OnboardICNg: a Secure Protocol for On-boarding IoT Devices in ICN

Information-Centric Networking (ICN) is an emerging networking paradigm that focuses on content distribution and aims at replacing the current IP stack. Implementations of ICN have demonstrated its advantages over IP, in terms of network performance and resource requirements. Because of these advantages, ICN is also considered to be a good network paradigm candidate for the Internet-of-Things (IoT), especially in scenarios involving resource constrained devices. In this paper we propose OnboardICNg, the first secure protocol for on-boarding (authenticating and authorizing) IoT devices in ICN mesh networks. OnboardICNg can securely onboard resource constrained devices into an existing IoT network, outperforming the authentication protocol selected for the ZigBee-IP specification: EAP-PANA, i.e., the Protocol for carrying Authentication for Network Access (PANA) combined with the Extensible Authentication Protocol (EAP). In particular we show that, compared with EAP-PANA, OnboardICNg reduces the communication and energy consumption, by 87% and 66%, respectively.

[1]  Roberto Di Pietro,et al.  ECCE: Enhanced cooperative channel establishment for secure pair-wise communication in wireless sensor networks , 2007, Ad Hoc Networks.

[2]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[3]  Antonella Molinaro,et al.  Internet of Things via Named Data Networking: The support of push traffic , 2014, 2014 International Conference and Workshop on the Network of the Future (NOF).

[4]  J.A. Stankovic,et al.  Denial of Service in Sensor Networks , 2002, Computer.

[5]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[6]  Lixia Zhang,et al.  Securing building management systems using named data networking , 2014, IEEE Network.

[7]  Thomas C. Schmidt,et al.  Information centric networking in the IoT: experiments with NDN in the wild , 2014, ICN '14.

[8]  Mauro Conti,et al.  Poseidon: Mitigating interest flooding DDoS attacks in Named Data Networking , 2013, 38th Annual IEEE Conference on Local Computer Networks.

[9]  Mauro Conti,et al.  Cache Privacy in Named-Data Networking , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems.

[10]  Guoqiang Wang,et al.  ICN based Architecture for IoT , 2014 .

[11]  Paul E. Hoffman,et al.  Internet Key Exchange Protocol Version 2 (IKEv2) , 2010, RFC.

[12]  Donggang Liu,et al.  Establishing pairwise keys in distributed sensor networks , 2005, TSEC.

[13]  David A. Wagner,et al.  TinySec: a link layer security architecture for wireless sensor networks , 2004, SenSys '04.

[14]  Antonio Iera,et al.  Named data networking for IoT: An architectural perspective , 2014, 2014 European Conference on Networks and Communications (EuCNC).

[15]  Stephen E. Deering,et al.  Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.

[16]  Antonio F. Gómez-Skarmeta,et al.  PANATIKI: A Network Access Control Implementation Based on PANA for IoT Devices , 2013, Sensors.

[17]  Lidong Chen,et al.  Recommendation for Key Derivation Using Pseudorandom Functions (Revised) , 2009 .

[18]  Carsten Bormann,et al.  6LoWPAN: The Wireless Embedded Internet , 2009 .

[19]  Luigi V. Mancini,et al.  Violating Consumer Anonymity: Geo-Locating Nodes in Named Data Networking , 2015, ACNS.

[20]  Roberto Di Pietro,et al.  Secure cooperative channel establishment in wireless sensor networks , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[21]  Hannes Tschofenig,et al.  The EAP-PSK Protocol: A Pre-Shared Key Extensible Authentication Protocol (EAP) Method , 2007, RFC.

[22]  Sang Hyuk Son,et al.  The price of security in wireless sensor networks , 2010, Comput. Networks.

[23]  Gene Tsudik,et al.  Securing instrumented environments over content-centric networking: the case of lighting control and NDN , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[24]  Dan Simon,et al.  The EAP-TLS Authentication Protocol , 2008, RFC.

[25]  David E. Culler,et al.  SPINS: security protocols for sensor networks , 2001, MobiCom '01.

[26]  Gene Tsudik,et al.  Secure Sensing over Named Data Networking , 2014, 2014 IEEE 13th International Symposium on Network Computing and Applications.

[27]  寺岡 文男,et al.  Protocol for carrying Authentication for Network Access (PANA) を利用したネットワークアクセス認証システムの実装と検証 , 2007 .

[28]  Peter Kruus,et al.  CONSTRAINTS AND APPROACHES FOR DISTRIBUTED SENSOR NETWORK SECURITY , 2000 .

[29]  François-Xavier Standaert,et al.  On the Energy Cost of Communication and Cryptography in Wireless Sensor Networks , 2008, 2008 IEEE International Conference on Wireless and Mobile Computing, Networking and Communications.

[30]  Dan Forsberg,et al.  Protocol for Carrying Authentication for Network Access (PANA) , 2008, RFC.

[31]  Prakash Adhikari,et al.  Acknowledgment , 2017, Plant Biotechnology Reports.

[32]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.