Evaluation of the Lightweight Machine-to-Machine Protocol for OT Bootstrapping

Evaluation of the Lightweight Machine-to-Machine Protocol for OT Bootstrapping

Supervisor(s): Sebastian Peters, Adrian Reuter
Status: finished
Topic: Others
Author: Jonas Lang
Submission: 2025-11-19
Type of Thesis: Masterthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

Operational Technology (OT) systems are increasingly getting more network connectivity
to fulfill their assigned tasks. An inherent need from this is that devices need to
acquire trust anchors to authenticate communication partners, and device identities
to authenticate themselves. This leads to the challenge of how devices gain access to
trust anchors and identities that are significant for their deployment. A solution to
accomplish this for a large number of devices is to use zero-touch bootstrap protocols.
LwM2M Bootstrap is such a protocol, but we reveal that this makes established security
guidelines, such as the NIST SP 800-82r3, difficult to implement. We find that LwM2M
lacks auditability, enforces insecure assignment of device identities, and is difficult to
integrate into established OT network architectures such as the Purdue Model and
ISA-95. We investigate how modifying LwM2M could address these issues and examine
how another bootstrap protocol, BRSKI, resolves them, while highlighting remaining
challenges.