IoT Authentication

[Saghar Estehghari <s.estehghari () gmail com>]

Hi,

Recently, I've started an IoT project with my team. We are trying to
implement cyber-security functions into embedded device in a way to
reduce the load on such devices.  Currently, authentication is our
case of study. We are looking for a solution that applies to a small
group of embedded devices and doesn't require PKI certificates. So my
questions are as follows:

1) Do you think that authentication with PSK is a good idea ?
2) Do you know of any mechanism with which we can securely distribute
the PSK to all these  devices? Or should we configure the PSK
seperately on each device?
3) What do you think of ECDHE_PSK over TLS?
4) Is there any security risk related to this that I need to consider?

I would appreciate if you could spend sometime and answer these questions.

Thanks

Kind Regards
Saghar ESTEHGHARI



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------