109 research outputs found
Demo Abstract: Securing Communication in 6LoWPAN with Compressed IPsec
With the inception of IPv6 it is possible to assign
a unique ID to each device on planet. Recently, wireless sensor
networks and traditional IP networks are more tightly integrated
using IPv6 and 6LoWPAN. Real-world deployments of WSN
demand secure communication. The receiver should be able to
verify that sensor data is generated by trusted nodes and/or
it may also be necessary to encrypt sensor data in transit.
Available IPv6 protocol stacks can use IPsec to secure data
exchanges. Thus, it is desirable to extend 6LoWPAN such that
IPsec communication with IPv6 nodes is possible. It is beneficial
to use IPsec because the existing end-points on the Internet do
not need to be modified to communicate securely with the WSN.
Moreover, using IPsec, true end-to-end security is implemented
and the need for a trustworthy gateway is removed.
In this demo we will show the usage of our implemented
lightweight IPsec. We will show how IPsec ensures end-to-end
security between an IP enabled sensor networks and the
traditional Internet. This is the first compressed lightweight
design, implementation, and evaluation of a 6LoWPAN extension
for IPsec. This demo complements the full paper that will appear
in the parent conference, DCOSSâ11
Securing Internet of Things with Lightweight IPsec
Real-world deployments of wireless sensor networks (WSNs) require
secure communication. It is important that a receiver is able to verify that sensor
data was generated by trusted nodes. In some cases it may also be necessary
to encrypt sensor data in transit. Recently, WSNs and traditional IP networks
are more tightly integrated using IPv6 and 6LoWPAN. Available IPv6 protocol
stacks can use IPsec to secure data exchange. Thus, it is desirable to extend
6LoWPAN such that IPsec communication with IPv6 nodes is possible. It is
beneficial to use IPsec because the existing end-points on the Internet do not
need to be modified to communicate securely with the WSN. Moreover, using
IPsec, true end-to-end security is implemented and the need for a trustworthy
gateway is removed.
In this paper we provide End-to-End (E2E) secure communication between
an IP enabled sensor nodes and a device on traditional Internet. This is the
first compressed lightweight design, implementation, and evaluation of 6LoWPAN
extension for IPsec on Contiki. Our extension supports both IPsec's Authentication
Header (AH) and Encapsulation Security Payload (ESP). Thus,
communication endpoints are able to authenticate, encrypt and check the integrity
of messages using standardized and established IPv6 mechanisms
Securing IoT-based collaborative applications using a new compressed and distributed MIKEY mode
International audienceMultimedia internet keying protocol (MIKEY) aims at establishing secure credentials between two communicating entities. However, existing MIKEY modes fail to meet the requirements of low-power and low-processing devices. To address this issue, we combine two previously proposed approaches to introduce a new compressed and distributed MIKEY mode applied to a collaborative internet of things context. A set of third parties is used to discharge the constrained nodes from heavy computational operations. Doing so, the MIKEY pre-shared mode is used in the constrained part of network, while the public key mode is used in the unconstrained part of the network. Furthermore, to mitigate the communication cost we introduce a new header compression scheme that reduces the size of MIKEY's header from 12 bytes to 3 bytes in the best compression case. To assess our approach, we performed a detailed security analysis using a formal validation tool (i.e., Avispa). In addition, we performed an energy evaluation of both communicational and computational costs. The obtained results show that our proposed mode is energy preserving whereas its security properties are preserved untouched
Supporting Cyber-Physical Systems with Wireless Sensor Networks: An Outlook of Software and Services
Sensing, communication, computation and control technologies are the essential building blocks of a cyber-physical system (CPS). Wireless sensor networks (WSNs) are a way to support CPS as they provide fine-grained spatial-temporal sensing, communication and computation at a low premium of cost and power. In this article, we explore the fundamental concepts guiding the design and implementation of WSNs. We report the latest developments in WSN software and services for meeting existing requirements and newer demands; particularly in the areas of: operating system, simulator and emulator, programming abstraction, virtualization, IP-based communication and security, time and location, and network monitoring and management. We also reflect on the ongoing
efforts in providing dependable assurances for WSN-driven CPS. Finally, we report on its applicability with a case-study on smart buildings
Performance Evaluation of end-to-end security protocols in an Internet of Things
Wireless Sensor Networks are destined to play a fundamental role in the next-generation Internet, which will be characterized by the Machine-to-Machine paradigm, according to which, embedded devices will actively exchange information, thus enabling the development of innovative applications. It will contribute to assert the concept of Internet of Things, where end-to-end security represents a key issue. In such context, it is very important to understand which protocols are able to provide the right level of security without burdening the limited resources of constrained networks. This paper presents a performance comparison between two of the most widely used security protocols: IPSec and DTLS. We provide the analysis of their impact on the resources of embedded devices. For this purpose, we have modified existing implementations of both protocols to make them properly run on our hardware platforms, and we have performed an extensive experimental evaluation study. The achieved results are not a consequence of a classical simulation campaign, but they have been obtained in a real scenario that uses software and hardware typical of the current technological developments. Therefore, they can help network designers to identify the most appropriate secure mechanism for end-to-end IP communications involving constrained devices
A Study on Sanctuary and Seclusion Issues in Internet-of-Things
Internet-of-Things (IoT) are everywhere in our daily life. They are used in our homes, in hospitals, deployed outside to control and report the changes in environment, prevent fires, and many more beneficial functionality. However, all those benefits can come of huge risks of seclusion loss and sanctuary issues. To secure the IoT devices, many research works have been con-ducted to countermeasure those problems and find a better way to eliminate those risks, or at least minimize their effects on the userïżœs seclusion and sanctuary requirements. The study consists of four segments. The first segment will explore the most relevant limitations of IoT devices and their solutions. The second one will present the classification of IoT attacks. The next segment will focus on the mechanisms and architectures for authentication and access control. The last segment will analyze the sanctuary issues in different layers
An Authentication and Key Establishment Scheme for the IP-Based Wireless Sensor Networks
Integration between wireless sensor networks and traditional IP networks using the IPv6 and 6LoWPAN standards is a very active research and application area. A combination of hybrid network significantly increases the complexity of addressing connectivity and fault tolerance problems in a highly heterogeneous environment, including for example different packet sizes in different networks. In such challenging conditions, securing the communication between nodes with very diverse computational, memory and energy storage resources is at the same time an essential requirement and a very complex issue. In this paper we present an efficient and secure mutual authentication and key establishment protocol based on Elliptic Curve Cryptography (ECC) by which different classes of nodes, with very different capabilities, can authenticate each other and establish a secret key for secure communication. The analysis of the proposed scheme shows that it provides good network connectivity and resilience against some well known attacks
Lightweighted and energy-aware MIKEY-Ticket for e-health applications in the context of internet of things
E-health applications have emerged as a promising approach to provide unobtrusive and customizable support to elderly and frail people based on their situation and circumstances. However, due to limited resources available in such systems and data privacy concerns, security issues constitute a major obstacle to their safe deployment. To secure e-health communications, key management protocols play a vital role in the security process. Nevertheless, current e-health systems are unable to run existing standardized key management protocols due to their limited energy power and computational capabilities. In this paper, we introduce two solutions to tailor MIKEY-Ticket protocol to constrained environments. Firstly, we propose a new header compression scheme to reduce the size of MIKEYs header from 12 Bytes to 3 Bytes in the best compression case. Secondly, we present a new exchange mode to reduce the number of exchanged messages from six to four. We have used a formal validation method to evaluate and validate the security properties of our new tailored MIKEY-Ticket protocol. In addition, we have evaluated both communication and computational costs to demonstrate the energy gain. The results show a decrease in MIKEY-Ticket overhead and a considerable energy gain without compromising its security properties
Securing IoT-based collaborative applications using a new compressed and distributed MIKEY mode
International audienceMultimedia internet keying protocol (MIKEY) aims at establishing secure credentials between two communicating entities. However, existing MIKEY modes fail to meet the requirements of low-power and low-processing devices. To address this issue, we combine two previously proposed approaches to introduce a new compressed and distributed MIKEY mode applied to a collaborative internet of things context. A set of third parties is used to discharge the constrained nodes from heavy computational operations. Doing so, the MIKEY pre-shared mode is used in the constrained part of network, while the public key mode is used in the unconstrained part of the network. Furthermore, to mitigate the communication cost we introduce a new header compression scheme that reduces the size of MIKEY's header from 12 bytes to 3 bytes in the best compression case. To assess our approach, we performed a detailed security analysis using a formal validation tool (i.e., Avispa). In addition, we performed an energy evaluation of both communicational and computational costs. The obtained results show that our proposed mode is energy preserving whereas its security properties are preserved untouched
- âŠ