Demo Abstract: Securing Communication in 6LoWPAN with Compressed IPsec

With the inception of IPv6 it is possible to assign a unique ID to each device on planet. Recently, wireless sensor networks and traditional IP networks are more tightly integrated using IPv6 and 6LoWPAN. Real-world deployments of WSN demand secure communication. The receiver should be able to verify that sensor data is generated by trusted nodes and/or it may also be necessary to encrypt sensor data in transit. Available IPv6 protocol stacks can use IPsec to secure data exchanges. Thus, it is desirable to extend 6LoWPAN such that IPsec communication with IPv6 nodes is possible. It is beneficial to use IPsec because the existing end-points on the Internet do not need to be modified to communicate securely with the WSN. Moreover, using IPsec, true end-to-end security is implemented and the need for a trustworthy gateway is removed. In this demo we will show the usage of our implemented lightweight IPsec. We will show how IPsec ensures end-to-end security between an IP enabled sensor networks and the traditional Internet. This is the first compressed lightweight design, implementation, and evaluation of a 6LoWPAN extension for IPsec. This demo complements the full paper that will appear in the parent conference, DCOSS’11

A Low-Power CoAP for Contiki

Internet of Things devices will by and large be battery-operated, but existing application protocols have typically not been designed with power-efficiency in mind. In low-power wireless systems, power-efficiency is determined by the ability to maintain a low radio duty cycle: keeping the radio off as much as possible. We present an implementation of the IETF Constrained Application Protocol (CoAP) for the Contiki operating system that leverages the ContikiMAC low-power duty cycling mechanism to provide power efficiency. We experimentally evaluate our low-power CoAP, demonstrating that an existing application layer protocol can be made power-efficient through a generic radio duty cycling mechanism. To the best of our knowledge, our CoAP implementation is the first to provide power-efficient operation through radio duty cycling. Our results question the need for specialized low-power mechanisms at the application layer, instead providing low-power operation only at the radio duty cycling layer

A BLE-based multi-gateway network infrastructure with handover support for mobile BLE peripherals

Bluetooth Low Energy (BLE) is a popular technology within the Internet of Things. It allows low-power, star networks to be set up between a BLE gateway and multiple, power-constrained BLE devices. However, these networks tend to be static, not supporting BLE devices that can freely move around in an environment of multiple interconnected BLE gateways and perform handovers whenever necessary. This work proposes two alternative network architectures for mobile BLE peripherals. One leverages on IPv6 over BLE, whereas the other combines default BLE mechanisms with an additional custom controller. On top, we study in detail the handover mechanism that must be present in both architectures and compare the performance of both a passive and active handover approach. The passive handover approach can be set up without any extra implementation, but an active handover approach offers more proactive handover decisions and can provide a much lower handover latency. All proposed solutions have been implemented and validated on real hardware, showing the feasibility of having future infrastructures with support for mobile BLE devices

Development of a wireless sensor network for agricultural monitoring for Internet of Things (IoT)

Monitoring of the agricultural environment has become an important area of control and protection which provides real-time system and control communication with the physical world. This thesis focuses on Development ofa wireless Sensor Network for agricultural monitoring for Internet of things (IoT) to monitor environmental condition. Among the various technologies for Agriculture monitoring, Wireless Sensor Networks (WSNs) are perceived as an amazing one to gather and process information in the agricultural area with low-cost and low-energy consumption. WSN is capable of providing processed field data in real time from sensors which are physically distributed in the field. Agriculture and farming are one of the industries which have a late occupied their regards for WSNs, looking for this financially acute innovation to improve its production and upgrade agribusiness yield standard. Wireless Sensor Networks (WSNs) have pulled in a lot consideration in recent years.The proposed system uses WSN sensors to capture and track information pertaining to crop growth condition outside and inside greenhouses. 6LowPAN network protocol is used for low power consumption and for transmitting and receiving of data packets.This thesis introduces the agricultural monitoring system's hardware design, system architecture, and software process control. Agriculture monitoring system set-up is based on Contiki OS while device testing is carried out using real-time farm information and historical dat

Routing and Mobility on IPv6 over LoWPAN

The IoT means a world-wide network of interconnected objects based on standard communication protocols. An object in this context is a quotidian physical device augmented with sensing/actuating, processing, storing and communication capabilities. These objects must be able to interact with the surrounding environment where they are placed and to cooperate with neighbouring objects in order to accomplish a common objective. The IoT objects have also the capabilities of converting the sensed data into automated instructions and communicating them to other objects through the communication networks, avoiding the human intervention in several tasks. Most of IoT deployments are based on small devices with restricted computational resources and energy constraints. For this reason, initially the scientific community did not consider the use of IP protocol suite in this scenarios because there was the perception that it was too heavy to the available resources on such devices. Meanwhile, the scientific community and the industry started to rethink about the use of IP protocol suite in all IoT devices and now it is considered as the solution to provide connectivity between the IoT devices, independently of the Layer 2 protocol in use, and to connect them to the Internet. Despite the use of IP suite protocol in all devices and the amount of solutions proposed, many open issues remain unsolved in order to reach a seamless integration between the IoT and the Internet and to provide the conditions to IoT service widespread. This thesis addressed the challenges associated with the interconnectivity between the Internet and the IoT devices and with the security aspects of the IoT. In the interconnectivity between the IoT devices and the Internet the problem is how to provide valuable information to the Internet connected devices, independently of the supported IP protocol version, without being necessary accessed directly to the IoT nodes. In order to solve this problem, solutions based on Representational state transfer (REST) web services and IPv4 to IPv6 dual stack transition mechanism were proposed and evaluated. The REST web service and the transition mechanism runs only at the border router without penalizing the IoT constrained devices. The mitigation of the effects of internal and external security attacks minimizing the overhead imposed on the IoT devices is the security challenge addressed in this thesis. Three different solutions were proposed. The first is a mechanism to prevent remotely initiated transport level Denial of Service attacks that avoids the use of inefficient and hard to manage traditional firewalls. It is based on filtering at the border router the traffic received from the Internet and destined to the IoT network according to the conditions announced by each IoT device. The second is a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes. The third is a network admission control framework that prevents IoT unauthorized nodes to communicate with IoT authorized nodes or with the Internet, which drastically reduces the number of possible security attacks. The network admission control was also exploited as a management mechanism as it can be used to manage the network size in terms of number of nodes, making the network more manageable, increasing its reliability and extending its lifetime.A IoT (Internet of Things) tem suscitado o interesse tanto da comunidade académica como da indústria, uma vez que os campos de aplicação são inúmeros assim como os potenciais ganhos que podem ser obtidos através do uso deste tipo de tecnologia. A IoT significa uma rede global de objetos ligados entre si através de uma rede de comunicações baseada em protocolos standard. Neste contexto, um objeto é um objeto físico do dia a dia ao qual foi adicionada a capacidade de medir e de atuar sobre variáveis físicas, de processar e armazenar dados e de comunicar. Estes objetos têm a capacidade de interagir com o meio ambiente envolvente e de cooperar com outros objetos vizinhos de forma a atingirem um objetivo comum. Estes objetos também têm a capacidade de converter os dados lidos em instruções e de as comunicar a outros objetos através da rede de comunicações, evitando desta forma a intervenção humana em diversas tarefas. A maior parte das concretizações de sistemas IoT são baseados em pequenos dispositivos autónomos com restrições ao nível dos recursos computacionais e de retenção de energia. Por esta razão, inicialmente a comunidade científica não considerou adequado o uso da pilha protocolar IP neste tipo de dispositivos, uma vez que havia a perceção de que era muito pesada para os recursos computacionais disponíveis. Entretanto, a comunidade científica e a indústria retomaram a discussão acerca dos benefícios do uso da pilha protocolar em todos os dispositivos da IoT e atualmente é considerada a solução para estabelecer a conetividade entre os dispositivos IoT independentemente do protocolo da camada dois em uso e para os ligar à Internet. Apesar do uso da pilha protocolar IP em todos os dispositivos e da quantidade de soluções propostas, são vários os problemas por resolver no que concerne à integração contínua e sem interrupções da IoT na Internet e de criar as condições para a adoção generalizada deste tipo de tecnologias. Esta tese versa sobre os desafios associados à integração da IoT na Internet e dos aspetos de segurança da IoT. Relativamente à integração da IoT na Internet o problema é como fornecer informação válida aos dispositivos ligados à Internet, independentemente da versão do protocolo IP em uso, evitando o acesso direto aos dispositivos IoT. Para a resolução deste problema foram propostas e avaliadas soluções baseadas em web services REST e em mecanismos de transição IPv4 para IPv6 do tipo pilha dupla (dual stack). O web service e o mecanismo de transição são suportados apenas no router de fronteira, sem penalizar os dispositivos IoT. No que concerne à segurança, o problema é mitigar os efeitos dos ataques de segurança internos e externos iniciados local e remotamente. Foram propostas três soluções diferentes, a primeira é um mecanismo que minimiza os efeitos dos ataques de negação de serviço com origem na Internet e que evita o uso de mecanismos de firewalls ineficientes e de gestão complexa. Este mecanismo filtra no router de fronteira o tráfego com origem na Internet é destinado à IoT de acordo com as condições anunciadas por cada um dos dispositivos IoT da rede. A segunda solução, é uma framework de network admission control que controla quais os dispositivos que podem aceder à rede com base na autorização administrativa e que aplica políticas de conformidade relativas à segurança aos dispositivos autorizados. A terceira é um mecanismo de network admission control para redes 6LoWPAN que evita que dispositivos não autorizados comuniquem com outros dispositivos legítimos e com a Internet o que reduz drasticamente o número de ataques à segurança. Este mecanismo também foi explorado como um mecanismo de gestão uma vez que pode ser utilizado a dimensão da rede quanto ao número de dispositivos, tornando-a mais fácil de gerir e aumentando a sua fiabilidade e o seu tempo de vida

Performance of constrained wireless devices in the Internet of Things

The Internet of Things is an emerging concept where every device, regardless of size, have their own connection to the Internet. This thesis examines what possible limitations are imposed on the functionality of resource constrained, wireless devices. Several different technologies are evaluated and compared, before a set of them is chosen for inclusion in an implementation, for example: IEEE 802.15.4, 6LoWPAN and CoAP. The implementation uses the Contiki operating system, and runs on a Texas Instruments CC2530 SoC. We then examine several different performance aspects of our implementation: the amount of data sent, memory usage and energy consumption. The results are discussed together with security aspects applicable to the Internet of things. The memory usage and power consumption were found to be severe issues. Due to the small amount of memory on the chip, all features could not be used at the same time. In addition, the power consumption was found to be too high for battery-powered usage, giving a lifetime of only 27 hours using a button cell battery. The conclusion is that hardware with more memory, and lower power consumption is required. New protocols for radio power-saving should also be developed and implemented in software.Internet of Things – sakernas internet – är ett framväxande koncept där varje enhet, oavsett storlek, har en anslutning till Internet. Detta examensarbete undersöker vilka möjliga begränsningar i funktionalitet detta får på trådlösa enheter med begränsade resurser. Flera olika teknologier undersöks och jämförs, innan ett antal väljs ut för att ingå i en implementation, till exempel: IEEE 802.15.4, 6LoWPAN och CoAP. Implementationen använder operativsystemet Contiki och körs på ett Texas Instruments CC2530 SoC. Flera prestandaaspekter undersöks: mängden skickad data, minnesanvändning och energiförbrukning. Resultaten diskuteras tillsammans med säkerhetsaspekter att ta hänsyn till i Internet of Things. Minnesanvändningen och energiförbrukningen är de mest problematiska områdena. På grund av chippets begränsade mängd minne kan inte all funktionalitet användas samtidigt. Dessutom är energiförbrukningen för hög för längre tids strömförsörjning med batteri, vilket ger en livslängd på enbart 27 timmar med ett knappcellsbatteri. Slutsatsen är att hårdvara med mer minne och lägre energiförbrukning behövs. Nya protokoll för energibesparande radioanvändning behöver också utvecklas och implementeras i mjukvara

Development of a Personal Area Network for biomedical measurements for Internet of Things (IoT)

Internet of Things is a set of ever growing technologies and specialized devices that are increasingly influential in our everyday lives. IoT is all about connecting the physical and the digital worlds in one enabling the collection of real world data and the automation of processes. IoT turns your typical device into an smart, programmable one, more capable of interacting with humans and thus enabling users to better understand their surroundings through the data collected. This data collected by the IoT devices can then be used on all kinds of contemporary services and applications. This project aims to implement an IoT application for biomedical measurements, consisting of a WSN(Wireless Sensor Network), where three sensor nodes will collect physical world measurements. This collected information will be transmitted to a routing device, that further send the information to the internet, where the user will be able to access the data in real time through a web browser and schedule some events. In order to carry out the described scenario, a Raspberry Pi and four Zolertia Z1, three working as sensor nodes and one working as a routing node were used. The Z1 mote is powered by a low power MSP430 class microcontroller. Contiki was the operating system chosen to run the sensor nodes. In this scenario, Raspberry Pi plays the role of a router, enabling the connection of the WSN network and the internet. To send the information from the nodes, a high-speed program was developed, aiming to beat the default restrictions that Contiki OS imposes on high-speed networks. The transport protocol chosen is UDP. On the receiving end, an UDP server and a python script were developed with the intent to send the collected data to our ASP.NET web server and mySQL database. Finally connectivity tests and network speed tests of the deployed system are presented

A network access control framework for 6LoWPAN networks

Low power over wireless personal area networks (LoWPAN), in particular wireless sensor networks, represent an emerging technology with high potential to be employed in critical situations like security surveillance, battlefields, smart-grids, and in e-health applications. The support of security services in LoWPAN is considered a challenge. First, this type of networks is usually deployed in unattended environments, making them vulnerable to security attacks. Second, the constraints inherent to LoWPAN, such as scarce resources and limited battery capacity, impose a careful planning on how and where the security services should be deployed. Besides protecting the network from some well-known threats, it is important that security mechanisms be able to withstand attacks that have not been identified before. One way of reaching this goal is to control, at the network access level, which nodes can be attached to the network and to enforce their security compliance. This paper presents a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes