Buschsieweke, MarianGüneş, MesutReussner, Ralf H.Koziolek, AnneHeinrich, Robert2021-01-272021-01-272021978-3-88579-701-2https://dl.gi.de/handle/20.500.12116/34704Security for the mostly constrained devices forming the IoT is an active field of research. In this paper, we propose two CoAP Options, HMAC1/HMAC2 and Crypt1/Crypt2 complementing our previous work on Lightweight Capability Based Access Control (LCap). This results in a lightweight, flexible, and complete solution for application layer security for CoAP nodes with severely limited memory. In our evaluation, we show that a pure software implementation without cryptographic hardware acceleration is feasible for practical use on highly constrained IoT devices. Due to mostly idiomatic use of cryptography, existing security analyses apply to our proposal. Our security framework was designed with ample focus on reducing the complexity of the system, which allows lean implementations and simplifies security reviews. This makes LCap based security a good fit for security in the IoT.en10.18420/inf2020_1151617-5468