Secure Key Management in Embedded Systems: A First Proposal

The Internet-of-Things (IoT) domain is highly heterogeneous and comprises a multitude of different devices. Because of this variety, many projects require unique compositions of tools, systems, and use cases. In addition, embedded devices are highly optimized and due to that are subject to different constraints. The interconnection of such products for data analysis or cooperation simultaneously increases the attack surface, which leads to requiring efficient cryptographic methods for the protection of data and communication. To enable this, a secure key management approach is needed. In practice however, there are still difficulties regarding the implementation and associated decision making of said management. All the more so since a generic one-size-fits-all approach in such a complex heterogeneous environment as the IoT simply does not exist. This paper aims to provide initial guidelines to argue the choice of a secure key management approach. To do so the state-of-the-art is presented and benefits as well as limits are evaluated. After that a set of factors and a first taxonomy are presented, which influence the final key management solution.