Open Access

ARTICLE

A Model-Driven Approach to Secure Device Onboarding Using a Device Security Passport

Sara Matheu^1,*, Pedro Ruzafa¹, Ilias Kalouptsoglou², Antonio Skarmeta¹, Dionysios Kehagias²

1 Department of Information and Communications Engineering, Faculty of Computer Science, University of Murcia, Murcia, Spain
2 Centre for Research and Technology Hellas, Information Technologies Institute, Thessaloniki, Greece

* Corresponding Author: Sara Matheu. Email:

(This article belongs to the Special Issue: Advanced Security and Privacy for Future Mobile Internet and Convergence Applications: A Computer Modeling Approach)

Computer Modeling in Engineering & Sciences 2026, 147(3), 53 https://doi.org/10.32604/cmes.2026.083308

Received 01 April 2026; Accepted 31 May 2026; Issue published 30 June 2026

Abstract

The evolution of the Future Mobile Internet, driven by large-scale connectivity and heterogeneous device ecosystems, introduces significant challenges for securely integrating devices into operational environments. Existing onboarding mechanisms primarily focus on authentication and credential provisioning, while security policy enforcement is typically deferred, creating a temporal gap during which devices may operate without appropriate constraints. This paper addresses this limitation by enabling policy enforcement during onboarding. To this end, we propose a model-driven approach that integrates the Device Security Passport (DSP) with the FIDO Device Onboard (FDO) protocol. The DSP is a lifecycle-aware model that aggregates heterogeneous security descriptors, including component inventories, behavioral policies, and vulnerability information, into a structured and interoperable representation. The approach leverages the FDO onboarding channel to retrieve and process DSP data at bootstrap time, enabling automated policy translation and enforcement. The method is evaluated in a realistic Smart Home environment through phase-level performance analysis. Results show that, although the proposed approach introduces an additional onboarding overhead of around 5 s in the evaluated scenario, this cost is incurred only once during device provisioning. Compared to manual onboarding, the approach reduces deployment time from minutes to seconds while enabling immediate policy compliance. These findings provide evidence that the proposed approach effectively bridges the gap between provisioning and enforcement with a limited performance impact in the evaluated scenario.

---

Keywords

---