IP technology for resource-constrained devices enables transparent 
end-to-end connections between a vast variety of devices and services in the 
Internet of Things (IoT). To protect these connections, several variants of 
traditional IP security protocols have recently been proposed for 
standardization, most notably the DTLS protocol. In this paper, we identify 
significant resource requirements for the DTLS handshake when employing 
public-key cryptography for peer authentication and key agreement purposes. 
These overheads particularly hamper secure communication for 
memory-constrained devices. To alleviate these limitations, we propose a 
delegation architecture that offloads the expensive DTLS connection 
establishment to a delegation server. By handing over the established security 
context to the constrained device, our delegation architecture significantly 
reduces the resource requirements of DTLS-protected communication for 
constrained devices. Additionally, our delegation architecture naturally 
provides authorization functionality when leveraging the central role of the 
delegation server in the initial connection establishment. Hence, in this 
paper, we present a comprehensive, yet compact solution for authentication, 
authorization, and secure data transmission in the IP-based IoT. The 
evaluation results show that compared to a public-key-based DTLS handshake our 
delegation architecture reduces the memory overhead by 64%, computations by 
97%, network transmissions by 68%.