Authentication for the Web of Things: Secure End-to-End Authentication Between CoAP and HTTP

Both access control and interoperability with the legacy Internet are crucial for broad adoption of technologies in the IoT. While research has addressed both independently, as of now, no solution for interoperable access control is available. To address this need, adoption of the widely supported HTTP Digest Access Authentication [RFC 7616] for CoAP is proposed. A reference implementation was developed, which was used to experimentally verify the suitability of the proposed access control for deployment on constrained wireless nodes. Our evaluation shows that this proposal provides out of the box access to CoAP resources with secure end-to-end authentication from HTTP clients by deploying an appropriate cross-protocol proxy. We have shown that the overhead in terms of processing time was negligible, and in terms of message size could be reduced in our benchmark by up to 87.8% compared to the textual encoding specified in RFC 7616.