U2Fi: A Provisioning Scheme of IoT Devices with Universal Cryptographic Tokens
This addresses security and usability issues in IoT device provisioning for users and manufacturers, though it appears incremental as it builds on existing U2F technology.
The paper tackles the problem of secure and user-friendly provisioning for IoT devices by proposing U2Fi, a scheme that uses universal cryptographic tokens (U2F devices) to provision new devices, achieving improved security and ease of use, such as enabling whole authentication migration with a single button press.
Provisioning is the starting point of the whole life-cycle of IoT devices. The traditional provisioning methods of IoT devices are facing several issues, either about user experience or privacy harvesting. Moreover, IoT devices are vulnerable to different levels of attacks due to limited resources and long online duration. In this paper, we proposed U2Fi, a novel provisioning scheme for IoT devices. We provide a solution to make the U2F device that has been trusted by the cloud in the distribution process, via WiFi or its side channel, to provision the new IoT device. Further, subsequent device settings modification, setting update, and owner transfer can also be performed by using a U2F device that has been trusted to improve security and provide a better user experience. This could provide helpful user friendliness to some valuable new application scenarios in IoT, such as smart hotel. Users could migrate the whole authentication of smart devices into a new site by simply inserting the universal cryptographic token into the secure gateway and authorizing by pressing the user-presence button on the token. Besides, the relevant unbinding process could also be done with a single cryptographic operation signed by the cryptographic token.