Securing Internet of Things with Lightweight IPsec

Real-world deployments of wireless sensor networks (WSNs) require secure communication. It is important that a receiver is able to verify that sensor data was generated by trusted nodes. In some cases it may also be necessary to encrypt sensor data in transit. Recently, WSNs and traditional IP networks are more tightly integrated using IPv6 and 6LoWPAN. Available IPv6 protocol stacks can use IPsec to secure data exchange. Thus, it is desirable to extend 6LoWPAN such that IPsec communication with IPv6 nodes is possible. It is beneficial to use IPsec because the existing end-points on the Internet do not need to be modified to communicate securely with the WSN. Moreover, using IPsec, true end-to-end security is implemented and the need for a trustworthy gateway is removed. In this paper we provide End-to-End (E2E) secure communication between an IP enabled sensor nodes and a device on traditional Internet. This is the first compressed lightweight design, implementation, and evaluation of 6LoWPAN extension for IPsec on Contiki. Our extension supports both IPsec's Authentication Header (AH) and Encapsulation Security Payload (ESP). Thus, communication endpoints are able to authenticate, encrypt and check the integrity of messages using standardized and established IPv6 mechanisms

A survey on subjecting electronic product code and non-ID objects to IP identification

Over the last decade, both research on the Internet of Things (IoT) and real-world IoT applications have grown exponentially. The IoT provides us with smarter cities, intelligent homes, and generally more comfortable lives. However, the introduction of these devices has led to several new challenges that must be addressed. One of the critical challenges facing interacting with IoT devices is to address billions of devices (things) around the world, including computers, tablets, smartphones, wearable devices, sensors, and embedded computers, and so on. This article provides a survey on subjecting Electronic Product Code and non-ID objects to IP identification for IoT devices, including their advantages and disadvantages thereof. Different metrics are here proposed and used for evaluating these methods. In particular, the main methods are evaluated in terms of their: (i) computational overhead, (ii) scalability, (iii) adaptability, (iv) implementation cost, and (v) whether applicable to already ID-based objects and presented in tabular format. Finally, the article proves that this field of research will still be ongoing, but any new technique must favorably offer the mentioned five evaluative parameters.Comment: 112 references, 8 figures, 6 tables, Journal of Engineering Reports, Wiley, 2020 (Open Access

ICNLoWPAN -- Named-Data Networking for Low Power IoT Networks

Information Centric Networking is considered a promising communication technology for the constrained IoT, but NDN was designed only for standard network infrastructure. In this paper, we design and evaluate an NDN convergence layer for low power lossy links that (1) augments the NDN stateful forwarding with a highly efficient name eliding, (2) devises stateless compression schemes for standard NDN use cases, (3) adapts NDN packets to the small MTU size of IEEE 802.15.4, and (4) generates compatibility with 6LoWPAN so that IPv6 and NDN can coexist on the same LoWPAN links. Our findings indicate that stateful compression can reduce the size of NDN data packets by more than 70% in realistic examples. Our experiments show that for common use cases ICNLoWPAN saves 33% of transmission resources over NDN, and about 20% over 6LoWPAN

Secure communication in IP-based wireless sensor network via a trusted gateway

As the IP-integration of wireless sensor networks enables end-to-end interactions, solutions to appropriately secure these interactions with hosts on the Internet are necessary. At the same time, burdening wireless sensors with heavy security protocols should be avoided. While Datagram TLS (DTLS) strikes a good balance between these requirements, it entails a high cost for setting up communication sessions. Furthermore, not all types of communication have the same security requirements: e.g. some interactions might only require authorization and do not need confidentiality. In this paper we propose and evaluate an approach that relies on a trusted gateway to mitigate the high cost of the DTLS handshake in the WSN and to provide the flexibility necessary to support a variety of security requirements. The evaluation shows that our approach leads to considerable energy savings and latency reduction when compared to a standard DTLS use case, while requiring no changes to the end hosts themselves

Implementation and Evaluation of the Enhanced Header Compression (IPHC) according to 6LoWPAN Network

6LoWPAN defines how to carry Ipv6 packet over IEEE 802.15.4 low power wireless or sensor networks. Limited bandwidth, memory and energy resources require a careful application of Ipv6 in a LoWPAN network. The aim is to develop personal networks, mainly sensor based, that can be integrated to the existing wellknow network infrastructure by reusing mature and wideused technologies. IPv6 has been chosen as network protocol because its characteristics fit to the problematic that characterize LoWPAN environment such as the large number of nodes to address and stateless address autoconfiguration. However, an IPv6 header compression algorithm is necessary in order to reduce the overhead and save space in data payload. In fact, the IEEE 802.15.4 standard defines an MTU of 128 bytes that decrease to 102 bytes considering the frame overhead, a further reduction is due to the network and transport protocols frame overhead that, in case of Ipv6 and UDP, allow to carry only 33 bytes for application data. The aim of this work is to describe and compares the proposed Ipv6 header compression mechanisms for 6LoWPAN environments

Securing IoT-based collaborative applications using a new compressed and distributed MIKEY mode

International audienceMultimedia internet keying protocol (MIKEY) aims at establishing secure credentials between two communicating entities. However, existing MIKEY modes fail to meet the requirements of low-power and low-processing devices. To address this issue, we combine two previously proposed approaches to introduce a new compressed and distributed MIKEY mode applied to a collaborative internet of things context. A set of third parties is used to discharge the constrained nodes from heavy computational operations. Doing so, the MIKEY pre-shared mode is used in the constrained part of network, while the public key mode is used in the unconstrained part of the network. Furthermore, to mitigate the communication cost we introduce a new header compression scheme that reduces the size of MIKEY's header from 12 bytes to 3 bytes in the best compression case. To assess our approach, we performed a detailed security analysis using a formal validation tool (i.e., Avispa). In addition, we performed an energy evaluation of both communicational and computational costs. The obtained results show that our proposed mode is energy preserving whereas its security properties are preserved untouched

Implementing a distributed WSN based on IPv6 for ambient monitoring

Traditionally,Wireless SensorNetworks (WSNs) are used for monitoring an extensive area. In these networks, a centralized server is usually used to collect and store the sensor information.However, new distributed protocols allow connections directly to theWSN nodes without the need of a centralized server.Moreover, these systems are able to establish communications among heterogeneous networks.The new protocols strategy is focused on considering several WSNs as a unique distributed one.This way, a user of the system is able to analyze a process under study as a whole instead of considering it as a set of different subsystems. This is the case in the evaluation of migratory waterbirds’ environment. In this case, it is usual to deploy severalWSNs in different breeding areas. They are all interconnected and they measure different environmental parameters. However, this improvement in the data access flexibility may result in a loss of network performance and an increase in network power consumption. Focused on this problem, this paper evaluates different communication protocols: distributed and centralized, in order to determine the best trade-off for environmental monitoring in different migratory areas of waterbirds