HIP security architecture for the IP-based internet of things

The IP-based Internet of Things refers to the pervasive interactions of smart objects and people enabling new applications by means of IP protocols. An application scenario is a Smart City in which the city infrastructure, cars, and people exchange information to enable new services. IP protocols, such as IPv6, TCP and HTTP will be further complemented by IPv6 over Low power Wireless Personal Area Networks and Constrained Application Protocol currently in development in IETF. Security and privacy are a must for the IP-based IoTs in order to ensure its acceptance. However, mobility, limited bandwidth, and resource-constrained devices pose new challenges and require for a sound and efficient security architecture. In particular, dynamic association of mobile smart objects and the management of keys in large-scale networks remain an open challenge. In this context, we propose a flexible security architecture based on the Host Identity Protocol and Multimedia Internet KEYing protocols allowing for secure network association and key management. HIP - based on asymmetric-key cryptography - ensures unambiguous thing identification, mobility support, as well as a lightweight and secure method for network association. In our solution, HIP is extended with MIKEY capabilities to provide enhanced key management using polynomials, which allow to generate pair wise keys with any node based on its identity. This combination of protocols and crypto-algorithms ensures both strong security and very good performance as shown by our implementation and presents clear advantages compared with other alternatives

Securing the IP-based internet of things with HIP and DTLS

<p>The IP-based Internet of Things (IoT) refers to the pervasive interaction of smart devices and people enabling new applications by means of new IP protocols such as 6LoWPAN and CoAP. Security is a must, and for that we need a secure architecture in which all device interactions are protected, from joining an IoT network to the secure management of keying materials. However, this is challenging because existing IP security protocols do not offer all required functionalities and typical Internet solutions do not lead to the best performance.</p> <p>We propose and compare two security architectures providing secure network access, key management and secure communication. The first solution relies on a new variant of the Host Identity Protocol (HIP) based on pre-shared keys (PSK), while the second solution is based on the standard Datagram Transport Layer Security (DTLS). Our evaluation shows that although the HIP solution performs better, the currently limited usage of HIP poses severe limitations. The DTLS architecture allows for easier interaction and interoperability with the Internet, but optimizations are needed due to its performance issues.</p&gt