TU Darmstadt / ULB / TUprints

ACE of Spades in the IoT Security Game: A Flexible IPsec Security Profile for Access Control

Aragon, Santiago ; Tiloca, Marco ; Maass, Max ; Hollick, Matthias ; Raza, Shahid (2018)
ACE of Spades in the IoT Security Game: A Flexible IPsec Security Profile for Access Control.
In: 2018 IEEE Conference on Communications and Network Security (CNS)
Article, Secondary publication, Postprint

[img]
Preview
Text
main.pdf - Published Version
Copyright Information: In Copyright.

Download (609kB) | Preview
Item Type: Article
Type of entry: Secondary publication
Title: ACE of Spades in the IoT Security Game: A Flexible IPsec Security Profile for Access Control
Language: German
Date: 30 May 2018
Place of Publication: Darmstadt
Publisher: IEEE
Journal or Publication Title: 2018 IEEE Conference on Communications and Network Security (CNS)
Corresponding Links:
Origin: Secondary publication service
Abstract:

The Authentication and Authorization for Constrained Environments (ACE) framework provides fine-grained access control in the Internet of Things, where devices are resource-constrained and with limited connectivity. The ACE framework defines separate profiles to specify how exactly entities interact and what security and communication protocols to use. This paper presents the novel ACE IPsec profile, which specifies how a client establishes a secure IPsec channel with a resource server, contextually using the ACE framework to enforce authorized access to remote resources. The profile makes it possible to establish IPsec Security Associations, either through their direct provisioning or through the standard IKEv2 protocol. We provide the first Open Source implementation of the ACE IPsec profile for the Contiki OS and test it on the resource-constrained Zolertia Firefly platform. Our experimental performance evaluation confirms that the IPsec profile and its operating modes are affordable and deployable also on constrained IoT platforms.

Status: Postprint
URN: urn:nbn:de:tuda-tuprints-76966
Classification DDC: 000 Generalities, computers, information > 004 Computer science
Divisions: 20 Department of Computer Science > Sichere Mobile Netze
DFG-Graduiertenkollegs > Research Training Group 2050 Privacy and Trust for Mobile Users
Date Deposited: 20 Aug 2018 12:24
Last Modified: 13 Dec 2022 11:17
URI: https://tuprints.ulb.tu-darmstadt.de/id/eprint/7696
PPN:
Export:
Actions (login required)
View Item View Item