Lightweight Authentication Protocol (LAUP) for 6LoWPAN wireless sensor networks

© 2017 IEEE. 6LoWPAN networks involving wireless sensors consist of resource starving miniature sensor nodes. Since secured authentication of these resource-constrained sensors is one of the important considerations during communication, use of asymmetric key distribution scheme may not be the perfect choice to achieve secure authentication. Recent research shows that Lucky Thirteen attack has compromised Datagram Transport Layer Security (DTLS) with Cipher Block Chaining (CBC) mode for key establishment. Even though EAKES6Lo and S3K techniques for key establishment follow the symmetric key establishment method, they strongly rely on a remote server and trust anchor for secure key distribution. Our proposed Lightweight Authentication Protocol (LAUP) used a symmetric key method with no preshared keys and comprised of four flights to establish authentication and session key distribution between sensors and Edge Router in a 6LoWPAN environment. Each flight uses freshly derived keys from existing information such as PAN ID (Personal Area Network IDentification) and device identities. We formally verified our scheme using the Scyther security protocol verification tool for authentication properties such as Aliveness, Secrecy, Non-Injective Agreement and Non-Injective Synchronization. We simulated and evaluated the proposed LAUP protocol using COOJA simulator with ContikiOS and achieved less computational time and low power consumption compared to existing authentication protocols such as the EAKES6Lo and SAKES

Exploiting the Remote Server Access Support of CoAP Protocol

© 2014 IEEE. The constrained application protocol (CoAP) is a specially designed Web transfer protocol for use with constrained nodes and low-power networks. The widely available CoAP implementations have failed to validate the remote CoAP clients. Each CoAP client generates a random source port number when communicating with the CoAP server. However, we observe that in such implementations it is difficult to distinguish the regular packet and the malicious packet, opening a door for a potential off-path attack. The off-path attack is considered a weak attack on a constrained network and has received a less attention from the research community. However, the consequences resulting from such an attack cannot be ignored in practice. In this article, we exploit the combination of IP spoofing vulnerability and the remote server access support of CoAP is to be launch an off-path attack. The attacker injects a fake request message to change the credentials of the 6LoWPAN smart door keypad lock system. This creates a request spoofing vulnerability in CoAP, and the attacker exploits this vulnerability to gain full access to the system. Through our implementation, we demonstrated the feasibility of the attack scenario on the 6LoWPAN-CoAP network using smart door keypad lock. We proposed a machine learning (ML)-based approach to mitigate such attacks. To the best of our knowledge, we believe that this is the first article to analyze the remote CoAP server access support and request spoofing vulnerability of CoAP to launch an off-path attack and demonstrate how an ML-based approach can be deployed to prevent such attacks