| dc.description.abstract | The spread of Internet of Things (IoT) systems, based on the introduction
of constrained devices into physical objects, has required particular efforts
to improve security, privacy and simplicity of such systems. The goal of
this work is to find secure and user-friendly ways for the commissioning
and bootstrapping of constrained devices, working with Bluetooth Low
Energy (BLE) as the main wireless communication technology. An
important assumption for future constrained devices is the absence of
input/output interfaces like keyboards and displays. That represents the
real challenge which makes the traditional security mechanisms unfeasible.
At first, an analysis of some products from the current generation of
IoT systems has shown a lack in term of security or simplicity. Starting
from these results this work defines the security requirements to ensure
authentication and confidentiality/integrity for the information exchanged.
Then it presents some user-friendly solutions to initiate such devices based
on the security requirements defined. These solutions require only few
interactions and knowledge for the final users.
After a study of the security features offered by BLE and defined the
user-friendliness level required, scenarios that combine BLE and NFC
technologies seem to be the best solutions. NFC can be used as the Out-of-
Band (OOB) channel for BLE pairing method, providing authentication
and limiting the risk of Man In The Middle (MITM) attacks and passive
eavesdropping. This combination also increase the simplicity and avoid
typical authentication techniques like passkey insertion. The conjunction
BLE-NFC can be easily managed to produce several solutions for different
scenarios. Scenario with movable devices represents the easiest solution.
Instead, fixed targets require support devices, like smartphone or tablet,
to reach the goal. However, both are based on the same principles.
The presented solutions aim to be considered for the next generation
of IoT systems, increasing security and user-friendly level. Current and
near future chips combine BLE and NFC in a unique product which make
the solutions low cost and easy to implement. | |
