TY - GEN
T1 - The Cost of OSCORE and EDHOC for Constrained Devices
AU - Hristozov, Stefan
AU - Huber, Manuel
AU - Xu, Lei
AU - Fietz, Jaro
AU - Liess, Marco
AU - Sigl, Georg
N1 - Publisher Copyright:
© 2021 ACM.
PY - 2021/4/26
Y1 - 2021/4/26
N2 - Many modern IoT applications rely on the Constrained Application Protocol (CoAP). Recently, the Internet Engineering Task Force (IETF) proposed two novel protocols for securing it. These are: 1) Object Security for Constrained RESTful Environments (OSCORE) providing authenticated encryption for the CoAP's payload data and 2) Ephemeral Diffie-Hellman Over COSE (EDHOC) providing the symmetric session keys required for OSCORE. In this paper, we present the design of four firmware libraries for these protocols which are especially targeted for constrained microcontrollers and their detailed evaluation. More precisely, we present the design of uOSCORE and μEDHOC libraries for regular microcontrollers and μOSCORE-TEE and μEDHOC-TEE libraries for microcontrollers with a Trusted Execution Environment (TEE), such as microcontrollers featuring ARM TrustZone-M. Our firmware design for the latter class of devices concerns the fact that attackers may exploit common software vulnerabilities, e.g., buffer overflows in the protocol logic, OS or application to compromise the protocol security. We present an evaluation of our implementations in terms of RAM/FLASH requirements and execution speed on a broad range of microcontrollers. Our implementations are available as open-source software.
AB - Many modern IoT applications rely on the Constrained Application Protocol (CoAP). Recently, the Internet Engineering Task Force (IETF) proposed two novel protocols for securing it. These are: 1) Object Security for Constrained RESTful Environments (OSCORE) providing authenticated encryption for the CoAP's payload data and 2) Ephemeral Diffie-Hellman Over COSE (EDHOC) providing the symmetric session keys required for OSCORE. In this paper, we present the design of four firmware libraries for these protocols which are especially targeted for constrained microcontrollers and their detailed evaluation. More precisely, we present the design of uOSCORE and μEDHOC libraries for regular microcontrollers and μOSCORE-TEE and μEDHOC-TEE libraries for microcontrollers with a Trusted Execution Environment (TEE), such as microcontrollers featuring ARM TrustZone-M. Our firmware design for the latter class of devices concerns the fact that attackers may exploit common software vulnerabilities, e.g., buffer overflows in the protocol logic, OS or application to compromise the protocol security. We present an evaluation of our implementations in terms of RAM/FLASH requirements and execution speed on a broad range of microcontrollers. Our implementations are available as open-source software.
KW - coap security
KW - edhoc
KW - ietf
KW - iot
KW - oscore
UR - http://www.scopus.com/inward/record.url?scp=85104995782&partnerID=8YFLogxK
U2 - 10.1145/3422337.3447834
DO - 10.1145/3422337.3447834
M3 - Conference contribution
AN - SCOPUS:85104995782
T3 - CODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy
SP - 245
EP - 250
BT - CODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy
PB - Association for Computing Machinery, Inc
T2 - 11th ACM Conference on Data and Application Security and Privacy, CODASPY 2021
Y2 - 26 April 2021 through 28 April 2021
ER -