Networking 2013 1569702997 1 2 End-to-end transport-layer security for Internet-integrated sensing applications with 3 mutual and delegated ECC public-key authentication 4 5 6 Jorge Granjal, Edmundo Monteiro, Jorge Sá Silva 7 University of Coimbra, Portugal 8 {jgranjal,edmundo,sasilva}@dei.uc.pt 9 10 11 Abstract-The Internet of Things (IoT) describes a vision of a communication speeds and small packets with the goal of 12 future Internet where constrained sensing and actuating devices minimizing communication errors. The integration of low- 13 are part of distributed applications and required to support energy personal area networks (LoWPAN) with the Internet 14 standard Internet communications with more powerful devices brings new challenges into the design of communication and or Internet hosts. This vision will require appropriate end-to-end 15 security mechanisms able to support end-to-end 16 communications and security mechanisms that are well suited to the constraints and characteristics of sensing devices and communications between devices that are very different in the 17 applications, while being able to support standard Internet support of such capabilities. 18 communication mechanisms. With this motivation in mind, we Of particular relevance to the adoption of a future 19 propose an architecture supporting low-power end-to-end communications architecture supporting the integration of 20 transport-layer secure communications with mutual LoWPANs with the Internet are the technologies currently 21 authentication using ECC public-key cryptography for Internet- being designed and adopted at the IETF, in particular at the 22 integrated sensing applications. The proposed architecture IPv6 over Low Power Personal Area Networks (6LoWPAN) promotes the availability of critical resources on constrained 23 [1][2][3] and Constrained RESTful Environments (CoRE) sensing platforms and security against Internet-originated [4][5] working groups. 6LoWPAN provides an adaptation 24 threats, while providing full compatibility with current 25 standardization proposals. Those are fundamental enabling layer enabling the transmission of IPv6 packets over 26 factors of most of the sensing applications envisioned for the IoT constrained low-energy communication environments, in 27 and, as far as we known, ours is the first architecture particular using IEEE 802.15.4 [6] at the physical and media 28 implemented and experimentally evaluated with such goals. access control layers. The CoRE working group is currently 29 designing the Constrained Application Protocol (CoAP) to Keywords-Internet of Things, CoAP, DTLS, mutual 30 support RESTful web communications on similar authentication, delegated ECC public-key authentication environments. 31 Although 6LoWPAN and CoRE provide the mechanisms 32 I. INTRODUCTION required for the support of end-to-end communications with 33 Many of the applications currently envisioned for the Internet-integrated sensing devices, appropriate security 34 Internet of Things (IoT) are critical in respect to security, mechanisms will be required considering the limitations of 35 being it security of its users, of the processed data or of the such devices and the threats that will arise due to the exposure 36 communications. Despite this fact, such applications will of LoWPAN environments to Internet communications. 37 interact with physical phenomena by employing very Although numerous proposals exist to address security in 38 constrained sensing platforms and low-energy wireless closed LoWPAN environments [7], the integration of sensor 39 communications, aspects that seriously complicate the design networks with the Internet will raise challenges yet to be faced 40 and adoption of appropriate security mechanisms. As wireless by research. From a standardization standpoint, the current 41 sensor networks (WSN) applications are starting to require proposal for the support of transport-layer security on 42 interconnection with the Internet at some degree, end-to-end 6LoWPAN environments adopts the DTLS [8] protocol to 43 communications between constrained sensing devices and provide confidentiality, integrity and authentication to CoAP 44 other Internet entities will be a fundamental requirement of application-layer communications. 45 many sensing applications. The support of end-to-end security While the overhead introduced by DTLS on 6LoWPAN 46 involving constrained sensing devices will represent a communications is certainly non-negligible, its applicability fundamental enabling factor of many IoT applications, as it 47 will be fundamentally dependent on the viability of supporting may provide security even when the underlying network 48 the security modes currently proposed for CoAP security [4] infrastructure is only partially under the user’s control. As 49 using constrained sensing platforms. In particular, the impact with protocols such as TLS that play a fundamental role in of Elliptic Curve Cryptography (ECC) must be carefully 50 providing security to applications, end-to-end security at the 51 evaluated, and the same may be applied to the impact of transport-layer may provide an important contribution to the communications related with authentication and key 52 achievement of appropriate security with Internet-integrated 53 agreement in the context of the DTLS initial handshake. In sensor networks. this context, we propose and experimentally evaluate an 54 The constraints in terms of fundamental resources such as architecture enabling security at the transport layer supporting 55 memory, microprocessor and energy determine the usage of DTLS security as proposed for CoAP, while addressing the 56 low-energy wireless communications, providing low 57 60 61 1 1 2 previously discussed issues. Our architecture integrates with constrained sensing devices, but using devices required to 3 mechanisms designed to contribute to the effectiveness of end- employ specialized trusted-platform modules (TPM) 4 to-end transport-layer security and to the protection of low- supporting hardware-assisted RSA cryptography and the secure 5 energy wireless communication environments against Internet- storage of private keys. It doesn’t support ECC public-key 6 originated threats. As far as we known, ours is the first authentication or public-key cryptography for mainstream 7 proposal targeting such goals. devices without a TPM module, also being incompatible with Our paper proceeds as follows. Section II analyses related CoAP security [4]. Other aspect we may note is that the two 8 work and Section III discusses the usage of end-to-end previous proposals do not address the support of transport-layer 9 security in the context of 6LoWPAN and CoAP security in tandem with other security mechanisms designed to 10 communications. The proposed architecture is described in protect constrained sensing devices and low-energy 11 Section IV, and Section V discusses our experimental communications from Internet-originated threats and attacks. 12 evaluation study of the proposed mechanisms. Finally, Section We may envision this to be an important enabling factor of 13 VI concludes the paper. many sensing applications that will require the usage of 14 constrained LoWPAN devices exposed to Internet 15 II. RELATED WORK communications. 16 Although new mechanisms will be required to support The design of an architecture supporting end-to-end security 17 security with end-to-end communications using recently for Internet-integrated sensing applications provides the 18 standardized technologies such as 6LoWPAN and CoAP, opportunity to address the previously identified limitations. 19 particularly considering that such communications may take CoAP security [4] envisions the usage of ECC cryptography, 20 place in the context of Internet-integrated sensing applications, and as such ECC public-key authentication and key negotiation 21 most of the existing proposals to protect LoWPAN in the context of DTLS is a requirement. In this context, it is 22 communications target the link-layer and closed LoWPAN important to note that sensing platforms may not be ready to 23 environments [7]. In such proposals sensing devices may viably support ECC at this stage, as is verified for example in 24 communicate securely using individual, group or network-wide the experimental evaluation study described in [14]. A related 25 symmetric encryption keys. For example, MiniSec [9] falls on limitation is that it may be costly to store and interpret 26 this category and supports encryption and authentication for certificates and ECC public-keys in constrained sensing 27 unicast and broadcast communications at the link-layer. devices with very limited amounts of RAM and ROM memory. 28 Regarding the support of security proposals in the context of Other goal we may address is to leverage security by designing 29 Internet-integrated LoWPAN environments, fewer research and supporting mechanisms to be employed side-by-side with 30 proposals do exist with similar goals as ours. One such end-to-end transport-layer security. For example, mechanisms may be required to support control of accesses to resources 31 proposal is Sizzle [10], implementing a compact web server available on CoAP constrained sensing devices. Related 32 providing HTTP accesses protected by SSL using 160-bit ECC mechanisms may also be necessary supporting operations such 33 keys for authentication and key negotiation. Nevertheless, Sizzle requires a reliable transport-layer protocol and is as authentication and trust