Delegated Device Attestation for IoT

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

2 Citations (Scopus)


Cybersecurity and trustworthiness of IoT devices are becoming more and more vital. Device attestation is one approach to increase trust through measured evidence of a device’s software integrity. However, the lack of integration to different services still limits the adoption of device attestation in the IoT world. This paper describes integration of Device Identity Composition Engine (DICE) -based device attestation with delegated identity and access management. We present device attestation extensions to two existing authorization flows of the widely used OAuth 2.0 framework. These extensions do not alter the original flows, but they do include attestation evidence and result within the original message content, simplifying integration to existing systems. In addition, we describe our prototype implementation of the solution and present early performance results measured using a physical IoT device. Furthermore, we discuss the benefits and challenges of the approach. The goal of this work is to ease the adoption of device attestation by simplifying integration to existing IoT systems.
Original languageEnglish
Title of host publication2021 8th International Conference on Internet of Things
Subtitle of host publicationSystems, Management and Security, IOTSMS 2021
EditorsJaime Mauri Lauret, Mohamed Abdel-Maguid, Yaser Jararweh, Elhadj Benkhelifa
PublisherIEEE Institute of Electrical and Electronic Engineers
Number of pages8
ISBN (Electronic)9781665458689
ISBN (Print)978-1-6654-5869-6
Publication statusPublished - 2021
MoE publication typeA4 Article in a conference publication
Event8th International Conference on Internet of Things: Systems, Management and Security, IOTSMS: Online - Virtual, Gandia, Spain
Duration: 6 Dec 20219 Dec 2021


Conference8th International Conference on Internet of Things: Systems, Management and Security, IOTSMS


  • Access Control
  • Cybersecurity
  • Identity Management
  • IoT
  • OAuth 2.0.
  • Remote Attestation


Dive into the research topics of 'Delegated Device Attestation for IoT'. Together they form a unique fingerprint.

Cite this