π Secure IoT Fleet Enrollment at Scale - ELA at DCOSS-IoT 2025
Lightweight Authorization over EDHOC (ELA) for secure IoT enrollment
Securely enroll massive IoT fleets with ease – that is what our latest paper is about. We presented it in June at the DCOSS-IoT 2025.
With Lightweight Authorization over EDHOC (ELA), you get to enroll devices in a way that is:
β
Secure: Using standardized cryptographic algorithms and envelopes
β
Lightweight: Adds minimal computing and communication overhead
β
Automated: Requires a total of zero “touches” during deployment
β
Standard: Aligned with IETF protocols, adopted as a LAKE working group draft
Resources
π See the IETF draft
π Conference slides
The Challenge
Traditional IoT device enrollment requires manual configuration, shared secrets, or complex certificate management. This doesn’t scale when you’re dealing with thousands or millions of devices.
Our Solution
ELA leverages the EDHOC (Ephemeral Diffie-Hellman Over COSE) protocol to create a lightweight authorization framework that enables:
- Zero-touch provisioning of IoT devices
- Mutual authentication between devices and infrastructure
- Minimal overhead suitable for resource-constrained devices
- Standards compliance with IETF protocols
Acknowledgments
Collaboration with GΓΆran Selander, Thomas Watteyne, MaliΕ‘a VuΔiniΔ made this work possible.
Impact
This work addresses one of the fundamental challenges in IoT deployment: how to securely and efficiently onboard massive fleets of devices without manual intervention.
ELA represents a significant step toward truly scalable IoT security, enabling the deployment of large-scale IoT systems with confidence in their security posture from day one.
