U2Fi: A Provisioning Scheme of IoT Devices with Universal Cryptographic Tokens

TL;DR

U2Fi introduces a secure, user-friendly provisioning scheme for IoT devices using trusted U2F tokens, enhancing security and privacy during device setup, updates, and owner transfer in IoT environments.

Contribution

The paper presents a novel provisioning scheme leveraging trusted U2F tokens for IoT devices, improving security, privacy, and user experience during device setup and management.

Findings

Enables secure IoT device provisioning via trusted U2F tokens.

Simplifies device owner transfer and updates with cryptographic operations.

Enhances user experience in IoT scenarios like smart hotels.

Abstract

Provisioning is the starting point of the whole life-cycle of IoT devices. The traditional provisioning methods of IoT devices are facing several issues, either about user experience or privacy harvesting. Moreover, IoT devices are vulnerable to different levels of attacks due to limited resources and long online duration. In this paper, we proposed U2Fi, a novel provisioning scheme for IoT devices. We provide a solution to make the U2F device that has been trusted by the cloud in the distribution process, via WiFi or its side channel, to provision the new IoT device. Further, subsequent device settings modification, setting update, and owner transfer can also be performed by using a U2F device that has been trusted to improve security and provide a better user experience. This could provide helpful user friendliness to some valuable new application scenarios in IoT, such as smart hotel. Users could migrate the whole authentication of smart devices into a new site by simply inserting the universal cryptographic token into the secure gateway and authorizing by pressing the user-presence button on the token. Besides, the relevant unbinding process could also be done with a single cryptographic operation signed by the cryptographic token.