Secure IoT Device Commissioning
|Date||18. February 2020|
|Topic||Secure IoT Device Commissioning|
|Title||Secure IoT Device Commissioning|
|Abstract||Internet of Things (IoT) solutions are being applied in many fields such as smart home, healthcare and manufacturing. These networks often handle sensitive data which require a strong level of security. However, the commissioning of new devices could often already be easily exploited by an adversary. A successful attack would not only affect a single device but a whole network. Besides that, the commissioning requires a solution which is not only secure, but also complies with the limitations of IoT devices. Since the devices often lack interfaces like a display, the network credentials need to be transmitted over a wireless interface. A desirable solution is one which allows to use existing hardware to make it applicable on a wide range of devices.
This thesis introduces a new commissioning protocol, which aims at being lightweight, secure and without a need for additional hardware. The majority of IoT devices is supplied with a Light Emitting Diode (LED), which can serve for creating an auxiliary channel to communicate unsecured data. The developed protocol utilizes the LED to transmit a self-generated key. This key is captured by the user’s smartphone camera and used for encrypting the network credentials. In that way, the information can be shared with the target device without making them accessible to an adversary.
Experiments on a prototype show that the commissioning protocol has a low memory foot- print and can therefore be used in highly constrained environments. Apart from that, it is evaluated that the transfer of the encryption key via light satisfies the demand of a fast setup. Furthermore it is analysed how an attacker may try to get hold of the network cre- dentials or prevent the commissioning. The evaluation shows that the protocol succeeds in providing a secure communication between the two previously unknown parties by making use of existing hardware.