You are on page 1of 23

MOUSTAFA NAJM

M.Tech CSE 2014-2016

Roll No:147509

NIT WARANGAL
Comuter Science and Engineering Department
M.Tech CSE 2014-2016

Securing the Internet of Things


(IoT)
MOUSTAFA NAJM
ROLL NO 147509

MOUSTAFA NAJM | 147509

Page 0

Securing the Internet of Things (IoT)

Table of Contents
Abstract: .......................................................................................................................................... 4
1. Introduction: ................................................................................................................................ 4
2. Background: ................................................................................................................................. 5
2.1 What is the Internet of Things? ......................................................................................... 6
2.2 Evolving the Internet of Things: ......................................................................................... 7
3. Security in Internet of Things: .................................................................................................. 8
3.1 Challenges of Internet of Things: ....................................................................................... 8
3.2 Need for Security: .................................................................................................................. 8
4. Communication and Security of IoT ............................................................................................ 9
4.1. Protocol stack for the IoT: .................................................................................................... 9
4.2 Security requirments: .......................................................................................................... 10
5. IEEE 802.15.4 protocol: ............................................................................................................. 10
5.1

Security services in IEEE 802.15.4: ................................................................................ 11

5.2 Limitations of security with IEEE 802.15.4: ......................................................................... 12


5.3 Proposal for security with IEEE 802.15.4:............................................................................ 12
6. 6LoWPAN (IPV6 Over Low Power Wireless Personal Area Network): ...................................... 12
6.1 6LowPAN Motivation: ......................................................................................................... 13
6.2 6LowPAN Challenges: .......................................................................................................... 13
6.3. Security in 6LoWPAN: ......................................................................................................... 14
6.4 Proposals for Security in 6LoWPAN:.................................................................................... 14
6.4.1.

Design Lightweight IPSec ........................................................................................... 14

6.4.2.

Proposals for security against Packet fragmentation attacks: .................................. 15

7. RPL (Routing Protocol for Low-power and Lossy Networks):.................................................... 15


7.1 Routing with RPL: ................................................................................................................ 15
7.1.1 RPL Control Messages: ................................................................................................. 16
7.2 Security in RPL: .................................................................................................................... 16
7.2.1 Secure versions of the various routing control messages: ........................................... 16
7.2.2 Protection against packet replay attack: ...................................................................... 17
7.2.3 Protection against falsified routing updates: ............................................................... 17
7.3 Security modes: ................................................................................................................... 17

MOUSTAFA NAJM | 147509

Page 1

Securing the Internet of Things (IoT)

8. CoAP (Constrained Application Protocol):................................................................................. 18


8.1 CoAP Overview: ................................................................................................................... 18
Characteristics: .......................................................................................................................... 18
8.2 CoAP Security: ..................................................................................................................... 19
8.2.1

Why use DTLS for CoAP Security: .......................................................................... 19

8.2.2

Analysis of DTLS for CoAP Security: ....................................................................... 20

8.3

DTLS Improvement: ....................................................................................................... 21

8.3.1 DTLS Compression: ....................................................................................................... 21


8.3.2

TinyDTLS: ............................................................................................................... 21

9. Conclusion: ................................................................................................................................ 21
10. References: .............................................................................................................................. 22

MOUSTAFA NAJM | 147509

Page 2

Securing the Internet of Things (IoT)

List of Figures:
Figure 1 . Popularity of IoT ......................................................................................................... 6
Figure 2 . Evolution of the Internet in five phases......................................................................... 7
Figure 3 . Protocol stack for the IoT............................................................................................... 9
Figure 4 . security in IEEE 802.15.4 .............................................................................................. 11
Figure 5 . Format of Initialization Vector for AES-CRT and AES-CCM security in IEEE 802.15.4.. 11
Figure 6 . Format of an ACL entry in IEEE 802.15.4 ..................................................................... 11
Figure 7 . analysis of Lightweight IPSec ...................................................................................... 14
Figure 8 . Memory analysis for IPSec in IoT ................................................................................. 14
Figure 9 . Secure RPL message..................................................................................................... 16
Figure 10 . Security section of secure RPL messages .................................................................... 16
Figure 11 . CoAP Architecture ....................................................................................................... 18
Figure 12 . DTLS in protocol stack ................................................................................................. 19
Figure 13 . Analysis of DTLS for CoAP security ............................................................................. 20
Figure 14 . Packet loss ratio in DTLS .............................................................................................. 20
Figure 15 . Space saving in DTLS compression .............................................................................. 21
Figure 16 . Average Energy consumption for DTLS Packet Transmission ..................................... 21

MOUSTAFA NAJM | 147509

Page 3

Securing the Internet of Things (IoT)

Abstract:
The Internet of Things (IoT) is the next generation of internet
which will make daily life easier based on intelligent sensors and smart
objects working together. But on the other hand there will be many
security challenges which need to think in a different way to protect IoT
applications.
This report gives overview about IoT, and analyzes security
challenges and requirements in IoT. Besides introducing IoT
communication stack designed by IEEE and IETF to meet the important
criteria of power-efficiency, reliability, Internet connectivity and
inteoperability. This communication stack is the backbone for this
report which discusses different mechanisms to secure communications
in each protocol, as well as limitations and some improvments and open
issues for future research.
1. Introduction:
The Internet of Things (IoT) is a computing concept that describes
a future internet where everyday physical objects will be connected to
the Internet and be able to identify themselves to other devices and
exchanging information with their surroundings.
Internet infrastructure has been growth to include massive
number of sensing objects which have constrained resources and
exhcange huge amount of data, sometimes its highly personal.
Consequently traditional methods for internet security are not suffeicint
and proper mechanisms shoud be developed to secure IoT
communications. IEEE and IETF have designed communication and
security technologies for the IoT. Such technologies currently form the
protocol stack for the IoT. This stack is enabled to meet the important
criteria of reliability, power-efficiency, Internet connectivity, and to
guarantee interoperability with existing Internet standards and
guarantee that sensing devices are able to communicate with other
Internet entities in the context of future IoT distributed applications.

MOUSTAFA NAJM | 147509

Page 4

Securing the Internet of Things (IoT)

2. Background:
Technology is changing the way of interconnection with the
world. Today, companies are developing products for the consumer
market that would have been unimaginable a decade ago: Internetconnected cameras that allow you to post pictures online with a single
click; home automation systems that turn on your front porch light
when you leave work; and bracelets that share with your friends how
far you have biked or run during the day. These are all examples of the
Internet of Things (IoT), an interconnected environment where all
manner of objects have a digital presence and the ability to
communicate with other objects and people. The IoT explosion is
already around us, in the form of wearable computers, smart health
trackers, connected smoke detectors and light bulbs, and essentially any
other Internet-connected device that isnt a mobile phone, tablet, or
traditional computer.
Iot growing day by day: Six years ago, for the first time, the
number of things connected to the Internet surpassed the number of
people. Experts estimate that, as of this year (2015), there will be 25
billion connected devices, and by 2020, 50 billion. Some estimate that by
2020, 90% of consumer cars will have an Internet connection, up from
less than 10 percent in 2013. Three and one-half billion sensors already
are in the marketplace, and some experts expect that number to
increase to trillions within the next decade. All of these connected
machines mean much more data will be generated: globally, by 2018,
mobile data traffic will exceed fifteen exabytes about 15 quintillion
bytes each month. By comparison, according to one estimate, an
exabyte of storage could contain 50,000 years worth of DVD-quality
video. Yet we are still at the beginning of this technology trend.
Benefits Vs Risks: these new developments are expected to bring
enormous benefits to consumers. Connected health devices will allow
consumers with serious health conditions to work with their physicians
to manage their diseases. Home automation systems will enable
consumers to turn off the burglar alarm, play music, and warm up
dinner right before they get home from work. Connected cars will notify
first responders in the event of an accident. And the Internet of Things
may bring benefits that we cannot predict.

MOUSTAFA NAJM | 147509

Page 5

Securing the Internet of Things (IoT)

However, these connected devices also will collect, transmit,


store, and potentially share vast amounts of consumer data, some of it
highly personal.
The popularity of different paradigms varies with time. The web
search popularity, as measured by the Google search trends during the
last 10 years for the terms Internet of Things, Wireless Sensor Networks
and Ubiquitous Computing show that IoT has became as main
reaserch topic nowadays:

Figure 1 . Popularity of IoT

2.1 What is the Internet of Things?

Although the term Internet of Things first appeared in the


literature in 2005, there is still no widely accepted definition. One
definition described the IoT as the worldwide network of
interconnected objects uniquely addressable based on standard
communication protocols, another defined it as the connection of
physical objects to the Internet and to each other through small,
embedded sensors and wired and wireless technologies, creating an
ecosystem of ubiquitous computing. Another definition described it as
including embedded intelligence in individual items that can detect
changes in their physical state. Observed, What all definitions of IoT
have in common is that they focus on how computers, sensors, and
objects interact with one another and process data.
The IoT includes consumer-facing devices, as well as products and
services that are not consumer-facing, such as devices designed for
businesses to enable automated communications between machines.

MOUSTAFA NAJM | 147509

Page 6

Securing the Internet of Things (IoT)

For example, the term IoT can include the type of Radio Frequency
Identification RFID tags that businesses place on products in stores to
monitor inventory; sensor networks to monitor electricity use in hotels.
Moreover, the things in the IoT generally do not include desktop or
laptop computers and their close analogs, such as smartphones and
tablets, although these devices are often employed to control or
communicate with other things.
2.2 Evolving the Internet of Things:
The evolution of Internet begins with connecting two computers
together and then moved towards creating World Wide Web WWW
by connecting large number of computers together. The mobile-Internet
emerged by connecting mobile devices to the Internet. Then, peoples
identities joined the Internet via social networks. Finally, it is moving
towards Internet of Things by connecting every day objects to the
Internet.
The IoT has stepped out of its infancy and it is the next
revolutionary technology in transforming the Internet into a fully
integrated Future Internet. As we move from www (static pages web) to
web2 (social networking web) to web3 (ubiquitous computing web).

Figure 2. Evolution of the Internet in five phases

MOUSTAFA NAJM | 147509

Page 7

Securing the Internet of Things (IoT)

3. Security in Internet of Things:


Steve Jobs, the former CEO of Apple Technologies once
said With better technology come greater challenges
3.1 Challenges of Internet of Things:

Internet already is there and there are many protocols for


securing internet purpuse, then why we need to develop new protocols
for Internet of Things. This is motivation question and the answer
shows the challenges facing IoT, including:
- The longevity of the device: updates are harder, if not impossible.
- The size of the device: almost devices are small with limited
capabilities, especially around cryptography.
- The fact there is a device: usually no UI for entering userids and
passwords
- The data is often highly personal
- The mindset: appliance manufacturers dont think like security
experts and embedded systems are often developed by grabbing
existing chips, designs, etc
3.2 Need for Security:

Recently Proofpoint, a leadin security service provider, claims


that they identified a phishing attack launched by sending more than
750,000 spam emails using devices which are non-traditional IP devices
like, smart TVs, smart refrigerators, IP cameras, etc.
Security will be a major concern wherever networks are deployed
at large scale. There can be many ways the system could be attacked:
capture data and messages, disabling the network availability, pushing
erroneous data into the network, accessing personal information, etc.
Security is critical to any network and the first line of defense
against data corruption is cryptography. RFID (particularly passive)
seems to be the most vulnerable as it allows person tracking as well as
the objects and no high level intelligence can be enabled on these
devices. These complex problems however have solutions that can be
provided using cryptographic methods.
Against outsider attackers, encryption ensures data confidentiality,
whereas message authentication codes ensure data integrity and
authenticity. Encryption, however, does not protect against insider
malicious attacks, to address which noncryptographic means are
MOUSTAFA NAJM | 147509

Page 8

Securing the Internet of Things (IoT)

needed, particularly in WSNs. periodically, new sensor applications


need to be installed, or existing ones need to be updated. This is done by
remote wireless reprogramming of all nodes in the network. Traditional
network reprogramming consists solely of a data dissemination
protocol that distributes code to all the nodes in the network without
authentication, which
h is a security threat. A secure reprogramming
protocol allows the nodes to authenticate every code update and
prevent malicious installation. Along with the presence of the data and
tools, cloud also handles economics of IoT which will make it a bigger
threat from attackers. Security and identity protection becomes critical
in hybrid clouds where private as well as public clouds will be used by
businesses.
Remembering forever in the context of IoT raises many privacy
issues as the data collected can be use
used
d in positive (for advertisement
services) and negative ways (for defamation). Digital forgetting could
emerge as one of the key areas of research to address the concerns and
the development of an appropriate framework to protect personal data.
data
Appropriate mechanisms will be required to secure
communications with such devices, in the context of future IoT
applications.
Efforts conducted by standardization bodies such as IEEE and
IETF towards the design of communication and security technologies
for the IoT (IoT Stack) .Ill
Ill show IoT Communication stack proposed by
IEEE and IETF, and disscus security for each layer.
4. Communication and Security of IoT
4.1. Protocol stack for the IoT
IoT:

This stack is enabled to meet reliability, power


power-efficiency
efficiency and
Internet connectivity, and to guarantee interoperability w
with
ith existing
Internet standards.

Fig
Figure 3 . Protocol stack for the IoT
MOUSTAFA NAJM | 147509

Page 9

Securing the Internet of Things (IoT)

IEEE 802.15.4 enables power-saving and reliablity, the IETF


6LoWPAN (IPV6 Over Low Power Wireless Personal Area Network) adaptation
layer enables universal Internet connectivity, the IETF ROLL (Routing Over
Low power and Lossy networks) routing protocol enables availability, and
finally the IETF CoAP (Constrained Application Protocol) enabling seamless
transport and support of Internet applications.
4.2 Security requirments:

Protocols must provide appropriate assurances in terms of


confidentiality, integrity, authentication and nonrepudiation of the
information flows. Mechanisms will also be required to implement
Protection against threats to the normal functioning of IoT protocols.
Other security requirements for the IoT such as Availability against DOS
attack. Other relevant security requirements are privacy, anonymity,
liability and trust, which will be fundamental for the social acceptance of
the future IoT applications.
In next sections Ill discuss each layer and security mechanisms
applied to achieve security requirements, with their limitations and
some proposals to overcome limitations and improve performance and
security.
5. IEEE 802.15.4 protocol:
IEEE 802.15.4 supports Low-energy communications at the
physical (PHY) and Medium Access Control (MAC) layers using 102
bytes for the transmission of data at higher layers where 1280 bytes
required for IPv6.
The IEEE standard 802.15.4 offers physical and media access
control layers for low-cost, low-speed, low-power wireless personal
area networks (WPANs). The original IEEE 802.15.4 standard from
2006 was recently updated in 2011 and there are many versions:
- IEEE 802.15.4a specifying additional PHY layers
- IEEE 802.15.4c support recently opened frequency bands in
China
- IEEE 802.15.4d with a similar goal of .4c for Japan.
- IEEE 802.15.4e an addendum defining modifications to the
MAC layer with the goal of supporting time-synchronized
multi-hop communications.

MOUSTAFA NAJM | 147509

Page 10

Securing the Internet of Things (IoT)

5.1

Security services in IEEE 802.15.4:

Figure 4 . security in IEEE 802.15.4

Security as currently defined by IEEE 802.15.4 is optional, available


only at the MAC layer and all security services applied as following:
 Confidentiality:
- encryption using AES in the Counter (CTR) mode
- 128-bit keys are used to support this requirement.
 Data authenticity and integrity:
- employing AES in the Cipher Block Chaining (CBC) mode
 Confidentiality, data authenticity and integrity
- The CTR and CBC modes may be jointly employed using the
combined Counter with CBC-MAC AES/CCM encryption
mode
 protection against message replay attacks:
The sender breaks the original packet into 16-byte blocks, each
block identified by its own block counter. Each block is encrypted
using a different nonce or Initialization Vector (IV).

Figure 5 . Format of the Initialization Vector for AES-CRT and AES-CCM security in IEEE 802.15.4

 Access control mechanisms


The device stores an access control lists (ACL) with a max of 255
entries, each containing the information required for the
processing of security for communications with a particular
destination device.

Figure 6 .Format of an ACL entry in IEEE 802.15.4

MOUSTAFA NAJM | 147509

Page 11

Securing the Internet of Things (IoT)

5.2 Limitations of security with IEEE 802.15.4:

IEEE 802.15.4 does not specify any keying model.


The management of IV values: if the same key is used in two or
more ACL entries. It may enable an adversary to recover
plaintexts from cipher texts.
Tables storing ACL entries in IEEE 802.15.4 may not provide
adequate support for all keying models, in particular group keying
and network-shared keying.
IEEE 802.15.4 is unable to protect acknowledgment messages in
respect to integrity or confidentiality. An adversary may therefore
forge acknowledgments, for which it only needs to learn the
sequence number of the packet to be confirmed that is sent in the
clear, in order to perform DoS attacks.
5.3 Proposal for security with IEEE 802.15.4:

Research opportunities in the context of security in time-bounded


link-layer communication environments employing IEEE 802.15.4e. The
applications are responsible for the definition of the communication
schedules in such networks, and security mechanisms may be designed
to benefit from the fact that the MAC layer operates using timesynchronized and channel-hopping communications. A possible
approach is to design a communication schedule with slots reserved a
priori for security, which can support normal security-management
operations such as key management and the identification of
misbehaving nodes for intrusion detection.
6. 6LoWPAN (IPV6 Over Low Power Wireless Personal Area Network):
6LoWPAN adaptation layer enables the transmission of IPv6
packets over IEEE 802.15.4 and implements mechanisms for packet
fragmentation and reassembly.

MOUSTAFA NAJM | 147509

Page 12

Securing the Internet of Things (IoT)

6.1 6LowPAN Motivation:

There are many Benefits of IP over 802.15.4 (RFC 4919):


The pervasive nature of IP networks allows use of existing
infrastructure.
IP-based technologies already exist, are well-known, and proven to
be working.
Open and freely available specifications vs. closed proprietary
solutions.
Tools for diagnostics, management, and commissioning of IP
networks already exist.
IP-based devices can be connected readily to other IP-based
networks, without the need for intermediate entities like translation
gateways or proxies.

6.2 6LowPAN Challenges:

IPv6 header is 40 octets, UDP header is 8 octets, while 802.15.4 MAC


header can be up to 25 octets (null security) or 25+21=46 octets (AESCCM-128), with the 802.15.4 frame size of 127 octets, we have this
space left for application data:
- 127-25-40-8 = 54 octets (null security)
- 127-46-40-8 = 33 octets (AES-CCM-128)
IPv6 requires that links support an MTU of 1280 octets, then Link-layer
fragmentation / reassembly is needed. IETF IPv6 over Low-power
Wireless Personal Area Networks (6LoWPAN) working group was
formed in 2007 to produce a specification enabling the transportation of
IPv6 packets over low-energy IEEE 802.15.4 and similar wireless
communication environments. The 6LoWPAN adaptation layer
optimizes the usage of this limited payload space through packet header
compression.
The 6LowPAN protocol is an adaptation layer allowing to:
 transport IPv6 packets over 802.15.4 links
 Based on IEEE standard 802.15.4
 Fragmentation / reassembly of IPv6 packets
 Compression of IPv6 and UDP/ICMP headers
 Low processing / storage costs

MOUSTAFA NAJM | 147509

Page 13

Securing the Internet of Things (IoT)

6.3. Security in 6LoWPAN:

Current state: No security mechanisms are currently defined in the


context of the 6LoWPAN adaptation layer.
The challenges in the adoption of network-layer security approaches
such as IPSec and IKE in 6LoWPAN environments are related to the
resource constraints of typical wireless sensing platforms
6.4 Proposals for Security in 6LoWPAN:
6.4.1. Design Lightweight IPSec

Compressed security headers for the 6LoWPAN adaptation layer,


with the same purpose as the existing Authentication Header (AH) and
Encapsulating Security Payload (ESP) headers of the Internet Protocol
Security (IPSec) .Analysis of Lightweight IPSecis shown in following:

Figure 7 .analysis of Lightweight IPSec

With compressed IPSec, packet size is similar to 802.15.4 while IPSec


provides end-to-end security.

Figure 8 . Memory analysis for IPSec in IoT

ROM amd RAM footprints show that AH and ESP consumes just 3.9KB
and 9kB, respectively, for mandatory IPSec Algorithms.
MOUSTAFA NAJM | 147509

Page 14

Securing the Internet of Things (IoT)

6.4.2. Proposals for security against Packet fragmentation attacks:

A malicious or misconfigured node sending forged, duplicate or


overlapping fragments may threat the normal functioning or the
availability of such devices. This is due to the lack of authentication at
the 6LoWPAN adaptation layer. There are many proposals for security
against this attack:
- Addition of a timestamp plus a nonce to the 6LoWPAN
fragmentation header to support security against
unidirectional and bidirectional fragment replays
- Usage of mechanisms to support per-fragment sender
authentication using hash chains and purging of messages
from suspicious senders based on the observed behavior
7. RPL (Routing Protocol for Low-power and Lossy Networks):
RPL supports Routing over 6LoWPAN environments. Applicationspecific profiles are already defined to identify the corresponding
routing requirements and optimization goals.
7.1 Routing with RPL:

Considering that in the most typical setting various LoWPAN


nodes are connected through multi-hop paths to a small set of root
devices responsible for data collection and coordination, RPL builds a
Destination Oriented Directed Acyclic Graph (DODAG) identified by a
DODAGID for each root device, by accounting for link costs, node
attributes, note status information, and its respective objective function.
The topology is set up based on a rank metric, which encodes the
distance of each node with respect to its reference root, as specified by
the objective function. According to the gradient-based approach, the
rank should monotonically decrease along the DODAG and towards the
destination node.

MOUSTAFA NAJM | 147509

Page 15

Securing the Internet of Things (IoT)

7.1.1 RPL Control Messages:

The RPL protocol supports various types of control messages:


DAG Information Object (DIO): A DIO carries information that
allows a node to discover an RPL Instance, learn its configuration
parameters and select DODAG parents
DAG Information Solicitation (DIS): A DIS solicits a DODAG
Information Object from an RPL node
Destination Advertisement Object (DAO): A DAO propagates
destination information upwards along the DODAG
Destination Advertisement Object ACK (DAO-ACK) : An ack to
DAO parent or to the DODAG root.
Consistency Check (CC): Synchronization of counter values among
communicating nodes, providing a basis for the protection against
packet replay attacks.

DODAG Construction:
- Nodes periodically send link-local multicast DIO messages,
Stability or detection of routing inconsistencies influence the rate
of DIO messages.
- Nodes listen for DIOs and use their information to join a new
DODAG, or to maintain an existing DODAG
- Nodes may use a DIS message to solicit a DIO
- Based on information in the DIOs the node chooses parents that
minimize path cost to the DODAG root
7.2 Security in RPL:
7.2.1 Secure versions of the various routing control messages:

Following figures show format of secure routing messages:

Figure 10 . Security section of secure RPL messages


Figure 9 . Secure RPL message

MOUSTAFA NAJM | 147509

Page 16

Securing the Internet of Things (IoT)

The high order bit of the RPL Code field identifies whether or not
security is applied
Support of integrity and data authenticity:
- Integrity: AES/CCM with 128-bit keys for MAC
- integrity and data authenticity : RSA with SHA-256
* LVL: allows varying levels of data authentication and, optionally, of
data confidentiality.
7.2.2 Protection against packet replay attack:

CC messages are used for synchronization of counter values


among communicating nodes and provide a basis for the.
7.2.3 Protection against falsified routing updates:

Usage of a version number and rank authentication security


scheme based on one-way hash chains providing security against
internal attackers
7.3 Security modes:

Unsecured: no security
Preinstalled: preconfigured symmetric key
Authenticated: Appropriate for devices operating as routers,
obtaining a different cryptographic key from a key. The key
authority is responsible for authenticating and authorizing the
device.
The RPL specification currently defines that the authenticated
security mode must not be supported by symmetric cryptography
Although it doesnt specify how asymmetric cryptography may be
employed to support node authentication and key retrieval by the
device intending to operate as a router.

MOUSTAFA NAJM | 147509

Page 17

Securing the Internet of Things (IoT)

8. CoAP (Constrained Application Protocol):


CoAP supports communications at the application layer. This
Protocol is currently being designed at the IETF to provide
interoperability
8.1 CoAP Overview:
Characteristics:

 Constrained machine-to-machine web protocol


 Simple request and response protocol
 Simple proxy and caching capabilities
 Asynchronous transaction support
 Low header overhead and parsing complexity
 URI and content-type support
 UDP binding (may use IPsec or DTLS)
 Reliable unicast (confirmable) and multicast support

Figure 11 . CoAP Architecture

MOUSTAFA NAJM | 147509

Page 18

Securing the Internet of Things (IoT)

8.2 CoAP Security:

CoAP protocol Defines bindings to DTLS to protect CoAP messages


together with four security modes with different approaches to
cryptographic key management.

Figure 12 DTLS in protocol stack

Security modes
NoSec: no protocol-level security and DTLS is disabled
PreSharedKey: PreShared Key(PSK)-based authentication is used.
The device store list of keys, each key includes a list of nodes for
which this key can be used
RawPublicKey: the device has an asymmetric key pair.the public
key is not embedded within an X.509 certificate.
Certificate: the device has an asymmetric key pair and The X.509
certificate binds the public key.
8.2.1

Why use DTLS for CoAP Security:

- There are three main elements when considering security, namely


confidentiality, integrity, authentication. DTLS can achieve all.
- DTLS employ TCP, which is too complex.
- DTLS solves two problems: reordering and packet lost.
- It adds three implements:
1. packet retransmission.
2. assigning sequence number within the handshake
3. Replay detection.
MOUSTAFA NAJM | 147509

Page 19

Securing the Internet of Things (IoT)

- Elliptic Curve Cryptography (ECC) is adopted to support the


RawPublicKey and Certificates security modes.
8.2.2

Analysis of DTLS for CoAP Security:

Figure 13 . Analysis of DTLS for CoAP security

Fig.13. shows:
- Large memory footprint in ROM and RAM because of
complexity of the DTLS handshake, i.e., many messages and
states, and beside that Crypto suites require SHA-2 that is not
available on hardware crypto co-processor.
- Overhead due to lower layer per-packet protocol headers.

Figure 14 . Packet loss ratio in DTLS

MOUSTAFA NAJM | 147509

Page 20

Securing the Internet of Things (IoT)

8.3

DTLS Improvement:

8.3.1 DTLS Compression:

Avoiding Fragmentation through Compression

Figure 15 . Space saving in DTLS compression

Figure 16 . Average Energy consumption for DTLS Packet Transmission

on average 15% less energy is used to transmit (and receive)


compressed packets .
8.3.2

TinyDTLS:

The TinyDTLS AES-CCMmodule was modified to use the AES


hardware coprocessor.
9. Conclusion:
With the nature of todays computing, security is becoming very
critical for wide range of applications. This report has presented
requirements, issues, designs and solutions of secure standard protocol
design to counter the different attacks and highlighted the securityrelated problems faced by designers and limitations of each protocol.
Several issues, however, still remain open to find a holistic solution to
the problem of IoT security. By Complying with the security measures,
the IoT can fully improve daily aspects of our life. The right execution of
the paradigms and protocols related to security will definitely bring
about big changes in the society, which will be worth the effort.

MOUSTAFA NAJM | 147509

Page 21

Securing the Internet of Things (IoT)

10. References:
1- Jorge Granjal, Edmundo Monteiro, Jorge S Silva, Security for the Internet of

Things: A Survey of Existing Protocols and Open Research issues,


Communications Surveys & Tutorials, IEEE (Volume:PP , Issue: 99 ), Page(s):1, 2015.
2- Charith Perera, Member, IEEE, Chi Harold Liu, Member, IEEE, Srimal Jayawardena,
Member, IEEE and Min Chen, Senior Member, IEEE ,A Survey on Internet of
Things from Industrial Market Perspective , Access, IEEE jornal, (Volume:2),
Page(s):1660 1679, 2015
3- Sye Loong Keoh ,Kumar, S.S. ; Tschofenig, H.,Securing the Internet of Things:A

Standardization Perspective, Internet of Things Journal, IEEE (Volume:1,Issue:


3 ), Page(s):265 - 275,2014.
4- Christine Hennebert and Jessye Dos Santos,Security Protocols and Privacy Issues
into 6LoWPAN Stack: A Synthesis, IEEE INTERNET OF THINGS JOURNAL,
VOL. 1, NO. 5, Page(s):274279, OCTOBER 2014
5- Yasin Nizami, Emiliano Garcia-Palacios.,Internet of Things A Proposed Secured
Network Topology, Irish Signals & Systems Conference 2014 and 2014 ChinaIreland International Conference on Information and Communications Technologies
(ISSC 2014/CIICT 2014). 25th IET,Page(s):274 - 279,2014
6- Gurpreet Singh Matharu, Priyanka Upadhyay , Lalita Chaudhary ,The Internet of
Things: Challenges & Security Issues Emerging Technologies (ICET), 2014
International Conference on,Page(s):54 - 59, 2014
7- Jayavardhana Gubbi, Rajkumar Buyyab, Slaven Marusic, Marimuthu
Palaniswami, Internet of Things (IoT): A vision, architectural elements, and
future directions,Future Generation Computer Systems jornal,Volume 29,
Issue 7, Pages 16451660, September 2013
8- Raza, S. ,Shafagh, H. ; Hewage, K. ; Hummen, R. Lithe: Lightweight Secure
CoAP for the Internet of Things, Sensors Journal, IEEE (Volume:13 , Issue:
10 ),Page(s):3711 - 3720, 2013
9- Anass RGHIOUI , Mohammed BOUHORMA , Abderrahim BENSLIMANE
,Analytical study of security aspects in 6LoWPAN networks, 2013 5th
International Conference on Information and Communication Technology for the Muslim
World, Page(s):1 5,2013
10- Shahid Raza, Tony Chung, Simon Duquennoy, Dogan Yazar, Thiemo Voigt1, Utz
Roedig Securing Internet of Things with Lightweight Ipsec, SICS

Technical Report,ISSN:1100-3154, 2013


11- Rene Hummen, Klaus Wehrle, Standards-based End-to-End IP Security for
the Internet of Things, Network Protocols (ICNP), 2013 21st IEEE International
Conference, Page(s):1 3, 2013

MOUSTAFA NAJM | 147509

Page 22