Lightweight Authentication Protocol (LAUP) for 6LoWPAN wireless sensor networks

© 2017 IEEE. 6LoWPAN networks involving wireless sensors consist of resource starving miniature sensor nodes. Since secured authentication of these resource-constrained sensors is one of the important considerations during communication, use of asymmetric key distribution scheme may not be the perfect choice to achieve secure authentication. Recent research shows that Lucky Thirteen attack has compromised Datagram Transport Layer Security (DTLS) with Cipher Block Chaining (CBC) mode for key establishment. Even though EAKES6Lo and S3K techniques for key establishment follow the symmetric key establishment method, they strongly rely on a remote server and trust anchor for secure key distribution. Our proposed Lightweight Authentication Protocol (LAUP) used a symmetric key method with no preshared keys and comprised of four flights to establish authentication and session key distribution between sensors and Edge Router in a 6LoWPAN environment. Each flight uses freshly derived keys from existing information such as PAN ID (Personal Area Network IDentification) and device identities. We formally verified our scheme using the Scyther security protocol verification tool for authentication properties such as Aliveness, Secrecy, Non-Injective Agreement and Non-Injective Synchronization. We simulated and evaluated the proposed LAUP protocol using COOJA simulator with ContikiOS and achieved less computational time and low power consumption compared to existing authentication protocols such as the EAKES6Lo and SAKES

End-to-End IoT Security: Authentication, Vulnerability Exploration and Data Analysis

University of Technology Sydney. Faculty of Engineering and Information Technology.Wireless 6LoWPAN networks consist of resource-starved, small sensor nodes. Secure sensors’ communication is necessary to avoid threats such as a replay attack and a Man-in-the-Middle (MITM) attack. This research has three major parts. The first part of the research focuses on developing a lightweight authentication algorithm and key management of sensors within the 6LoWPAN network. Before transmitting sensible information, sensors must prove that they are the legal transmitting entity to the Edge Router. The second part of the research exploits the vulnerability of CoAP (Constrained Application Protocol) on the application layer of the 6LoWPAN protocol. We also investigate how 6LoWPAN with CoAP protocol withstands the off-path pin code injection threat while the 6LoWPAN sensor communicates with the legacy Internet. The Third part of the research deals with intelligent intrusion detection techniques using deep learning and clustering algorithms. The first part, Lightweight Authentication Protocol (LAUP), uses the symmetric key method with no pre-shared keys. It comprises four flights to establish authentication and session key distribution between sensors and Edge Router in a 6LoWPAN environment. Each flight of LAUP uses freshly derived keys from existing information such as PAN ID (Personal Area Network Identification) and device identities. The second part involves the CoAP protocol that resides in an application layer protocol of the 6LoWPAN protocol stack. The widely available CoAP implementations failed to validate the remote CoAP clients. We exploit the combination of IP Spoofing vulnerability and cross-protocol vulnerability of CoAP along with the remote server access support to launch the off-path attack. The off-path attack is considered a weak attack on a constrained network, and it receives less attention from the research community. However, the consequences resulting from such an attack cannot be ignored in practice. In the third part, we propose a two-fold network traffic analysis method for anomaly detection with Optimized Deep Clustering (ODC), which involves an optimized deep autoencoder and BIRCH clustering algorithm. We observed that our ODC deep clustering algorithm outperforms the existing deep clustering methods for anomaly detection. As a result of this research, we achieve an end-to-end secure communication of sensors within the 6LoWPAN constrained network and when the 6LoWPAN network devices interact with the legacy Internet. This research is a concrete contribution to the IoT Cyber Security community. Also, we ensure the secure communication of IoT by investigating the network traffic dataset despite any malfunction caused by an intruder

A context-aware encryption protocol suite for edge computing-based IoT devices

Heterogeneous devices are connected with each other through wireless links within a cyber physical system. These devices undergo resource constraints such as battery, bandwidth, memory and computing power. Moreover, the massive interconnections of these devices result in network latency and reduced speed. Edge computing offers a solution to this problem in which devices transmit the preprocessed actionable data in a formal way, resulting in reduced data traffic and improved speed. However, to provide the same level of security to each piece of information is not feasible due to limited resources. In addition, not all the data generated by Internet of things devices require a high level of security. Context-awareness principles can be employed to select an optimal algorithm based on device specifications and required information confidentiality level. For context-awareness, it is essential to consider the dynamic requirements of data confidentiality as well as device available resources. This paper presents a context-aware encryption protocol suite that selects optimal encryption algorithm according to device specifications and the level of data confidentiality. The results presented herein clearly exhibit that the devices were able to save 79% memory consumption, 56% battery consumption and 68% execution time by employing the proposed context-aware encryption protocol suite

Testbed evaluation of Lightweight Authentication Protocol (LAUP) for 6LoWPAN wireless sensor networks

© 2018 John Wiley & Sons, Ltd. 6LoWPAN networks involving wireless sensors consist of resource starving miniature sensor nodes. Since secured authentication is one of the important considerations, the use of asymmetric key distribution scheme may not be a perfect choice. Recent research shows that Lucky Thirteen attack has compromised Datagram Transport Layer Security (DTLS) with Cipher Block Chaining (CBC) mode for key establishment. Even though EAKES6Lo and S3 K techniques for key establishment follow the symmetric key establishment method, they strongly rely on a remote server and trust anchor. Our proposed Lightweight Authentication Protocol (LAUP) used a symmetric key method with no preshared keys and comprised of four flights to establish authentication and session key distribution between sensors and Edge Router in a 6LoWPAN environment. Each flight uses freshly derived keys from existing information such as PAN ID (Personal Area Network IDentification) and device identities. We formally verified our scheme using the Scyther security protocol verification tool. We simulated and evaluated the proposed LAUP protocol using COOJA simulator and achieved less computational time and low power consumption compared to existing authentication protocols such as the EAKES6Lo and SAKES. LAUP is evaluated using real-time testbed and achieved less computational time, which is supportive of our simulated results