Performance Evaluation of end-to-end security protocols in an Internet of Things

Wireless Sensor Networks are destined to play a fundamental role in the next-generation Internet, which will be characterized by the Machine-to-Machine paradigm, according to which, embedded devices will actively exchange information, thus enabling the development of innovative applications. It will contribute to assert the concept of Internet of Things, where end-to-end security represents a key issue. In such context, it is very important to understand which protocols are able to provide the right level of security without burdening the limited resources of constrained networks. This paper presents a performance comparison between two of the most widely used security protocols: IPSec and DTLS. We provide the analysis of their impact on the resources of embedded devices. For this purpose, we have modified existing implementations of both protocols to make them properly run on our hardware platforms, and we have performed an extensive experimental evaluation study. The achieved results are not a consequence of a classical simulation campaign, but they have been obtained in a real scenario that uses software and hardware typical of the current technological developments. Therefore, they can help network designers to identify the most appropriate secure mechanism for end-to-end IP communications involving constrained devices

Efficient End-to-End Secure Key Management Protocol for Internet of Things

Internet of things (IoT) has described a futurevision of internetwhere users, computing system, and everyday objects possessing sensing and actuating capabilities are part of distributed applications and required to support standard internet communication with more powerful device or internet hosts. This vision necessitates the security mechanisms for end-to-end communication. A key management protocol is critical to ensuring the secure exchange of data between interconnecting entities, but due to the nature of this communication system where a high resource constrained node may be communicating with node with high energy makes the application of existing key management protocols impossible. In this paper, we propose a new lightweight key management protocol that allows the constrained node in 6loWPAN network to transmit captured data to internet host in secure channel. This protocol is based on cooperation of selected 6loWPAN routers to participate in computation of highly consuming cryptographic primitives. Our protocol is assessed with AVISPA tool, the results show that our scheme ensured security properties

Lightweighted and energy-aware MIKEY-Ticket for e-health applications in the context of internet of things

E-health applications have emerged as a promising approach to provide unobtrusive and customizable support to elderly and frail people based on their situation and circumstances. However, due to limited resources available in such systems and data privacy concerns, security issues constitute a major obstacle to their safe deployment. To secure e-health communications, key management protocols play a vital role in the security process. Nevertheless, current e-health systems are unable to run existing standardized key management protocols due to their limited energy power and computational capabilities. In this paper, we introduce two solutions to tailor MIKEY-Ticket protocol to constrained environments. Firstly, we propose a new header compression scheme to reduce the size of MIKEYs header from 12 Bytes to 3 Bytes in the best compression case. Secondly, we present a new exchange mode to reduce the number of exchanged messages from six to four. We have used a formal validation method to evaluate and validate the security properties of our new tailored MIKEY-Ticket protocol. In addition, we have evaluated both communication and computational costs to demonstrate the energy gain. The results show a decrease in MIKEY-Ticket overhead and a considerable energy gain without compromising its security properties

Desarrollo de un entorno de pruebas de autenticación y seguridad de redes de sensores con IPv6

Las redes inalámbricas de sensores (WSN) han tenido un creciente impacto en el mundo de las telecomunicaciones en los últimos años. Esto se debe en parte al auge del Internet de las cosas (IoT). Estas redes permiten que dispositivos de bajo consumo puedan comunicarse entre sí formando una malla, o con otros equipos en Internet a través de una pasarela. El pequeño tamaño y la autonomía de los dispositivos que las forman permiten su despliegue en lugares antes insospechados. Y su uso en aplicaciones antes impensables. En este tipo de redes, la seguridad muchas veces puede ser un punto crítico. Pues las aplicaciones que se nutren de la información recogida por los sensores podrían verse gravemente afectadas si éstos fallan o si los datos son interceptados o modificados. Además, el aumento de dispositivos conectados a Internet ha traído consigo un gran aumento en la demanda de direcciones en Internet. Y es aquí donde entra en escena el protocolo IPv6. Este protocolo nos proporciona un espacio de direcciones mucho mayor que el protocolo IPv4 que es el que se viene usando hasta ahora en Internet, además de otros cambios. Es por eso que este trabajo tiene como finalidad el estudio de distintos mecanismos de autenticación y seguridad en redes inalámbricas de sensores que funcionen con IPv6. Y así poder hacer pruebas para asegurar las que se presupone que serán las redes que predominarán en un futuro cercano en el mundo de las telecomunicaciones.Wireless sensor networks (WSN) had a growing impact on the telecommunications world in recent years. This is due in part to the rise of the Internet of Things (IoT). These networks allow low-power devices to communicate with each other forming a mesh, or with other devices on the Internet through a gateway. Their small size and their autonomy let this devices be deployed in unexpected places. And used in applications that we could not imagine in the past. In this type of networks, security is a very important matter most of the times. Because the applications that collect the sensor data could be severely affected if they crash, or if the data is intercepted or modified. Furthermore, the increase in Internet-connected devices has brought a large increase in the Internet adresses demand. And here it is where IPv6 protocol is vital. This protocol provides a larger adress space than IPv4, which at the moment is the most used on the Internet. Besides IPv6 comes with other changes. That is why this work is oriented to study different authentication and security mechanisms in wireless sensor networks that work with IPv6. So that we can make a test environment to ensure the networks that we think will proliferate in the next years.Universidad de Sevilla. Grado en Ingeniería de las Tecnologías de Telecomunicació