22–23 Oct 2022 Workshop
Golden Tulip Zira
Europe/Belgrade timezone

PKI for IoT using the DNS infrastructure

22 Oct 2022, 15:35
25m
Mykonos / Rodos (Golden Tulip Zira)

Mykonos / Rodos

Golden Tulip Zira

Ruzveltova 35 11000 Belgrade Republic of Serbia
Standard Presentation Main Session OARC 39 - D1

Speaker

Sandoche Balakrichenan (Afnic)

Description

One of the main challenge facing IoT today is security. The constrained nature of IoT devices deprives them of using security solutions used in the Internet. Constrained IoT devices cannot use the Public Key Infrastructure with X.509 certificates to establish secure sessions. Moreover, the idea of self-signed certificates and having trust based on a single private trusted CA does does not scale. The Domain Name System (DNS) using the DNS-based Authentication of Named Entities protocol (DANE) and DNS’s security extensions (DNSSEC) can help create the sought after Public Key Infrastructure (PKI) for IoT. With a concrete example, this presentation will explain how DNS can deliver IoT PKI functions based on DANE, backed by DNSSEC. The implementation is based on two drafts in the DANCE (DANE Authentication for Network Clients Everywhere) WG at the IETF.

Presentation delivery In-person at the workshop venue

Primary author

Sandoche Balakrichenan (Afnic)

Presentation materials