Application Layer Security for the Internet of Things
The Internet of Things (IoT) consists of a large variety of connected devices in diverse deployment settings, with devices ranging from relatively powerful to very constrained in terms of processing data rates, memory, power, bandwidth, etc. The safety and security of the IoT has a tremendous impact on our society, and remains a challenge. In particular, the IoT inherits the combined security challenges of embedded devices and of the Internet. While existing security protocols and mechanisms are suitable for powerful Internet-connected devices such as mobile phones, more constrained devices and networks require solutions adapted to their capabilities, and although deployments may be very different many security requirements are common: secure onboarding of new devices in a network, mutual authentication of network nodes, encrypted and integrity protected communication, secure group communication, and protection against unauthorized access. This talk will explore IoT security challenges, as well as application layer security protocols standards suitable for the IoT and their development in the IETF. The application layer security protocol suite provides an attractive solution for protecting IoT deployments thanks to, for example, its end-to-end secure protection of RESTful interactions, its independence of transport mechanisms, its applicability to multicast and its lightweight operations.
Francesca Palombini joined Ericsson Research in 2015. Currently, she is working as Experienced Researcher in the Security department at Ericsson Research in Stockholm, Sweden, where she is involved in developing and standardizing security protocols for IoT in the IETF standardization body. She has a background in embedded systems and software, and she holds a Master of Science in Information and Communication Technology engineering from KTH, Stockholm, Sweden, and a Master of Science in Embedded Systems and Software from Grenoble INP–ENSIMAG, Grenoble, France.