Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), Vol.9, N°4, December 2018, ISSN: 2093-5374
A powerful world connecting digital and physical environments is promised through the Internet of Things (IoT). However, because of the heterogeneous nature of devices and of the diversity of their provenance, security and privacy vulnerabilities threaten IoT-based implementations. Moreover, constrained resources from devices bring technical challenges, compelling protocols to be as lightweight as possible. To overcome such problems, we propose an efficient solution for identity and data management in IoT. Similarly to Gritti et al.'s approach, a secure bootstrap is first processed to enable a reliable authentication of devices in a local network, and then, a message attestation phase is executed to allow authentication of personal messages of devices. While devices are limited to pre-determined common messages in Gritti et al.'s solution, they can authenticate their own personal messages in our paper. We ensure that our solution is suitable in IoT settings by proving it secure and privacypreserving as well as satisfying operational requirements. In addition, we provide benchmarking results on both the scheme from Gritti et al.'s scheme and our scheme.