Internet of things with lightweight identities implemented using DNS DANE—architecture proposal

Abstract

Domain Name Service (DNS) and its certification related resource records are appealing alternative to the standard X.509 certification framework, in provision of identities for Internet of Things (IoT) smart devices. We propose to also use DNS to store device owner identification data in device certificates. A working demonstration software has been developed as proof of this concept, which uses an external identity provider run by national authorities. As a result, smart devices are equipped with certificates that safely identify both the device and its owner. Hardware requirements make such a framework applicable to constrained devices. It stimulates mutual trust in machine-to-machine and man-to-machine communication, and creation of a friendlier environment for sale, lease, and data exchange. Further extensions of the proposed architecture are also discussed.