Software Engineering Institute

Integrating Internet of Things (IoT) devices into DoD tactical systems expands the attack surface in environments that are resource-constrained and adversarial. Existing IoT security approaches are insufficient because they typically do not consider these environments. In this work, we are analyzing, extending, and influencing the IETF ACE (Authentication and Authentication for Constrained Environments) working group proposal for authentication and authorization of IoT devices such that it

• addresses high priority threats of tactical environments, such as node impersonation and capture
• considers operations in DIL (disconnected, intermittent, limited) environments