Delegated Device Attestation for IoT

Jukka Julku; Jani Suomalainen; Markku Kylänpää

doi:10.1109/IOTSMS53705.2021.9704959

Delegated Device Attestation for IoT

BA6403 Advanced cybersecurity and cryptography

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

6 Citations (Scopus)

Abstract

Cybersecurity and trustworthiness of IoT devices are becoming more and more vital. Device attestation is one approach to increase trust through measured evidence of a device’s software integrity. However, the lack of integration to different services still limits the adoption of device attestation in the IoT world. This paper describes integration of Device Identity Composition Engine (DICE) -based device attestation with delegated identity and access management. We present device attestation extensions to two existing authorization flows of the widely used OAuth 2.0 framework. These extensions do not alter the original flows, but they do include attestation evidence and result within the original message content, simplifying integration to existing systems. In addition, we describe our prototype implementation of the solution and present early performance results measured using a physical IoT device. Furthermore, we discuss the benefits and challenges of the approach. The goal of this work is to ease the adoption of device attestation by simplifying integration to existing IoT systems.

Original language	English
Title of host publication	2021 8th International Conference on Internet of Things
Subtitle of host publication	Systems, Management and Security, IOTSMS 2021
Editors	Jaime Mauri Lauret, Mohamed Abdel-Maguid, Yaser Jararweh, Elhadj Benkhelifa
Publisher	IEEE Institute of Electrical and Electronic Engineers
Pages	1-8
Number of pages	8
ISBN (Electronic)	9781665458689
ISBN (Print)	978-1-6654-5869-6
DOIs	https://doi.org/10.1109/IOTSMS53705.2021.9704959
Publication status	Published - 2021
MoE publication type	A4 Article in a conference publication
Event	8th International Conference on Internet of Things: Systems, Management and Security, IOTSMS: Online - Virtual, Gandia, Spain Duration: 6 Dec 2021 → 9 Dec 2021

Conference

Conference	8th International Conference on Internet of Things: Systems, Management and Security, IOTSMS
Country/Territory	Spain
City	Gandia
Period	6/12/21 → 9/12/21

Keywords

Access Control
Cybersecurity
Identity Management
IoT
OAuth 2.0.
Remote Attestation

Access to Document

10.1109/IOTSMS53705.2021.9704959

Cite this

Julku, J., Suomalainen, J., & Kylänpää, M. (2021). Delegated Device Attestation for IoT. In J. M. Lauret, M. Abdel-Maguid, Y. Jararweh, & E. Benkhelifa (Eds.), 2021 8th International Conference on Internet of Things: Systems, Management and Security, IOTSMS 2021 (pp. 1-8). Article 9704959 IEEE Institute of Electrical and Electronic Engineers. https://doi.org/10.1109/IOTSMS53705.2021.9704959

@inproceedings{bb3e5d19c74748f3a695c060e0c4324d,

title = "Delegated Device Attestation for IoT",

abstract = "Cybersecurity and trustworthiness of IoT devices are becoming more and more vital. Device attestation is one approach to increase trust through measured evidence of a device{\textquoteright}s software integrity. However, the lack of integration to different services still limits the adoption of device attestation in the IoT world. This paper describes integration of Device Identity Composition Engine (DICE) -based device attestation with delegated identity and access management. We present device attestation extensions to two existing authorization flows of the widely used OAuth 2.0 framework. These extensions do not alter the original flows, but they do include attestation evidence and result within the original message content, simplifying integration to existing systems. In addition, we describe our prototype implementation of the solution and present early performance results measured using a physical IoT device. Furthermore, we discuss the benefits and challenges of the approach. The goal of this work is to ease the adoption of device attestation by simplifying integration to existing IoT systems.",

keywords = "Access Control, Cybersecurity, Identity Management, IoT, OAuth 2.0., Remote Attestation",

author = "Jukka Julku and Jani Suomalainen and Markku Kyl{\"a}np{\"a}{\"a}",

note = "Funding Information: This work was supported by the Business Finland and the consortium partners of the PRIORITY project. Publisher Copyright: {\textcopyright} 2021 IEEE.; 8th International Conference on Internet of Things: Systems, Management and Security, IOTSMS : Online ; Conference date: 06-12-2021 Through 09-12-2021",

year = "2021",

doi = "10.1109/IOTSMS53705.2021.9704959",

language = "English",

isbn = "978-1-6654-5869-6",

pages = "1--8",

editor = "Lauret, \{Jaime Mauri\} and Mohamed Abdel-Maguid and Yaser Jararweh and Elhadj Benkhelifa",

booktitle = "2021 8th International Conference on Internet of Things",

publisher = "IEEE Institute of Electrical and Electronic Engineers",

address = "United States",

}

Julku, J, Suomalainen, J & Kylänpää, M 2021, Delegated Device Attestation for IoT. in JM Lauret, M Abdel-Maguid, Y Jararweh & E Benkhelifa (eds), 2021 8th International Conference on Internet of Things: Systems, Management and Security, IOTSMS 2021., 9704959, IEEE Institute of Electrical and Electronic Engineers, pp. 1-8, 8th International Conference on Internet of Things: Systems, Management and Security, IOTSMS, Gandia, Spain, 6/12/21. https://doi.org/10.1109/IOTSMS53705.2021.9704959

Delegated Device Attestation for IoT. / Julku, Jukka; Suomalainen, Jani ; Kylänpää, Markku.
2021 8th International Conference on Internet of Things: Systems, Management and Security, IOTSMS 2021. ed. / Jaime Mauri Lauret; Mohamed Abdel-Maguid; Yaser Jararweh; Elhadj Benkhelifa. IEEE Institute of Electrical and Electronic Engineers, 2021. p. 1-8 9704959.

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Delegated Device Attestation for IoT

AU - Julku, Jukka

AU - Suomalainen, Jani

AU - Kylänpää, Markku

PY - 2021

Y1 - 2021

N2 - Cybersecurity and trustworthiness of IoT devices are becoming more and more vital. Device attestation is one approach to increase trust through measured evidence of a device’s software integrity. However, the lack of integration to different services still limits the adoption of device attestation in the IoT world. This paper describes integration of Device Identity Composition Engine (DICE) -based device attestation with delegated identity and access management. We present device attestation extensions to two existing authorization flows of the widely used OAuth 2.0 framework. These extensions do not alter the original flows, but they do include attestation evidence and result within the original message content, simplifying integration to existing systems. In addition, we describe our prototype implementation of the solution and present early performance results measured using a physical IoT device. Furthermore, we discuss the benefits and challenges of the approach. The goal of this work is to ease the adoption of device attestation by simplifying integration to existing IoT systems.

AB - Cybersecurity and trustworthiness of IoT devices are becoming more and more vital. Device attestation is one approach to increase trust through measured evidence of a device’s software integrity. However, the lack of integration to different services still limits the adoption of device attestation in the IoT world. This paper describes integration of Device Identity Composition Engine (DICE) -based device attestation with delegated identity and access management. We present device attestation extensions to two existing authorization flows of the widely used OAuth 2.0 framework. These extensions do not alter the original flows, but they do include attestation evidence and result within the original message content, simplifying integration to existing systems. In addition, we describe our prototype implementation of the solution and present early performance results measured using a physical IoT device. Furthermore, we discuss the benefits and challenges of the approach. The goal of this work is to ease the adoption of device attestation by simplifying integration to existing IoT systems.

KW - Access Control

KW - Cybersecurity

KW - Identity Management

KW - IoT

KW - OAuth 2.0.

KW - Remote Attestation

UR - https://www.scopus.com/pages/publications/85125631805

U2 - 10.1109/IOTSMS53705.2021.9704959

DO - 10.1109/IOTSMS53705.2021.9704959

M3 - Conference article in proceedings

SN - 978-1-6654-5869-6

SP - 1

EP - 8

BT - 2021 8th International Conference on Internet of Things

A2 - Lauret, Jaime Mauri

A2 - Abdel-Maguid, Mohamed

A2 - Jararweh, Yaser

A2 - Benkhelifa, Elhadj

PB - IEEE Institute of Electrical and Electronic Engineers

T2 - 8th International Conference on Internet of Things: Systems, Management and Security, IOTSMS

Y2 - 6 December 2021 through 9 December 2021

ER -

Delegated Device Attestation for IoT

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Security-Driven Prioritization for Tactical Mobile Networks

Cite this