 Jun 22;25(13):3881. doi: 10.3390/s25133881.
IoT devices typically have limited memory resources and computing power. For this reason, it is often not possible to use the authentication and trusted environment mechanisms commonly used on the Internet. Due to the autonomous operation of IoT devices, solutions that require user interaction should be excluded. Additionally, due to the limited capabilities of IoT devices, mechanisms performing complex cryptographic operations are also not always recommended. This paper proposes a set of mechanisms for building a trusted IoT environment using a hardware TPM 2.0 module. The developed set includes procedures for securely registering nodes in the network, which are designed for use in an untrusted and uncontrolled environment. The authors also proposed a protocol for device authentication using PCR registries supported by the TPM based on the Proof of Knowledge concept. Using a direct method, the solution also involves implementing a symmetric key distribution protocol based on the KTC (Key Translation Centre) scheme. The developed procedures can be used in networks where nodes have limited memory resources and low computing power. The communication interface used in the developed demonstrator is LoRa (Long Range), for which a proprietary method of identifying network devices has been proposed to ensure the confidentiality of the communicating parties' identities.
物联网设备通常具有有限的内存资源和计算能力。因此,通常无法使用互联网上常用的认证和可信环境机制。由于物联网设备的自主运行,需要用户交互的解决方案应被排除。此外,由于物联网设备的能力有限,执行复杂加密操作的机制也并非总是被推荐。本文提出了一套使用硬件TPM 2.0模块构建可信物联网环境的机制。所开发的这套机制包括在网络中安全注册节点的程序,这些程序设计用于不可信和不受控制的环境。作者还基于知识证明概念提出了一种使用TPM支持的PCR注册表进行设备认证的协议。通过直接方法,该解决方案还涉及基于KTC(密钥转换中心)方案实现对称密钥分发协议。所开发的程序可用于节点内存资源有限且计算能力较低的网络。所开发的演示器中使用的通信接口是LoRa(长距离),针对该接口提出了一种专有方法来识别网络设备,以确保通信双方身份的保密性。
