Security Protocols and Privacy Issues Into 6Lowpan Stack: a Synthesis Christine Hennebert, Jessye Dos Santos
Total Page:16
File Type:pdf, Size:1020Kb
Security Protocols and Privacy Issues into 6LoWPAN Stack: A Synthesis Christine Hennebert, Jessye Dos Santos To cite this version: Christine Hennebert, Jessye Dos Santos. Security Protocols and Privacy Issues into 6LoW- PAN Stack: A Synthesis. IEEE internet of things journal, IEEE, 2014, 1 (5), pp.384-398. 10.1109/JIOT.2014.2359538. hal-03021091 HAL Id: hal-03021091 https://hal.archives-ouvertes.fr/hal-03021091 Submitted on 22 Jan 2021 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. This is the author's version of an article that has been published in this journal. Changes were made to this version by the publisher prior to publication. The final version of record is available at http://dx.doi.org/10.1109/JIOT.2014.2359538 1 Security Protocols and Privacy Issues into 6LoWPAN Stack: A Synthesis Christine Hennebert , Jessye Dos Santos CEA-LETI, Minatec Campus, 17 rue des martyrs, 38054 Grenoble, France [email protected]; [email protected] interact via these objects. In a pervasive environment the Abstract — With the emergence of the Internet of Things communicating objects are able to recognize and to locate by (IoT), many devices organized into network, communicate by themselves. The intelligence becomes ambient. The systems themselves on the Internet and send data, or private information become ubiquitous [2]. In this context, the challenges of on the web. It is essential to secure the transmitted data and the miniaturization and deployment in the environment are identities that may be disclosed to make these new technologies accepted by the largest number of citizens. However, the security significant. mechanisms widely used on the Internet are too heavy to be The convergence of the Internet with embedded systems led integrated on small constrained objects. This paper describes the to the emergence of new systems deployed on a large scale current protocols and security solutions that can be deployed in and coupled to their physical environment. It is the concept of constrained resources. It shows the benefits and the limitations of the Cyber Physical Systems (CPS) which includes RFID each scheme – the security extension of IEEE 802.15.4e in Time technology, wireless sensor networks (WSN), taking into Synchronization Channel Hopping (TSCH) mode , compressed IPsec, DTLS - embedded at different levels of the OSI model into account the mobility or the use of a smart phone to monitor the 6LoWPAN stack. It opens with the challenges one must tackle various data from sensors via the cellular network [3]. in the coming years. Several use cases are studied to envisage the The rise of the IoT and the CPS is enabled by the security integration in Cyber Physical Systems for host-to-host 6LoWPAN technology which means Internet as support and host-to-network communications. The privacy issue is also infrastructure for the sensor networks [4]. addressed and different ways to hide the device identity are The reference protocol for the Internet is IP (Internet discussed. Protocol). By extension, the CPSs are based on IP. But IP is Index Terms — 6LoWPAN, Security, Privacy, Protocol Stack, not suitable for the sensor networks composed of resource OSI layers, Internet of Things, Cyber Physical Systems, End-to- constrained devices. 6LoWPAN [5] provides an adaptation of End Security the IP world to the constraints of the sensor networks and enables the connection of the sensor networks world with the I. INTRODUCTION Internet. However, 6LoWPAN has been designed more to HE world has changed. Everything went very quickly ensure the interoperability of both worlds - the sensor Twith the advent of the Internet of Things (IoT) and the networks and the internet – so they meet the specific emergence in our daily life of heterogeneous objects able to constraints related to the lack of resource of the sensor connect to the Internet and communicate on the web. Since the networks [6]. In the OSI abstraction model, 6LoWPAN is an “Nabaztag” launched in 2005 thus being considered as the first adaptation layer located between the network layer and the communicating object, many other innovative objects have link layer (Fig. 1). been designed, and today objects as common as a crate of vegetables, a coffee machine or running shoes, exchange data Application Application on the Internet [1]. It is estimated that by the end of the decade, the number of communicating objects on the planet UDP Transport will reach 50 billion and will be 7 times greater than the IPv6 Network number of humans. 6LoWPAN Adaptation These autonomous objects are provided with memories, a communication channel, a processor and sensors or actuators MAC 802.15.4 Link conferring a form of intelligence. Thus, with the IoT, the PHY 802.15.4 Physical object becomes an actor of a process. It contributes at changing individual and collective behavior of people who Fig. 1: 6LoWPAN Protocol Stack 6LoWPAN achieves low overhead by applying cross-layer ________________________________________________________ Copyright © 2014 IEEE. Personal use of this material is permitted. However, optimization and compression of the headers of the IPv6 permission to use this material for any other purposes must be obtained from protocol stack. This allows making available about 81 bytes to the IEEE by sending a request to [email protected]. Copyright (c) 2014 IEEE. Personal use is permitted. For any other purposes, permission must be obtained from the IEEE by emailing [email protected]. This is the author's version of an article that has been published in this journal. Changes were made to this version by the publisher prior to publication. The final version of record is available at http://dx.doi.org/10.1109/JIOT.2014.2359538 2 transmit data on the Internet into an IEEE 802.15.4 frame. WSN motes. However, it remains a key issue: ensuring security of data A. Integration of an IPv6 packet into an IEEE 802.15.4 frame exchanged via 6LoWPAN [7]. When IPsec and then TLS (Transport Layer security) The length of an IEEE 802.15.4 frame at the physical layer is 127 bytes. Including at most the 25 bytes header of the become mature technologies in the world of the Internet, their 1 adaptation in the LoWPAN world is still a challenge (Fig. 2). Medium Access Control sub-layer, 102 bytes remain These protocols need significant resources and generate a available for the IP payload. The overhead of the IP headers substantial overhead. An attempt to compress IPsec, only in following by optional extensions and the UDP header takes transport mode, is presented by Raza in [8], while the about 48 additional bytes. It remains only 54 bytes for the emergence of Datagram TLS to secure the applications raises payload over UDP at application layer. It is obvious that an many questions about the implementation and the deployment adaptation must be introduced to support an IPv6 MTU in the real world. (Maximum Transmission Unit) of 1280 bytes. At this stage, no security mechanism is defined at any layer. HTTP, HTTPs, CoAP, CoAPs CoAP, CoAPs Link Layer Network Layer Transport Layer HTTP, CoAP u CoAP TCP, UDP TLS, DTLS UDP DTLS IEEE 802.15.4 MAC header IPv6 header UDP header Payload checksum TLS, DTLS u DTLS 23 bytes 40 bytes 8 bytes 54 bytes 2 bytes IPv4, IPv6 IPsec IPv4, IPv6 u 6LoWPAN IPv6 Compressed IPsec u … IPsec compressed IPsec 6LoWPAN IEEE 802.15.4 frame = 127 bytes Ethernet ⊳u IEEE 802.15.4 Ethernet IEEE 802.15.4 Fig. 3: Integration of an IPv6 packet into an IEEE 802.15.4 frame Internet Border Router WSN The 6LoWPAN adaptation layer is located between the link Fig. 2: Protocol Stack of a WSN connected to Internet layer and the network layer and should supply solutions for: - Fragmentation and reordering of IPv6 packets This article proposes a review of the security protocols into - Compression of the protocol stack headers the 6LoWPAN protocol stack, and it addresses the challenges - Enabling stateless addressing and the limitations for a pragmatic deployment in a physical - Providing a basis for “mesh-under” routing environment. The paper is intended for designers and - Assuring consistency with the upper layers developers of the Internet of Things to provide the technical and decision-making basis in order to integrate security into When routing packets is performed by the network layer, it the system upon its conception. is called “route-over”, and when the routing is implemented at The paper is organized as follow: Section II summarizes the the adaptation layer, it is called “mesh-under”. 6LoWPAN communication protocols standardized and The traditional compression technique of the IP header recommended by the IETF (Internet Engineering Task Force). consists in optimizing flow traffic while using stateful Section III details how the security protocols already adopted addresses. But flow-based compression techniques are poorly in the traditional Internet can be compressed and adapted to suited for LoWPAN, for which applications usually consist in 6LoWPAN. It highlights the compromise done, the resulting singular exchanges instead of long-lived flows. So, the basic overhead and the remaining issues. But, by using the security concept of 6LoWPAN is to use stateless addresses and shared- tools which threats do we deal with and how? Section IV context compression between the different layers of the provides answers to this question.