SCIoT: A Secure and sCalable End-to-End Management Framework for IoT Devices

The Internet of Things (IoT) is connecting billions of smart devices. One of the emerging challenges in the IoT scenario is how to efficiently and securely manage large deployments of devices. This includes sending commands, monitoring status and execution results, updating devices firmware, and interactively resolving problems. In this paper we propose SCIoT, a Secure and sCalable framework for IoT management. SCIoT guarantees low complexity in terms of communication, storage and computation on both managed devices and the management entity. SCIoT enables secure management of large deployments with a single low-power management device, by leveraging trees of common untrusted intermediate infrastructures. SCIoT brings three technical contributions: (1) a domain-independent management specification by means of extended finite state machines, which specifies states and desired transitions to describe the whole management process; (2) a protocol for securely and efficiently distributing applicable transitions of the automaton corresponding to commands; and (3) a protocol for securely aggregating status responses from the managed nodes using a tree of untrusted nodes. We show feasibility and efficiency of SCIoT by both a proof-of-concept implementation of the client agent on Riot-OS - an operating system for the IoT, and a large scale evaluation, using realistic assumptions. Our thorough evaluation highlights the efficiency of our command distribution protocol, as well as the small (logarithmic) runtime and overhead of data collection.