Secure Local Communication Between Browser Clients and Resource-Constrained Embedded IoT Devices

This contribution outlines a completely new, fully local approach for secure web-based device control based on browser inter-window messaging. Modern smart home IoT (Internet of Things) devices are commonly controlled with proprietary mobile applications via remote servers, which can have significant adverse implications for the end user. Given that many IoT devices in use today are limited both in available memory and processing speed, standard approaches such as HTTPS-based transport security are not always feasible and a need for more suitable alternatives for such constrained devices arises. This local method for lightweight and secure web-based device control using inter-window messaging leverages existing standard web technologies to enable a maximum degree of privacy, choice and sustainability within the smart home ecosystem. The implemented proof-of-concept shows that it is feasible to meet essential security objectives in a local web IoT control context while utilizing less than a kilobyte of additional memory compared to an unsecured solution; thus promoting sustainability through hardening the control protocols used by existing devices with too little resources for implementing standard web cryptography. Therefore this work contributes to achieving the vision of a fully open and secure local smart home.