653 research outputs found
IETF standardization in the field of the Internet of Things (IoT): a survey
Smart embedded objects will become an important part of what is called the Internet of Things. However, the integration of embedded devices into the Internet introduces several challenges, since many of the existing Internet technologies and protocols were not designed for this class of devices. In the past few years, there have been many efforts to enable the extension of Internet technologies to constrained devices. Initially, this resulted in proprietary protocols and architectures. Later, the integration of constrained devices into the Internet was embraced by IETF, moving towards standardized IP-based protocols. In this paper, we will briefly review the history of integrating constrained devices into the Internet, followed by an extensive overview of IETF standardization work in the 6LoWPAN, ROLL and CoRE working groups. This is complemented with a broad overview of related research results that illustrate how this work can be extended or used to tackle other problems and with a discussion on open issues and challenges. As such the aim of this paper is twofold: apart from giving readers solid insights in IETF standardization work on the Internet of Things, it also aims to encourage readers to further explore the world of Internet-connected objects, pointing to future research opportunities
Old Wine in New Skins? Revisiting the Software Architecture for IP Network Stacks on Constrained IoT Devices
In this paper, we argue that existing concepts for the design and
implementation of network stacks for constrained devices do not comply with the
requirements of current and upcoming Internet of Things (IoT) use cases. The
IoT requires not only a lightweight but also a modular network stack, based on
standards. We discuss functional and non-functional requirements for the
software architecture of the network stack on constrained IoT devices. Then,
revisiting concepts from the early Internet as well as current implementations,
we propose a future-proof alternative to existing IoT network stack
architectures, and provide an initial evaluation of this proposal based on its
implementation running on top of state-of-the-art IoT operating system and
hardware.Comment: 6 pages, 2 figures and table
Enabling Intrusion Detection in IPSEC Protected IPV6 Networks through Secret-Key Sharing
As the Internet Protocol version 6 (IPv6) implementation becomes more widespread, the IP Security (IPSec) features embedded into the next-generation protocol will become more accessible than ever. Though the network-layer encryption provided by IPSec is a boon to data security, its use renders standard network intrusion detection systems (NIDS) useless. The problem of performing intrusion detection on encrypted traffic has been addressed by differing means with each technique requiring one or more static secret keys to be shared with the NIDS beforehand. The problem with this approach is static keying is much less secure than dynamic key generation through the Internet Key Exchange (IKE) protocol. This research creates and evaluates a secret-key sharing framework which allows both the added security of dynamic IPSec key generation through IKE, and intrusion detection capability for a NIDS on the network. Analysis shows that network traffic related to secret-key sharing with the proposed framework can account for up to 58.6% of total traffic in the worst case scenario, though workloads which are arguably more average decrease that traffic to 10-15%. Additionally, actions associated with IKE and secret-key sharing increase CPU utilization on the NIDS up to 20.7%. Results show, at least in limited implementations, a secret-key sharing framework provides robust coverage and is a viable intrusion detection option
Peer-to-Peer Communication Across Network Address Translators
Network Address Translation (NAT) causes well-known difficulties for
peer-to-peer (P2P) communication, since the peers involved may not be reachable
at any globally valid IP address. Several NAT traversal techniques are known,
but their documentation is slim, and data about their robustness or relative
merits is slimmer. This paper documents and analyzes one of the simplest but
most robust and practical NAT traversal techniques, commonly known as "hole
punching." Hole punching is moderately well-understood for UDP communication,
but we show how it can be reliably used to set up peer-to-peer TCP streams as
well. After gathering data on the reliability of this technique on a wide
variety of deployed NATs, we find that about 82% of the NATs tested support
hole punching for UDP, and about 64% support hole punching for TCP streams. As
NAT vendors become increasingly conscious of the needs of important P2P
applications such as Voice over IP and online gaming protocols, support for
hole punching is likely to increase in the future.Comment: 8 figures, 1 tabl
A Survey on Handover Management in Mobility Architectures
This work presents a comprehensive and structured taxonomy of available
techniques for managing the handover process in mobility architectures.
Representative works from the existing literature have been divided into
appropriate categories, based on their ability to support horizontal handovers,
vertical handovers and multihoming. We describe approaches designed to work on
the current Internet (i.e. IPv4-based networks), as well as those that have
been devised for the "future" Internet (e.g. IPv6-based networks and
extensions). Quantitative measures and qualitative indicators are also
presented and used to evaluate and compare the examined approaches. This
critical review provides some valuable guidelines and suggestions for designing
and developing mobility architectures, including some practical expedients
(e.g. those required in the current Internet environment), aimed to cope with
the presence of NAT/firewalls and to provide support to legacy systems and
several communication protocols working at the application layer
IPv6 Network Monitoring Tool
IPv6 is a new version of the internetworking protocol designed to address the scalability
and service shortcomings of the current standard, IPv4.Unfortunately, IPv4 and IPv6 are
not directly compatible, so programs and systems designed to one standard can not
communicate with those designed to the other. Consequently, it is necessary to develop
smooth transition mechanisms that enable applications to continue working while the
network is being upgraded. In this paper the author presents the design and
implementation of a network monitoring tool for the latest Internet Protocol; IPv6
which is designed for Microsoft Windows platform. The development of network has
increased the need to monitor the nodes that is operating across the same network. The
network monitoring tool aims to capture and analyze IP related packets (IPv6 packets)
before executing report on the results found
Connecting the World of Embedded Mobiles: The RIOT Approach to Ubiquitous Networking for the Internet of Things
The Internet of Things (IoT) is rapidly evolving based on low-power compliant
protocol standards that extend the Internet into the embedded world. Pioneering
implementations have proven it is feasible to inter-network very constrained
devices, but had to rely on peculiar cross-layered designs and offer a
minimalistic set of features. In the long run, however, professional use and
massive deployment of IoT devices require full-featured, cleanly composed, and
flexible network stacks.
This paper introduces the networking architecture that turns RIOT into a
powerful IoT system, to enable low-power wireless scenarios. RIOT networking
offers (i) a modular architecture with generic interfaces for plugging in
drivers, protocols, or entire stacks, (ii) support for multiple heterogeneous
interfaces and stacks that can concurrently operate, and (iii) GNRC, its
cleanly layered, recursively composed default network stack. We contribute an
in-depth analysis of the communication performance and resource efficiency of
RIOT, both on a micro-benchmarking level as well as by comparing IoT
communication across different platforms. Our findings show that, though it is
based on significantly different design trade-offs, the networking subsystem of
RIOT achieves a performance equivalent to that of Contiki and TinyOS, the two
operating systems which pioneered IoT software platforms
A New Model for Testing IPv6 Fragment Handling
Since the origins of the Internet, various vulnerabilities exploiting the IP
fragmentation process have plagued IPv4 protocol, many leading to a wide range
of attacks. IPv6 modified the handling of fragmentations and introduced a
specific extension header, not solving the related problems, as proved by
extensive literature. One of the primary sources of problems has been the
overlapping fragments, which result in unexpected or malicious packets when
reassembled. To overcome the problem related to fragmentation, the authors of
RFC 5722 decided that IPv6 hosts MUST silently drop overlapping fragments.
Since then, several studies have proposed methodologies to check if IPv6
hosts accept overlapping fragments and are still vulnerable to related attacks.
However, some of the above methodologies have not been proven complete or need
to be more accurate. In this paper we propose a novel model to check IPv6
fragmentation handling specifically suited for the reassembling strategies of
modern operating systems. Previous models, indeed, considered OS reassembly
policy as byte-based. However, nowadays, reassembly policies are
fragment-based, making previous models inadequate. Our model leverages the
commutative property of the checksum, simplifying the whole assessing process.
Starting with this new model, we were able to better evaluate the RFC-5722 and
RFC-9099 compliance of modern operating systems against fragmentation handling.
Our results suggest that IPv6 fragmentation can still be considered a threat
and that more effort is needed to solve related security issues
- …