Baseline functionality for security and control of commodity IoT devices and domain-controlled device lifecycle management
This addresses the need for secure and efficient device management in IoT environments, but it is incremental as it builds on existing key management concepts without introducing a new paradigm.
The paper tackles the security and management challenges of commodity IoT devices by proposing a framework architecture and protocols for key management, device onboarding, and lifecycle control to enable domain owners to oversee large-scale, multi-vendor deployments.
The emerging Internet of Things (IoT) drastically increases the number of connected devices in homes, workplaces and smart city infrastructures. This drives a need for means to not only ensure confidentiality of device-related communications, but for device configuration and management---ensuring that only legitimate devices are granted privileges to a local domain, that only authorized agents have access to the device and data it holds, and that software updates are authentic. The need to support device on-boarding, ongoing device management and control, and secure decommissioning dictates a suite of key management services for both access control to devices, and access by devices to wireless infrastructure and networked resources. We identify this core functionality, and argue for the recognition of efficient and reliable key management support---both within IoT devices, and by a unifying external management platform---as a baseline requirement for an IoT world. We present a framework architecture to facilitate secure, flexible and convenient device management in commodity IoT scenarios, and offer an illustrative set of protocols as a base solution---not to promote specific solution details, but to highlight baseline functionality to help domain owners oversee deployments of large numbers of independent multi-vendor IoT devices.