mdh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Secure Communication for the Internet of Things - A Comparison of Link-Layer Security and IPsec for 6LoWPAN
Swedish Institute of Computer Science, Kista, Sweden.ORCID iD: 0000-0001-8192-0893
Swedish Institute of Computer Science, Kista, Sweden.
Swedish Institute of Computer Science, Kista, Sweden.
Lancaster University, School of Computing and Communications, Lancaster, UK.
Show others and affiliations
2014 (English)In: Security and Communication Networks, ISSN 1939-0114, E-ISSN 1939-0122, Vol. 7, no 12, 2654-2668 p.Article in journal (Refereed) Published
Abstract [en]

The future Internet is an IPv6 network interconnecting traditional computers and a large number of smart objects. This Internet of Things (IoT) will be the foundation of many services and our daily life will depend on its availability and reliable operation. Therefore, among many other issues, the challenge of implementing secure communication in the IoT must be addressed. In the traditional Internet IPsec is the established and tested way of securing networks. It is therefore reasonable to explore the option of using IPsec as security mechanism for the IoT. Smart objects are generally added to the Internet using 6LoWPAN which defines IP communication for resource constrained networks. Thus, to provide security for the IoT based on the trusted and tested IPsec mechanism it is necessary to define an IPsec extension of 6LoWPAN. In this paper we present such a 6LoWPAN/IPsec extension and show the viability of this approach. We describe our 6LoWPAN/IPsec implementation which we evaluate and compare with our implementation of IEEE 802.15.4 link-layer security. We also show that it is possible to reuse crypto hardware within existing IEEE 802.15.4 transceivers for 6LoWPAN/IPsec. The evaluation results show that IPsec is a feasible option for securing the IoT in terms of packet size, energy consumption, memory usage, and processing time. Furthermore, we demonstrate that in contrast to common belief IPsec scales better than link-layer security as the data size and the number of hops grow, resulting in time and energy savings. 

Place, publisher, year, edition, pages
John Wiley & Sons, 2014. Vol. 7, no 12, 2654-2668 p.
Keyword [en]
Security; Internet of Things; 6LoWPAN; IPsec; IEEE 802.15.4 Security
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:mdh:diva-18865DOI: 10.1002/sec.406Scopus ID: 2-s2.0-84911865485OAI: oai:DiVA.org:mdh-18865DiVA: diva2:618993
Available from: 2013-04-30 Created: 2013-04-30 Last updated: 2015-09-03Bibliographically approved
In thesis
1. Lightweight Security Solutions for the Internet of Things
Open this publication in new window or tab >>Lightweight Security Solutions for the Internet of Things
2013 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The future Internet will be an IPv6 network interconnecting traditional computers and a large number of smart object or networks such as Wireless Sensor Networks (WSNs). This Internet of Things (IoT) will be the foundation of many services and our daily life will depend on its availability and reliable operations.

Therefore, among many other issues, the challenge of implementing secure communication in the IoT must be addressed. The traditional Internet has established and tested ways of securing networks. The IoT is a hybrid network of the Internet and resource-constrained networks, and it is therefore reasonable to explore the options of using security mechanisms standardized for the Internet in the IoT.

The IoT requires multi-facet security solutions where the communication is secured with confidentiality, integrity, and authentication services; the network is protected against intrusions and disruptions; and the data inside a sensor node is stored in an encrypted form. Using standardized mechanisms, communication in the IoT can be secured at different layers: at the link layer with IEEE 802.15.4 security, at the network layer with IP security (IPsec), and at the transport layer with Datagram Transport Layer Security (DTLS). Even when the IoT is secured with encryption and authentication, sensor nodes are exposed to wireless attacks both from inside the WSN and from the Internet. Hence an Intrusion Detection System (IDS) and firewalls are needed. Since the nodes inside WSNs can be captured and cloned, protection of stored data is also important.

This thesis has three main contributions. (i) It enables secure communication in the IoT using lightweight compressed yet standard compliant IPsec, DTLS, and IEEE 802.15.4 link layer security; and it discusses the pros and cons of each of these solutions. The proposed security solutions are implemented and evaluated in an IoT setup on real hardware. (ii) This thesis also presents the design, implementation, and evaluation of a novel IDS for the IoT. (iii) Last but not least, it also provides mechanisms to protect data inside constrained nodes.

The experimental evaluation of the different solutions shows that the resource-constrained devices in the IoT can be secured with IPsec, DTLS, and 802.15.4 security; can be efficiently protected against intrusions; and the proposed combined secure storage and communication mechanisms can significantly reduce the security-related operations and energy consumption.

Place, publisher, year, edition, pages
Västerås: Mälardalen University, 2013
Series
Mälardalen University Press Dissertations, ISSN 1651-4238 ; 139
Keyword
Security, Internet of Things, 6LoWPAN, CoAP, RPL, Secure Storage, IDS, DTLS, IPsec
National Category
Engineering and Technology
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-18863 (URN)978-91-7485-110-6 (ISBN)
Public defence
2013-06-05, Kappa, Mälardalens högskola, Västerås, 10:15 (English)
Opponent
Supervisors
Available from: 2013-05-02 Created: 2013-04-30 Last updated: 2014-10-07Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full textScopus

Search in DiVA

By author/editor
Raza, Shahid
In the same journal
Security and Communication Networks
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar

Altmetric score

Total: 3769 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf