options
search icon
email icon
ES
rrss gif icons
twitter icon
linkedin icon youtube icon
shape

Application Layer Key Establishment for End-to-End Security in IoT

Salvador Pérez, José L. Hernández Ramos, Shahid Raza, Antonio Skarmeta

IEEE Internet of Things Journal


03/03/2020

In most Internet of Things (IoT) deployments, intermediate entities are usually employed for efficiency and scalability reasons. These intermediate proxies break end-to-end security when using even the state-of-the-art transport layer security (TLS) solutions. In this direction, the recent object security for constrained RESTful environments (OSCORE) has been standardized to enable end-to-end security even in the presence of malicious proxies. In this article, we focus on the key establishment process based on application-layer techniques. In particular, we evaluate the ephemeral Diffie-Hellman over COSE (EDHOC), the de facto key establishment protocol for OSCORE. Based on EDHOC, we propose CompactEDHOC, as a lightweight alternative, in which negotiation of security parameters is extracted from the core protocol. In addition to providing end-to-end security properties, we perform extensive evaluation using real IoT hardware and simulation tools. Our evaluation results prove EDHOC-based proposals as an effective and efficient approach for the establishment of a security association in IoT-constrained scenarios.

DOI / link

close overlay