SCIoT: A Secure and sCalable End-to-End Management Framework for IoT Devices

  • Moreno AmbrosinEmail author
  • Mauro Conti
  • Ahmad Ibrahim
  • Ahmad-Reza Sadeghi
  • Matthias Schunter
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11098)


The Internet of Things (IoT) is connecting billions of smart devices. One of the emerging challenges in the IoT scenario is how to efficiently and securely manage large deployments of devices. This includes sending commands, monitoring status and execution results, updating devices firmware, and interactively resolving problems.

In this paper we propose SCIoT, a Secure and sCalable framework for IoT management. SCIoT guarantees low complexity in terms of communication, storage and computation on both managed devices and the management entity. SCIoT enables secure management of large deployments with a single low-power management device, by leveraging trees of common untrusted intermediate infrastructures. SCIoT brings three technical contributions: (1) a domain-independent management specification by means of extended finite state machines, which specifies states and desired transitions to describe the whole management process; (2) a protocol for securely and efficiently distributing applicable transitions of the automaton corresponding to commands; and (3) a protocol for securely aggregating status responses from the managed nodes using a tree of untrusted nodes. We show feasibility and efficiency of SCIoT by both a proof-of-concept implementation of the client agent on Riot-OS – an operating system for the IoT, and a large scale evaluation, using realistic assumptions. Our thorough evaluation highlights the efficiency of our command distribution protocol, as well as the small (logarithmic) runtime and overhead of data collection.


  1. 1.
    ARM® mbedTLS cryptographic library (2016).
  2. 2.
  3. 3.
    IoT-LAB: a very large scale open testbed (2016).
  4. 4.
    IoT-LAB M3 Open Node (2016).
  5. 5.
    Omnet++ Discrete Event Simulator (2016).
  6. 6.
    Ambrosin, M., Busold, C., Conti, M., Sadeghi, A.-R., Schunter, M.: Updaticator: updating billions of devices by an efficient, scalable and secure software update distribution over untrusted cache-enabled networks. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 76–93. Springer, Cham (2014). Scholar
  7. 7.
    Ambrosin, M., Conti, M., Ibrahim, A., Neven, G., Sadeghi, A.R., Schunter, M.: SANA: secure and scalable aggregate network attestation. In: CCS 2016, pp. 731–742 (2016)Google Scholar
  8. 8.
    Asokan, N., et al.: SEDA: scalable embedded device attestation. In: CCS 2015, pp. 964–975 (2015)Google Scholar
  9. 9.
    Baccelli, E., Hahm, O., Gunes, M., Wahlisch, M., Schmidt, T.C.: RIOT OS: towards an OS for the internet of things. In: INFOCOM WKSHPS 2013, pp. 79–80 (2013)Google Scholar
  10. 10.
    Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the Gap-Diffie-Hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2003). Scholar
  11. 11.
    Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003). Scholar
  12. 12.
    Bonomi, F., Milito, R., Zhu, J., Addepalli, S.: Fog computing and its role in the internet of things. In: MCC 2012, pp. 13–16 (2012)Google Scholar
  13. 13.
    Bormann, C., Ersue, M., Keranen, A.: Terminology for constrained-node networks. Technical report, iETF RFC-7228, May 2014Google Scholar
  14. 14.
    Bormann, C., Shelby, Z.: Block-wise transfers in the constrained application protocol (CoAP). Technical report, iETF RFC-7959, August 2016Google Scholar
  15. 15.
    Burke, J., Gasti, P., Nathan, N., Tsudik, G.: Securing instrumented environments over content-centric networking: the case of lighting control and NDN. In: INFOCOM WKSHPS 2013, pp. 394–398 (2013)Google Scholar
  16. 16.
    Chan, H., Perrig, A., Song, D.: Secure hierarchical in-network aggregation in sensor networks. In: CCS 2006, pp. 278–287 (2006)Google Scholar
  17. 17.
    Cooper, A.: Electric company smart meter deployments: foundation for a smart grid. Technical report, October 2016Google Scholar
  18. 18.
    Dijk, E., Rahman, A., Fossati, T., Loreto, S., Castellani, A.: Internet-draft: guidelines for HTTP-CoAP mapping implementations. Technical report, iETF-draft, November 2016Google Scholar
  19. 19.
    Frikken, K.B., Dougherty IV, J.A.: An efficient integrity-preserving scheme for hierarchical sensor aggregation. In: WiSec 2008, pp. 68–76 (2008)Google Scholar
  20. 20.
    Garcia Lopez, P., et al.: Edge-centric computing: vision and challenges. ACM SIGCOMM Comput. Commun. Rev. 45(5), 37–42 (2015)CrossRefGoogle Scholar
  21. 21.
    Hahm, O., Baccelli, E., Petersen, H., Tsiftes, N.: Operating systems for low-end devices in the internet of things: a survey. IEEE Internet Things J. 3(5), 720–734 (2016)CrossRefGoogle Scholar
  22. 22.
    Hong, K., Lillethun, D., Ramachandran, U., Ottenwälder, B., Koldehofe, B.: Mobile fog: a programming model for large-scale applications on the internet of things. In: MCC 2013, pp. 15–20 (2013)Google Scholar
  23. 23.
    Jacobson, V., Smetters, D.K., Thornton, J.D., Plass, M.F., Briggs, N.H., Braynard, R.L.: Networking named content. In: CoNEXT 2009, pp. 1–12 (2009)Google Scholar
  24. 24.
    Koeberl, P., Schulz, S., Sadeghi, A.R., Varadharajan, V.: TrustLite: a security architecture for tiny embedded devices. In: European Conference on Computer Systems (2014)Google Scholar
  25. 25.
    Open Mobile Alliance: Lightweight Machine to Machine Technical Specification, v 1.0. Technical report, April 2016Google Scholar
  26. 26.
    Perrig, A., Szewczyk, R., Tygar, J.D., Wen, V., Culler, D.E.: SPINS: security protocols for sensor networks. Wirel. Netw. 8(5), 521–534 (2002)CrossRefGoogle Scholar
  27. 27.
    Sanchez, L., et al.: SmartSantander: IoT experimentation over a smart city testbed. Comput. Netw. 61, 217–238 (2014)CrossRefGoogle Scholar
  28. 28.
    Sehgal, A., Perelman, V., Kuryla, S., Schonwalder, J.: Management of resource constrained devices in the internet of things. IEEE Commun. Mag. 50(12), 144–149 (2012)CrossRefGoogle Scholar
  29. 29.
    Sheng, Z., Mahapatra, C., Zhu, C., Leung, V.C.: Recent advances in industrial wireless sensor networks toward efficient management in IoT. IEEE Access 3, 622–637 (2015)CrossRefGoogle Scholar
  30. 30.
    Spanogiannopoulos, G., Vlajic, N., Stevanovic, D.: A simulation-based performance analysis of various multipath routing techniques in ZigBee sensor networks. In: Zheng, J., Mao, S., Midkiff, S.F., Zhu, H. (eds.) ADHOCNETS 2009. LNICST, vol. 28, pp. 300–315. Springer, Heidelberg (2010). Scholar
  31. 31.
    Unterluggauer, T., Wenger, E.: Efficient pairings and ECC for embedded systems. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 298–315. Springer, Heidelberg (2014). Scholar
  32. 32.
    Valmari, A.: The state explosion problem. In: Reisig, W., Rozenberg, G. (eds.) ACPN 1996. LNCS, vol. 1491, pp. 429–528. Springer, Heidelberg (1998). Scholar
  33. 33.
    Vögler, M., Schleicher, J.M., Inzinger, C., Dustdar, S.: A scalable framework for provisioning large-scale iot deployments. ACM Trans. Internet Technol. 16(2), 11 (2016)CrossRefGoogle Scholar
  34. 34.
    Yang, Y., Wang, X., Zhu, S., Cao, G.: SDAP: a secure hop-by-hop data aggregation protocol for sensor networks. ACM Trans. Inf. Syst. Secur. 11(4), 18:1–18:43 (2008)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Intel LabsHillsboroUSA
  2. 2.TU DarmstadtDarmstadtGermany
  3. 3.University of PadovaPadovaItaly

Personalised recommendations