ELA: zero-touch IoT enrollment, standardized at the IETF

Wed, 11 Jun 2025 00:00:00 +0000

What it is

ELA (Lightweight Authorization over EDHOC) is an IETF draft for the zero-touch enrollment of IoT devices: provisioning a freshly-shipped device with operator credentials, without manual configuration or pre-shared secrets. ELA is a 3-message protocol that piggybacks on EDHOC (RFC 9528), adding lightweight authorization between a device, a gateway, and an enrollment server. It’s being standardized in the IETF LAKE working group.

What I built

I am co-author of the IETF draft draft-ietf-lake-authz and built the reference implementation:

Co-design the protocol with Göran Selander (Ericsson) and Mališa Vučinić (Inria), iterating with the LAKE working group across multiple drafts and meetings
Reference implementation on top of Lakers (Rust + Python + C bindings)
Working demos: 1-gateway enrollment with DotBots; multi-gateway enrollment integrated with Mari
Performance evaluation vs. EAP-EDHOC over both BLE and SmartMesh-IP
Author of the conference and journal papers
Presented draft updates and demos at IETF 118 (Prague), 119 (Brisbane, remote), 120 (Vancouver), 122 (Bangkok), 123 (Madrid), and several LAKE interim meetings

Why it’s hard

IoT devices need to bootstrap trust with an operator they have no prior relationship with — and at scale
Existing approaches (EAP-EDHOC, EAP-NOOB, manual provisioning) require many round trips, special hardware, or human steps
Privacy: how does a device advertise “I support ELA” without leaking its identity to nearby observers?
Crypto budget: piggybacking on EDHOC means staying within EDHOC’s tight message limits
Standardization is itself a multi-year coordination problem with stakeholders across vendors, academia, and IETF working groups

Numbers

3 messages end-to-end (vs. 9 for EAP-EDHOC)
~60% faster handshake than EAP-EDHOC over SmartMesh-IP (averaged over 100 runs)
~46 bytes smaller per handshake than EAP-EDHOC
Demoed at IETF 119, 120, 122, 123
Multiple working-group versions submitted (-01 in Mar 2024, -02 in Jul 2024, and beyond)
Integrated into Mari at the IETF 123 hackathon — first BLE-based zero-touch swarm enrollment

Publications

ELA: Secure, Lightweight, and Zero-Touch Enrollment for IoT Devices. G. Fedrecheski, G. Selander, T. Watteyne, M. Vučinić. Elsevier Computer Networks (COMNET), 2026. [Link]
ELA: Secure, Lightweight, and Zero-Touch Enrollment for IoT Devices. G. Fedrecheski, G. Selander, T. Watteyne, M. Vučinić. DCOSS-IoT 2025, Tuscany, Italy, 9-11 June 2025. [Link] [PDF]