Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

The Cost of OSCORE and EDHOC for Constrained Devices

: Hristozov, S.; Huber, M.; Xu, L.; Fietz, J.; Liess, M.; Sigl, G.


Joshi, A. ; Association for Computing Machinery -ACM-; Association for Computing Machinery -ACM-, Special Interest Group on Security, Audit and Control -SIGSAC-:
CODASPY 2021, Eleventh ACM Conference on Data and Application Security and Privacy. Proceedings : April 26-28, 2021, Virtual Event, USA
New York: ACM, 2021
ISBN: 978-1-4503-8143-7
Conference on Data and Application Security and Privacy (CODASPY) <11, 2021, Online>
Conference Paper
Fraunhofer AISEC ()

Many modern IoT applications rely on the Constrained Application Protocol (CoAP). Recently, the Internet Engineering Task Force (IETF) proposed two novel protocols for securing it. These are: 1) Object Security for Constrained RESTful Environments (OSCORE) providing authenticated encryption for the CoAP's payload data and 2) Ephemeral Diffie-Hellman Over COSE (EDHOC) providing the symmetric session keys required for OSCORE. In this paper, we present the design of four firmware libraries for these protocols which are especially targeted for constrained microcontrollers and their detailed evaluation. More precisely, we present the design of uOSCORE and μEDHOC libraries for regular microcontrollers and μOSCORE-TEE and μEDHOC-TEE libraries for microcontrollers with a Trusted Execution Environment (TEE), such as microcontrollers featuring ARM TrustZone-M. Our firmware design for the latter class of devices concerns the fact that attackers may exploit common software vulnerabilities, e.g., buffer overflows in the protocol logic, OS or application to compromise the protocol security. We present an evaluation of our implementations in terms of RAM/FLASH requirements and execution speed on a broad range of microcontrollers. Our implementations are available as open-source software.