1. ZHAW digitalcollection
  2. School of Engineering
  3. Publikationen
  4. Publikationen School of Engineering
Publication type: Conference other
Type of review: Peer review (abstract)
Title: Novel approach to IoT security
Authors: Lorenz, David
Künzli, Simon
Schläpfer, Tobias
et. al: No
Conference details: Embedded Computing Conference (ECC), Winterthur, Switzerland, 6 June 2023
Issue Date: Jun-2023
Language: English
Subject (DDC): 004: Computer science
Abstract: In this talk, we will present a security solution novel to the field of IoT devices. Today's security solutions for IoT, IIoT, and OT applications usually remain static in an ever-changing environment, making applications insecure and vulnerable to ever-growing cyber threats. These static solutions often rely on long-living device certificates, making credential life-cycle management cumbersome. Certificate-based approaches do not provide means of authorization and are not built for the scale of IoT applications. Overall, they weaken the security of not only the IoT devices but also the corporate infrastructure they connect to. Therefore, a more dynamic approach to the security of IoT applications is required. IoThentix, our industrial partner in the project we will present in this talk, proposes an alternative token-based authentication and authorization solution for IoT devices that simplifies the device management process from the provisioning all the way to the end-of-life of a device. The solution tailors the well-established security standard used in the banking industry, OAuth 2.0, to the requirements of IoT applications and makes device certificates obsolete. At the Zurich University of Applied Sciences (ZHAW), we created a reference design on small IoT sensor nodes in collaboration with IoThentix, showcasing the implementation and advantages of the token-based solution for IoT applications. This presentation introduces the concept of an OAuth 2.0 token-based authentication and authorization solution for IoT applications and provides a detailed insight into the reference design resulting from the collaboration. Furthermore, we will discuss the advantages of the new token-based approach compared to traditional certificate-based solutions regarding device management and security. Our presentation closes with appropriate conclusions and raises open questions to tackle in future.
URI: https://digitalcollection.zhaw.ch/handle/11475/31076
Fulltext version: Published version
License (according to publishing contract): Licence according to publishing contract
Departement: School of Engineering
Organisational Unit: Institute of Embedded Systems (InES)
Appears in collections:Publikationen School of Engineering

Files in This Item:
There are no files associated with this item.
Show full item record
Lorenz, D., Künzli, S., & Schläpfer, T. (2023, June). Novel approach to IoT security. Embedded Computing Conference (ECC), Winterthur, Switzerland, 6 June 2023.
Lorenz, D., Künzli, S. and Schläpfer, T. (2023) ‘Novel approach to IoT security’, in Embedded Computing Conference (ECC), Winterthur, Switzerland, 6 June 2023.
D. Lorenz, S. Künzli, and T. Schläpfer, “Novel approach to IoT security,” in Embedded Computing Conference (ECC), Winterthur, Switzerland, 6 June 2023, Jun. 2023.
LORENZ, David, Simon KÜNZLI und Tobias SCHLÄPFER, 2023. Novel approach to IoT security. In: Embedded Computing Conference (ECC), Winterthur, Switzerland, 6 June 2023. Conference presentation. Juni 2023
Lorenz, David, Simon Künzli, and Tobias Schläpfer. 2023. “Novel Approach to IoT Security.” Conference presentation. In Embedded Computing Conference (ECC), Winterthur, Switzerland, 6 June 2023.
Lorenz, David, et al. “Novel Approach to IoT Security.” Embedded Computing Conference (ECC), Winterthur, Switzerland, 6 June 2023, 2023.


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.