Securing the Internet of Things: A Standardization Perspective

The Internet of Things (IoT) is the next wave of innovation that promises to improve and optimize our daily life based on intelligent sensors and smart objects working together. Through Internet Protocol (IP) connectivity, devices can now be connected to the Internet, thus allowing them to be read, controlled, and managed at any time and at any place. Security is an important aspect for IoT deployments. However, proprietary security solutions do not help in formulating a coherent security vision to enable IoT devices to securely communicate with each other in an interoperable manner. This paper gives an overview of the efforts in the Internet Engineering Task Force (IETF) to standardize security solutions for the IoT ecosystem. We first provide an in-depth review of the communication security solutions for IoT, specifically the standard security protocols to be used in conjunction with the Constrained Application Protocol (CoAP), an application protocol specifically tailored to the needs of adapting to the constraints of IoT devices. Since Datagram Transport Layer Security (DTLS) has been chosen as the channel security underneath CoAP, this paper also discusses the latest standardization efforts to adapt and enhance the DTLS for IoT applications. This includes the use of 1) raw public key in DTLS; 2) extending DTLS record Layer to protect group (multicast) communication; and 3) profiling DTLS for reducing the size and complexity of implementations on embedded devices. We also provide an extensive review of compression schemes that are being proposed in IETF to mitigate message fragmentation issues in DTLS.

[1]  Esko Dijk,et al.  DTLS-based Multicast Security for Low-Power and Lossy Networks (LLNs) , 2012 .

[2]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[3]  David E. Culler,et al.  Transmission of IPv6 Packets over IEEE 802.15.4 Networks , 2007, RFC.

[4]  Ran Canetti,et al.  Timed Efficient Stream Loss-Tolerant Authentication (TESLA): Multicast Source Authentication Transform Introduction , 2005, RFC.

[5]  Basavaraj Patil,et al.  Transmission of IPv6 Packets over BLUETOOTH Low Energy , 2013 .

[6]  Donald E. Eastlake,et al.  Transport Layer Security (TLS) Extensions: Extension Definitions , 2011, RFC.

[7]  Klaus Hartke,et al.  Practical Issues with Datagram Transport Layer Security in Constrained Environments , 2014 .

[8]  More than 50 billion connected devices , 2011 .

[9]  Peng Ning,et al.  2008 International Conference on Information Processing in Sensor Networks TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks ∗ , 2022 .

[10]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[11]  Donald Eastlake rd,et al.  Transport Layer Security (TLS) Extensions: Extension Definitions , 2011 .

[12]  Rabia Riaz,et al.  Security analysis survey and framework design for IP connected LoWPANs , 2009, 2009 International Symposium on Autonomous Decentralized Systems.

[13]  Gabriel Montenegro,et al.  IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals , 2007, RFC.

[14]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[15]  Oscar Garcia-Morchon,et al.  Securing the IP-based Internet of Things with DTLS , 2013 .

[16]  Zach Shelby,et al.  Transmission of IPv6 Packets over DECT Ultra Low Energy , 2013 .

[17]  David A. McGrew,et al.  AES-CCM Cipher Suites for Transport Layer Security (TLS) , 2012, RFC.

[18]  Bodo Möller,et al.  Network Working Group Elliptic Curve Cryptography (ecc) Cipher Suites for Transport Layer Security (tls) , 2006 .

[19]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[20]  Stephen Farrell,et al.  Pervasive Monitoring Is an Attack , 2014, RFC.

[21]  Sandeep Kumar,et al.  Profiling of DTLS for CoAP-based IoT Applications , 2013 .

[22]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[23]  Rodrigo Roman,et al.  Integrating wireless sensor networks and the internet: a security analysis , 2009, Internet Res..

[24]  Eric Rescorla,et al.  Guidelines for Writing RFC Text on Security Considerations , 2003, RFC.

[25]  Utz Roedig,et al.  Securing communication in 6LoWPAN with compressed IPsec , 2011, 2011 International Conference on Distributed Computing in Sensor Systems and Workshops (DCOSS).

[26]  Jari Arkko,et al.  MIKEY: Multimedia Internet KEYing , 2004, RFC.

[27]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[28]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[29]  Óscar García-Morchón,et al.  Securing the IP-based internet of things with HIP and DTLS , 2013, WiSec '13.

[30]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[31]  Oscar Garcia-Morchon,et al.  DTLS Relay for Constrained Environments , 2014 .

[32]  Hannes Tschofenig,et al.  A DTLS 1.2 Profile for the Internet of Things , 2014 .

[33]  Rodrigo Roman,et al.  Securing the Internet of Things , 2017, Smart Cards, Tokens, Security and Applications, 2nd Ed..

[34]  Philip Levis,et al.  RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks , 2012, RFC.

[35]  Hannes Tschofenig,et al.  Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) , 2005, RFC.

[36]  Pascal Thubert,et al.  Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks , 2011, RFC.

[37]  Johannes Merkle,et al.  Elliptic Curve Cryptography (ECC) Brainpool Curves for Transport Layer Security (TLS) , 2013, RFC.

[38]  Thomas R. Henderson,et al.  Host Identity Protocol Version 2 (HIPv2) , 2015, RFC.

[39]  Thiemo Voigt,et al.  Lithe: Lightweight Secure CoAP for the Internet of Things , 2013, IEEE Sensors Journal.

[40]  Carsten Bormann,et al.  Neighbor Discovery Optimization for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) , 2012, RFC.