Tobias Markmann: Federated Authentication in the IoT

Secure Federated Authentication in a Constrained Internet of Things
  • When Jun 24, 2015 from 04:30 PM to 05:30 PM (CET / UTC200)
  • Where R 460
  • Contact Name
  • Add event to calendar iCal

The Internet of Things is growing rapidly. However, security and privacy are rarely high priority in IoT deployments and developers frequently take a traditional PKI-based security approach, as known from the WWW. This talk presents a security proposal for federated authentication of constrained IoT devices based on Identity-based Cryptography (IBC) and Elliptic Curve Cryptography (ECC). The proposed architecture and protocols are designed to authenticate IPv6 devices inside and between routed networks over the Internet without a third party of common  trust. Devices of different networks are authenticated using their own maintained security infrastructure, which is securely bound to their network prefix. The work of obtaining and verifying each network security infrastructure can be offloaded to less constrained border gateways that connect low power wireless devices to the global Internet. Finally, we discuss solutions to key management problems like key revocation and renewal in our ID-based architecture.