IPsec over IEEE 802.15.4 for low power and lossy networks

The wide deployment of low-power and lossy networks (LLNs) connected to the Internet has raised many security concerns regarding the protection of data they handle and communicate. Such networks now face all sorts of security threats identified in traditional networks. However, solutions found in traditional networks cannot directly be adopted by LLNs, due to the inherent limited capabilities of the embedded systems that comprise them. This paper focuses on the security provided to LLN nodes using 6LoWPAN adaptation format, one of the predominant solutions adopted for communicating data over IEEE 802.15.4 networks. It proposes a compression format for IPsec, able to offer end-to-end security, that utilises AES-CCM* (CCM-Star), a variant of AES in Counter with CBC-MAC mode (AES-CCM), while considering the restrictions of the underlying IEEE 802.15.4 protocol. Compared to similar approaches, the proposed scheme features low packet overhead for providing both message authentication, integrity and confidentiality, while adhering to the latest standards.

[1]  Utz Roedig,et al.  Securing communication in 6LoWPAN with compressed IPsec , 2011, 2011 International Conference on Distributed Computing in Sensor Systems and Workshops (DCOSS).

[2]  Russ Housley,et al.  Counter with CBC-MAC (CCM) , 2003, RFC.

[3]  Dirk Fox,et al.  Advanced Encryption Standard (AES) , 1999, Datenschutz und Datensicherheit.

[4]  David E. Culler,et al.  Transmission of IPv6 Packets over IEEE 802.15.4 Networks , 2007, RFC.

[5]  Adam Dunkels,et al.  Contiki - a lightweight and flexible operating system for tiny networked sensors , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[6]  Russ Housley,et al.  Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP) , 2004, RFC.

[7]  Pedro José Marrón,et al.  COOJA/MSPSim: interoperability testing for wireless sensor networks , 2009, SimuTools.

[8]  Russ Housley,et al.  Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP) , 2005, RFC.

[9]  Steven M. Bellovin,et al.  Problem Areas for the IP Security Protocols , 1996, USENIX Security Symposium.

[10]  Pascal Thubert,et al.  Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks , 2011, RFC.

[11]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[12]  Kenneth G. Paterson,et al.  Cryptography in Theory and Practice: The Case of Encryption in IPsec , 2006, EUROCRYPT.

[13]  Utz Roedig,et al.  6LoWPAN Extension for IPsec , 2011 .