HIP Security Architecture for the IP-Based Internet of Things

The IP-based Internet of Things refers to the pervasive interactions of smart objects and people enabling new applications by means of IP protocols. An application scenario is a Smart City in which the city infrastructure, cars, and people exchange information to enable new services. IP protocols, such as IPv6, TCP and HTTP will be further complemented by IPv6 over Low power Wireless Personal Area Networks and Constrained Application Protocol currently in development in IETF. Security and privacy are a must for the IP-based IoTs in order to ensure its acceptance. However, mobility, limited bandwidth, and resource-constrained devices pose new challenges and require for a sound and efficient security architecture. In particular, dynamic association of mobile smart objects and the management of keys in large-scale networks remain an open challenge. In this context, we propose a flexible security architecture based on the Host Identity Protocol and Multimedia Internet KEYing protocols allowing for secure network association and key management. HIP - based on asymmetric-key cryptography - ensures unambiguous thing identification, mobility support, as well as a lightweight and secure method for network association. In our solution, HIP is extended with MIKEY capabilities to provide enhanced key management using polynomials, which allow to generate pair wise keys with any node based on its identity. This combination of protocols and crypto-algorithms ensures both strong security and very good performance as shown by our implementation and presents clear advantages compared with other alternatives.

[1]  Thomas R. Henderson,et al.  Host Identity Protocol Version 2 (HIPv2) , 2015, RFC.

[2]  Antonio F. Gómez-Skarmeta,et al.  Network access security for the internet: protocol for carrying authentication for network access , 2012, IEEE Communications Magazine.

[3]  Eric Rescorla,et al.  Datagram Transport Layer Security , 2006, RFC.

[4]  Adam Dunkels,et al.  Contiki - a lightweight and flexible operating system for tiny networked sensors , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[5]  Roger Alexander,et al.  Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments , 2012 .

[6]  Donggang Liu,et al.  Establishing pairwise keys in distributed sensor networks , 2005, TSEC.

[7]  Moti Yung,et al.  Perfectly Secure Key Distribution for Dynamic Conferences , 1992, Inf. Comput..

[8]  William E. Burr,et al.  Recommendation for Key Management, Part 1: General (Revision 3) , 2006 .

[9]  Bernard Aboba,et al.  Extensible Authentication Protocol (EAP) , 2004, RFC.

[10]  Jari Arkko,et al.  MIKEY: Multimedia Internet KEYing , 2004, RFC.

[11]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[12]  Dan Forsberg,et al.  Protocol for Carrying Authentication for Network Access (PANA) , 2008, RFC.

[13]  Eric Rescorla,et al.  Guidelines for Writing RFC Text on Security Considerations , 2003, RFC.

[14]  Peng Ning,et al.  2008 International Conference on Information Processing in Sensor Networks TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks ∗ , 2022 .

[15]  Ari Keränen,et al.  Host Identity Protocol (HIP) Multi-Hop Routing Extension , 2010, RFC.

[16]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.