Performance evaluation of end-to-end security protocols in an Internet of Things

Wireless Sensor Networks are destined to play a fundamental role in the next-generation Internet, which will be characterized by the Machine-to-Machine paradigm, according to which, embedded devices will actively exchange information, thus enabling the development of innovative applications. It will contribute to assert the concept of Internet of Things, where end-to-end security represents a key issue. In such context, it is very important to understand which protocols are able to provide the right level of security without burdening the limited resources of constrained networks. This paper presents a performance comparison between two of the most widely used security protocols: IPSec and DTLS. We provide the analysis of their impact on the resources of embedded devices. For this purpose, we have modified existing implementations of both protocols to make them properly run on our hardware platforms, and we have performed an extensive experimental evaluation study. The achieved results are not a consequence of a classical simulation campaign, but they have been obtained in a real scenario that uses software and hardware typical of the current technological developments. Therefore, they can help network designers to identify the most appropriate secure mechanism for end-to-end IP communications involving constrained devices.

[1]  David E. Culler,et al.  Transmission of IPv6 Packets over IEEE 802.15.4 Networks , 2007, RFC.

[2]  Adam Dunkels,et al.  Contiki - a lightweight and flexible operating system for tiny networked sensors , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[3]  Stephen T. Kent,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[4]  Maria Laura Stefanizzi,et al.  Implementation and validation of an energy-efficient MAC scheduler for WSNs by a test bed approach , 2012, SoftCOM 2012, 20th International Conference on Software, Telecommunications and Computer Networks.

[5]  Thiemo Voigt,et al.  6LoWPAN Compressed DTLS for CoAP , 2012, 2012 IEEE 8th International Conference on Distributed Computing in Sensor Systems.

[6]  Utz Roedig,et al.  Securing communication in 6LoWPAN with compressed IPsec , 2011, 2011 International Conference on Distributed Computing in Sensor Systems and Workshops (DCOSS).

[7]  Luca Catarinucci,et al.  SWITCHED-BEAM ANTENNA FOR WIRELESS SENSOR NETWORK NODES , 2013 .

[8]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[9]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[10]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[11]  Jürgen Schönwälder,et al.  Management of resource constrained devices in the internet of things , 2012, IEEE Communications Magazine.

[12]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[13]  Maria Laura Stefanizzi,et al.  Performance Evaluation of an Energy-Efficient MAC Scheduler by using a Test Bed Approach , 2013 .

[14]  Jorge Sá Silva,et al.  Enabling Network-Layer Security on IPv6 Wireless Sensor Networks , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[15]  Luca Mainetti,et al.  Evolution of wireless sensor networks towards the Internet of Things: A survey , 2011, SoftCOM 2011, 19th International Conference on Software, Telecommunications and Computer Networks.

[16]  Stephen T. Kent,et al.  IP Authentication Header , 1995, RFC.

[17]  Pascal Thubert,et al.  Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks , 2011, RFC.

[18]  Paul E. Hoffman,et al.  Internet Key Exchange Protocol Version 2 (IKEv2) , 2010, RFC.

[19]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[20]  Maria Laura Stefanizzi,et al.  An Energy-Efficient MAC Scheduler based on a Switched-Beam Antenna for Wireless Sensor Networks , 2013 .