Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lightweight security protocols for the IoT

Published byMelissa Park Modified over 8 years ago

Similar presentations

Presentation on theme: "Lightweight security protocols for the IoT"— Presentation transcript:

1 Lightweight security protocols for the IoT
Shahid Raza PhD, Senior Researcher SICS Swedish ICT, Kista

2 SICS FACTS SICS is the leading research institute for applied computer science in Sweden. ESTABLISHED STAFF 70 PH.D 10 PROFESSORS TURNOVER OFFICES 6 OWNERS Make Money Bag icon under Turnover (no text on the icon – please add the text here in white on top of bag.

3 Internet of Things (IoT)
Network of globally identifiable physical objects/things Mostly resource-constrained, lossy wireless networks Multi-hop Unattended deployments Extremely heterogeneous IPv6, an IoT enabling technology and integration layer IPv6 over Low power Wireless Personal Area Network (6LoWPAN) IPv6 Com. IPv6 6LoWPAN Border Route (6BR) 6LoWPAN Internet

4 IoT Security Internet Communication Security Network Security
Confidentiality Integrity Authentication Network Security Availability Data-at-rest Security Confidentiality Integrity Software Security IPv6 com. IPv6 6BR Internet 6LoWPAN

5 Communication Security in the IoT Solution developed in FP7 CALIPSO are being used in H2020 NobelGrid

6 Communication Security in the IoT
Per hop security End-to-End (E2E) security com-IPv6 IPv6 Internet 6BR Internet protocol based Lightweight but compliant with existing standards.

7 IoT and Security Protocols
CoAP, CoAPs DTLS comp. DTLS UDP comp. UDP IPv6 com. IPv6 IPsec com. IPsec Ethernet/WiFi security HTTP CoAP TLS DTLS IPv6 com. IPv6 IPsec Ethernet UDP Comp. UDP CoAP, CoAPs UDP DTLS IP RPL IKE/IPsec 6LoWPAN IEEE HTTP/HTTPs, CoAP/CoAPs TCP, UDP TLS, DTLS IP IKE/IPsec Ethernet 6BR Conventional Internet 6LoWPAN Standard compliance is the key. E2E security is the key

8 Secure CoAP (CoAPs) CoAP enables secure web in the IoT
HTTP + TLS = HTTPS Reliable and synchronous transport (TCP) CoAP + DTLS = CoAPs Unreliable and asynchronous transport (UDP) coaps://mySite:port/myResource Actual overhead comes from DTLS

9 The DTLS Handshake 9

10 Extending 6LoWPAN-compression to DTLS
ClientHello is the first message sent to establish a secure session and for negotiation of crypto algorithms. The current 6LoWPAN specification define compression schemes for UDP/IP protocol. IP Datagram with ClientHello Compressed ClientHello

11 Lightweight DTLS Header size comparison DTLS Header
Without Compression [bit] With Compression [bit] %Saving Record 104 40 62% Handshake 96 24 75% ClientHello 336 264 23% ServerHello 304 14%

12 Lightweight DTLS Example: IP datagram with ClientHello Protocol
Uncompressed [bytes] Compressed [bytes] IP 40 7 UDP 8 4 DTLS Record 13 DTLS Handshake 12 ClientHello (Minimal) 42 17 Total 115 35 Shahid Raza, et al., Lithe: Lightweight Secure CoAP for the Internet of Things. IEEE Sensors Journal, 13(10), , October 2013.

13 IP security (IPsec) End-to-End security at the network layer
Authentication Header (AH) Integrity and authentication Encapsulated Security Payload (ESP) Confidentiality and optionally integrity and authentication Transport and Tunnel modes Manually shared keys or use Internet Key Exchange (IKE) Recommended for IPv6 Compare it with DTLS

14 IEEE 802.15.4 Security Per-hop security at the link layer
The application controls the security required By default – “NO Security” Four types of packets Beacon, Data, ACK, Control packets for MAC Layer NO Security for ACK packets Shahid Raza, et al., Secure Communication for the Internet of Things - A Comparison of Link-Layer Security and IPsec for 6LoWPAN. Journal of Security and Communication Networks, 7(12), 2014

15 Security vs. Flexibility
Per hop At lower layers Header protection too Protocol agnostic End-to-End (E2E) At upper layers Protocols bound

16 Lets use them SICSthSense Contiki OS
Open source open license operating system for IoT implementations of most IoT protocols IPv6 6LoWPAN CoAP, RPL IEEE IPsec IKEv2 DTLS, etc. OAuth 2.0 (Coming…) SICSthSense An open source and open license cloud platform for IoT

17 Performance Evaluation

18 DTLS Handshake – Different Security Modes

19 DTLS Handshake – Individual Messages

20 IPsec vs. IEEE 802.15.4 security Multi hops with 512 byte data size
Average Response Time [ms] No. of hops

21 Key Management in IoT Security Modes Pre-shared key (PSK) – State-of-the-art in sensor network Raw-public key (RPK) Certificate-based - State-of-the-art in Internet

22 DTLS with Scalable Symmetric Keys
An IoT node needs to recognize and remember only one device, the Trust Anchor (TA) DTLS Standard compliant Standard compliance is the key. Kc becomes a pre-shared key. Also for RPK Shahid Raza, et al., S3K: Scalable Security with Symmetric Keys - DTLS Key Establishment for the Internet of Things. IEEE Transactions on Automation Science and Engineering, 2016

23 Digital Certificates in the IoT
Certificate based cyber security protocols Datagram TLS (DTLS) IKEv2/IPsec Object security IoT Standards specifying digital certificates CoAP LwM2M IPSO Objects ETSI Enrollment Process of certifying digital keys/certificates

24 A Current Research Project
The CEBOT project: It aims to equip IoT devices with capabilities that will enable them to obtain digital certificate(s) in a secure and automated way and by using the communication protocols that these devices speak. Partners SICS Swedish ICT, Stockholm Technology Nexus (neXus) Endorsers

25 Conclusions IoT is nothing but an Internet
6LoWPAN is the main enabler for IoT 6LoWPAN is a generic way to connect constrained networks with the Internet and it can be applied to security protocols Communication security in the IoT can be achieved using standardized Internet security protocols. Both IPsec and DTLS are feasible to use in the IoT Lightweight IKEv2/IPsec and DTLS have similar overhead Compressed IPsec is more efficient than IEEE security for multi-hop network with bigger data sizes

26 Thank you! Questions? Source code and publications: Part of the work is carried out within the SIA Internet of Things, a joint effort by VINNOVA, Formas and the Swedish Energy Agency

Download ppt "Lightweight security protocols for the IoT"

Similar presentations

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Advanced Computer Networks Fall 2011

Advanced Computer Networks Fall 2011
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Low-Power Interoperability for the IPv6 Internet of Things Presenter - Bob Kinicki Low-Power Interoperability for the IPv6 Internet of Things Adam Dunkels,

Low-Power Interoperability for the IPv6 Internet of Things Presenter - Bob Kinicki Low-Power Interoperability for the IPv6 Internet of Things Adam Dunkels,
6LoWPAN Extending IP to Low-Power WPAN 1 By: Shadi Janansefat CS441 Dr. Kemal Akkaya Fall 2011.

6LoWPAN Extending IP to Low-Power WPAN 1 By: Shadi Janansefat CS441 Dr. Kemal Akkaya Fall 2011.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
Henric Johnson1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
Leveraging IP for Sensor Network Deployment Simon Duquennoy, Niklas Wirstrom, Nicolas Tsiftes, Adam Dunkels Swedish Institute of Computer Science Presenter.

Leveraging IP for Sensor Network Deployment Simon Duquennoy, Niklas Wirstrom, Nicolas Tsiftes, Adam Dunkels Swedish Institute of Computer Science Presenter.

Similar presentations

Ads by Google