Delayed Key Exchange for Constrained Smart Devices

  • Joona KannistoEmail author
  • Seppo Heikkinen
  • Kristian Slavov
  • Jarmo Harju
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8629)


In the Internet of Things some nodes, especially sensors, can be constrained and sleepy, i.e., they spend extended periods of time in an inaccessible sleep state. Therefore, the services they offer may have to be accessed through gateways. Typically this requires that the gateway is trusted to store and transmit the data. However, if the gateway cannot be trusted, the data needs to be protected end-to-end. One way of achieving end-to-end security is to perform a key exchange, and secure the subsequent messages using the derived shared secrets. However, when the constrained nodes are sleepy this key exchange may have to be done in a delayed fashion. We present a novel way of utilizing the gateway in key exchange, without the possibility of it influencing or compromising the exchanged keys. The paper investigates the applicability of existing protocols for this purpose. Furthermore, due to a possible need for protocol translations, application layer use of the exchanged keys is examined.



The research was conducted in the Internet of Things program of DIGILE (Finnish Strategic Centre for Science, Technology and Innovation in the field of ICT), funded by Tekes.


  1. 1.
    Giusto, D., Lera, A., Morabito, G., Atzori, L.: The Internet of Things. Springer, New York (2010)CrossRefGoogle Scholar
  2. 2.
    Garcia-Morchon, O., Keoh, S., Kumar, S., Hummen, R., Struik, R.: Security Considerations in the IP-based Internet of Things. Internet-Draft draft-garcia-core-security-04, Internet Engineering Task Force, March 2012, Work in progressGoogle Scholar
  3. 3.
    Castellani, A., Loreto, S., Rahman, A., Fossati, T., Dijk, E.: Best Practices for HTTP-CoAP Mapping Implementation. Internet-Draft draft-castellani-core-http-mapping-05, Internet Engineering Task Force, July 2012, Work in progressGoogle Scholar
  4. 4.
    Kaufman, C., Hoffman, P., Nir, Y., Eronen, P.: Internet Key Exchange Protocol Version 2 (IKEv2). RFC 5996 (Proposed Standard), September 2010, Updated by RFC 5998Google Scholar
  5. 5.
    Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard), August 2008, Updated by RFCs 5746, 5878, 6176Google Scholar
  6. 6.
    Shelby, Z., Hartke, K., Bormann, C., Frank, B.: Constrained Application Protocol (CoAP). Internet-Draft draft-ietf-core-coap-11, Internet Engineering Task Force, July 2012, Work in progressGoogle Scholar
  7. 7.
    Rescorla, E., Modadugu, N.: Datagram Transport Layer Security. RFC 4347 (Proposed Standard), April 2006, Obsoleted by RFC 6347, updated by RFC 5746Google Scholar
  8. 8.
    Rescorla, E., Modadugu, N.: Datagram Transport Layer Security Version 1.2. RFC 6347 (Proposed Standard), January 2012Google Scholar
  9. 9.
    Hartke, K., Bergmann, O.: Datagram Transport Layer Security in Constrained Environments. Internet-Draft draft-hartke-core-codtls-02, Internet Engineering Task Force, July 2012, Work in progressGoogle Scholar
  10. 10.
    Nadalin, A., Goodner, M., Gudgin, M., Barbir, A., Granqvist, H.: Oasis ws-trust 1.4. Specification Version 1 (2008)Google Scholar
  11. 11.
    Shelby, Z.: Embedded web services. IEEE Wirel. Commun. 17(6), 52–57 (2010)CrossRefGoogle Scholar
  12. 12.
    Jones, M., Rescorla, E., Hildebrand, J.: JSON Web Encryption (JWE). Internet-Draft draft-ietf-jose-json-web-encryption-05, Internet Engineering Task Force, July 2012, Work in progressGoogle Scholar
  13. 13.
    Sethi, M., Arkko, J., Keranen, A.: End-to-end security for sleepy smart object networks. In: 2012 IEEE 37th Conference on Local Computer Networks Workshops (LCN Workshops), pp. 964–972. IEEE (2012)Google Scholar
  14. 14.
    Bianchi, G., Capossele, A.T., Mei, A., Petrioli, C.: Flexible key exchange negotiation for wireless sensor networks. In: Proceedings of the Fifth ACM International Workshop on Wireless Network Testbeds, Experimental Evaluation and Characterization, WiNTECH ’10, pp. 55–62. ACM, New York (2010)Google Scholar
  15. 15.
    Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978)CrossRefzbMATHGoogle Scholar
  16. 16.
    Vial, M.: CoRE Mirror Server. Internet-Draft draft-vial-core-mirror-proxy-01, Internet Engineering Task Force, July 2012, Work in progressGoogle Scholar
  17. 17.
    Kadyk, D., Fishman, N., Seinfeld, M., Kramer, M.: Negotiating secure connections through a proxy server, 7 February 2006, US Patent 6,996,841Google Scholar
  18. 18.
    Ylitalo, J., Melén, J., Nikander, P., Torvinen, V.: Re-thinking security in IP based micro-mobility. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 318–329. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  19. 19.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theor. 29(2), 198–208 (1983)CrossRefzbMATHMathSciNetGoogle Scholar
  20. 20.
    Nikander, P., Arkko, J., Ohlman, B.: Host identity indirection infrastructure (hi3). In: Proceedings of the 2nd Swedish National Computer Networking Workshop SNCNW 04, 1–4 (2004)Google Scholar
  21. 21.
    Arkko, J., Kernen, A.: CoAP Security Architecture. Internet-Draft draft-arkko-core-security, Internet Engineering Task Force, July 2011, ExpiredGoogle Scholar
  22. 22.
    Ylitalo, J., Salmela, P., Tschofenig, H.: Spinat: Integrating ipsec into overlay routing. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks, SecureComm 2005, pp. 315–326. IEEE (2005)Google Scholar
  23. 23.
    Jones, M., Bradley, J., Sakimura, N.: JSON Web Signature (JWS). Internet-Draft draft-ietf-jose-json-web-signature-05, Internet Engineering Task Force, July 2012, Work in progressGoogle Scholar
  24. 24.
    Jucker, S.: Securing the constrained application protocol (2012)Google Scholar
  25. 25.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  26. 26.
    Langley, A.: Transport Layer Security (TLS) Next Protocol Negotiation Extension. Internet-Draft draft-agl-tls-nextprotoneg-04, Internet Engineering Task Force, May 2012, Work in progressGoogle Scholar
  27. 27.
    Rescorla, E.: Keying Material Exporters for Transport Layer Security (TLS). RFC 5705 (Proposed Standard), March 2010Google Scholar
  28. 28.
    McGrew, D., Rescorla, E.: Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP). RFC 5764 (Proposed Standard), May 2010Google Scholar
  29. 29.
    Kivinen, T.: Minimal IKEv2. Internet-Draft draft-kivinen-ipsecme-ikev2-minimal-00, Internet Engineering Task Force, February 2011, ExpiredGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  • Joona Kannisto
    • 1
    Email author
  • Seppo Heikkinen
    • 1
  • Kristian Slavov
    • 2
  • Jarmo Harju
    • 1
  1. 1.Tampere University of TechnologyTampere Finland
  2. 2.Ericsson ResearchJorvasFinland

Personalised recommendations