Abstract
This chapter introduces the first fully implemented two-way authentication security scheme for Internet-of-Things (IoT) based on existing Internet standards, specifically the Datagram Transport Layer Security (DTLS) protocol. By relying on an established standard, existing implementations, engineering techniques, and security infrastructure can be reused, which enables an easy security uptake. The proposed security scheme uses two public key cryptography algorithms, RSA (Rivest, Shamir und Adleman) and Elliptic Curve Cryptography (ECC), tailored for the resource heterogeneous nature of IoT devices. The two-way authentication solution presented is designed to work over standard communication stacks that offer UDP/IPv6 networking for Low power Wireless Personal Area Networks (LoWPANs). A prototype implementation of DTLS is presented here in the context of a system architecture, and the scheme’s feasibility (low overheads and high interoperability) is demonstrated through extensive evaluations on the DTLS-supporting platform OPAL as clusterhead with children of different IoT hardware platforms.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Lehong, H., Velosa, A.: Hype cycle for the internet of things. White Paper, Stamford CT, Gartner Inc (2012)
European Telecommunications Standards Institute: Machine-to-machine communications (M2M); Smart Metering Use Cases (2010)
Leontiadi, I., Efstratiou, C., Mascolo, C., and Crowcroft, J.: SenShare: transforming sensor networks into multi-application sensing infrastructures. In: Proceedings of European Conference on Wireless Sensor Networks, pp. 65–81, Springer, Heidelberg (2012)
Shelby, Z., Bormann, C.: 6LoWPAN: The Wireless Embedded Internet. Wiley, United Kingdom (2009)
Shelby, Z., Hartke, K., Bormann, C.: The constrained application protocol (CoAP). Req. Comments 7252, 1–112 (2014)
Dawson-Haggerty, S., Tavakoli, A., and Culler, D: Hydro: A hybrid routing protocol for low-power and lossy networks. In: Proceedings of 1st IEEE International Conference on Smart Grid Communications, pp. 268–273 (2010)
Kothmayr, T., Schmitt, C., Hu, W., Brünig, M., Carle, G.: DTLS based security and two-way authentication for the internet of things. Ad Hoc Netw. 11(8), 2710–2723 (2013)
Noack, M.: Optimization of two-way authentication protocol in internet of things. Master thesis, University of Zurich, Communication Systems Group, Department of Informatics, Zurich, Switzerland (2014)
Bellare, M., Canetti, R., and Krawczyk, H.: Keyed hash functions and message authentication. In: Proceedings of Advances in Cryptology, pp. 1–15 (1996)
Karl, H., Willig, A.: Protocols and Architectures for Wireless Sensor Networks. Wiley, England (2007)
Miorande, D., Siciari, S., De Pellegrini, F., Chlamtac, I.: Internet of things: vision, applications and research challenges. Ad Hoc Netw. 10(7), 1497–1516 (2012)
Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)
Bormann, C., Ersue, M., Keranen, A.: Terminology for constrained-node networks. Req. Comments 7228, 1–17 (2014)
Akyildiz, I.F., Su, W., Sankarasubramaniam, Y., Cayirci, E.: Wireless sensor networks: a survey. Comput. Netw. 38(4), 393–422 (2002)
Raymond, D.R., Midkiff, S.F.: Denial-of-service in wireless sensor networks: attacks and defenses. IEEE Pervasive Comput. 7(1), 74–81 (2008)
Luk, M., Mezzour, G., Perrig, A., Gligor, V.: MiniSec: A secure sensor network communication architecture. In: Proceedings of 6th ACM International Conference on Information Processing in Sensor Networks, pp. 470–488 (2007)
Gupta, V., Wurm, M., Zhu, Y., Millard, M., Fung, S., Gura, N., Eberle, H., Shantz, S.C.: Sizzle: a standards-based end-to-end security architecture for the embedded internet. Pervasive Mob. Comput. 1(4), 425–445 (2005)
Hu, W., Tan, H., Corke, P., Shih, W.C., Jha, S.: Toward trusted wireless sensorn networks. ACM Trans. Sens. Netw. 7(1), 5 (2010)
Chan, H., Perrig, A., Song, D.: Random key predistribution schemes for sensor networks. In: Proccedings of IEEE Symposium on Security and Privacy, pp. 197–213 (2003)
Jung, W., Hong, S., Ha, M., Kim, Y.J., Kim, D.: SSL-based lightweight security of IP-based wireless sensor networks. In: Proceedings of IEEE International Conference on Advanced Information Networking and Applications Workshops, pp. 1112–1117 (2009)
Raza, S., Voigt, T., Rödig, U.: 6LoWPAN extension for IPsec. In: Proceedings of Workshop Interconnecting Smart Objects with the Internet, IAB, pp. 1–3 (2011)
Raza, S., Voigt, T., and Jutvik, V.: Lightweight IKEv2: a key management solution for both the compressed IPsec and the IEEE 802.15.4 security. In: Proceedings of the IETF Workshop on Smart Object Security, pp. 1–2 (2012)
Raza, S., Trabalza, D., Voigt, T.: 6LoWPAN compressed DTLS for CoAP. In: Proceedings of 8th IEEE International Conference on Distributed Computing in Sensor Systems, pp. 287–289 (2012)
Winter, T., Thubert, P., Brandt, A., Hui, J., Kelsey, P., Levis, K., Pister, K., Struik, R., Vasseur, J.P., Alexander, R.: RPL: IPv6 routing protocol for low-power and lossy networks. Req. Comments 6550, 1–157 (2012)
Schmitt, C.: Secure data transmission in wireless sensor networks. Ph.D. thesis, Technische Universität München, Institut für Informatik, pp. 1–190 (2013)
Schmitt, C., Stiller, B., Noack, M.: Two-way authentication for internet of things. White Paper, IETF ser. ACE Working. Group 14, 1–19 (2014)
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. Request for Comments, 5280, pp. 1–151 (2008)
Watro, R., Kong, D., Cuti, S., Gardiner, C., Lynn, C., Kruus, P.: TinyPK: securing sensor networks with public key technology. In: Proceedings of 2nd ACM Workshop on Security of AdHoc and Sensor Networks, pp. 59–64 (2004)
Modadugu, N., Rescorla, E.: The design and implementation of datagram TLS. In: Proccedings of Network and Distributed System Security Symposium, pp. 1–13 (2004)
Ning, P., Liu, A., Wenliang, D.: Mitigating DoS attacks against broadcast authentication in wireless sensor networks. ACM Trans. Sens. Netw. 4(1), 1–35 (2008). doi:10.1145/1325651.1325652
Schmitt, C., Kothmayr, T., Benjamin, E., Wen, H., Braun, L., Carle, G.: TinyIPFIX: an efficient application protocol for data exchange in cyber physical systems. Comput. Commun. 74(2), 63–76 (2016)
Blake-Wilson, S., Menezes, A.: Authenticated Diffie-Hellman key agreement protocols. In: Proceedings of the Selected Areas in Cryptography, pp. 339–361 (1998)
Advantic: CM5000-Datasheet. White Paper, pp. 1–20 (2015). http://www.epssilon.cl/files/EPS5000.pdf
Jurdak, R., Klues, K., Kusy, B., Richter, C., Langendoen, K., Brunig, M.: OPAL: a multiradio platform for high throughput wireless sensor networks. IEEE Embed. Syst. Lett. 3(4), 121–124 (2011)
Kothmayr, T.: A security architecture for wireless sensor networks based on DTLS. Master’s thesis, Technische Universität München, pp. 1–83 (2011)
Atmel: Smart ARM-based flash MCU - Datasheet. White Paper, pp. 1–1163 (2015). www.atmel.com
Atmel Corporation: The atmel trusted platform module. White Paper, pp. 1–4 (2007). http://www.atmel.com/images/doc5128.pdf
Grossschaedl, J., Tillich, S., Rechberger, C., Hofmann, M., Medwed, M.: Energy evaluation of software implementations of block ciphers under memory constraints. In: Proceedings of Conference on Design, Automation and Test in Europe, pp. 1110–1115 (2007)
Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for key management - Part 1: General (Revised). White Paper, National Institute of Standards and Technology, pp. 1–143 (2007)
McGrew, D.A., Viega, J.: The galois/counter mode of operation (GCM). White Paper, National Institute of Standards and Technology, pp. 1–43 (2005)
yaSSL: Implementation and performance of AES-NI in CyaSSL embedded SSL. White Paper, pp. 1–14 (2010). http://www.yassl.com/files/whitepapers/whitepaper_883_cyassl_aesni.pdf
Liu, A., Ning, P.: TinyECC: a configurable library for elliptic curve cryptography in wireless sensor networks. In: Proceedings of 5th International Conference on Information Processing in Sensor Networks, pp. 245–256 (2008)
Kothmayr, T., Schmitt, C.: Tiny pkc implementation. http://www.corinna-schmitt.de/tinypkc.html Check the reference (year, page number)
GNU: The GNU general public license version 2. White Paper (1991). http://www.gnu.org/licenses/gpl-2.0.html
NIST: Recommended elliptic curves for federal government use. White Paper, pp. 1–43 (1999)
Fouladgar, S., Mainaud, B., Masmoudi, K., Afifi, H.: Tiny 3-TLS: a trust delegation protocol for wireless sensor networks. In: Levente, B., Gligor, V.D., Westhoff, D. (eds.) Proceedings of the Third European Conference on Security and Privacy in Ad-Hoc and Sensor Networks, pp. 32–42. Springer, Heidelberg (2006)
Raza, S., Chung, T., Duquennoy, S., Dogan, Y., Voigt, T., Rodig, U.: Securing internet of things with lightweight IPsec. SICS Technical report, 1–27 (2011)
Acknowledgements
The DTLS solution presented was supported partially by the German Federal Ministry of Education and Research: the SODA Project under Grant Agreement No. 01IS09040A and the AutHoNe Project under Grant Agreement No. 01BN070[25]. The standardization activity within IETF was supported partially by FLAMINGO and SmartenIT, funded by the EU FP7 Program under Contract No. FP7-2012-ICT-318488 and No. FP7-2012-ICT317846, respectively.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Schmitt, C., Kothmayr, T., Hu, W., Stiller, B. (2017). Two-Way Authentication for the Internet-of-Things. In: Acharjya, D., Geetha, M. (eds) Internet of Things: Novel Advances and Envisioned Applications. Studies in Big Data, vol 25. Springer, Cham. https://doi.org/10.1007/978-3-319-53472-5_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-53472-5_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-53470-1
Online ISBN: 978-3-319-53472-5
eBook Packages: EngineeringEngineering (R0)