WebApp Sec mailing list archives
IoT Authentication
From: Saghar Estehghari <s.estehghari () gmail com>
Date: Thu, 17 Dec 2015 09:46:11 +0100
Hi, Recently, I've started an IoT project with my team. We are trying to implement cyber-security functions into embedded device in a way to reduce the load on such devices. Currently, authentication is our case of study. We are looking for a solution that applies to a small group of embedded devices and doesn't require PKI certificates. So my questions are as follows: 1) Do you think that authentication with PSK is a good idea ? 2) Do you know of any mechanism with which we can securely distribute the PSK to all these devices? Or should we configure the PSK seperately on each device? 3) What do you think of ECDHE_PSK over TLS? 4) Is there any security risk related to this that I need to consider? I would appreciate if you could spend sometime and answer these questions. Thanks Kind Regards Saghar ESTEHGHARI This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- IoT Authentication Saghar Estehghari (Dec 17)