Journal:
Computer Modeling in Engineering & Sciences
Authors:
Matheu S, Ruzafa P, Kalouptsoglou I, Skarmeta A and Kehagias D.
Abstract:
The evolution of the Future Mobile Internet, driven by large-scale connectivity and heterogeneous device ecosystems, introduces significant challenges for securely integrating devices into operational environments. Existing onboarding mechanisms primarily focus on authentication and credential provisioning, while security policy enforcement is typically deferred, creating a temporal gap during which devices may operate without appropriate constraints. This paper addresses this limitation by enabling policy enforcement during onboarding. To this end, we propose a model-driven approach that integrates the Device Security Passport (DSP) with the FIDO Device Onboard (FDO) protocol. The DSP is a lifecycle-aware model that aggregates heterogeneous security descriptors, including component inventories, behavioral policies, and vulnerability information, into a structured and interoperable representation. The approach leverages the FDO onboarding channel to retrieve and process DSP data at bootstrap time, enabling automated policy translation and enforcement. The method is evaluated in a realistic Smart Home environment through phase-level performance analysis. Results show that, although the proposed approach introduces an additional onboarding overhead of around 5 s in the evaluated scenario, this cost is incurred only once during device provisioning. Compared to manual onboarding, the approach reduces deployment time from minutes to seconds while enabling immediate policy compliance. These findings provide evidence that the proposed approach effectively bridges the gap between provisioning and enforcement with a limited performance impact in the evaluated scenario.
