Web Application Security
IoT Authentication Dec 17 2015 08:46AM
Saghar Estehghari (s estehghari gmail com)

Recently, I've started an IoT project with my team. We are trying to
implement cyber-security functions into embedded device in a way to
reduce the load on such devices. Currently, authentication is our
case of study. We are looking for a solution that applies to a small
group of embedded devices and doesn't require PKI certificates. So my
questions are as follows:

1) Do you think that authentication with PSK is a good idea ?
2) Do you know of any mechanism with which we can securely distribute
the PSK to all these devices? Or should we configure the PSK
seperately on each device?
3) What do you think of ECDHE_PSK over TLS?
4) Is there any security risk related to this that I need to consider?

I would appreciate if you could spend sometime and answer these questions.


Kind Regards

This list is sponsored by Cenzic
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus