KESIC: Kerberos Extensions for Smart, IoT and CPS Devices

TL;DR

This paper introduces KESIC, an extension of Kerberos designed to enable secure, efficient multi-user access for resource-constrained IoT and CPS devices without altering existing Kerberos protocols.

Contribution

KESIC provides a novel system that adapts Kerberos for IoT devices, including protocols for different device types, significantly reducing memory and runtime overhead.

Findings

KESIC consumes approximately 47 times less memory than Kerberos.

KESIC incurs approximately 135 times lower runtime overhead.

KESIC enables mutual authentication for IoT devices and users without protocol modifications.

Abstract

Secure and efficient multi-user access mechanisms are increasingly important for the growing number of Internet of Things (IoT) devices being used today. Kerberos is a well-known and time-tried security authentication and access control system for distributed systems wherein many users securely access various distributed services. Traditionally, these services are software applications or devices, such as printers. However, Kerberos is not directly suitable for IoT devices due to its relatively heavy-weight protocols and the resource-constrained nature of the devices. This paper presents KESIC, a system that enables efficient and secure multi-user access for IoT devices. KESIC aims to facilitate mutual authentication of IoT devices and users via Kerberos without modifying the latter's protocols. To facilitate that, KESIC includes a special Kerberized service, called IoT Server, that manages access to IoT devices. KESIC presents two protocols for secure and comprehensive multi-user access system for two types of IoT devices: general and severely power constrained. In terms of performance, KESIC onsumes $\approx~47$ times less memory, and incurs $\approx~135$ times lower run-time overhead than Kerberos.