Atlas: Enabling Cross-Vendor Authentication for IoT

TL;DR

Atlas extends web PKI to IoT, enabling cross-vendor device authentication with quick provisioning, low latency, and minimal infrastructure changes, improving device-to-device interactions across domains.

Contribution

Atlas introduces a practical framework for cross-vendor IoT authentication using existing web PKI infrastructure, eliminating hardware changes and reducing latency.

Findings

Certificate provisioning under 6 seconds per device

Mutual TLS adds about 17ms latency

Applications maintain low, predictable latency

Abstract

Cloud-mediated IoT architectures fragment authentication across vendor silos and create latency and availability bottlenecks for cross-vendor device-to-device (D2D) interactions. We present Atlas, a framework that extends the Web public-key infrastructure to IoT by issuing X.509 certificates to devices via vendor-operated ACME clients and vendor-controlled DNS namespaces. Devices obtain globally verifiable identities without hardware changes and establish mutual TLS channels directly across administrative domains, decoupling runtime authentication from cloud reachability. We prototype Atlas on ESP32 and Raspberry Pi, integrate it with an MQTT-based IoT stack and an Atlas-aware cloud, and evaluate it in smart-home and smart-city workloads. Certificate provisioning completes in under 6s per device, mTLS adds only about 17ms of latency and modest CPU overhead, and Atlas-based applications sustain low, predictable latency compared to cloud-mediated baselines. Because many major vendors already rely on ACME-compatible CAs for their web services, Atlas is immediately deployable with minimal infrastructure changes.