Axiom: DTLS-Based Secure IoT Group Communication

This article presents Axiom, a DTLS-based approach to efficiently secure multicast group communication among IoT-constrained devices. Axiom provides an adaptation of the DTLS record layer, relies on key material commonly shared among the group members, and does not require one to perform any DTLS handshake. We made a proof-of-concept implementation of Axiom based on the tinyDTLS library for the Contiki OS and used it to experimentally evaluate performance of our approach on real IoT hardware. Results show that Axiom is affordable on resource-constrained platforms and performs significantly better than related alternative approaches.

[1]  John Foley,et al.  Authenticated Encryption with Replay prOtection (AERO) , 2014 .

[2]  Hannes Tschofenig,et al.  Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) , 2005, RFC.

[3]  Marco Tiloca Efficient Protection of Response Messages in DTLS-Based Secure Multicast Communication , 2014, SIN.

[4]  Pascal Thubert,et al.  Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks , 2011, RFC.

[5]  Ran Canetti,et al.  Multicast Security (MSEC) Group Key Management Architecture , 2005, RFC.

[6]  George M. Gross,et al.  GSAKMP: Group Secure Association Key Management Protocol , 2006, RFC.

[7]  Gianluca Dini,et al.  HISS: A HIghly Scalable Scheme for Group Rekeying , 2013, Comput. J..

[8]  Gerd Kortuem,et al.  Smart objects as building blocks for the Internet of things , 2010, IEEE Internet Computing.

[9]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[10]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[11]  David A. McGrew,et al.  An Interface and Algorithms for Authenticated Encryption , 2008, RFC.

[12]  Paul E. Hoffman,et al.  Internet Key Exchange Protocol Version 2 (IKEv2) , 2010, RFC.

[13]  Pekka Savola,et al.  Overview of the Internet Multicast Routing Architecture , 2008, RFC.

[14]  Hannes Tschofenig,et al.  Internet Engineering Task Force (ietf) Using Raw Public Keys in Transport Layer Security (tls) and Datagram Transport Layer Security (dtls) , 2022 .

[15]  Robert W. Shirey,et al.  Internet Security Glossary, Version 2 , 2007, RFC.

[16]  Gianluca Dini,et al.  GREP: A group rekeying protocol based on member join history , 2016, 2016 IEEE Symposium on Computers and Communication (ISCC).

[17]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[18]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[19]  Marco Tiloca,et al.  Secure Two-Way DTLS-Based Group Communication in the IoT , 2015 .

[20]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[21]  Abhijit Choudhury,et al.  AES Galois Counter Mode (GCM) Cipher Suites for TLS , 2008, RFC.

[22]  Hannes Tschofenig,et al.  Transport Layer Security (TLS) / Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things , 2016, RFC.

[23]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[24]  Akbar Rahman,et al.  Group Communication for the Constrained Application Protocol (CoAP) , 2014, RFC.

[25]  David A. McGrew,et al.  AES-CCM Cipher Suites for Transport Layer Security (TLS) , 2012, RFC.

[26]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 1998, SIGCOMM '98.

[27]  Adam Dunkels,et al.  Software-based on-line energy estimation for sensor nodes , 2007, EmNets '07.

[28]  Brian Weis,et al.  Multicast Extensions to the Security Architecture for the Internet Protocol , 2008, RFC.

[29]  Esko Dijk,et al.  DTLS-based Multicast Security for Low-Power and Lossy Networks (LLNs) , 2012 .

[30]  Brian Weis,et al.  The Multicast Group Security Architecture , 2004, RFC.

[31]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.