Security in Smart Object Networks MOHIT SETHI Degree project in Security and Mobile Computing Second cycle Stockholm, Sweden 2012 Aalto University School of Science Degree Programme of Computer Science and Engineering Mohit Sethi Security in Smart Object Networks Master's Thesis Espoo, June 30, 2012 Supervisors: Professor Tuomas Aura, Aalto University, Finland Professor Markus Hidell, Royal Institute of Technology, Sweden Instructors: Ari Ker¨anen,NomadicLab, Ericsson Research, Finland Jari Arkko, NomadicLab, Ericsson Research, Finland Aalto University School of Science ABSTRACT OF Degree Programme of Computer Science and Engineering MASTER'S THESIS Author: Mohit Sethi Title: Security in Smart Object Networks Date: June 30, 2012 Pages: 73 Professorship: Computer Science Code: T-110 Supervisors: Professor Tuomas Aura Professor Markus Hidell Instructors: Ari Ker¨anen,M.Sc. (Tech.) Jari Arkko, Licentiate (Tech.) Internet of Things (IoT) refers to an inter-connected world where physical devices are seamlessly integrated into the Internet and become active participants of business, information and social processes. This involves the inter-connection of a large number of heterogeneous networked entities and networks. Emergence of technologies such as Zigbee, Bluetooth low energy and embedded sensors has transformed simple physical devices into smart objects that can understand and react to their environment. Such smart objects form the building blocks for the Internet of Things. The communication infrastructure for these objects is based on an extension of the Internet protocol stack. Although the need for security is widely accepted, there is no clear consensus on how IP-based Internet security protocols can be applied to resource-constrained smart object networks. In this thesis, we develop a new secure and energy- efficient communication model for the Constrained Application Protocol (CoAP), a light-weight communication protocol designed for smart object networks. We contribute to the standardization of the generic communication architecture by adding security and delegation components for smart objects that sleep for large amounts of time during their operational phase. This architecture ensures data integrity and authenticity over a multi-hop network topology. It also provides a mirroring mechanism that uses a proxy to serve data on behalf of sleeping smart objects, thereby allowing them to act as always-online web servers. A working prototype implementation of the architecture is also developed. The security features in the architecture presented in this thesis are based on using strong public-key cryptography. Contrary to popular belief, our performance evaluation shows that asymmetric public-key cryptography can be implemented on small 8-bit micro-controllers without modifying the underlying cryptographic algorithms. Keywords: IoT, smart objects, security, CoAP, asymmetric cryptography, integrity, authenticity, mirroring mechanism Language: English ii Aalto-universitetet H¨ogskolan f¨or teknikvetenskaper SAMMANDRAG AV Examensprogram f¨or datateknik DIPLOMARBETET Utf¨ort av: Mohit Sethi Arbetets namn: S¨akerhet i smartobjektn¨atverk Datum: Den 30 Juni 2012 Sidantal: 73 Professur: Datateknik Kod: T-110 Overvakare:¨ Professor Tuomas Aura Professor Markus Hidell Handledare: Diplomingenj¨or Ari Ker¨anen Teknologie Licentiat Jari Arkko Internet of Things (IoT, \F¨orem˚alensInternet") syftar p˚aen sammankopplad v¨arld d¨ar fysiska apparater ¨ar s¨oml¨ost integrerade till Internet och blir aktiva deltagare i aff¨arslivs-, informations- och sociala processer. Detta innefattar sam- mankopplingen av ett stort antal heterogeniskt n¨atverkade enheter och n¨atverk. Uppkomsten av teknologier som Zigbee, l˚agenergi Bluetooth och inbyggda senso- rer har f¨orvandlat enkla fysiska apparater till smarta objekt som kan f¨orst˚aoch re- agera till sin omgivning. Dessa smarta objekt utg¨or byggstenarna f¨or F¨orem˚alens Internet. Kommunikationsinfrastrukturen f¨or dessa objekt bygger p˚aen utvidg- ning av internetprotokollstacken. Aven¨ om behovet av s¨akerhet ¨ar allm¨ant k¨ant, finns det inget konsensus om hur IP-baserade internets¨akerhetsprotokoll kan till¨ampas i resursbegr¨ansade smartob- jektn¨atverk. I denna avhandling utvecklas en ny s¨aker och energisn˚alkommuni- kationsmodell f¨or Constrained Application Protocol (CoAP, \Begr¨ansat applika- tionsprotokoll"), ett l¨att kommunikationsprotokoll avsett f¨or smartobjektn¨atverk. Avhandlingen bidrar till standardiseringen av den generiska kommunikationsar- kitekturen genom att tills¨atta s¨akerhets- och delegationskomponenter f¨or smarta objekt som sover under en stor del av sin operativa fas. Denna arkitektur ga- ranterar dataintegritet och autenticitet ¨over en flerhopps n¨atverkstopologi. Ar- kitekturen bidrar ocks˚amed en ˚aterspeglingsmekanism som anv¨ander sig av en proxyserver f¨or att erbjuda data f¨or sovande smarta objekts del, vilket l˚aterdem agera som alltid-online webbservrar. I avhandlingen utvecklas ocks˚aen fungeran- de prototypimplementation av arkitekturen. S¨akerhetsegenskaperna i den arkitektur som presenteras i denna avhandling ¨ar baserade p˚aanv¨andningen av stark publik-nyckel kryptering. I motsatts till den allm¨anna f¨orv¨antningen, visar prestationsbed¨omningen i denna avhandling att asymmetrisk kryptering med publik nyckel kan till¨ampas i 8-bitars mikrokon- trollrar utan att ¨andra p˚ade underliggande kryptografiska algoritmerna. Nyckelord: IoT, smarta objekt, s¨akerhet, CoAP, asymmetrisk kryptografi, integritet, autenticitet, ˚aterspeglingsmekanism Spr˚ak: Engelska iii Acknowledgements I sincerely thank Professor Tuomas Aura at Aalto University for his constant feedback and for providing the funding to attend the IETF 83 meeting, where I presented the initial results from the thesis. I am also grateful to Professor Markus Hidell for supervising the thesis at Royal Institute of Technology. I owe my gratitute to my instructors Ari Ker¨anenand Jari Arkko at Nomadic- Lab, Erisson Research for their regular guidance and advice during the course of my research work. I am indebted to my colleagues at NomadicLab for their continuous support. Finally, I would like to thank my family and friends for their moral support and motivation. Espoo, June 30, 2012 Mohit Sethi iv Abbreviations and Acronyms CoAP Constrained Application Protocol CoRE Constrained RESTful Environments DHCP Dynamic Host Configuration Protocol DLP Discrete Logarithmic Problem DNS Domain Name System DoS Denial of Service DTLS Datagram Transport Layer Security EAP Extensible Authentication Protocol ECC Elliptic Curve Cryptography ECDLP Elliptic Curve Discrete Logarithmic Problem ECDSA Elliptic Curve Digital Signature Algorithm EXI Efficient XML Interchange GPS Global Positioning System GSM Global System for Mobile Communications HIP Host Identity Protocol HIP-BEX HIP Base EXchange HIP-DEX HIP Diet EXchange HTTP Hyper-Text Transfer Protocol IETF Internet Engineering Task Force IKEv2 Internet Key Exchange Protocol version 2 IoT Internet of Things IPSec Internet Protocol Security JSON JavaScript Object Notation JOSE JavaScript Object Signing and Encryption JWK JSON Web Key JWS JSON Web Signature LWIG Light Weight Implementation Guidance MAC Media Access Control MP Mirror Proxy M2M Machine to Machine v NAT Network Address Translation nesC Network Embedded Systems C NIST National Institute of Standards and Technology NTP Network Time Protocol PAA PANA Authentication Agent PANA Protocol for Carrying Authentication for Network Access PGP Pretty Good Privacy RD Resource Directory REST Representational State Transfer RFID Radio-Frequency Identification RSA Rivest Shamir Adelman Cryptographic Algorithm RTT Round Trip Time SA Security Association SAAG Security Area Advisory Group SECG Standards for Efficient Cryptography Group SenML Sensor Markup Language SEP Sleeping End-point SIM Subscriber Identity Module SRAM Static Random Access Memory SSH Secure Shell SSL Secure Sockets Layer TLS Transport Layer Security UDP User Datagram Protocol URI Universal Resource Identifier URN Universal Resource Name UTF-8 Universal Character Set Transformation Format 8-bit WLAN Wireless Local Area Network XML Extensible Markup Language 6LoWPAN IPv6 based Low-Power Personal Area Networks vi Contents Abbreviations and Acronyms v 1 Introduction 1 1.1 Problem Area . .2 1.2 Research Goals and Methodology . .2 1.3 Structure of the thesis . .3 2 Background 4 2.1 Lifecycle of a Smart Object . .4 2.2 CoAP . .9 2.3 Link Format . 13 2.4 SenML . 13 2.5 Resource Directory . 15 2.6 Public-key Cryptography . 16 2.6.1 RSA . 16 2.6.1.1 RSA Signatures . 17 2.6.2 Elliptic Curve Cryptography . 17 2.6.2.1 ECDSA . 20 2.7 Javascript Object Notation (JSON) Object Signing and En- cryption . 21 2.7.1 JavaScript Object Notation (JSON) Web Key (JWK) . 22 2.7.2 JavaScript Object Notation (JSON) Web Signatures (JWS) . 22 3 Public-key Cryptography in IoT 24 3.1 Previous Experiments with Asymmetric Cryptography . 25 3.2 Available Cryptographic Libraries . 26 3.3 Performance Analysis . 28 4 Architecture 36 4.1 Mirror Proxy . 36 vii 4.2 Secure Communication . 38 4.3 Retrieving Data Updates . 39 4.4 Freshness . 40 4.5 Provisioning . 42 5 Implementation 44 5.1 Caching Data Updates . 45 5.2 Retrieving Data Updates . 47 5.3 Summary . 49 6 Discussion 50 6.1 Architecture Overview . 50 6.2 Evaluation of Methodology . 51 6.3 Security Considerations . 52 6.4 Reflections . 54 7 Conclusion 55 A Relic Configurations 70 B IETF 83 and Workshop on Smart Object Security 72 viii List of Tables