2015 International Workshop on Secure Internet of Things (SIoT) (2015)
Sept. 21, 2015 to Sept. 25, 2015
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SIOT.2015.8
One core technology for implementing and integrating the architectural principles of REST into the Internet of Things (IoT) is CoAP, a REST-ful application protocol for constrained networks and devices. Since CoAP defaults to UDP as transport protocol, the protection of CoAP-based systems is realised by the adoption of DTLS, a transport-oriented security protocol for datagrams. This is, however, in many cases not a sufficient safeguard, since messages in distributed systems -- as obtained, e.g., by the adoption of REST -- are commonly transported via multiple intermediate components. This induces the need for message-oriented protection means supplementing transport security for IoT scenarios with high security demands.This paper approaches an important part of this requirement by introducing a REST-ful CoAP message authentication scheme. The overarching goal of this work is, though, to establish a message-oriented security layer for CoAP. Here, specific challenges are stemming from the architectural style REST and the resource-restrictiveness of IoT networks and devices. The present contribution reaches this goal for authentication by proposing a REST-ful CoAP message signature generation and verification scheme.
Payloads, Security, Servers, Protocols, Metadata, Standards, Media
H. V. Nguyen and L. L. Iacono, "REST-ful CoAP Message Authentication," 2015 International Workshop on Secure Internet of Things (SIoT)(SIOT), Vienna, Austria, 2015, pp. 35-43.