Authors:
Sairath Bhattacharjya
1
;
2
and
Hossein Saiedian
1
;
2
Affiliations:
1
Electrical Engineering & Computer Science, The University of Kansas, Lawrence, Kansas, U.S.A.
;
2
Information & Telecommunication Technology Center, The University of Kansas, Lawrence, Kansas, U.S.A.
Keyword(s):
IoT, Security, Zero-trust, Key Generation, Plug-and-Play, Elliptic Curve Cryptography (ECC), Zero Interaction Pairing (ZIP), Zero-Interaction Authentication (ZIA), Communication.
Abstract:
IoT devices are already in the process of becoming an essential part of our everyday lives. These devices specialize in performing a single operation efficiently. To maintain the privacy of user data, securing communication with these devices is essential. The plug-pair-play (P3) connection model uses the ZIP (zero interaction pairing) technique to set up a secured key for every pair of user and device so that the user doesn’t have to remember a complicated password. The command execution model provides an authentication mechanism for every transaction. Routing the transactions through the gateway allows for auditing, providing a zero-trust environment. The zero-trust (ZT) model described in this paper addresses confidentiality, integrity, and authentication triad of cybersecurity while ensuring that the interactions with these devices are seamless. The architecture described in this article makes security a backbone. The model described in this paper provides an end-to-end framework
to secure the communication with these smart devices in a cloud-based architecture respecting the resource limitation of these devices. A novel simplified framework to secure IoT communication.
(More)