The Internet of Things (IoT) is rapidly changing the number of connected devices and the way they interact with each other. This increases the need for an automated and secure onboarding procedure for IoT devices, systems and services. Device manufacturers are entering the market with internet connected devices, ranging from small sensors to production devices, which are subject of security threats specific to IoT. The onboarding procedure is required to introduce a new device in a System of Systems (SoS) without compromising the already onboarded devices and the underlying infrastructure. Onboarding is the process of providing access to the network and registering the components for the first time in an IoT/SoS framework, thus creating a chain of trust from the hardware device to its hosted software systems and their provided services. The large number and diversity of device hardware, software systems and running services raises the challenge to establish a generic onboarding procedure. In this paper, we present an automated and secure onboarding procedure for SoS. We have implemented the onboarding procedure in the Eclipse Arrowhead framework. However, it can be easily adapted for other IoT/SoS frameworks that are based on Service-oriented Architecture (SoA) principles. The automated onboarding procedure ensures a secure and trusted communication between the new IoT devices and the Eclipse Arrowhead framework. We show its application in a smart charging use case and perform a security assessment.

翻译：物联网（IoT）正在迅速改变联网设备的数量及其交互方式，这增加了对物联网设备、系统及服务进行自动化安全入网流程的需求。设备制造商正将各类互联网连接设备（从微型传感器到生产设备）引入市场，这些设备面临物联网特有的安全威胁。入网流程需在不影响已入网设备及底层基础设施的前提下，将新设备引入系统之系统（SoS）。入网是指首次为组件提供网络接入并注册至物联网/SoS框架的过程，从而建立从硬件设备到其承载的软件系统及所提供服务的信任链。设备硬件、软件系统及运行服务的大量异构性给制定通用入网流程带来挑战。本文提出一种面向SoS的自动化安全入网流程，并在Eclipse Arrowhead框架中实现该流程。该流程可便捷地适配其他基于面向服务架构（SoA）原则的物联网/SoS框架。自动化入网流程确保了新物联网设备与Eclipse Arrowhead框架之间的安全可信通信，并通过智能充电用例展示了实际应用与安全评估结果。