Multihop Bootstrapping with EAP Through CoAP Intermediaries for IoT

In the renowned Internet of Things (IoT) networks, it is expected a vast number of devices with IP connectivity and constrained capabilities. Due to reduced resources they are the target of different type of attacks and providing security has become a basic pillar for the success and evolution of IoT. Among the specific key security aspects are the authentication, access control and key distribution for data protection. In particular, all these aspects are included in the process of bootstrapping, which allows a Smart Object to join a network domain in a secure fashion. This process, which indeed involves authentication, authorization, and key distribution, typically requires communication between the smart object and an entity, the Controller, in charge of steering the bootstrapping process within the network's domain. However, direct communication between both might be impeded, e.g., when the entity is unreachable by radio, or the smart object does not have a routable IP address until it is successfully authenticated and authorized to join the network. A common solution is to use an intermediate entity (the Intermediary) to aid in this task. For example, the ZigBee IP standard defines a relay for the protocol for carrying authentication for network access (PANA). Moreover, the IETF is exploring the use of an intermediary to help this process. In this paper, we analyze, explore, and design an intermediary based on constrained application protocol (CoAP). We pay attention to the authentication with the extensible authentication protocol (EAP) and CoAP, which has resulted in a more constrained alternative to PANA for EAP-based bootstrapping in IoT. Nevertheless, our design of the CoAP-based intermediary is so general that it is independent of the authentication protocol in use. In particular, we have analyzed as intermediary the usage of a CoAP proxy, as defined in the CoAP standard; alternatively we have introduced the concept of the CoAP relay and CoAP stateless proxy. We evaluate the performance of each solution and we compare between them and with PANA relay.