Abstract:
Secure Device Onboarding protocol provides a standard for securely provisioning IoT devices. The protocol consists of three sub-protocols, with each performing a specific task. The protocol utilizes CBOR Object Signing and Encryption format to maintain message integrity and security, which describes how to apply encryption to the Concise Binary Object Representation data structures.
This thesis investigates and analyzes the protocol’s security by performing various security attacks on the protocol library and introducing a Burp Suite extension to perform such attacks. The attacks include analyzing the integrity of the protocol messages with the help of removal or submitting a false signature and the possibility to forcefully perform the malicious internal or external request from the protocol. Finally, the thesis provides a detailed evaluation of the analysis performed.