Revisitando o Bootstrapping Seguro na IoT: Abordagens do TCP/IP e Oportunidades com NDN
Resumo
A segurança em aplicações IoT depende do bootstrapping para estabelecer comunicações seguras entre dispositivos e aplicações. Na arquitetura TCP/IP, os processos de bootstrapping e configuração de rede estão dissociados. Em contraste, as Redes de Dados Nomeados (do inglês, Named-Data Networking – NDN) integram essa funcionalidade nativamente, simplificando o gerenciamento e garantindo segurança desde o início da conexão. Neste trabalho, comparamos os desafios e metodologias de bootstrapping em IoT, analisando especificidades do TCP/IP e NDN. Além da revisão teórica, o artigo também traz uma prova de conceito para avaliar a viabilidade do bootstrapping em NDN, considerando tempo de ingresso de nós e consumo de recursos. Os resultados indicam baixa sobrecarga temporal e impacto na largura de banda atrelados às etapas de bootstrapping de segurança, embora fatores como congestionamento e perda de pacotes possam influenciar seu desempenho. Também se observou que a NDN ainda depende de técnicas de segurança desenvolvidas para TCP/IP, especialmente em cenários de bootstrapping remoto.Referências
Alpár, G., van den Broek, F., Hampiholi, B., Jacobs, B., Lueks, W., and Ringers, S. (2017). Irma: practical, decentralized and privacy-friendly identity management using smartphones. In 10th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs 2017). Accessed: 2023-11-15.
Boeyen, S., Santesson, S., Polk, T., Housley, R., Farrell, S., and Cooper, D. (2008). Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280.
Bothe, A. and Aschenbruck, N. (2020). BonnMotion 4 – Taking Mobility Generation to the Next Level. In 2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC), pages 1–8.
Bourdrez, D., Krawczyk, H., Lewi, K., and Wood, C. A. (2022). The OPAQUE Asymmetric PAKE Protocol. Internet-Draft draft-irtf-cfrg-opaque-09, Internet Engineering Task Force. Work in Progress.
Brito, I. V. S., Schramm, K., and Sampaio, L. N. (2024). D-NAC: Controle de acesso distribuído para redes de dados nomeados. Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais.
Danilchenko, V., Theobald, M., and Cohen, D. (2019). Bootstrapping security configuration for iot devices on networks with tls inspection. In 2019 IEEE Globecom Workshops (GC Wkshps), pages 1–7. IEEE.
Frankel, S. and Krishnan, S. (2011). IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap. RFC 6071.
Hail, M. A. (2019). Iot-ndn: An iot architecture via named data netwoking (ndn). In 2019 IEEE International Conference on Industry 4.0, Artificial Intelligence, and Communications Technology (IAICT), pages 74–80.
Hoffman, P. E. and McManus, P. (2018). DNS Queries over HTTPS (DoH). RFC 8484.
Jones, M. B., Bradley, J., and Sakimura, N. (2015). JSON Web Token (JWT). RFC 7519.
Kaufman, C. (2005). Internet Key Exchange (IKEv2) Protocol. RFC 4306.
Klöti, R., Kotronis, V., and Smith, P. (2013). Openflow: A security analysis. In 2013 21st IEEE International Conference on Network Protocols (ICNP), pages 1–6.
Kumar, T., Ylianttia, M., and Harjula, E. (2022). Securing edge services for future smart healthcare and industrial iot applications. In NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, pages 1–6. IEEE.
Li, Y., Zhang, Z., Wang, X., Lu, E., Zhang, D., and Zhang, L. (2019). A secure sign-on protocol for smart homes over named data networking. IEEE Communications Magazine, 57(7):62–68.
Malamas, V., Kotzanikolaou, P., Nomikos, K., Zonios, C., Tenentes, V., and Psarakis, M. (2025). Ha-caap: Hardware-assisted continuous authentication and attestation protocol for iot based on blockchain. IEEE Internet of Things Journal.
Malik, M., Dutta, M., and Granjal, J. (2019). A survey of key bootstrapping protocols based on public key cryptography in the internet of things. IEEE Access, 7:27443–27464.
Mirajkar, R. R., Shinde, G. R., Mahalle, P. N., and Sable, N. P. (2024). NDN Security: Cryptographic Approaches for Safeguarding Content-Centric Networking against Threats. Journal of Electrical Systems, 20(3s):1516–1541.
Nath, K. and Sarkar, P. (2020). Efficient elliptic curve diffie-hellman computation at the 256-bit security level. IET Information Security, 14(6):633–640.
Neuman, B. and Ts’o, T. (1994). Kerberos: an authentication service for computer networks. IEEE Communications Magazine, 32(9):33–38.
Rai, V. K., Tripathy, S., and Mathew, J. (2023). Lpa: A lightweight puf-based authentication protocol for iot system. In 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pages 1712–1717. IEEE.
Ramani, S. K., Podder, P., and Afanasyev, A. (2020). Ndnviber: Vibration-assisted automated bootstrapping of iot devices. In 2020 IEEE International Conference on Communications Workshops (ICC Workshops), pages 1–6. IEEE.
Rescorla, E. (2018). The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446.
Rescorla, E. and Dierks, T. (2008). The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246.
Sampaio, L. N., Freitas, A. E. S., Araújo, F. R., Brito, I. V. S., and Ribeiro, A. V. (2021). Revisitando as ICNs: Mobilidade, Segurança e Aplicações Distribuídas através das Redes de Dados Nomeados. In XXXXXX, XXXXX.
Selander, G., Mattsson, J. P., and Palombini, F. (2024). Ephemeral Diffie-Hellman Over COSE (EDHOC). RFC 9528.
Sethi, M., Sarikaya, B., and Garcia-Carrillo, D. (2025). Terminology and processes for initial security setup of IoT devices. Internet-Draft draft-irtf-t2trg-security-setup-iot-devices-04, Internet Engineering Task Force. Work in Progress.
Siriwardena, P. (2020). OpenID Connect (OIDC), pages 129–155. Apress, Berkeley, CA.
Tao, Y., Xiao, S., Hao, B., Zhang, Q., Zhu, T., and Chen, Z. (2020). Wire: Security bootstrapping for wireless device-to-device communication. In 2020 IEEE Wireless Communications and Networking Conference (WCNC), pages 1–7. IEEE.
Tschofenig, H. and Eronen, P. (2005). Pre-Shared Key Ciphersuites for Transport Layer Security (TLS). RFC 4279.
Ullah, S. S., Hussain, S., Gumaei, A., and AlSalman, H. (2021). A secure NDN framework for Internet of Things enabled healthcare. Computers, Materials & Continua, 67(1):223–240.
Wang, X., Wang, X., and Li, Y. (2021). Ndn-based iot with edge computing. Future Generation Computer Systems, 115:397–405.
Yu, T., Ma, X., Xie, H., Jia, X., and Zhang, L. (2023a). On the security bootstrapping in named data networking. arXiv preprint arXiv:2308.06490.
Yu, T., Ma, X., Xie, H., Kocaoğullar, Y., and Zhang, L. (2022a). Intertrust: establishing inter-zone trust relationships. In Proceedings of the 9th ACM Conference on Information-Centric Networking, pages 180–182.
Yu, T., Ma, X., Xie, H., Kutscher, D., and Zhang, L. (2023b). Cornerstone: Automating remote ndn entity bootstrapping. In Proceedings of the 18th Asian Internet Engineering Conference, pages 62–68.
Yu, T., Zhiyi, Z., Newberry, E., Afanasyev, A., Pau, G., Wang, L., and Zhang, L. (2022b). Names to rule them all: Unifying mobile networking via named secured data. Technical report, Technical Report NDN-0072.
Zhang, Z., Afanasyev, A., and Zhang, L. (2017). Ndncert: universal usable trust management for ndn. In Proceedings of the 4th ACM Conference on Information-Centric Networking, pages 178–179.
Zhang, Z., Lu, E., Li, Y., Zhang, L., Yu, T., Pesavento, D., Shi, J., and Benmohamed, L. (2018). Ndnot: a framework for named data network of things. In Proceedings of the 5th ACM Conference on Information-Centric Networking, ICN ’18, page 200–201, New York, NY, USA. Association for Computing Machinery.
Boeyen, S., Santesson, S., Polk, T., Housley, R., Farrell, S., and Cooper, D. (2008). Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280.
Bothe, A. and Aschenbruck, N. (2020). BonnMotion 4 – Taking Mobility Generation to the Next Level. In 2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC), pages 1–8.
Bourdrez, D., Krawczyk, H., Lewi, K., and Wood, C. A. (2022). The OPAQUE Asymmetric PAKE Protocol. Internet-Draft draft-irtf-cfrg-opaque-09, Internet Engineering Task Force. Work in Progress.
Brito, I. V. S., Schramm, K., and Sampaio, L. N. (2024). D-NAC: Controle de acesso distribuído para redes de dados nomeados. Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais.
Danilchenko, V., Theobald, M., and Cohen, D. (2019). Bootstrapping security configuration for iot devices on networks with tls inspection. In 2019 IEEE Globecom Workshops (GC Wkshps), pages 1–7. IEEE.
Frankel, S. and Krishnan, S. (2011). IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap. RFC 6071.
Hail, M. A. (2019). Iot-ndn: An iot architecture via named data netwoking (ndn). In 2019 IEEE International Conference on Industry 4.0, Artificial Intelligence, and Communications Technology (IAICT), pages 74–80.
Hoffman, P. E. and McManus, P. (2018). DNS Queries over HTTPS (DoH). RFC 8484.
Jones, M. B., Bradley, J., and Sakimura, N. (2015). JSON Web Token (JWT). RFC 7519.
Kaufman, C. (2005). Internet Key Exchange (IKEv2) Protocol. RFC 4306.
Klöti, R., Kotronis, V., and Smith, P. (2013). Openflow: A security analysis. In 2013 21st IEEE International Conference on Network Protocols (ICNP), pages 1–6.
Kumar, T., Ylianttia, M., and Harjula, E. (2022). Securing edge services for future smart healthcare and industrial iot applications. In NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, pages 1–6. IEEE.
Li, Y., Zhang, Z., Wang, X., Lu, E., Zhang, D., and Zhang, L. (2019). A secure sign-on protocol for smart homes over named data networking. IEEE Communications Magazine, 57(7):62–68.
Malamas, V., Kotzanikolaou, P., Nomikos, K., Zonios, C., Tenentes, V., and Psarakis, M. (2025). Ha-caap: Hardware-assisted continuous authentication and attestation protocol for iot based on blockchain. IEEE Internet of Things Journal.
Malik, M., Dutta, M., and Granjal, J. (2019). A survey of key bootstrapping protocols based on public key cryptography in the internet of things. IEEE Access, 7:27443–27464.
Mirajkar, R. R., Shinde, G. R., Mahalle, P. N., and Sable, N. P. (2024). NDN Security: Cryptographic Approaches for Safeguarding Content-Centric Networking against Threats. Journal of Electrical Systems, 20(3s):1516–1541.
Nath, K. and Sarkar, P. (2020). Efficient elliptic curve diffie-hellman computation at the 256-bit security level. IET Information Security, 14(6):633–640.
Neuman, B. and Ts’o, T. (1994). Kerberos: an authentication service for computer networks. IEEE Communications Magazine, 32(9):33–38.
Rai, V. K., Tripathy, S., and Mathew, J. (2023). Lpa: A lightweight puf-based authentication protocol for iot system. In 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pages 1712–1717. IEEE.
Ramani, S. K., Podder, P., and Afanasyev, A. (2020). Ndnviber: Vibration-assisted automated bootstrapping of iot devices. In 2020 IEEE International Conference on Communications Workshops (ICC Workshops), pages 1–6. IEEE.
Rescorla, E. (2018). The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446.
Rescorla, E. and Dierks, T. (2008). The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246.
Sampaio, L. N., Freitas, A. E. S., Araújo, F. R., Brito, I. V. S., and Ribeiro, A. V. (2021). Revisitando as ICNs: Mobilidade, Segurança e Aplicações Distribuídas através das Redes de Dados Nomeados. In XXXXXX, XXXXX.
Selander, G., Mattsson, J. P., and Palombini, F. (2024). Ephemeral Diffie-Hellman Over COSE (EDHOC). RFC 9528.
Sethi, M., Sarikaya, B., and Garcia-Carrillo, D. (2025). Terminology and processes for initial security setup of IoT devices. Internet-Draft draft-irtf-t2trg-security-setup-iot-devices-04, Internet Engineering Task Force. Work in Progress.
Siriwardena, P. (2020). OpenID Connect (OIDC), pages 129–155. Apress, Berkeley, CA.
Tao, Y., Xiao, S., Hao, B., Zhang, Q., Zhu, T., and Chen, Z. (2020). Wire: Security bootstrapping for wireless device-to-device communication. In 2020 IEEE Wireless Communications and Networking Conference (WCNC), pages 1–7. IEEE.
Tschofenig, H. and Eronen, P. (2005). Pre-Shared Key Ciphersuites for Transport Layer Security (TLS). RFC 4279.
Ullah, S. S., Hussain, S., Gumaei, A., and AlSalman, H. (2021). A secure NDN framework for Internet of Things enabled healthcare. Computers, Materials & Continua, 67(1):223–240.
Wang, X., Wang, X., and Li, Y. (2021). Ndn-based iot with edge computing. Future Generation Computer Systems, 115:397–405.
Yu, T., Ma, X., Xie, H., Jia, X., and Zhang, L. (2023a). On the security bootstrapping in named data networking. arXiv preprint arXiv:2308.06490.
Yu, T., Ma, X., Xie, H., Kocaoğullar, Y., and Zhang, L. (2022a). Intertrust: establishing inter-zone trust relationships. In Proceedings of the 9th ACM Conference on Information-Centric Networking, pages 180–182.
Yu, T., Ma, X., Xie, H., Kutscher, D., and Zhang, L. (2023b). Cornerstone: Automating remote ndn entity bootstrapping. In Proceedings of the 18th Asian Internet Engineering Conference, pages 62–68.
Yu, T., Zhiyi, Z., Newberry, E., Afanasyev, A., Pau, G., Wang, L., and Zhang, L. (2022b). Names to rule them all: Unifying mobile networking via named secured data. Technical report, Technical Report NDN-0072.
Zhang, Z., Afanasyev, A., and Zhang, L. (2017). Ndncert: universal usable trust management for ndn. In Proceedings of the 4th ACM Conference on Information-Centric Networking, pages 178–179.
Zhang, Z., Lu, E., Li, Y., Zhang, L., Yu, T., Pesavento, D., Shi, J., and Benmohamed, L. (2018). Ndnot: a framework for named data network of things. In Proceedings of the 5th ACM Conference on Information-Centric Networking, ICN ’18, page 200–201, New York, NY, USA. Association for Computing Machinery.
Publicado
01/09/2025
Como Citar
RIBEIRO, Adriana Viriato; MADUREIRA, André L. R.; SAMPAIO, Leobino N..
Revisitando o Bootstrapping Seguro na IoT: Abordagens do TCP/IP e Oportunidades com NDN. In: SIMPÓSIO BRASILEIRO DE CIBERSEGURANÇA (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 740-756.
DOI: https://doi.org/10.5753/sbseg.2025.11494.
