Internet of Things: encryption on diet

The Internet Engineering Task Force (IETF) argues about whether a slimmed-down TLS (cTLS) or a completely new protocol for Perfect Forward Secrecy should provide sensors and small nodes. After all, the Internet of Things (IoT) should also communicate in encrypted form.

Because IoT devices are supposed to be economical, the manufacturers usually spend them only on frugal processors and little RAM. Therefore, a cryptographic protocol must conserve resources. Nevertheless, it should also be nimble. After all, what can happen when devices and sensors are hanged on the Internet without good security is now well known through attacks such as the Mirai botnet attack. The IETF has already presented a whole host of building blocks in addition to other standardization groups, including ways for secure software updates in the IoT environment.

With Object Security for Constrained Devices (OSCORE, RFC 8613), the IETF already has an older endpoint encryption specification, such as in COAP environments. COAP, the Constrained Application Protocol, is a small-node web-based transport protocol that is built around IoT's special format, transport, and encryption standards.

OSCORE thus secures the payload of the messages exchanging machines. Headers and metadata are only selectively protected. Currently, the protocol mainly works with pre-distributed keys, said Göran Selander from Ericsson. But even lists of pre-made keys are a popular target, Selander added.

A new protocol should therefore be a Exchange of keys in the style of TLS allow, but be fleet-footed. An important goal for Selander is also to arm the small nodes with Perfect Forward Secrecy (PFS). PFS is designed to protect the traffic of devices that are often left in the field, even after successful attacks or sessions.

The Ericsson developer hired the IETF Ephemeral Diffie-Hellman Over Cose (EDHOC) as a key exchange protocol. "EDHOC delivers an economical exchange of temporary, secure keys, mutual authentication, identity protection and Perfect Forward Secrecy," promises Selander. In addition, EDHOC builds on the IETF protocol suite for IoT. COSE is the signature and encryption standard for CBOR. **

But the TLS community is not beaten so easily. A lot of work and brainwashing has gone into the development of TLS, TLS experts say. In some IoT environments, the DTLS variant that can also be used for UDP is already in use today. The current TLS version 1.3 also provides everything the IoT developers want – with one exception: the cryptographic overhead makes TLS 1.3 too fat for the IoT.

Inspired by the debate over EDHOC, Rescorla is now working on the frugal offshoot compact TLS (cTLS), Rescorla has identified redundant header content that can be erased from TLS 1.3 and suggests using default settings as much as possible – the more defaults the leaner the negotiation phase. Both together, smaller headers and more presets, should bring the desired streamlining. cTLS, according to Rescorla, is ultimately TLS with a better encoding. TLS 1.3 was conceived lavishly.

The emerging Lightweight Authenticated Key Exchange (LAKE) workgroup is now split into two camps. For the time being, she is pursuing both concepts in parallel. On the one hand, many consider sticking with the tried and tested better. On the other hand, the compact version of TLS for
some IoT applications are still too demanding.


. (tagsToTranslate) Internet of Things (t) Networks (t) Key Exchange (t) TLS 1.3 (t) Encryption