IoT Trust (new and on-going)

As the Internet of Thing (IoT) matures, a lot of concerns are being raised about security, privacy and interoperability. The Web of Things (WoT) model leverages web technologies to improve interoperability. Due to its distributed components, the web scaled well beyond initial expectations. Still, secure authentication and communication across organization boundaries rely on the Public Key Infrastructure (PKI) which is a non-transparent, centralized single point of failure.

At the Software Engineering Group, we develop novel solutions to improve transparency and minimize the chain of trust. Our research focuses on the following areas:

  • Using blockchain to create a web of trust of digital assets
  • Solve scalability and privacy issues using zero-knowledge proofs
  • Securely link digital assets to devices using key isolation techniques
  • Develop object security tools for constrained RESTful environment
  • Build decentralized LPWAN networks
  • Blockchain

    Distributed ledgers represent a breakthrough in decentralized permissionless (or trustless) systems, namely blockchain databases. Blockchains enable trusting the output of a system without trust-ing anyone in particular. Due to cryptographic primitives it is based on, there are strong security assumptions against transaction tampering such as alteration, reversing  or reordering. The use of blockchain in the IoT is an ongoing research topic. Applicability includes—but is not limited to—traceability (i.e. in supplychain or to guarantee provenance, authenticity and compliance ofend products), asset sharing and autonomous marketplaces.We expect a lot of novel uses to emerge in the near future.

  • Authentication

    Mass adoptions of connected devices raises security and privacy issues. Security is often an afterthought when connecting constrained devices to the Internet. Reconciling top-notch security with inherent limitations of constrained devices—such as limited memory or low energy requirements—has proven to be difficult. One particular risk of IoT systems is the exposure of cryptographic keys. Network nodes may be physically accessible to attackers, letting them retrieve the private key(s) by inspecting embedded devices with appropriate tools. Securing keys and collected data on the server-end is also critical, as it is typical for IoT systems to gather vast amount of sensitive data.

  • Tools


    IoT-centric decentralized public key infrastructure.

    to be released

    Authentication and Authorization for Constrained Environments

    This repository encompasses Python implementations for the three ACE entities authorization server, resource server and client proposed in the IETF draft.

    GitHub repository


    This project enables LoRaWAN network server resolving using an Ethereum smart contract. It is compatible with the packet forwarder project.

    GitHub repository


    A pure Python library to decode and encode messages for LoRaWAN radio communication, based on the specification from the LoRa Alliance (based on V1.0.2 Final). This library is compatible with Python 3.4+.

    GitHub repository

  • Publications

    Proceedings of the 1st Workshop on Cryptocurrencies and Blockchains for Distributed Systems | ACM | 2018
    Resilient, Crowd-sourced LPWAN Infrastructure Using Blockchain

    Durand, Arnaud and Gremaud, Pascal and Pasquier, Jacques



    Proceedings of the Seventh International Conference on the Internet of Things | ACM | 2017
    Decentralized Web of Trust and Authentication for the Internet of Things

    Durand, Arnaud and Gremaud, Pascal and Pasquier, Jacques