The Cost of OSCORE and EDHOC for Constrained Devices

Stefan Hristozov, Manuel Huber, Lei Xu, Jaro Fietz, Marco Liess, Georg Sigl

Publikation: Beitrag in Buch/Bericht/KonferenzbandKonferenzbeitragBegutachtung

6 Zitate (Scopus)

Abstract

Many modern IoT applications rely on the Constrained Application Protocol (CoAP). Recently, the Internet Engineering Task Force (IETF) proposed two novel protocols for securing it. These are: 1) Object Security for Constrained RESTful Environments (OSCORE) providing authenticated encryption for the CoAP's payload data and 2) Ephemeral Diffie-Hellman Over COSE (EDHOC) providing the symmetric session keys required for OSCORE. In this paper, we present the design of four firmware libraries for these protocols which are especially targeted for constrained microcontrollers and their detailed evaluation. More precisely, we present the design of uOSCORE and μEDHOC libraries for regular microcontrollers and μOSCORE-TEE and μEDHOC-TEE libraries for microcontrollers with a Trusted Execution Environment (TEE), such as microcontrollers featuring ARM TrustZone-M. Our firmware design for the latter class of devices concerns the fact that attackers may exploit common software vulnerabilities, e.g., buffer overflows in the protocol logic, OS or application to compromise the protocol security. We present an evaluation of our implementations in terms of RAM/FLASH requirements and execution speed on a broad range of microcontrollers. Our implementations are available as open-source software.

OriginalspracheEnglisch
TitelCODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy
Herausgeber (Verlag)Association for Computing Machinery, Inc
Seiten245-250
Seitenumfang6
ISBN (elektronisch)9781450381437
DOIs
PublikationsstatusVeröffentlicht - 26 Apr. 2021
Veranstaltung11th ACM Conference on Data and Application Security and Privacy, CODASPY 2021 - Virtual, Online, USA/Vereinigte Staaten
Dauer: 26 Apr. 202128 Apr. 2021

Publikationsreihe

NameCODASPY 2021 - Proceedings of the 11th ACM Conference on Data and Application Security and Privacy

Konferenz

Konferenz11th ACM Conference on Data and Application Security and Privacy, CODASPY 2021
Land/GebietUSA/Vereinigte Staaten
OrtVirtual, Online
Zeitraum26/04/2128/04/21

Fingerprint

Untersuchen Sie die Forschungsthemen von „The Cost of OSCORE and EDHOC for Constrained Devices“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren