PION: Password-based IoT Onboarding Over Named Data Networking

While the IoT market continues to grow, securing IoT systems remains a challenge as successful cyberattacks keep escalating. Named Data Networking (NDN) offers a number of advantages over traditional IP-based communications and is considered a promising candidate to revolutionize the IoT space, thanks to its improved scalability and built-in security features. A cornerstone of any NDN IoT network is the onboarding protocol, whose main goal is to bootstrap the cryptographic keys and trust relationships necessary for a newly joining device to securely communicate with the rest of the network. Though several such protocols have been proposed, none so far combines strong security guarantees with ease of use on IoT devices that have highly constrained input/output interfaces. In this paper we introduce a novel password-based onboarding protocol to address this need. In addition to discussing its design, we produce a formalization of the protocol and verify its security properties using an automated analyzer. Finally, we present the results of benchmarking carried out on a proof-of-concept implementation that demonstrates the feasibility of our approach.