Architectures and Protocols for Secure and Energy-Efficient Integration of Wireless Sensor Networks with the Internet of Things. (Architectures et protocoles pour une intégration sécurisée et économe en énergie des réseaux de capteurs dans l'Internet des objets)

Our research explores the intersection of academic, industrial and standardization spheres to enable secure and energy-efficient Internet of Things. We study standards-based security solutions bottom-up and first observe that hardware accelerated cryptography is a necessity for Internet of Things devices, as it leads to reductions in computational time, as much as two orders of magnitude. Overhead of the cryptographic primitives is, however, only one of the factors that influences the overall performance in the networking context. To understand the energy - security tradeoffs, we evaluate the effect of link-layer security features on the performance of Wireless Sensors Networks. We show that for practical applications and implementations, link-layer security features introduce a negligible degradation on the order of a couple of percent, that is often acceptable even for the most energy-constrained systems, such as those based on harvesting.Because link-layer security puts trust on each node on the communication path consisted of multiple, potentially compromised devices, we protect the information flows by end-to-end security mechanisms. We therefore consider Datagram Transport Layer Security (DTLS) protocol, the IETF standard for end-to-end security in the Internet of Things and contribute to the debate in both the standardization and research communities on the applicability of DTLS to constrained environments. We provide a thorough performance evaluation of DTLS in different duty-cycled networks through real-world experimentation, emulation and analysis. Our results demonstrate surprisingly poor performance of DTLS in networks where energy efficiency is paramount. Because a DTLS client and a server exchange many signaling packets, the DTLS handshake takes between a handful of seconds and several tens of seconds, with similar results for different duty cycling protocols.But apart from its performance issues, DTLS was designed for point-to-point communication dominant in the traditional Internet. The novel Constrained Ap- plication Protocol (CoAP) was tailored for constrained devices by facilitating asynchronous application traffic, group communication and absolute need for caching. The security architecture based on DTLS is, however, not able to keep up and advanced features of CoAP simply become futile when used in conjunction with DTLS. We propose an architecture that leverages the security concepts both from content-centric and traditional connection-oriented approaches. We rely on secure channels established by means of DTLS for key exchange, but we get rid of the notion of “state” among communicating entities by leveraging the concept of object security. We provide a mechanism to protect from replay attacks by coupling the capability-based access control with network communication and CoAP header. OSCAR, our object-based security architecture, intrinsically supports caching and multicast, and does not affect the radio duty-cycling operation of constrained devices. Ideas from OSCAR have already found their way towards the Internet standards and are heavily discussed as potential solutions for standardization.

[1]  Kristofer S. J. Pister,et al.  Theoretical and Practical Limits to Sensitivity in IEEE 802.15.4 Receivers , 2007, 2007 14th IEEE International Conference on Electronics, Circuits and Systems.

[2]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[3]  Gabor Karsai,et al.  Smart Dust: communicating with a cubic-millimeter computer , 2001 .

[4]  David E. Culler,et al.  Transmission of IPv6 Packets over IEEE 802.15.4 Networks , 2007, RFC.

[5]  Stephen Dawson-Haggerty,et al.  Overview of Existing Routing Protocols for Low Power and Lossy Networks , 2009 .

[6]  Cecilia Mascolo,et al.  SenShare: Transforming Sensor Networks into Multi-application Sensing Infrastructures , 2012, EWSN.

[7]  Yang Yu,et al.  Supporting concurrent applications in wireless sensor networks , 2006, SenSys '06.

[8]  Jelena V. Misic,et al.  Cost of secure sensing in IEEE 802.15.4 networks , 2009, IEEE Transactions on Wireless Communications.

[9]  Eric Rescorla,et al.  The Design and Implementation of Datagram TLS , 2004, NDSS.

[10]  S. Mahlknecht,et al.  CSMA-MPS: a minimum preamble sampling MAC protocol for low power wireless sensor networks , 2004, IEEE International Workshop on Factory Communication Systems, 2004. Proceedings..

[11]  Radha Poovendran,et al.  Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[12]  Gabriele Romaniello,et al.  Energy Efficient Protocols for Harvested Wireless Sensor Networks. (Pile de protocoles pour des réseaux des capteurs avec récupération d'énergie) , 2015 .

[13]  Ludwig Seitz,et al.  Object Security of CoAP (OSCOAP) , 2016 .

[14]  Yee Wei Law,et al.  Energy-efficient link-layer jamming attacks against wireless sensor network MAC protocols , 2005, TOSN.

[15]  Jim Kurose,et al.  Computer Networking: A Top-Down Approach , 1999 .

[16]  Michael Richardson 6tisch secure join using 6top , 2015 .

[17]  Dawn Song,et al.  The TESLA Broadcast Authentication Protocol , 2002 .

[18]  Jonathan Tse,et al.  AES Hardware-Software Co-design in WSN , 2015, 2015 21st IEEE International Symposium on Asynchronous Circuits and Systems.

[19]  Yang Xianglong,et al.  A Design of Greenhouse Monitoring & Control System Based on ZigBee Wireless Sensor Network , 2007, 2007 International Conference on Wireless Communications, Networking and Mobile Computing.

[20]  Utz Roedig,et al.  Secure communication for the Internet of Things - a comparison of link-layer security and IPsec for 6LoWPAN , 2014, Secur. Commun. Networks.

[21]  Hannes Tschofenig The OAuth 2.0 Internet of Things (IoT) Client Credentials Grant , 2015 .

[22]  Pramod K. Varshney,et al.  Localization in Wireless Sensor Networks: Byzantines and Mitigation Techniques , 2013, IEEE Transactions on Signal Processing.

[23]  Georg Carle,et al.  A DTLS based end-to-end security architecture for the Internet of Things with two-way authentication , 2012, 37th Annual IEEE Conference on Local Computer Networks - Workshops.

[24]  Malisa Vucinic Routing in IPv6 Sensor Networks , 2012 .

[25]  Jelena V. Misic,et al.  Performance of a beacon enabled IEEE 802.15.4 cluster with downlink and uplink traffic , 2006, IEEE Transactions on Parallel and Distributed Systems.

[26]  Mehdi Mani,et al.  ACE use cases , 2014 .

[27]  Scott F. Midkiff,et al.  Denial-of-Service in Wireless Sensor Networks: Attacks and Defenses , 2008, IEEE Pervasive Computing.

[28]  Ohyoung Song,et al.  An Efficient Design of Security Accelerator for IEEE 802.15.4 Wireless Senor Networks , 2010, 2010 7th IEEE Consumer Communications and Networking Conference.

[29]  Carles Gomez,et al.  Route change latency in low-power and lossy wireless networks using RPL and 6LoWPAN Neighbor Discovery , 2011, 2011 IEEE Symposium on Computers and Communications (ISCC).

[30]  Hao Zhou,et al.  Transport Layer Security (TLS) Session Resumption without Server-Side State , 2006, RFC.

[31]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[32]  Luca Veltri,et al.  A novel batch-based group key management protocol applied to the Internet of Things , 2013, Ad Hoc Networks.

[33]  Thiemo Voigt,et al.  Lithe: Lightweight Secure CoAP for the Internet of Things , 2013, IEEE Sensors Journal.

[34]  Esko Dijk,et al.  DTLS-based Multicast Security for Low-Power and Lossy Networks (LLNs) , 2012 .

[35]  Andrzej Duda,et al.  Link reversal and reactive routing in Low Power and Lossy Networks , 2013, 2013 IEEE 24th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC).

[36]  Alfred Menezes,et al.  Weak Fields for ECC , 2004, CT-RSA.

[37]  Elisa Bertino,et al.  Secure Data Aggregation Technique for Wireless Sensor Networks in the Presence of Collusion Attacks , 2015, IEEE Transactions on Dependable and Secure Computing.

[38]  David A. McGrew,et al.  AES-CCM Cipher Suites for Transport Layer Security (TLS) , 2012, RFC.

[39]  Vipul Gupta,et al.  Energy analysis of public-key cryptography for wireless sensor networks , 2005, Third IEEE International Conference on Pervasive Computing and Communications.

[40]  Jean-Philippe Vasseur,et al.  Performance Evaluation of the Routing Protocol for Low-Power and Lossy Networks (RPL) , 2012, RFC.

[41]  Fabrice Theoleyre,et al.  Efficient topology construction for RPL over IEEE 802.15.4 in wireless sensor networks , 2014, Ad Hoc Networks.

[42]  Zach Shelby,et al.  CoAP Security Options , 2011 .

[43]  Ankur Mehta,et al.  Reliability through frequency diversity: why channel hopping makes sense , 2009, PE-WASUN '09.

[44]  Adam Wolisz,et al.  Optimized Asynchronous Multichannel Discovery of IEEE 802.15.4-Based Wireless Personal Area Networks , 2013, IEEE Transactions on Mobile Computing.

[45]  Utz Roedig,et al.  Securing communication in 6LoWPAN with compressed IPsec , 2011, 2011 International Conference on Distributed Computing in Sensor Systems and Workshops (DCOSS).

[46]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[47]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[48]  Carles Gomez,et al.  On the Network Convergence Process in RPL over IEEE 802.15.4 Multihop Networks: Improvement and Trade-Offs , 2014, Sensors.

[49]  M. Luk,et al.  MiniSec: A Secure Sensor Network Communication Architecture , 2007, 2007 6th International Symposium on Information Processing in Sensor Networks.

[50]  Timo Hämäläinen,et al.  Energy-efficient neighbor discovery protocol for mobile wireless sensor networks , 2009, Ad Hoc Networks.

[51]  Hannes Tschofenig The OAuth 2.0 Bearer Token Usage over the Constrained Application Protocol (CoAP) , 2015 .

[52]  John A. Stankovic,et al.  Security in wireless sensor networks , 2004, SASN '04.

[53]  Peng Ning,et al.  2008 International Conference on Information Processing in Sensor Networks TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks ∗ , 2022 .

[54]  Siarhei Kuryla,et al.  RPL: IPv6 Routing Protocol for Low power and Lossy Networks , 2010 .

[55]  Jari Arkko,et al.  End-to-end security for sleepy smart object networks , 2012, 37th Annual IEEE Conference on Local Computer Networks - Workshops.

[56]  Carles Gomez,et al.  Modeling the Message Count of the Trickle Algorithm in a Steady-State, Static Wireless Sensor Network , 2012, IEEE Communications Letters.

[57]  Andrzej Duda,et al.  Fast and energy-efficient topology construction in multi-hop multi-channel 802.15.4 networks , 2013, 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[58]  C. Karlof,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications, 2003..

[59]  Robert W. Shirey,et al.  Internet Security Glossary , 2000, RFC.

[60]  Ankur Mehta,et al.  Mitigating Multipath Fading through Channel Hopping in Wireless Sensor Networks , 2010, 2010 IEEE International Conference on Communications.

[61]  Scott Shenker,et al.  A data-oriented (and beyond) network architecture , 2007, SIGCOMM '07.

[62]  Fabrice Theoleyre,et al.  Multipath opportunistic RPL routing over IEEE 802.15.4 , 2011, MSWiM '11.

[63]  Akbar Rahman,et al.  Group Communication for the Constrained Application Protocol (CoAP) , 2014, RFC.

[64]  Hannes Tschofenig,et al.  Authentication and Authorization for Constrained Environments (ACE) , 2017 .

[65]  David A. Wagner,et al.  Security considerations for IEEE 802.15.4 networks , 2004, WiSe '04.

[66]  Adrian Perrig,et al.  Lightweight Protection of Group Content Distribution , 2015, IoTPTS@AsiaCCS.

[67]  Rene Struik 6TiSCH Security Architectural Considerations , 2015 .

[68]  Sye Keoh,et al.  A Hitchhiker's Guide to the (Datagram) Transport Layer Security Protocol for Smart Objects and Constrained Node Networks , 2013 .

[69]  Enzo Mingozzi,et al.  Trickle-F: Fair broadcast suppression to improve energy-efficient route formation with the RPL routing protocol , 2013, 2013 Sustainable Internet and ICT for Sustainability (SustainIT).

[70]  Fabien Todeschini Dimensionnement énergétique de réseaux de capteurs ultra-compacts autonomes en énergie. , 2014 .

[71]  JeongGil Ko,et al.  The Trickle Algorithm , 2011, RFC.

[72]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[73]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[74]  Fang Liu,et al.  Insider Attacker Detection in Wireless Sensor Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[75]  Adam Dunkels,et al.  Cross-Level Sensor Network Simulation with COOJA , 2006, Proceedings. 2006 31st IEEE Conference on Local Computer Networks.

[76]  Jordi Casademont,et al.  Forwarding Techniques for IP Fragmented Packets in a Real 6LoWPAN Network , 2011, Sensors.

[77]  Ludwig Seitz,et al.  Authorization framework for the Internet-of-Things , 2013, 2013 IEEE 14th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[78]  Jelena V. Misic,et al.  The Cost of Security: Performance of ZigBee Key Exchange Mechanism in an 802.15.4 Beacon Enabled Cluster , 2006, 2006 IEEE International Conference on Mobile Ad Hoc and Sensor Systems.

[79]  Elaine Shi,et al.  The Sybil attack in sensor networks: analysis & defenses , 2004, Third International Symposium on Information Processing in Sensor Networks, 2004. IPSN 2004.

[80]  Pascal Urard,et al.  A Nano quiescent Current Power Management for Autonomous Wireless Sensor Network , 2013, 2013 IEEE 20th International Conference on Electronics, Circuits, and Systems (ICECS).

[81]  V. Jacobson,et al.  Securing Network Content , 2009 .

[82]  Pawel Szalachowski,et al.  Secure broadcast in distributed networks with strong adversaries , 2015, Secur. Commun. Networks.

[83]  Andrzej Duda,et al.  Performance comparison of the RPL and LOADng routing protocols in a Home Automation scenario , 2013, 2013 IEEE Wireless Communications and Networking Conference (WCNC).

[84]  Rodrigo Roman,et al.  Integrating wireless sensor networks and the internet: a security analysis , 2009, Internet Res..

[85]  Marcello Mura,et al.  Modelling the power cost of security in Wireless Sensor Networks : The case of 802.15.4 , 2008, 2008 International Conference on Telecommunications.

[86]  Adam Dunkels,et al.  A database in every sensor , 2011, SenSys.

[87]  Subir Das,et al.  6TiSCH Security Architectural Elements, Desired Protocol Properties, and Framework , 2014 .

[88]  Gennaro Boggia,et al.  Standardized Protocol Stack for the Internet of (Important) Things , 2013, IEEE Communications Surveys & Tutorials.