Secure Multicast with Source Authentication for the Internet of Things

English) The Internet of Things is a rapidly evolving eld of high-end technology and research. Its security is vital to the reliability and safety of the future everyday communications. The DTLS protocol is a default protocol to assure security for unicast communication. A DTLS record layer extension for multicast in constrained environments is being designed to assure security for multicast. However, currently proposed DTLS-based multicast does not provide such an essential property as source authenticity for the transmitted data. Moreover, handshake layer is designed to establish pairwise keys only, and hence, there is no way to distribute and manage group keys either. The two aforementioned downsides become the primary objectives of the design for the thesis. This thesis is conducted in collaboration with Philips. In the thesis, we formulate requirements to secure multicast in constrained environment based on the company's outdoor lighting scenario with centralized trust model. We evaluate various source authentication schemes and 4 key management protocols with regards to the formulated requirements. We select two authentication schemes and apply them to our scenario. As a result we design an extension of DTLS based multicast with support of ECDSA signature for source authentication and we develop a prototype implementation. Besides that, we determine cryptographic primitives for the TESLA scheme and adapt the scheme to be used for periodic communication pattern. Further, we design a lightweight and exible group key management solution to distribute group keys and public keys by the trusted authority.