Revisiting Secure Bootstrapping in IoT: TCP/IP Approaches and Opportunities with NDN
Abstract
Security in IoT applications relies on bootstrapping to establish secure communications between devices and applications. In TCP/IP architectures, the bootstrapping and network configuration processes are decoupled. In contrast, Named-Data Networking (NDN) natively integrates this functionality, simplifying management and ensuring security from the beginning of the connection. In this work, we compare the challenges and methodologies of bootstrapping in IoT, analyzing specificities of TCP/IP and NDN. In addition to the theoretical review, the paper also provides a proof of concept to evaluate the viability of bootstrapping in NDN, considering node ingress time and resource consumption. The results indicate low temporal overhead and bandwidth impact associated with the security bootstrapping steps, although factors such as congestion and packet loss can influence its performance. It was also observed that NDN still relies on TCP/IP security techniques, especially in remote bootstrapping scenarios.References
Alpár, G., van den Broek, F., Hampiholi, B., Jacobs, B., Lueks, W., and Ringers, S. (2017). Irma: practical, decentralized and privacy-friendly identity management using smartphones. In 10th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs 2017). Accessed: 2023-11-15.
Boeyen, S., Santesson, S., Polk, T., Housley, R., Farrell, S., and Cooper, D. (2008). Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280.
Bothe, A. and Aschenbruck, N. (2020). BonnMotion 4 – Taking Mobility Generation to the Next Level. In 2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC), pages 1–8.
Bourdrez, D., Krawczyk, H., Lewi, K., and Wood, C. A. (2022). The OPAQUE Asymmetric PAKE Protocol. Internet-Draft draft-irtf-cfrg-opaque-09, Internet Engineering Task Force. Work in Progress.
Brito, I. V. S., Schramm, K., and Sampaio, L. N. (2024). D-NAC: Controle de acesso distribuído para redes de dados nomeados. Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais.
Danilchenko, V., Theobald, M., and Cohen, D. (2019). Bootstrapping security configuration for iot devices on networks with tls inspection. In 2019 IEEE Globecom Workshops (GC Wkshps), pages 1–7. IEEE.
Frankel, S. and Krishnan, S. (2011). IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap. RFC 6071.
Hail, M. A. (2019). Iot-ndn: An iot architecture via named data netwoking (ndn). In 2019 IEEE International Conference on Industry 4.0, Artificial Intelligence, and Communications Technology (IAICT), pages 74–80.
Hoffman, P. E. and McManus, P. (2018). DNS Queries over HTTPS (DoH). RFC 8484.
Jones, M. B., Bradley, J., and Sakimura, N. (2015). JSON Web Token (JWT). RFC 7519.
Kaufman, C. (2005). Internet Key Exchange (IKEv2) Protocol. RFC 4306.
Klöti, R., Kotronis, V., and Smith, P. (2013). Openflow: A security analysis. In 2013 21st IEEE International Conference on Network Protocols (ICNP), pages 1–6.
Kumar, T., Ylianttia, M., and Harjula, E. (2022). Securing edge services for future smart healthcare and industrial iot applications. In NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, pages 1–6. IEEE.
Li, Y., Zhang, Z., Wang, X., Lu, E., Zhang, D., and Zhang, L. (2019). A secure sign-on protocol for smart homes over named data networking. IEEE Communications Magazine, 57(7):62–68.
Malamas, V., Kotzanikolaou, P., Nomikos, K., Zonios, C., Tenentes, V., and Psarakis, M. (2025). Ha-caap: Hardware-assisted continuous authentication and attestation protocol for iot based on blockchain. IEEE Internet of Things Journal.
Malik, M., Dutta, M., and Granjal, J. (2019). A survey of key bootstrapping protocols based on public key cryptography in the internet of things. IEEE Access, 7:27443–27464.
Mirajkar, R. R., Shinde, G. R., Mahalle, P. N., and Sable, N. P. (2024). NDN Security: Cryptographic Approaches for Safeguarding Content-Centric Networking against Threats. Journal of Electrical Systems, 20(3s):1516–1541.
Nath, K. and Sarkar, P. (2020). Efficient elliptic curve diffie-hellman computation at the 256-bit security level. IET Information Security, 14(6):633–640.
Neuman, B. and Ts’o, T. (1994). Kerberos: an authentication service for computer networks. IEEE Communications Magazine, 32(9):33–38.
Rai, V. K., Tripathy, S., and Mathew, J. (2023). Lpa: A lightweight puf-based authentication protocol for iot system. In 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pages 1712–1717. IEEE.
Ramani, S. K., Podder, P., and Afanasyev, A. (2020). Ndnviber: Vibration-assisted automated bootstrapping of iot devices. In 2020 IEEE International Conference on Communications Workshops (ICC Workshops), pages 1–6. IEEE.
Rescorla, E. (2018). The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446.
Rescorla, E. and Dierks, T. (2008). The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246.
Sampaio, L. N., Freitas, A. E. S., Araújo, F. R., Brito, I. V. S., and Ribeiro, A. V. (2021). Revisitando as ICNs: Mobilidade, Segurança e Aplicações Distribuídas através das Redes de Dados Nomeados. In XXXXXX, XXXXX.
Selander, G., Mattsson, J. P., and Palombini, F. (2024). Ephemeral Diffie-Hellman Over COSE (EDHOC). RFC 9528.
Sethi, M., Sarikaya, B., and Garcia-Carrillo, D. (2025). Terminology and processes for initial security setup of IoT devices. Internet-Draft draft-irtf-t2trg-security-setup-iot-devices-04, Internet Engineering Task Force. Work in Progress.
Siriwardena, P. (2020). OpenID Connect (OIDC), pages 129–155. Apress, Berkeley, CA.
Tao, Y., Xiao, S., Hao, B., Zhang, Q., Zhu, T., and Chen, Z. (2020). Wire: Security bootstrapping for wireless device-to-device communication. In 2020 IEEE Wireless Communications and Networking Conference (WCNC), pages 1–7. IEEE.
Tschofenig, H. and Eronen, P. (2005). Pre-Shared Key Ciphersuites for Transport Layer Security (TLS). RFC 4279.
Ullah, S. S., Hussain, S., Gumaei, A., and AlSalman, H. (2021). A secure NDN framework for Internet of Things enabled healthcare. Computers, Materials & Continua, 67(1):223–240.
Wang, X., Wang, X., and Li, Y. (2021). Ndn-based iot with edge computing. Future Generation Computer Systems, 115:397–405.
Yu, T., Ma, X., Xie, H., Jia, X., and Zhang, L. (2023a). On the security bootstrapping in named data networking. arXiv preprint arXiv:2308.06490.
Yu, T., Ma, X., Xie, H., Kocaoğullar, Y., and Zhang, L. (2022a). Intertrust: establishing inter-zone trust relationships. In Proceedings of the 9th ACM Conference on Information-Centric Networking, pages 180–182.
Yu, T., Ma, X., Xie, H., Kutscher, D., and Zhang, L. (2023b). Cornerstone: Automating remote ndn entity bootstrapping. In Proceedings of the 18th Asian Internet Engineering Conference, pages 62–68.
Yu, T., Zhiyi, Z., Newberry, E., Afanasyev, A., Pau, G., Wang, L., and Zhang, L. (2022b). Names to rule them all: Unifying mobile networking via named secured data. Technical report, Technical Report NDN-0072.
Zhang, Z., Afanasyev, A., and Zhang, L. (2017). Ndncert: universal usable trust management for ndn. In Proceedings of the 4th ACM Conference on Information-Centric Networking, pages 178–179.
Zhang, Z., Lu, E., Li, Y., Zhang, L., Yu, T., Pesavento, D., Shi, J., and Benmohamed, L. (2018). Ndnot: a framework for named data network of things. In Proceedings of the 5th ACM Conference on Information-Centric Networking, ICN ’18, page 200–201, New York, NY, USA. Association for Computing Machinery.
Boeyen, S., Santesson, S., Polk, T., Housley, R., Farrell, S., and Cooper, D. (2008). Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280.
Bothe, A. and Aschenbruck, N. (2020). BonnMotion 4 – Taking Mobility Generation to the Next Level. In 2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC), pages 1–8.
Bourdrez, D., Krawczyk, H., Lewi, K., and Wood, C. A. (2022). The OPAQUE Asymmetric PAKE Protocol. Internet-Draft draft-irtf-cfrg-opaque-09, Internet Engineering Task Force. Work in Progress.
Brito, I. V. S., Schramm, K., and Sampaio, L. N. (2024). D-NAC: Controle de acesso distribuído para redes de dados nomeados. Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais.
Danilchenko, V., Theobald, M., and Cohen, D. (2019). Bootstrapping security configuration for iot devices on networks with tls inspection. In 2019 IEEE Globecom Workshops (GC Wkshps), pages 1–7. IEEE.
Frankel, S. and Krishnan, S. (2011). IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap. RFC 6071.
Hail, M. A. (2019). Iot-ndn: An iot architecture via named data netwoking (ndn). In 2019 IEEE International Conference on Industry 4.0, Artificial Intelligence, and Communications Technology (IAICT), pages 74–80.
Hoffman, P. E. and McManus, P. (2018). DNS Queries over HTTPS (DoH). RFC 8484.
Jones, M. B., Bradley, J., and Sakimura, N. (2015). JSON Web Token (JWT). RFC 7519.
Kaufman, C. (2005). Internet Key Exchange (IKEv2) Protocol. RFC 4306.
Klöti, R., Kotronis, V., and Smith, P. (2013). Openflow: A security analysis. In 2013 21st IEEE International Conference on Network Protocols (ICNP), pages 1–6.
Kumar, T., Ylianttia, M., and Harjula, E. (2022). Securing edge services for future smart healthcare and industrial iot applications. In NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, pages 1–6. IEEE.
Li, Y., Zhang, Z., Wang, X., Lu, E., Zhang, D., and Zhang, L. (2019). A secure sign-on protocol for smart homes over named data networking. IEEE Communications Magazine, 57(7):62–68.
Malamas, V., Kotzanikolaou, P., Nomikos, K., Zonios, C., Tenentes, V., and Psarakis, M. (2025). Ha-caap: Hardware-assisted continuous authentication and attestation protocol for iot based on blockchain. IEEE Internet of Things Journal.
Malik, M., Dutta, M., and Granjal, J. (2019). A survey of key bootstrapping protocols based on public key cryptography in the internet of things. IEEE Access, 7:27443–27464.
Mirajkar, R. R., Shinde, G. R., Mahalle, P. N., and Sable, N. P. (2024). NDN Security: Cryptographic Approaches for Safeguarding Content-Centric Networking against Threats. Journal of Electrical Systems, 20(3s):1516–1541.
Nath, K. and Sarkar, P. (2020). Efficient elliptic curve diffie-hellman computation at the 256-bit security level. IET Information Security, 14(6):633–640.
Neuman, B. and Ts’o, T. (1994). Kerberos: an authentication service for computer networks. IEEE Communications Magazine, 32(9):33–38.
Rai, V. K., Tripathy, S., and Mathew, J. (2023). Lpa: A lightweight puf-based authentication protocol for iot system. In 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pages 1712–1717. IEEE.
Ramani, S. K., Podder, P., and Afanasyev, A. (2020). Ndnviber: Vibration-assisted automated bootstrapping of iot devices. In 2020 IEEE International Conference on Communications Workshops (ICC Workshops), pages 1–6. IEEE.
Rescorla, E. (2018). The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446.
Rescorla, E. and Dierks, T. (2008). The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246.
Sampaio, L. N., Freitas, A. E. S., Araújo, F. R., Brito, I. V. S., and Ribeiro, A. V. (2021). Revisitando as ICNs: Mobilidade, Segurança e Aplicações Distribuídas através das Redes de Dados Nomeados. In XXXXXX, XXXXX.
Selander, G., Mattsson, J. P., and Palombini, F. (2024). Ephemeral Diffie-Hellman Over COSE (EDHOC). RFC 9528.
Sethi, M., Sarikaya, B., and Garcia-Carrillo, D. (2025). Terminology and processes for initial security setup of IoT devices. Internet-Draft draft-irtf-t2trg-security-setup-iot-devices-04, Internet Engineering Task Force. Work in Progress.
Siriwardena, P. (2020). OpenID Connect (OIDC), pages 129–155. Apress, Berkeley, CA.
Tao, Y., Xiao, S., Hao, B., Zhang, Q., Zhu, T., and Chen, Z. (2020). Wire: Security bootstrapping for wireless device-to-device communication. In 2020 IEEE Wireless Communications and Networking Conference (WCNC), pages 1–7. IEEE.
Tschofenig, H. and Eronen, P. (2005). Pre-Shared Key Ciphersuites for Transport Layer Security (TLS). RFC 4279.
Ullah, S. S., Hussain, S., Gumaei, A., and AlSalman, H. (2021). A secure NDN framework for Internet of Things enabled healthcare. Computers, Materials & Continua, 67(1):223–240.
Wang, X., Wang, X., and Li, Y. (2021). Ndn-based iot with edge computing. Future Generation Computer Systems, 115:397–405.
Yu, T., Ma, X., Xie, H., Jia, X., and Zhang, L. (2023a). On the security bootstrapping in named data networking. arXiv preprint arXiv:2308.06490.
Yu, T., Ma, X., Xie, H., Kocaoğullar, Y., and Zhang, L. (2022a). Intertrust: establishing inter-zone trust relationships. In Proceedings of the 9th ACM Conference on Information-Centric Networking, pages 180–182.
Yu, T., Ma, X., Xie, H., Kutscher, D., and Zhang, L. (2023b). Cornerstone: Automating remote ndn entity bootstrapping. In Proceedings of the 18th Asian Internet Engineering Conference, pages 62–68.
Yu, T., Zhiyi, Z., Newberry, E., Afanasyev, A., Pau, G., Wang, L., and Zhang, L. (2022b). Names to rule them all: Unifying mobile networking via named secured data. Technical report, Technical Report NDN-0072.
Zhang, Z., Afanasyev, A., and Zhang, L. (2017). Ndncert: universal usable trust management for ndn. In Proceedings of the 4th ACM Conference on Information-Centric Networking, pages 178–179.
Zhang, Z., Lu, E., Li, Y., Zhang, L., Yu, T., Pesavento, D., Shi, J., and Benmohamed, L. (2018). Ndnot: a framework for named data network of things. In Proceedings of the 5th ACM Conference on Information-Centric Networking, ICN ’18, page 200–201, New York, NY, USA. Association for Computing Machinery.
Published
2025-09-01
How to Cite
RIBEIRO, Adriana Viriato; MADUREIRA, André L. R.; SAMPAIO, Leobino N..
Revisiting Secure Bootstrapping in IoT: TCP/IP Approaches and Opportunities with NDN. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 740-756.
DOI: https://doi.org/10.5753/sbseg.2025.11494.
