A CoaP-Based Bootstrapping service for large-scale Internet-of-things networks

Abstract

The Internet of Things (IoT) refers to the interconnection of integrated computing devices in everyday objects through the Internet. These devices known as smart objects have the ability to interact with their environment, providing a series of services that can be used to efficiently manage infrastructures such as smart homes, buildings and smart cities. Due to the ability of intelligent objects to interact with the environment, obtaining information (through sensors) or exercising some type of action (with actuators) it is necessary to provide the necessary measures to protect the communications of these devices. To protect communications there are certain security processes that are considered necessary, such as authentication, authorization and key management. These security processes, present in several use cases such as access to a service, establish secure communication between two devices, etc. They are also part of what is known as bootstrapping. Bootstrapping is the process that forms the basis for an intelligent object to join a network in a secure way and to protect its communications and thus form part of the security domain of the network to which it joins. In this doctoral thesis, we analyze the bootstrapping protocols that are used in IoT, identifying the deficiencies with the aim of proposing a bootstrapping solution that adapts to the characteristics of IoT. The bootstrapping protocols that are currently used in the context of IoT do not take into account the possibility that a device may belong to an organization other than the one that manages the network in which the devices are to be deployed. Other deficiencies found in some current bootstrapping protocols are that they are dependent on the link level, making it impossible to use them in other technologies. In other cases, the solution provided does not take into account the idiosyncrasies of IoT. For these reasons, in this doctoral thesis we designed a bootstrapping service for the Internet of Things, which takes as a starting point the deficiencies found in the current solutions. Through the use of protocols designed and used in IoT as the Constrained Application Protocol (CoAP) we get a light bootstrapping service. Through the use of the Extensible Authentication Protocol (EAP), we can achieve flexible authentication and key management and by using Authentication Authorization and Accounting (AAA) infrastructures we are able to support advanced management features such as identity federation. In this thesis we fulfill three basic objectives. These are: 1) the definition of a bootstrapping service for the Internet of Things. 2) The adaptation of the bootstrapping service for highly restricted networks such as the Low Power Wide Area Networks (LP-WAN) and 3) Support for multi-hop networks. In the latter case, we design three different intermediaries instantiated in a stateless proxy, relay, and proxy that provide the intelligent object with the help necessary to perform the boot-trapping in a muli-hop network environment in which it is not able to reach the entity Be sure to authenticate it by your own means. To achieve the aforementioned objectives, we proceed to the design of the bootstrapping service architecture, in each case, with the design of the protocol flow and implementation of a proof of concept. Each of the contributions is tested or in a simulated network environment (through the sensor network simulator for the operating system Contiki - Cooja). Cooja simulates Low-Rate Wireless Personal Area Networks (LR-WPAN) that use the IEEE 802.15.4 standard. In addition, in the case and in the particular case of LPWAN, proof of concept is tested in a LoRaFabian network, through real deployments. The results and different means such as the time to carry out the bootstrapping, the percentage of successful bootstrapping processes, energy consumption, etc. they are analyzed and compared with the bootstrapping protocol based on EAP that is the current IoT standard, such as PANA.