Secure and efficient multi-user access mechanisms are increasingly important for the growing number of Internet of Things (IoT) devices being used today. Kerberos is a well-known and time-tried security authentication and access control system for distributed systems wherein many users securely access various distributed services. Traditionally, these services are software applications or devices, such as printers. However, Kerberos is not directly suitable for IoT devices due to its relatively heavy-weight protocols and the resource-constrained nature of the devices. This paper presents KESIC, a system that enables efficient and secure multi-user access for IoT devices. KESIC aims to facilitate mutual authentication of IoT devices and users via Kerberos without modifying the latter's protocols. To facilitate that, KESIC includes a special Kerberized service, called IoT Server, that manages access to IoT devices. KESIC presents two protocols for secure and comprehensive multi-user access system for two types of IoT devices: general and severely power constrained. In terms of performance, KESIC onsumes $\approx~47$ times less memory, and incurs $\approx~135$ times lower run-time overhead than Kerberos.

翻译：随着当今物联网设备数量的日益增长，安全高效的多用户访问机制变得愈发重要。Kerberos是一种久经考验的分布式系统安全认证与访问控制机制，允许多用户安全访问各类分布式服务。传统上，这些服务多为软件应用或打印机等设备。然而，由于Kerberos协议相对复杂且物联网设备通常资源受限，该系统无法直接适用于物联网场景。本文提出KESIC系统，旨在为物联网设备提供安全高效的多用户访问支持。KESIC通过引入名为物联网服务器的特殊Kerberos化服务来管理设备访问，在不修改Kerberos协议的前提下实现物联网设备与用户的双向认证。针对通用型与严格功耗受限型两类物联网设备，KESIC分别提出了两种安全完备的多用户访问协议。性能评估表明，KESIC的内存占用约为Kerberos的1/47，运行时开销降低约135倍。