End-to-end transport-layer security for Internet-integrated sensing applications with mutual and delegated ECC public-key authentication

The Internet of Things (IoT) describes a vision of a future Internet where constrained sensing and actuating devices are part of distributed applications and required to support standard Internet communications with more powerful devices or Internet hosts. This vision will require appropriate end-to-end communications and security mechanisms that are well suited to the constraints and characteristics of sensing devices and applications, while being able to support standard Internet communication mechanisms. With this motivation in mind, we propose an architecture supporting low-power end-to-end transport-layer secure communications with mutual authentication using ECC public-key cryptography for Internet-integrated sensing applications. The proposed architecture promotes the availability of critical resources on constrained sensing platforms and security against Internet-originated threats, while providing full compatibility with current standardization proposals. Those are fundamental enabling factors of most of the sensing applications envisioned for the IoT and, as far as we known, ours is the first architecture implemented and experimentally evaluated with such goals.