News‎ > ‎

IETF Draft Update on Two-way Authentication for IoT

posted Jul 2, 2015, 2:04 AM by Corinna Schmitt
UZH is active in IETF standardization in Working Group ACE (Authentication and Authorization for Constrained Environments) as part of the external liaison with the EU project FLAMINGO. The currently active IETF draft "Two-way Authentication for IoT" (draft-schmitt-ace-twowayauth-for-iot-02) was updated on June 30, 2015. The update includes handshake description for constrained devices of class 1 and hardware requirements.

In this draft a full two-way authentication security scheme for the Internet of Things (IoT) based on existing Internet standards and protocols is introduced. The solution is twofold providing a two-way authentication for resource-rich hardware (e.g., class 2 devices with ~50 KiB RAM and ~250 KiB ROM [RFC7228]) and for devices with less resources (e.g., class 1 devices with ~10 KiB RAM and ~100 KiB ROM [RFC7228]). By relying on an established standard, existing implementations, engineering techniques, and security infrastructure can be reused, which enables an easy security uptake. The proposed security scheme for resource-rich devices is, therefore, based on RSA, the most widely used public key cryptography algorithm. It is designed to work over standard communication stacks that offer UDP/ IPv6 networking for Low power Wireless Personal Area Networks (6LoWPANs). RSA is a bulky solution at the moment but shows that it is possible using it on constraint devices for security purposes. An optimization is the usage of elliptic curve cryptography (ECC) as assumed for devices with less resources.

C.Schmitt, M. Noack, B.Stiller: Two-way Authentication for IoT, IETF Internet Draft, Standards Track, ACE, Version 02, draft-schmitt-ace-twowayauth-for-iot-02, June 2015