IoT Authentication Setup
The goal of this assignment is to devise a system design for setting up an IoT device.
Consider something like the Roomba, a "robot" vacuum cleaner. After vacuuming, or during the process when its battery is low, it returns to its base to recharge. The battery on the vacuum cleaner is pretty powerful, since it has to move the device around, sweep up dirt, etc., and the base is of course plugged in. A phone app is used to control the robot.
There are, of course, several constraints:
"In the middle of his assurances about the harmlessness of Merlin, the housecleaning robot began knocking things off the top of a table.
"'Oscar! You stop that!' his mother yelled.
"Oscar, deaf as the adder, kept on. Conn yelled at his mother to use her control; she remembered that she had one, a thing like an old-fashioned pocket watch, around her neck on a chain, and got the robot stopped.”
The Cosmic Computer
H. Beam Piper, 1963
Your goal is to describe the setup process—what people do, what sorts of messages are exchanged and between which parties, etc., so that all commands to the robot vacuum cleaner are properly authenticated. Your solution must include the following:
Some facts that may or may not prove useful to you:
You may make any reasonable assumptions, including the threat model, as long as you document them. This is a technical design, not a short memo to management. There is no length limit (which is not a suggestion that this is a 20-page paper!).
As always, this homework must be submitted via Courseworks as a PDF file.