Device Identity and Trust in IoT-sphere Forsaking Cryptography

摘要

With the exponential growth of the Internet of Things (IoT) ecosystem there is increasing concern regarding how to ensure its security. This is particularly critical because in this ecosystem a significant number of devices are of very low computational capabilities making them particularly vulnerable to attacks. Moreover, cryptographic techniques that are tradition- ally used for establishing trust in entities through identification and authentication also do not appear to be suitable because of computational requirements as well as scalability issues. We present a new vision for security in this ecosystem that does not rely on cryptographic techniques and yet is able to achieve strong device identity. We also present the outlines of a crypto key less trust ecosystem that can be used to implement fine-grained access control in a pragmatic manner.