Software Engineering Institute

Internet of Things (IoT) devices are increasingly being used to support operations in disadvantaged environments, such as those experienced by first responders, military, medics, and other field personnel. However, current IoT security efforts are mainly targeted at stable and connected environments such as home and industry. This paper presents an implementation for authentication and authorization of IoT devices in disadvantaged environments, based on an IETF proposal for authentication and authorization in resource-constrained environments (ACE). It includes capabilities for bootstrapping of credentials and token revocation to account for high-priority threats of node impersonation and theft, as well as limited connectivity.