chapter twelve

12 Securing IoT communications

This chapter covers

Securing IoT communications with Datagram TLS
Choosing appropriate cryptographic algorithms for constrained devices
Implementing end-to-end security for IoT APIs
Distributing and managing device keys

12.1 Transport layer security

12.1.1 Datagram TLS

12.1.2 Cipher suites for constrained devices

12.2 Pre-shared keys

12.2.1 Implementing a PSK server

12.2.2 The PSK client

12.2.3 Supporting raw PSK cipher suites

12.2.4 PSK with forward secrecy

12.3 End-to-end security

12.3.1 COSE

12.3.2 Alternatives to COSE

12.3.3 Misuse-resistant authenticated encryption

12.4 Key distribution and management

12.4.1 One-off key provisioning

12.4.2 Key distribution servers

12.4.3 Ratcheting for forward secrecy

12.4.4 Post-compromise security

12.5 Summary

@font-face { font-family: 'livebook'; src:url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.eot?1.9.0'); src:url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.eot?1.9.0') format('embedded-opentype'), url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.woff?1.9.0') format('woff'), url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.ttf?1.9.0') format('truetype'), url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.svg?1.9.0') format('svg'); font-weight: normal; font-style: normal; }