Two-Way Authentication for the Internet-of-Things

This chapter introduces the first fully implemented two-way authentication security scheme for Internet-of-Things (IoT) based on existing Internet standards, specifically the Datagram Transport Layer Security (DTLS) protocol. By relying on an established standard, existing implementations, engineering techniques, and security infrastructure can be reused, which enables an easy security uptake. The proposed security scheme uses two public key cryptography algorithms, RSA (Rivest, Shamir und Adleman) and Elliptic Curve Cryptography (ECC), tailored for the resource heterogeneous nature of IoT devices. The two-way authentication solution presented is designed to work over standard communication stacks that offer UDP/IPv6 networking for Low power Wireless Personal Area Networks (LoWPANs). A prototype implementation of DTLS is presented here in the context of a system architecture, and the scheme’s feasibility (low overheads and high interoperability) is demonstrated through extensive evaluations on the DTLS-supporting platform OPAL as clusterhead with children of different IoT hardware platforms.

[1]  Vipul Gupta,et al.  Sizzle: a standards-based end-to-end security architecture for the embedded Internet , 2005, Third IEEE International Conference on Pervasive Computing and Communications.

[2]  Alfred Menezes,et al.  Authenticated Diffie-Hellman Key Agreement Protocols , 1998, Selected Areas in Cryptography.

[3]  Cecilia Mascolo,et al.  SenShare: Transforming Sensor Networks into Multi-application Sensing Infrastructures , 2012, EWSN.

[4]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[5]  Utz Roedig,et al.  6LoWPAN Extension for IPsec , 2011 .

[6]  Ian F. Akyildiz,et al.  Wireless sensor networks: a survey , 2002, Comput. Networks.

[7]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[8]  Corinna Schmitt Secure data transmission in wireless sensor networks , 2013 .

[9]  William E. Burr,et al.  Recommendation for Key Management, Part 1: General (Revision 3) , 2006 .

[10]  Thiemo Voigt,et al.  Lightweight IKEv2: A Key Management Solution for both Compressed IPsec and IEEE 802.15.4 Security , 2012 .

[11]  Carsten Bormann,et al.  6LoWPAN: The Wireless Embedded Internet , 2009 .

[12]  Peter I. Corke,et al.  Toward trusted wireless sensor networks , 2010, TOSN.

[13]  Khaled Masmoudi,et al.  Tiny 3-TLS: A Trust Delegation Protocol for Wireless Sensor Networks , 2006, ESAS.

[14]  Scott F. Midkiff,et al.  Denial-of-Service in Wireless Sensor Networks: Attacks and Defenses , 2008, IEEE Pervasive Computing.

[15]  Thiemo Voigt,et al.  6LoWPAN Compressed DTLS for CoAP , 2012, 2012 IEEE 8th International Conference on Distributed Computing in Sensor Systems.

[16]  Peng Ning,et al.  2008 International Conference on Information Processing in Sensor Networks TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks ∗ , 2022 .

[17]  Siarhei Kuryla,et al.  RPL: IPv6 Routing Protocol for Low power and Lossy Networks , 2010 .

[18]  Eric Rescorla,et al.  The Design and Implementation of Datagram TLS , 2004, NDSS.

[19]  Georg Carle,et al.  DTLS based security and two-way authentication for the Internet of Things , 2013, Ad Hoc Networks.

[20]  Carsten Bormann,et al.  Terminology for Constrained-Node Networks , 2014, RFC.

[21]  Georg Carle,et al.  TinyIPFIX: An efficient application protocol for data exchange in cyber physical systems , 2016, Comput. Commun..

[22]  Peng Ning,et al.  Mitigating DoS attacks against broadcast authentication in wireless sensor networks , 2008, TOSN.

[23]  Utz Roedig,et al.  Securing Internet of Things with Lightweight IPsec , 2010 .

[24]  Imrich Chlamtac,et al.  Internet of things: Vision, applications and research challenges , 2012, Ad Hoc Networks.

[25]  M. Luk,et al.  MiniSec: A Secure Sensor Network Communication Architecture , 2007, 2007 6th International Symposium on Information Processing in Sensor Networks.

[26]  Andreas Willig,et al.  Protocols and Architectures for Wireless Sensor Networks , 2005 .

[27]  Peter Kruus,et al.  TinyPK: securing sensor networks with public key technology , 2004, SASN '04.

[28]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[29]  Young-Joo Kim,et al.  SSL-Based Lightweight Security of IP-Based Wireless Sensor Networks , 2009, 2009 International Conference on Advanced Information Networking and Applications Workshops.

[30]  D. McGrew,et al.  The Galois/Counter Mode of Operation (GCM) , 2005 .

[31]  Johann Großschädl,et al.  Energy Evaluation of Software Implementations of Block Ciphers under Memory Constraints , 2007, 2007 Design, Automation & Test in Europe Conference & Exhibition.

[32]  Stephen Dawson-Haggerty,et al.  Hydro: A Hybrid Routing Protocol for Low-Power and Lossy Networks , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[33]  Kevin Klues,et al.  Opal: A Multiradio Platform for High Throughput Wireless Sensor Networks , 2011, IEEE Embedded Systems Letters.

[34]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[35]  Elaine B. Barker,et al.  SP 800-57. Recommendation for Key Management, Part 1: General (revised) , 2007 .

[36]  Stefan Tillich,et al.  Energy evaluation of software implementations of block ciphers under memory constraints , 2007 .

[37]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..