Evaluating the Performance of the OSCORE Security Protocol in Constrained IoT Environments

Abstract The Constrained Application Protocol (CoAP) is a standard communication protocol for resource-constrained devices in the Internet of Things (IoT). Many IoT deployments require proxies to support asynchronous communication between edge devices and the back-end. This allows (non-trusted) proxies to access sensitive parts of CoAP messages. Object Security for Constrained RESTful Environments (OSCORE) is a recent standard protocol that provides end-to-end security for CoAP messages at the application layer. Unlike the commonly used standard Datagram Transport Layer Security (DTLS), OSCORE efficiently provides selective integrity protection and encryption on different parts of CoAP messages. Thus, OSCORE enables end-to-end security through intermediary (non-trusted) proxies, while still allowing them to perform their expected services, with considerable security and privacy improvements. To assess whether these security features consume too much of the limited resources available on a constrained device, we have implemented OSCORE (the implementation is available as open-source), and evaluated its efficiency. This paper provides a comprehensive, comparative and experimental performance evaluation of OSCORE on real resource-constrained IoT devices, using the operating system Contiki-NG as IoT software platform. In particular, we experimentally evaluated the efficiency of our OSCORE implementation on resource-constrained devices running Contiki-NG, in comparison with the DTLS implementation TinyDTLS maintained by the Eclipse Foundation. The evaluation results show that our OSCORE implementation displays moderately better performance than TinyDTLS, in terms of per-message network overhead, memory usage, message round-trip time and energy efficiency, thus providing the security improvements of OSCORE with no additional performance penalty.

[1]  Jon Postel,et al.  User Datagram Protocol , 1980, RFC.

[2]  Luigi Lo Iacono,et al.  REST-ful CoAP Message Authentication , 2015, 2015 International Workshop on Secure Internet of Things (SIoT).

[3]  Klaus Wehrle,et al.  Towards viable certificate-based authentication for the internet of things , 2013, HotWiSec '13.

[4]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[5]  Ludwig Seitz,et al.  Object Security for Constrained RESTful Environments (OSCORE) , 2019, RFC.

[6]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[7]  OSCAR: Object security architecture for the Internet of Things , 2015, Ad Hoc Networks.

[8]  Bogdan M. Wilamowski,et al.  The Transmission Control Protocol , 2005, The Industrial Information Technology Handbook.

[9]  Francesca Palombini,et al.  Ephemeral Diffie-Hellman Over COSE (EDHOC) , 2019 .

[10]  Hannes Tschofenig,et al.  Internet Engineering Task Force (ietf) Using Raw Public Keys in Transport Layer Security (tls) and Datagram Transport Layer Security (dtls) , 2022 .

[11]  Paul E. Hoffman,et al.  Concise Binary Object Representation (CBOR) , 2020, RFC.

[12]  Roy Fielding,et al.  Architectural Styles and the Design of Network-based Software Architectures"; Doctoral dissertation , 2000 .

[13]  Abhijan Bhattacharyya,et al.  Lightweight security scheme for IoT applications using CoAP , 2014, Int. J. Pervasive Comput. Commun..

[14]  Thomas C. Schmidt,et al.  IoT Content Object Security with OSCORE and NDN: A First Experimental Comparison , 2020, 2020 IFIP Networking Conference (Networking).

[15]  Georg Carle,et al.  DTLS based security and two-way authentication for the Internet of Things , 2013, Ad Hoc Networks.

[16]  Eric Rescorla,et al.  Guidelines for Writing RFC Text on Security Considerations , 2003, RFC.

[17]  Hannes Tschofenig,et al.  Transport Layer Security (TLS) / Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things , 2016, RFC.

[18]  Urs Gerber,et al.  Trusted Lightweight Communication for IoT Systems Using Hardware Security , 2019, IOT.

[19]  Jim Schaad,et al.  CBOR Object Signing and Encryption (COSE) , 2017, RFC.

[20]  Carsten Bormann,et al.  Terminology for Constrained-Node Networks , 2014, RFC.

[21]  Adam Dunkels,et al.  Software-based on-line energy estimation for sensor nodes , 2007, EmNets '07.

[22]  Georg Carle,et al.  A DTLS based end-to-end security architecture for the Internet of Things with two-way authentication , 2012, 37th Annual IEEE Conference on Local Computer Networks - Workshops.

[23]  David A. McGrew,et al.  AES-CCM Cipher Suites for Transport Layer Security (TLS) , 2012, RFC.

[24]  Adnan Noor Mian,et al.  Energy efficient cross-layer approach for object security of CoAP for IoT devices , 2019, Ad Hoc Networks.

[25]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[26]  Ingrid Moerman,et al.  Secure Service Proxy: A CoAP(s) Intermediary for a Securer and Smarter Web of Things , 2017, Sensors.

[27]  Francesca Palombini,et al.  OSCORE profile of the Authentication and Authorization for Constrained Environments Framework , 2020 .

[28]  Hannes Tschofenig,et al.  Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) , 2005, RFC.

[29]  Thiemo Voigt,et al.  Lithe: Lightweight Secure CoAP for the Internet of Things , 2013, IEEE Sensors Journal.

[30]  Klaus Hartke,et al.  Observing Resources in the Constrained Application Protocol (CoAP) , 2015, RFC.

[31]  Ingrid Moerman,et al.  Maximum Throughput and Minimum Delay in IEEE 802.15.4 , 2005, MSN.

[32]  Jari Arkko,et al.  End-to-end security for sleepy smart object networks , 2012, 37th Annual IEEE Conference on Local Computer Networks - Workshops.

[33]  Utz Roedig,et al.  Secure communication for the Internet of Things - a comparison of link-layer security and IPsec for 6LoWPAN , 2014, Secur. Commun. Networks.