Protection of IoT transaction using ID-KEM based on three-pass protocol countermeasure

Vulnerability(s) and attack(s) can occur on the proxy or during translation protocol of secure transport protocols in Constrained Application Protocol (CoAP). Existing security countermeasure deploys Datagram Transport Security layer (DTLS) and Transport Security layer (TLS) between client and server as IoT (Internet of Things) communicating entities. Proxy plays the role of interface between client and Server. It can also decrypt the received message and encrypt data according to the used security transport protocol of the other side. The vulnerability appears during this phase, especially, where the proxy is not confident or supervised by an illegitimate entity. Consequently, passing through the proxy communication node, security services like confidentiality and integrity can easily be compromised. Exploiting advantages of studied cryptographic algorithms, we focus on our customized security objectives regarding proxy element and DTLS-TLS translation. We detail, in this paper, the algorithm and the sequence diagram of secure communication of our proposal adapted for CoAP architecture. As an encryption strategy, we follow the cryptographic envelope principle based on ID-KEM and Three-pass Protocol. As a hypothesis, we assumed that the communication deploys our recent IDMS (Identity management System) contribution for IoT, relying on the EAP_OAuth2.0 (Extensible Authentication Protocol and Open Authorization Protocol) protocols via DTLS, as the starting phase in order to keep authentication and authorization services. Finally, we describe the security validation, present our perspectives and conclude our work.

[1]  Antonio F. Gómez-Skarmeta,et al.  Enabling end-to-end CoAP-based communications for the Web of Things , 2016, J. Netw. Comput. Appl..

[2]  Sang-Il Choi,et al.  Use of Proxy Mobile IPv6 for Mobility Management in CoAP-Based Internet-of-Things Networks , 2016, IEEE Communications Letters.

[3]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[4]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[5]  Xiaopeng Yang,et al.  Efficient chosen ciphertext secure key encapsulation mechanism in standard model over ideal lattices , 2017, Int. J. Comput. Math..

[6]  Peter Saint-Andre,et al.  Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS) , 2015, RFC.

[7]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[8]  Leïla Azouz Saïdane,et al.  A taxonomy of identities management systems in IOT , 2015, 2015 IEEE/ACS 12th International Conference of Computer Systems and Applications (AICCSA).

[9]  Suman Jana,et al.  Recommendations for Randomness in the Operating System, or How to Keep Evil Children out of Your Pool and Other Random Facts , 2015, HotOS.

[10]  Jeffrey M. Voas,et al.  Learning Internet-of-Things Security "Hands-On" , 2016, IEEE Security & Privacy.

[11]  Chen Wei,et al.  Elliptic curve cryptosystem ElGamal encryption and transmission scheme , 2010, 2010 International Conference on Computer Application and System Modeling (ICCASM 2010).

[12]  Burkhard Stiller,et al.  DTLS-based Security with two-way Authentication for IoT , 2014 .

[13]  Pascal Urien TLS and DTLS Security Modules , 2019 .

[14]  Hannes Tschofenig,et al.  Transport Layer Security (TLS) / Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things , 2016, RFC.

[15]  Hella Kaffel Ben Ayed,et al.  An IDMS approach towards privacy and new requirements in IoT , 2017, 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC).

[16]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.