IoT Network Access Control

OBJECTIVE: Develop & demonstrate a decentralized, secure, low power, Internet of Things (IoT) network architecture where every device on the network is uniquely identified, authenticated & authorized access, over standard wired and wireless protocols. DESCRIPTION: This effort will research new and existing models for uniquely identifying devices and models for granting access to authorized devices and preventing rogue IoT devices from gaining access. The innovation for this Topic is the security that network access control (NAC) introduces. NAC ensures that every device is uniquely identified, Authenticated & then authorized. Commercial IoT implementations are focused on connectivity & convenience. Think of the numerous sensors in the tactical environment. How are they being uniquely identified? How can they be distinguished from malicious sensors or IoT devices? This topic addresses capabilities outlined in NIST's IoT Device Cybersecurity Core baseline publication, NISTIR 8259A, specifically, unique identification and logical access control. PHASE I: Identify the minimum performance parameters for an IoT network in constrained tactical networks. Generate a proof of concept design/breadboard demonstration of IoT devices that are securely and uniquely identified, authenticated & authorized for access to this conceptual network. A report documenting the Proof of concept (POC) design will be delivered to the government at the end of Phase 1. PHASE II: Demonstrate a dynamic, decentralized, network access control implementation on IoT devices. Demonstrate ability to add/join/verify new IoT devices to the network on the fly. Fully document network architecture, approach used to securely and uniquely identify, authenticate and authorize IoT devices, identify any standards or proprietary technologies used, identify any dependencies, and provide instructions for installation, configuration, management and demonstration. PHASE III DUAL USE APPLICATIONS: The Phase III effort will focus on commercialization of the technology, which could include use by commercial applications such as wireless sensor & access networks, asset tracking in manufacturing, interactive teller machines, mobile banks, wearables etc. This will entail maturing the Proof of Concept (PoC) Network Access Control for IoT devices designed in phase I from a performance, cost, usability & ruggedization perspective. Phase III will produce a simple, secure, scalable, automated, and standards-based access control system that allows IoT devices to be uniquely identified, authenticated and authorized access to Army and DoD networks. This solution will mature the Proof of Concept (PoC) design/breadboard developed and demonstrated in Phase II. A Network Access Control (NAC) system for the numerous IoT devices/sensors on the tactical networks will ensure a secure Battlefield of IoT and reduce the enormous cyber vulnerabilities that unauthorized and insecure devices connected to defense networks bring. A dynamic, decentralized NAC for IoT System will not only secure defense networks but reduce/eliminate cost, manpower & lifecycle processes and burden that come with traditional methods of identifying and validating devices on government networks. REFERENCES: 1. NISTR 8259A IoT Device Cybersecurity Capability Core baseline. https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8259A.pdf; 2. Considerations for Managing Internet of Things (IoT) Cybersecurity & Privacy risks https://csrc.nist.gov/publications/detail/nistir/8228/final; 3. Before Connecting an IoT Device, Check out a new NIST Report for Cybersecurity Advice https://www.nist.gov/news-events/news/2019/06/connecting-iot-device-check-out-new-nist-report-cybersecurity-advice; 4. Security and Privacy Controls for Information Systems and Organizations (Final Public Draft) https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft; 5. Internet of Battlefield Things https://www.arl.army.mil/business/collaborative-alliances/current-cras/iobt-cra/ KEYWORDS: Identification, Authentication, Authorization, Network Access Control, secure, unique, Internet of Things (IoT)