TLShps: SDN-Based TLS Handshake Protocol Simplification for IoT

  • Lei Yan
  • Maode MaEmail author
  • Yan Ma
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11611)


Transport Layer Security (TLS) is one of the most popular security protocols for end-to-end communications. The handshake process of TLS has high computation complexity and heavy delay, while the devices in Internet of Things (IoT) always have limited resources. Therefore, it is hard to deploy TLS in IoT. To tackle this problem, we propose a novel method to simplify the TLS handshake protocol based on Software Defined Network (SDN) for a general end-to-end communication scenario. Firstly, instead of doing the Diffie-Hellman key exchange to calculate the premaster secret of TLS, the controller is used to generate the premaster secret dynamically and then distributes this secret to the IoT devices through the encrypted channel between the SDN switch and the controller. Secondly, the certificate verification of TLS is transferred from the IoT devices to the more powerful controller. Furthermore, the security of our simplified protocol is validated by the deduction of BAN logic and the analysis for malicious attacks. The experimental results show that our protocol reduces both the latency in the whole handshake process and the computational overhead in the IoT devices compared with the traditional TLS.


TLS SDN IoT BAN logic Protocol simplification 



We appreciate the financial support from Ministry of Education, Singapore through the Academic Research Fund (AcRF) Tier 1 for the project of 2018-T1-001-092. This work is also supported by Project U1603261 supported by Joint Funds of National Natural Science Foundation of China and Xinjiang.


  1. 1.
  2. 2.
    Burrows, M., Abadi, M., Needham, R.M.: A logic of authentication. Proc. R. Soc. Lond. A Math. Phys. Eng. Sci. 426(1871), 233–271 (1989). Scholar
  3. 3.
    Cai, J., et al.: A handshake protocol with unbalanced cost for wireless updating. IEEE Access 6, 18570–18581 (2018). Scholar
  4. 4.
    Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol version 1.2. RFC 5246, August 2008.
  5. 5.
    Dragomir, D., Gheorghe, L., Costea, S., Radovici, A.: A survey on secure communication protocols for IoT systems. In: 2016 International Workshop on Secure Internet of Things (SIoT), pp. 47–62, September 2016.
  6. 6.
    Farris, I., Taleb, T., Khettab, Y., Song, J.: A survey on emerging SDN and NFV security mechanisms for IoT systems. IEEE Commun. Surv. Tutorials 21(1), 812–837 (2019). Scholar
  7. 7.
    Feng, Z., Hu, G.: Secure cooperative event-triggered control of linear multiagent systems under DoS attacks. IEEE Trans. Control Syst. Technol. 1–12 (2019).
  8. 8.
    Gomez, C., Arcia-Moret, A., Crowcroft, J.: TCP in the Internet of Things: from ostracism to prominence. IEEE Internet Comput. 22(1), 29–41 (2018). Scholar
  9. 9.
    Gueron, S., Krasnov, V.: Fast prime field elliptic-curve cryptography with 256-bit primes. J. Crypt. Eng. 5(2), 141–151 (2015). Scholar
  10. 10.
    Gupta, V., Stebila, D., Fung, S., Shantz, S.C., Gura, N., Eberle, H.: Speeding up secure Web transactions using elliptic curve cryptography. In: NDSS (2004)Google Scholar
  11. 11.
    Hummen, R., Shafagh, H., Raza, S., Voig, T., Wehrle, K.: Delegation-based authentication and authorization for the IP-based Internet of Things. In: 2014 Eleventh Annual IEEE International Conference on Sensing, Communication, and Networking (SECON), pp. 284–292, June 2014.
  12. 12.
    Koponen, T., et al.: Onix: a distributed control platform for large-scale production networks. In: OSDI, vol. 10, pp. 1–6 (2010)Google Scholar
  13. 13.
    Malik, K.M., Malik, H., Baumann, R.: Towards vulnerability analysis of voice-driven interfaces and countermeasures for replay attacks. In: 2019 IEEE Conference on Multimedia Information Processing and Retrieval (MIPR), pp. 523–528, March 2019.
  14. 14.
    Mirsky, Y., Kalbo, N., Elovici, Y., Shabtai, A.: Vesper: using echo analysis to detect man-in-the-middle attacks in LANs. IEEE Trans. Inf. Forensics Secur. 14(6), 1638–1653 (2019). Scholar
  15. 15.
    Mzid, R., Boujelben, M., Youssef, H., Abid, M.: Adapting TLS handshake protocol for heterogenous IP-based WSN using identity based cryptography. In: 2010 International Conference on Wireless and Ubiquitous Systems, pp. 1–8, October 2010.
  16. 16.
    Park, J., Kang, N.: Lightweight secure communication for CoAP-enabled Internet of Things using delegated DTLS handshake. In: 2014 International Conference on Information and Communication Technology Convergence (ICTC), pp. 28–33, October 2014.
  17. 17.
    Park, J., Kwon, H., Kang, N.: IoT–cloud collaboration to establish a secure connection for lightweight devices. Wireless Netw. 23(3), 681–692 (2017). Scholar
  18. 18.
    Peng, C., Zhang, Q., Tang, C.: Improved TLS handshake protocols using identity-based cryptography. In: 2009 International Symposium on Information Engineering and Electronic Commerce, pp. 135–139, May 2009.
  19. 19.
    Pittoli, P., David, P., Noël, T.: DTLS improvements for fast handshake and bigger payload in constrained environments. In: Mitton, N., Loscri, V., Mouradian, A. (eds.) ADHOC-NOW 2016. LNCS, vol. 9724, pp. 251–262. Springer, Cham (2016). Scholar
  20. 20.
    Rescorla, E., Modadugu, N.: Datagram transport layer security version 1.2. RFC 6347 (2012).
  21. 21.
    Seo, J., et al.: An ECDH-based light-weight mutual authentication scheme on local SIP. In: 2015 Seventh International Conference on Ubiquitous and Future Networks, pp. 871–873, July 2015.
  22. 22.
    Tiburski, R.T., Amaral, L.A., de Matos, E., de Azevedo, D.F.G., Hessel, F.: Evaluating the use of TLS and DTLS protocols in IoT middleware systems applied to E-health. In: 2017 14th IEEE Annual Consumer Communications Networking Conference (CCNC), pp. 480–485, January 2017.
  23. 23.
    Tootoonchian, A., Ganjali, Y.: HyperFlow: a distributed control plane for OpenFlow. In: Proceedings of the 2010 Internet Network Management Conference on Research on Enterprise Networking, p. 3 (2010)Google Scholar
  24. 24.
    Wu, D., Li, J., Das, S.K., Wu, J., Ji, Y., Li, Z.: A novel distributed denial-of-service attack detection scheme for software defined networking environments. In: 2018 IEEE International Conference on Communications (ICC), pp. 1–6, May 2018.
  25. 25.
    Yan, Q., Huang, W., Luo, X., Gong, Q., Yu, F.R.: A multi-level DDoS mitigation framework for the industrial Internet of Things. IEEE Commun. Mag. 56(2), 30–36 (2018). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Institute of Network TechnologyBeijing University of Posts and TelecommunicationsBeijingChina
  2. 2.School of Electrical and Electronic EngineeringNanyang Technological UniversitySingaporeSingapore

Personalised recommendations