See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/280171999

Lightweight security scheme for IoT applications using CoAP

Article  in  International Journal of Pervasive Computing and Communications · October 2014

DOI: 10.1108/IJPCC-01-2014-0002

CITATIONS READS

28 2,745

5 authors, including:

Arijit Ukil Soma Bandyopadhyay

Tata Consultancy Services Limited Tata Consultancy Services Limited
73 PUBLICATIONS   1,098 CITATIONS    56 PUBLICATIONS   1,198 CITATIONS   

SEE PROFILE SEE PROFILE

Abhijan Bhattacharyya Arpan Pal

Tata Consultancy Services Limited Tata Consultancy Services Limited
26 PUBLICATIONS   322 CITATIONS    260 PUBLICATIONS   2,009 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Human Behavior Sensing View project

xVision View project

All content following this page was uploaded by Arpan Pal on 24 August 2015.

The user has requested enhancement of the downloaded file.

 International Journal of Pervasive Computing and Communications
Lightweight security scheme for IoT applications using CoAP
Arijit Ukil Soma Bandyopadhyay Abhijan Bhattacharyya Arpan Pal Tulika Bose
Article information:
To cite this document:
Arijit Ukil Soma Bandyopadhyay Abhijan Bhattacharyya Arpan Pal Tulika Bose , (2014),"Lightweight
security scheme for IoT applications using CoAP", International Journal of Pervasive Computing and
Communications, Vol. 10 Iss 4 pp. 372 - 392
Permanent link to this document:
http://dx.doi.org/10.1108/IJPCC-01-2014-0002
Downloaded on: 13 November 2014, At: 06:09 (PT)
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

References: this document contains references to 28 other documents.

To copy this document: permissions@emeraldinsight.com
The fulltext of this document has been downloaded 17 times since 2014*
Access to this document was granted through an Emerald subscription provided by
Token:JournalAuthor:563C1436-1FD3-4973-B7D2-2A48EDFCA1F0:
For Authors
If you would like to write for this, or any other Emerald publication, then please use our Emerald for
Authors service information about how to choose which publication to write for and submission guidelines
are available for all. Please visit www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com
Emerald is a global publisher linking research and practice to the benefit of society. The company
manages a portfolio of more than 290 journals and over 2,350 books and book series volumes, as well as
providing an extensive range of online products and additional customer resources and services.
Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the Committee
on Publication Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive
preservation.

*Related content and download information correct at time of download.


IJPCC
10,4
372
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)
International Journal of Pervasive
Computing and Communications
Vol. 10 No. 4, 2014
pp. 372-392
© Emerald Group Publishing Limited
1742-7371
DOI 10.1108/IJPCC-01-2014-0002
The current issue and full text archive of this journal is available at
www.emeraldinsight.com/1742-7371.htm
Lightweight security scheme for
IoT applications using CoAP
Arijit Ukil, Soma Bandyopadhyay, Abhijan Bhattacharyya,
Arpan Pal and Tulika Bose
Innovation Lab, Tata Consultancy Services, Kolkata, India
Abstract
Purpose – The purpose of this paper is to study lightweight security scheme for Internet of Things
(IoT) applications using Constrained Application Protocol (CoAP). Resource-constrained
characteristics of IoT systems have ushered in compelling requirements for lightweight application
protocol and security suites. CoAP has already been established as the candidate protocol for IoT
systems. However, low overhead security scheme for CoAP is still an open problem. Existing security
solutions like Datagram Transport Layer Security (DTLS) is not suitable, particularly due to its
expensive handshaking, public key infrastructure (PKI)-based authentication and lengthy ciphersuite
agreement process.
Design/methodology/approach – This paper proposes a lightweight security scheme in CoAP
using Advanced Encryption Standard (AES) 128 symmetric key algorithm. The paper presents an
object security (payload embedded)-based robust authentication mechanism with integrated key
management. The paper introduces few unique modifications to CoAP header to optimize security
operation and minimize communication cost.
Findings – It is resilient to number of security attacks like replay attack, meet-in-the-middle attack
and secure under chosen plaintext attack. This scheme is generic in nature, applicable for gamut of IoT
applications. The paper proves efficacy of our proposed scheme for vehicle tracking application in
emulated laboratory setup. Specifically, it compares with DTLS-enabled CoAP to establish the
lightweight feature of our proposed solution.
Research limitations/implications – This paper mainly focuses on implementing in-vehicle
tracking systems as an IoT application and used CoAP as the application protocol.
Practical implications – Such a lightweight security scheme would provide immense benefit in IoT
systems so that resource constraint-sensing devices and nodes can be made secure. This would impact
IoT eco systems to a large extent.
Originality/value – Such kind of security suite that provides both robustness and lightweight feature
is hitherto not known to the authors, particularly in CoAP for IoT applications.
Keywords Sensors, Security, Authentication, CoAP, IoT, Lightweight
Paper type Research paper
1. Introduction
With the advancement of software and hardware technology, Internet of Things (IoT)
applications and services like smart home management, intelligent transport system,
smart energy management and E-health become possible. In an IoT system, resource
(like energy, bandwidth and memory)-constrained sensing devices sense environmental
and physical parameters to constitute cyber-physical system. Such sensed data is
The authors thank Sitaram Venkata Chamarty and Praveen Gauravaram of Tata Consultancy
Services (TCS) Innovation Lab, Hyderabad, India, for their valuable comments and suggestions.
 communicated to a back-end infrastructure over Internet directly or typically through IoT applications
sensor gateway. However, such communication should be secure enough to counter
different security threats, as the sensor data mostly carry personal and sensitive
using CoAP
information. Due to the constrained nature of such devices and gateways, it is, indeed, a
challenge to establish a secure yet lightweight communication channel when sensor
data is transferred over the Internet. It is established that Constrained Application
Protocol (CoAP) is the candidate protocol (Bandyopadhyay and Bhattacharyya, 2013a) 373
for IoT. In this paper, we propose a lightweight security scheme, mainly considering
secure channel establishment through mutual authentication in CoAP. When sensitive
data of IoT applications using CoAP is communicated to different stakeholders,
following requirements is to be satisfied:
• mutual authentication between sensor, sensor gateway and back-end server;
• confidentiality and integrity of sensitive data; and
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

• low computational and communication overhead.

In fact, existing secure wireless protocols are not equipped to satisfy the above
requirements, particularly the need of substantial reduction of computational and
communication overhead (Li et al., 2012). In this work, we endeavor to embed a low
overhead security mechanism consisting of both authentication with integrated key
management and encryption on CoAP (Zenner, 2009). The proposed mechanism is
robust against different security-breaching attacks such as chosen plaintext attack,
replay attack and man-in-the-middle attack. We utilize the request-response layer of
CoAP to design a novel secure mode of CoAP by introducing a unique option in CoAP
header. We term our complete security scheme as “CoAPS-Lite” and the authentication
part is termed as “Auth-Lite”. Apart from ensuring secure channel establishment, it
further adapts handshaking level of its secure channel depending on the state of
application, like vehicle speed in intelligent transport system. Such adaptation further
reduces the communication cost in terms of bandwidth and power consumption. The
efficacy of our claims is shown in terms of latency, total bandwidth consumption and
computation cost by analyzing experimental results obtained in an emulated
environment.
The paper is organized as follows. In Section 2, we analyze the state-of-the-art. The
system architecture is described in Section 3. We present threat modeling and security
engineering in Section 4. In Section 5, our proposed low overhead security scheme, its
security analysis is described and its implementation for CoAP, for the vehicle tracking
application is illustrated. In Section 6, we discuss the experimental results and analysis.
Finally, we conclude our paper in Section 7.

2. Related work
Web-enablement of constrained sensor and gateways using traditional Hypertext
Transfer Protocol (HTTP)-based protocol would be unsustainable and non-scalable.
CoAP is established as candidate lightweight protocol (Bandyopadhyay and
Bhattacharyya, 2013a) for Internet connectivity of such energy-constrained sensors, and
it is evident from Table I (Colitti et al., 2011) and also shown in Figure 1, where another
competitive protocol MQ Telemetry Transport (MQTT) is chosen for performance
comparison. MQTT is a lightweight publish/subscribe protocol over Transmission
Control Protocol/Internet Protocol (TCP/IP). Bandyopadhyay and Bhattacharyya
 IJPCC (2013b) have shown improved performance of CoAP against HTTP. This argument is
supported by Hans (2012) that presents CoAP as the de facto protocol for IoT,
10,4 particularly for resource-constraint devices like smart meter and smart card. However,
ensuring low overhead security on CoAP is a challenging task, particularly due to
resource-constraint nature of sensing devices. A secure routing protocol in wireless
sensor networks is described by Sen and Ukil (2010). CoAP Internet draft (Yegin and
374 Shelby, 2012) describes few modifications to allow initialization, crypto-enablement and
other security options like authentication and integrity enablement. Establishing secure
channel is of utmost importance even in case of privacy preservation of sensitive data
(Ukil and Sen, 2010). Currently, the trend of using security scheme for sensor devices is
based on symmetric key (Eronen and Tschofenig). Another approach is based on
Datagram Transport Layer Security (DTLS), a datagram counterpart of Transport
Layer Security (TLS) (Modadugu and Rescorla, 2004). Such efforts do not suit
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

Parameters HTTP CoAP

Bytes per transmission 1451 154

Table I. Power(mWatt) 1333 151
Resource consumption Lifetime (days) 0.744 84
comparison between
HTTP and CoAP Source: Colitti et al. (2011)

Figure 1.
Suitability of CoAP in IoT
applications
 well-constrained sensor devices due to the computational overhead of public key IoT applications
cryptosystem that use public key infrastructure (PKI)-based certification and
communication overhead of a lengthy handshaking process. However, to adapt DTLS to
using CoAP
constrained devices, low overhead security schemes such as RawPublickey without
having any X.509 certification are introduced using preconfigured public keys (Shelby
et al., 2013). However, DTLS has at least 25 bytes overhead per packet that carries a
fragment and fills around one-third of the usable frame-size (Hartke and Bergmann, 375
2012). Bandyopadhyay et al. (2013a) proposed a mechanism for protocol characteristics
adaptation based on sensed indication derived from the vehicle’s state, but it does not
define the use of secure channels with adaptive reliability. In fact, it is shown that DTLS
as a transport layer security fails to achieve the advantages of application layer security
(Brachmann et al., 2011; Granjal et al., 2013). One of the main drawbacks of considering
CoAP to leverage the Internet backbone is its requirement of integration with HTTP,
which is to be additionally facilitated by CoAP-HTTP proxy. In a study by Hans (2012),
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

another approach of IPv6 over Low power Wireless Personal Area Networks
(6LoWPAN)-based border router for secure CoAP–HTTP integration is shown. For
introducing lightweight feature in CoAP-security, the idea of 6LoWPAN header
compression is proposed (Raza et al., 2013; 2012). However, header compression does not
incur substantial performance gain as DTLS is itself computationally heavy. We rather
focus on replacing DTLS completely or encapsulating the mutual authentication, key
management and encryption methods in least computational complex way.
In this paper, we focus on introducing a low overhead security mechanism using
symmetric key-based authentication and confidentiality for CoAP suitable for
constrained sensor devices and it has been applied with vehicle tracking application. We
also propose a scheme for adapting reliability of a secure channel, for further reduction
of communication overhead. With adaptive reliability, security suite implementation
becomes flexible and based on the requirement or condition, security suite can be
applied. For example, when data from sensors like inside car ambient temperature posts
data, security implication is low hence clear text data transmission is permissible,
security suite need to be implied for posting the car’s location data.

3. System architecture: vehicle tracking use case

We present a secure vehicular tracking system to illustrate the system architecture
where each vehicle is equipped with Digi ConnectPort-X5 M2M gateway embedded with
multiple sensors like global positioning system (GPS), gyroscope and accelerometer
(digi.com). This gateway uses General packet radio service (GPRS) connection to post
the vehicle tracking information. It updates the GPS co-ordinates along with its current
speed inferred from the collected accelerometer data periodically to a back-end server
using the proposed secure CoAP. The vehicle tracking application is deployed on
back-end server. A remote user can track the vehicle graphically using this application.
Figure 2 depicts the system architecture. In vehicle tracking applications, onboard
sensors like GPS, accelerometer along with vehicular gateway post sensor data to
Internet or other dedicated servers. Owing to high mobility and speed, expected wireless
channel condition often becomes very poor. Hence, optimum usage of bandwidth and
reducing the overall latency are important factors. When mobile phones are used as
vehicular gateway, optimizing energy usage is another important concern. The stated
concerns demand reduction in communication cost, i.e. a low overhead solution.
 IJPCC However, vehicular tracking application is an exemplary case; our approach is generic
in nature and suitable for gamut of IoT applications that suffer from resource-constraint
10,4 problem.
For our experimental purpose, the dash board of each vehicle is equipped with Digi
ConnectPort-X5 M2M gateway (digi.com). This gateway houses several sensors like
GPS and Accelerometer. For our case, the gateway has several access method options
376 like cellular (GPRS in this case), WiFi and Ethernet to connect to the Internet. The
gateway draws power from the battery of the vehicle.
The modified CoAP with proposed lightweight authentication ensures that the client
(the vehicle gateway) and the back-end server are mutually authenticated. However, as
the link between the back-end will still run HTTP Web-service and the remote user uses
HTTP interface to the back-end, an agent is required at back-end to translate the CoAP
requests from the gateway into HTTP and vice versa.
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

4. Security engineering and threat modeling

Our security engineering is an iterative process to enforce fine-grained adjustments on
security primitives (key length and algorithm) with resource and security requirements,
as shown in Figure 3.
It is perceived that IoT systems need to be protected against different security
threats. Our security engineering model for counter such threats would be governed by
the following schematic. Our security engineering is an iterative process with
fine-grained adjustments along with the middle-layer stakeholders like resource
availability and security requirements (Colitti et al., 2011; Ukil, 2010a, 2010b). Ideally, it
should be top-down, however, the practical consideration allows tuning from bottom up.
Considering IoT systems, resource constraint is a severe limitation to design security
protocol to satisfy all the security requirements. Thus, the feedback from bottom up

Figure 2.
The system architecture
shows the vehicle sensor
gateway connecting to the
back-end over Internet
using CoAP with the
proposed authentication
and security feature. The
total architecture uses a
cross-proxy to convert the
CoAP requests to HTTP
and vice versa. A remote
user can securely connect
to the back-end and access
the vehicle tracker data
 IoT applications
using CoAP

377
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

Figure 3.
Security engineering and
threat modeling

allows a stable and effectively engineered secure system. Our main concern is the
resource limitation due to resource constraint devices while our security requirements
are based on typical IoT applications like Intelligent Transportation Systems (ITS) and
E-health. We assume eavesdroppers, message interceptors in broadcast wireless
channel with substantial capability of replay attack, man-in-the-middle attack and
chosen plaintext attack (CPA). Also, it is assumed that nodes are hardware
tamper-resistant such that security primitives cannot be compromised. We consider a
bottom up approach for meeting limitation of resources. This allows stable and
effectively engineered secure system for considered use case. The security threats are
disclosure of sensitive information and resource consumption attacks.

5. Proposed method
For enabling secure CoAP, robust authentication and other security mechanisms need to
be supplied by communication security or by object security (within the payload). Our
proposed scheme has two components: CoAPs-Lite and Auth-Lite. CoAPs-Lite is the
component that is meant for enabling lightweight security in CoAP and Auth-Lite that
is the authentication part which is meant for enabling lightweight authentication in
typical IoT systems. It is to be noted that in CoAPs-Lite, we are concerned specifically
for CoAP and along with Auth-Lite, CoAP header modification is part of our proposed
solution.
We propose an adaptive lightweight security S for sensor data J in the overall
S( J) S( J)
ecosystem of IoT as: Sensor device (D) ↔ Sensor gateway(G) ↔ IoT backend (Ꮾ). Our
proposal, Auth-Lite (the authentication component of CoAPS-Lite), compliments the
M2M requirements by securing CoAP through object security. It is a payload embedded
(object) security suite, as shown in Figure 4, layered within message and
request/response layers.
 IJPCC 5.1 Authentication mechanism
Our proposed security solution is symmetric key-based authentication with integrated
10,4 key management. Exchanged symmetric key is used with Advanced Encryption
Standard (AES)128 Cipher Block Chaining (CBC) mode, the NIST recommended
ciphering scheme (Ukil et al., 2013). However, AES 128 CCM (Counter with CBC-MAC)
mode can also be chosen which would provide additional benefit of data integrity. This
378 method is payload embedded thus minimizing the handshaking overhead. It consists of
following phases:
• secret distribution;
• session initiation;
• server challenge; and
• sensor response.
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

This scheme is orders of magnitude faster than conventional PKI-based systems

because of the absence of any public-key crypto component. This solution eliminates
hazards of complicated key management as described in Shelby et al. (2013). Our
proposed method is a two round trip processes, as compared to CoAP ⫹ DTLS (Hartke
and Bergmann, 2012), which has at least four round trips. Also, our proposed method
does not have any mutual agreement on cipher suites. We assume that during
provisioning phase (at manufacturing or deployment of sensors) CoAP-enabled sensor
devices are equipped with security information like keying information, as described in
Shelby et al. (2013). At the time of provisioning of a sensor gateway and server a unique
secret is pre shared, which in our case is considered as hardcoded with the device at the
time of manufacturing and deployment. We assume that the pre-shared secret is
securely stored by some hardware specific storage security mechanism like TPM
(rustedcomputinggroup). To secure the authentication scheme against the threats
described earlier, we propose nonce-based authentication-key management (Needham
and Schroeder, 1987). We have followed negotiation and challenge-response processes
in our proposed scheme, which is described below and shown in Figure 5. List of
notation is shown in Table II:

Figure 4.
CoAP-DTLS vs Auth-Lite
 IoT applications
using CoAP

379
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

Figure 5.
Proposed security
protocol

Notation/symbol Meaning

␺n Shared secret between sensor gateway ␦n and server S

␬nⱍ␶ Key exchanged between sensor gateway ␦nand server at ␶ th session
具␦n典 Unique sensor device/gateway ID of ␦n
AES(·)␬ AES operation on plaintext using key ␬
noncei⫽s,gw nonces⫽ server initiated nonce noncegw⫽ gateway initiated nonce
丣 XOR
储 Concatenation Table II.
␻n Sensor data of sensor gateway ␦n Notation

• M1ⱍ␦n¡S : ␦n (sensor gateway) initiates and sends 具␦n典 its intention of

communication with S (server).
• M=1ⱍS¡␦n: S verifies the validity of 具␦n典. If it is valid, S responds as AES
( ␺n 丣 ␬nⱍ␶储 nonces )␺n, M=1ⱍS¡␦n ⫽ 兵0,1其256, where ␬nⱍ␶ is randomly generated key by
S at each re-authentication or re-keying, which is evoked when time-out interval of
the authentication session expires. ␺n ⫽ 兵0,1其128, the shared unique secret.
• M2ⱍ␦n¡S: ␦n extracts ␬nⱍ␶ and nonces from M=1ⱍS¡␦n as ␺n 丣 ␬nⱍ␶ 丣 ␺n ⫽ ␬nⱍ␶. It also
returns AES ( ␺n 丣 nonces储noncegw )␬nⱍ␶.
 IJPCC • M=2ⱍS¡␦n: S checks nonces from M2ⱍ␦n¡S, if successful sensor is authenticated. S then
10,4 returns AES ( ␬nⱍ␶储noncegw )␺n to get itself authenticated to gateway.
• M3ⱍ␦n¡S : ␦n checks noncegw from M=2ⱍS¡␦n if S is successfully authenticated,
authentication process completes.

Confidentiality: after successful bi-directional authentication, ␦n sends sensor data ␻n to

380 S as: AES ( ␻n )␬nⱍ␶.

5.2 Security analysis

Following steps summarize the security analysis of our proposed method:
Intuitively, proposed authentication-key exchange protocol is semantically secure as
per following definition (Lindell, 2010). Let us consider:
g: Function about key (Ki ) generation (between gateway and server) that the attacker
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

tries to learn.
h: Attacker’s a priori knowledge on Ki.
兵⺛p其p 僆P: Probability ensemble of key space of Ki, where p is any key among universal
key set P.
As defined by Lindell (2010), in our semantic security model (⌽, ⌿, ⍀), [⌽ : key
generation function for ␬n, (key) ⌿, ⍀ : encryption, decryption on ␬n and ␻n(plain text)]
with symmetric-key authentication: for each probabilistic polynomial-time algorithm Z
there exists Z = such that for 兵⺛p其p 僆P the space of every polynomial-bound ensembles, every
polynomial-bound functions g,h : 兵0, 1其* ¡ 兵0, 1其*, every positive polynomial p(ь) and all
sufficiently large n:

Pr 关 Z ( 1n, ⌿␬n (1n )( ⺛p ), 1ⱍ⺛pⱍ, h ( 1n, ⺛p ) ) ⫽ g(1n, ⺛p ) 兴

关
⬍ Pr Z =( 1n, 1ⱍ⺛pⱍ, 1ⱍ⺛pⱍ, h ( 1n, ⺛p )) ⫽ g( 1n, ⺛p ) ⫹
1
p(n) 兴
Proposed nonce-based authentication and key exchange method ⌿ is semantically
secure under CPA for all attacker A, Advantage of A over ⌿ [ADV(A, ⌿)] under CPA if
(Boneh, 2012):

ADVCPA关 A, ⌿ 兴 ⫽ |Pr关 EXP ( 0 ) ⫽ 1 兴 ⫺ Pr关 EXP ( 1 ) ⫽ 1 兴 | ⱕ ␧

where, ␧ ¡ 0.
Here, ␧ ⱕ 2⫺48. ⌿ is AES-based in CBC mode, which has cipher gain of 232. It can be
proved that ⌿ requires key-refreshment of 248 blocks (Boneh, 2012).
Proof sketch (Boneh, 2012): For every adversary Ꮽ attacking ⌿CBC, there exists a
PRP (Pseudo Random Permutation) adversary Ꮾ such that:

q 2l 2
AdvCBC 关 A, ⌿CBC 兴 ⱕ 2. AdvPRP 关 Ꮾ, ⌿ 兴 ⫹
ⱍXⱍ
Security is when q 2l 2 ⬍⬍ ⱍXⱍ
With AES-128: ⱍXⱍ ⫽ 2128, ql ⬍ 248
Nonces are generally generated using larger length random number generation
(RNG) to minimize collision attack. However, in practice, true RNG is difficult to find
 (Zenner, 2009). Our solution uses a pseudo random number generation (PRNG) IoT applications
appended with a timer (counter). Nonce is non-reproducible due to randomness of ᏾j
(PRN) along with monotonic incremental nature of ᐀j (timer). ᏾j is generated in
using CoAP
pseudo-random way, and its inclusion with ᐀j assures that replay attack is improbable:

{Pr( Rj ⱍ t⫽T ⫽ Rj t⫽T = ) ⫽ 1} ⬍ ␧ ’, ␧ ’ ¡ 0.

381
The predictable non-reproducibility among nonces are governed by ᐀j and the
non-predictable part is governed by ᏾j. The birthday bound problem states that when ␣
out of 2␤ number of elements are drawn in mutually independent way, ␳c, the collision
probability is upper bounded by (Zenner, 2009):

␣2 ⫺ ␣
␳c | max ⱖ
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

2. 2␤

␣2 ⫺ ␣ ␣2
2␤ ⱖ ⬵ 2␤ ⱖ ,
2. ␳c | max 2. ␳c | max

when ␣ ⬎⬎ 1
We have considered, ␣ ⫽ 256 and ␳cⱍmax ⫽ 2⫺56

2␤ ⬎ 2111 ¡ ␤min ⫽ 112

Thus justifying ᏾j ⫽ 112 bits and counter ᐀j ⫽ (128 ⫺ 112) ⫽ 16 bits.

Hence, we prove that our proposed method is secure under the considered threat model as
the nonce-respecting scheme is immune to replay attacks, while AES-CBC is resilient to
CPA.

5.3 Adapting security scheme into CoAP

In this section, we present a lightweight secure version of CoAP for IoT systems by adapting
our proposed security mechanism. First, we present establishment of authentication session
where both data publisher and server are mutually authenticated and, thereafter,
establishment of confidentiality channel for data transfer using CoAP. In our proposed
method, we have introduced new option in CoAP header; here, request-response mechanism
of CoAP is applied to establish a secure communication channel. One significant aspect of
our proposed scheme is to piggyback the response of authentication with ACK of CoAP’s
confirmable message. This reduces the number of message transactions between the sensor
device/gateway and server.
5.3.1 Adapting authentication. We introduce a new option “AUTH” in CoAP header to
enable the secure (authentication) mode. “AUTH” uses an unused option indicating a critical
option class. Along with “AUTH”, one more option “AUTH_MSG_TYPE” is introduced to
indicate different messages for establishing an authentication session. Figure 6 depicts
optional header enabling this secure mode. POST method with confirmable (CON) data
transfer mode is applied to achieve mutual authentication between sensor-gateway (client)
and back-end server. Importantly, authentication session is maintained in our proposed
scheme by using a constant “Token” value in header for all the associated messages
exchanged during the authentication phase. Proposed authentication session establishment
 IJPCC is depicted in Figure 7. The adaptation feature becomes prominent when based on sensor
data type (e.g. temperature sensor does not require security-enablement, whereas GPS data
10,4 requires security-enablement), security feature becomes active, i.e. AUTH ⫽ True, when
data is from temperature sensor, i.e. AUTH ⫽ False when data is from temperature sensor
(Table III).
The following five steps are performed to embed authentication within CoAP:
382 (1) Initially, sensor-gateway sends a POST message with confirmable (CON) mode with
AUTH option ⫽ True and with AUTH_MSG_TYPE value as “auth_init”, and
“device identifier” in the payload.
(2) Server derives device identifier from payload and determines pre-shared secret
associated with that device-identifier after receiving options AUTH,
AUTH_MSG_TYPE having values true and auth_init respectively. It then
generates nonce_1 and Key (K) as a session key. “K” encrypts and decrypts data
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

during confidentiality phase. Server generates an encrypted payload using the

shared secret, as shown in Step 2 of authentication mechanism.
(3) Server sends a response back to sensor-gateway with our introduced response code
“id_found” with the generated payload as described above. One significant point to
be noted here, that server piggybacks this response code and this payload with ACK
of received confirmable POST message. In case of an invalid device, identifier server
sends a response code “id_not_found”.
(4) Sensor-gateway decrypts response received from server embedded on ACK of its
last POST message by using shared secret, as stated in Step 3 of authentication
mechanism, thereby obtains nonce_1 and “K”. It generates the nonce_2 and then
follows Step 4 of authentication mechanism to generate encrypted payload by using
key “K”. It sends this payload using a POST message with option field “AUTH”, and
AUTH_MSG_TYPE value as “response_against_challenge”, and with same token
value as in last POST message.
(5) Server decrypts payload of above POST with abovementioned optional values in
header by using “K” and checks the received nonce_1. Server sends a response with
response code “client authenticated” if nonce_1 is identical with its previous value
(generated in Step 2), otherwise sends “client not authenticated”.

Computation time of different phases of authentication shown in Table IV is significantly

less in comparison to the retransmission timeout of reliable messages of CoAP considered for

Figure 6.
Options introduced into
the CoAP header to embed
the proposed security
scheme
 IoT applications
using CoAP

383
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

Figure 7.
Embedding the
authentication mechanism
on CoAP

our use case (Ukil et al., 2013). This justifies the piggybacking of authentication payload with
response of confirmable message (Figure 8).
5.3.2 Embedding confidentiality. After authentication, the encrypted data using “K” is
getting posted by using POST with a newly introduced option type “DEC_CONF” in header
using CON mode. After decryption, server decides to send a response code depending on
received value of “DEC_CONF” as true or false. In case of “DEC_CONF” false, it does not
send any response otherwise send a response. This response message consists of a response
code indicating the status of success or failure of decryption. According to this status the
client resends previous encrypted data. We have piggybacked response code using the ACK
message of the CON mode of POST, as the decryption time in the server end is on average
0.67 seconds obtained from our experimental results which is significantly less than
 IJPCC retransmission timeout of CoAP. However, we propose a separate response path, as depicted
in Figure 7, to send the decryption status when decryption time is significantly large. This is
10,4 an optional feature for our proposed method and depends on an application’s need.
There is another option we have proposed during the confidentiality phase where the
sensor gateway sends an option type “OMIT_DEC_STAT” in the header of a POST
message, along with encrypted payload sensor data as depicted in Figure 9. This time CoAP
384 running in sensor gateway adapts the NON (non-confirmable) mode while sending POST
message. The server at other end, after obtaining the encrypted message with option type
“OMIT_DEC_STAT”, does not send any decryption status, additionally this time no
response message is sent from the server (Bandyopadhyay et al., 2013a; 2013b). This further
reduces the amount of handshaking.

New header option Description

Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

AUTH True/False; Indicates enablement of authentication/Disabling

Table III. authentication mode
Header option introduced AUTH_MSG_TYPE 0 ⫽ auth_init; 1 ⫽ “response_against_challenge”
for authentication DEC_CONF True/false; indicates decryption status required/not–required

Atomic operation M2ⱍsensor ⬅ T4 ⫺ T3 M3ⱍsensor ⬅ ⌬T7

Encryption
128 bit NA NA
256 bit 1.372 NA
Table IV.
Computation time Decryption
(seconds) at different 128 bit NA 0.731
phases of authentication 256 bit 1.431 NA
at sensor gateway Overall computation time 2.837 0.734

Figure 8.
Exchange of data payload
through a secure channel
after the successful
authentication
 5.4 Authentication round trip in DTLS and CoAPS-Lite IoT applications
The protocol is significantly lightweight as no separate authentication or key exchange
processes are required. The authentication and key exchange protocol consists of few phases
using CoAP
like secret distribution phase, session initiation phase, server challenge phase and sensor
response phase, as depicted in Figure 10 (Ukil et al., 2014). Our proposed method is two
round-trip processes as compared to CoAP ⫹ DTLS, which is at least four round-trip
processes (Hartke and Bergmann, 2012). Below, we show comparative analysis of 385
authentication in CoAP, CoAP-DTLS and CoAPS-Lite.

6. Experimental results and analysis

In this section, we demonstrate our experimental results. The experimental setup is shown in
Figure 11. We consider vehicle tracking use case and used DigiConnectPort X5 (digi.com) as
in-vehicle sensor gateway, which is equipped with accelerometer and GPS sensor. The
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

device is enabled with Ethernet, WiFi, ZigBee and Cellular interfaces. Operating system of
this device is a small Linux footprint, and it is packaged with a customized Python 2.6
library. For laboratory experiment, we use Ethernet connection for device login and
interconnection among server, sensor and network emulator. We emulate wireless condition
inside laboratory, where network emulator WANEM is used (Kalitay and Nambiarz, 2011).
We consider stringent wireless network condition with 9.6KBps data rate and three types
of packet loss: 0, 10 and 20 per cent. To eliminate synchronization issue, we examined closed
loop latency. We show performance comparison in Figure 12 and it is found that latency
overhead for incorporating our method does not exceed 5 per cent when packet loss is 20 per
cent. In case of 0 per cent packet loss latency is almost similar. Another performance
comparison is bandwidth requirement of our proposed security scheme and normal CoAP
(Ukil et al., 2013). We experimented with two different payloads: one with 30-second data
accumulation period (⬇ 820 Bytes) and another with 60-second data accumulation period
(⬇ 950 Bytes). We find that the message size increment in secure CoAP is less than 2 per cent
as shown in Figure 13 (Ukil et al., 2013).
Performance comparison in terms of bandwidth consumption statistics between
Auth-Lite and DTLS-CoAP (pre-shared key mode) is shown in Figure 14. Sensor gateway at
the beginning initiates the authentication process by sending ⬍HELLO, #id⬎ to back-end
server at ␶0. There are (say) ᏹ number of forward packets and N number of backward
packets are transmitted between sensor gateway and back-end server to complete the
authentication process. Therefore, the total authentication bandwidth consumption
(handshake bandwidth consumption in case of DTLS pre-shared key mode) is:

Figure 9.
Adaptation of reliability
based on vehicle-state.
Sensor-gateway adapts
non-reliable mode; sends
an indication to server to
suppress decryption
status as well as the
response code
 IJPCC
10,4

386
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

Figure 10.
Round trip of CoAP (a),
CoAP with proposed
security mechanism (b),
CoAP with DTLS (c). It
can be observed that in
normal CoAP, number of
round trips for data
transfer initiation is one.
In DTLS-based CoAP,
authentication process
requires at least four
round trips. In our
proposed security, two
round trips are required

兺 兺
ᏹ N
␤total ⫽ i⫽1
␤i | forward ⫹ i⫽1
␤i | backward

Basically, we calculate bandwidth consumption starting at the instant ␶0, step # 1 to the
instant (␶end ) when authentication process ends, i.e. Step 4 for Auth-Lite in Figure 3 or Step 6
for DTLS in Figure 4. We calculate bandwidth consumption of authentication process in
Auth-Lite and handshake for DTLS pre-shared key mode individually, which are reported
as: ␤Auth⫺Lite and ␤DTLS, respectively. We have taken 200 sets of data for both ␤Auth⫺Lite, ␤DTLS.
We consider mean of these 200 sets of data to find out an estimate of ␤Auth⫺Lite, ␤DTLS. For
better lightweight performance, lower bandwidth consumption (␤) is desirable. We conduct
experiments according to the test configuration (Figure 5) with 0, 10 and 20 per cent packet
error conditions, which are reported as: ␤Auth⫺Liteⱍ0%, ␤Auth⫺Liteⱍ10%, ␤Auth⫺Liteⱍ20%; ␤DTLSⱍ0%,
␤DTLSⱍ10%, ␤DTLSⱍ20%. We depict the results in Figure 14 (Ukil et al., 2014).
 Considering bandwidth consumption as a definite indicator of lightweight property, we IoT applications
can definitely claim that our proposed scheme Auth-Lite significantly outperforms DTLS, as
shown in Figure 14 (Figure 15).
using CoAP

7. Future work
DTLS has received significant attention recently for constrained node or network
applications like in CoAP. Yet there are a few challenges when it comes to implement it in 387
such an environment. DTLS records can be large in size for a single 6LoWPAN payload.
Also, DTLS fragmentation can add a significant overhead on the number of datagrams and
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

Figure 11.
Experimental set up using
a private network and
WANem for performance
testing of modified CoAP
using DigiConnectPort X5
as sensor gateway with
secure CoAP client and
CoAP server running in
standard PC with required
modifications

Figure 12.
Closed-loop latency
comparison at different
packet loss (per cent)
condition between CoAP
and secure CoAP with our
proposed mechanism

Figure 13.
Bandwidth consumption
(in bytes) comparison
using different data
accumulation period (in
seconds)
 IJPCC bytes transferred. Packet loss is also still a big problem for the constrained nodes; buffers
must be large enough to hold all messages after reassembly and losing a single fragment will
10,4 cause all fragments of a message flight to be retransmitted, especially during key and
certificate exchange. DTLS recommends an initial timer value of 1 second. Given the
relatively large amount of time required by some algorithms when executed on constrained
devices, an initial value of 1 second can easily lead to spurious retransmissions. Compared to
388 TLS, DTLS exacerbates the connection initiation; a DTLS handshake has an additional
round-trip that results from the addition of a stateless cookie exchange. As such nodes with
very constrained main memory suffer from the complexity of the connection initiation phase
of DTLS handshake protocol. DTLS uses the cookie exchange technique to mitigate DoS
attack where the attacker ClientHello message sent by the attacker to launch amplification
attack. Particularly, in pre-shared key mode, the client computes a Pre-Master Secret and
Master Secret, from the pre-shared key and then sends a ClientKeyExchange message to the
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

Figure 14.
Performance comparison
Auth-Lite vs DTLS
(pre-shared key mode)

Figure 15.
Closed-loop configuration
for performance
comparison between
Auth-Lite and DTLS

Application
Request-response
Message
Auth-Lite
Figure 16. DTLS (pre-shared key mode)
Auth-Lite integrated
DTLS UDP
 server containing a psk_identity that is used by the server to lookup the required pre-shared IoT applications
key. However, such a scheme is vulnerable to replay attack and meet-in-the-middle attack.
Moreover, cookie exchange in plain text is not robust. Specifically, such customized DTLS in
using CoAP
CoAP lacks authentication feature, mandatory for any secure system. Auth-Lite can be
leveraged to provide robust authentication on DTLS pre-shared key mode as depicted in
Figure 16. Such layering would introduce proper mutual authentication in DTLS-CoAP (not
present in pre-shared key mode). It also eliminates vulnerable cookie exchange for 389
handshaking and psk_identity. In fact, in Auth-Lite pre-shared key of DTLS would be
replaced as “pre-shared secret” so that keying elements are not exposed in transmission.
Therefore, Auth-Lite on DTLS pre-shared key would provide superior security feature along
with mutual authentication layer, as shown in Figure 16 (Ukil et al., 2014). Specifically, this
paper is an extended version of our previous works (Ukil et al., 2013; 2014). We intend to
further demonstrate the efficacy our scheme for other applications like smart meter, E-health
that demand resource-optimized data transportation and security.
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

8. Conclusion
In the paper, lightweight security mechanism using CoAP is presented for IoT
scenarios. We specifically developed a method to enhance CoAP and implemented it
considering a vehicle tracking application. Our proposed security scheme is resilient
to typical security threats in an IoT system (Ukil, 2010b; Ukil et al., 2011). It has a
low overhead due to payload embedded symmetric key-based authentication with
integrated key management. This makes it ideal for securing resource constrained
sensor devices. We introduced unique header option in CoAP to establish a secure
channel between the sensor gateway and the back-end server. The key idea is to
design the secure mode of CoAP to be as light as possible. Another novel
contribution of our work is to reduce number of handshaking for reliability based on
the vehicle state information particularly when the vehicle is running at a high
speed. Experimental results establish that our proposed security scheme has a
low-overhead feature in comparison with DTLS pre-shared key-based security
scheme, and also establish that our proposed secure scheme for CoAP improves
performance in terms of the security, robustness and resource utilization in typical
IoT applications. Our proposed scheme Auth-Lite is low overhead due to its unique
nonce-respecting object security. This makes Auth-Lite ideal for securing M2M
systems. We have experimentally demonstrated the lightweight feature of
Auth-Lite by bandwidth comparison. Our future scope of work is to propose
modification of Auth-Lite to support multi-casting and to investigate cryptanalysis
of Auth-Lite under broad spectrum of attack scenarios.

References
Bandyopadhyay, S., Bhattacharyya, A. and Pal, A. (2013a), Adapting Sensed Indication for
Vehicular Analytics, SenSys, ACM, Roma.
Bandyopadhyay, S. and Bhattacharyya, A. (2013a), “Lightweight Internet protocols for web
enablement of sensors using constrained gateway devices”, International Conference on
Computing, Networking and Communication, IEEE, San Diego, CA, pp. 334-340.
Bandyopadhyay, S. and Bhattacharyya, A. (2013b), “Energy efficient sensor data distribution
using mobile phone in cyber-physical-system”, 14th International Conference on
Distributed Computing and Networking, Mumbai.
 IJPCC Bhattacharyya, A., Bandyopadhyay, S. and Pal, A. (2013b), “CoAP option for no server-response,
draft-tcs-coap-no-response-option-04”, available at: http://tools.ietf.org/pdf/draft-tcs-coap-
10,4 no-response-option-04.pdf
Boneh, D. (2012), “Stanford University”, available at: http://crypto.stanford.edu/⬃dabo/cs255/
lectures/PRP-PRF.pdf
Brachmann, M., Garcia-Morchon, O. and Kirsche, M. (2011), “Security for practical CoAP
390 applications: issues and solution approaches”, Proceedings of the 10th GI/ITG KuVS
Fachgespraech Sensornetze (FGSN11), Paderborn, pp. 15-16.
Colitti, W., Steenhaut, K. and Caro, N.D. (2011), “Integrating wireless sensor networks with web
applications”, in Extending the Internet to Low power and Lossy Networks, IPSN.
Eronen, P. and Tschofenig, H. (2005), “Pre-shared key ciphersuites for transport layer security
(TLS)”, RFC 4279, December.
Granjal, J., Monteiro, E. and Silva, J.S. (2013), “Application-layer security for the WoT: extending
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

CoAP to support end-to-end message security for internet-integrated sensing applications”,

Lecture Notes in Computer Science, Vol. 7889, pp. 140-153.
Hans, S. (2012), “Secure environment management based on CoAP”, ETSI CoAP Workshop,
Sophia Antipolis.
Hartke, K. and Bergmann, O. (2012), “Datagram transport layer security in constrained
environments draft-hartke-core-codtls-01”, available at: www.ietf.org/proceedings/83/
slides/slides-83-lwig-2.pdf
Kalitay, H.K. and Nambiarz, M.K. (2011), “Designing WANem: a wide area network emulator
tool”, In Communication Systems and Networks (COMSNETS), 2011 Third International
Conference on, IEEE, Bangalore, India, pp. 1-4.
Li, Y., Li, J., Ren, J. and Wu, J. (2012), “Providing hop-by-hop authentication and source privacy in
wireless sensor networks”, INFOCOM 2012, IEEE, Orlando, FL, pp. 3071-3075.
Lindell, Y. (2010), Foundations of Cryptography, Department of Computer Science Bar-Ilan
University, Israel.
Modadugu, N. and Rescorla, E. (2004), “The design and implementation of datagram TLS”, NDSS.
Needham, R.M. and Schroeder, M.D. (1987), “Authentication revisited”, ACM SIGOPS Operating
Systems Review, Vol. 21 No. 1.
Raza, S., Shafagh, H., Hewage, K., Hummen, R. and Voigt, T. (2013), “Lithe: lightweight secure
CoAP for the internet of things”, IEEE Sensors Journal, Vol. 13 No. 10, pp. 3711-3720.
Raza, S., Trabalza, D. and Voigt, T. (2012), “6LoWPAN compressed DTLS for CoAP”, IEEE
International Conference on Distributed Computing in Sensor Systems, IEEE 8th
International Conference on. IEEE, Hangzhou, China.
Sen, J. and Ukil, A. (2010), “A secure routing protocol for wireless sensor networks”, in
Computational Science and its Application, ICCSA, Springer, Berlin Heidelberg, Vol. 6018,
pp. 277-290.
Shelby, Z., Hartke, K. and Bormann, C. (2013), “Constrained application protocol (CoAP),
draft-ietf-core-coap-18”, The Internet Engineering Task Force–IETF, Orlando, December.
Ukil, A. (2010a), “Context protecting privacy preservation in ubiquitous computing”, in Computer
Information Systems and Industrial Management Applications, IEEE, (CISIM), 2010
International Conference, IEEE, pp. 273-278.
Ukil, A. (2010b), “Security and privacy in wireless sensor networks”, in Smart Wireless Sensor
Networks, Intechweb Press, Croatia, pp. 395-418.
 Ukil, A. and Sen, J. (2010), “Secure multiparty privacy preserving data aggregation by modular IoT applications
arithmetic”, International Conference on Parallel Distributed and Grid Computing, IEEE,
pp. 344-349. using CoAP
Ukil, A., Sen, J. and Koilakonda, S. (2011), “Embedded security for internet of things”, 2nd National
Conference on Emerging Trends and Applications in Computer Science, IEEE, Shillong,
pp. 1-6.
Ukil, A., Bandyopadhyay, S., Bhattacharyya, A. and Pal, A. (2013), “Lightweight security scheme 391
for vehicle tracking system using CoAP”, International Workshop on Adaptive Security,
UBICOMP, ACM.
Ukil, A., Bandyopadhyay, S., Bhattacharyya, A. and Pal, A. (2014), “Auth-Lite: lightweight
M2MAuthentication reinforcing DTLS for CoAP”, in IEEE International Conference on
Pervasive Computing and Communications Workshops, pp. 215-219.
Yegin, A. and Shelby, Z. (2012), “CoAP security options, IETF draft-yegin-coap-security-options-00”.
Zenner, E. (2009), “Nonce generators and the nonce reset problem”, 12th International Security
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

Conference, Springer Berlin Heidelberg, pp. 411-426.

Web sites
www.digi.com/products/wireless-routers-gateways/routinggateways/connectportx5#overview
www.trustedcomputinggroup.org/resources/tpm_main_specification

About the authors

Arijit Ukil is currently working in Innovation Labs, TCS Ltd, Kolkata, India, as a Scientist. He is
primarily engaged with the research activity on ubiquitous computing, security and privacy and
wireless networking. Before joining TCS Ltd in 2007, he has worked as Scientist in Deference
Research and Development Organization (DRDO), India for four years, where his primary focus
area was digital signal processing, embedded systems, wireless communication for Radar
applications. He has completed his BTech in Electronics and Telecommunication Engineering in
2002. He has published more than 30 conference and journal papers of national and international
repute. He has published few book chapters in IGI-Global, Intech-web and CRC publishers. He has
been reviewer of a number of IEEE conferences like, IEEE VTC and IEEE WCNC. He has been
invited and delivered keynote and tutorials in many international and national conferences like
ETCC’08, ICCET’09 and NCERDM-IT’09. He is enlisted in 2010 Marquis’ “Who’s Who” as a
renowned contributor in the field of computer science and information technology. Arijit Ukil is
the corresponding author and can be contacted at: arijit.ukil@tcs.com
Soma Bandyopadhyay has 16 years of industry experience in the area of Embedded Systems,
Digital Signal Processor, Protocol and Wireless Communications and ubiquitous computing.
Since 2003, she has been associated with Innovation lab of TCS as a senior scientist. At present,
prime focus area for research is ubiquitous and sensor network computation and IoT. In TCS, she
has been involved in leading and development of 3GPP Long Term Evaluation (LTE/LTE-A)
physical layer, IEEE-802.16d/e WMAN MAC stack development, Intel’s graphics device driver.
At present, she is leading the research and development activity in the area of energy-efficient
M2M communication and its analytics. She worked on MPEG video decoder, dual-core network
processor target platform, Intel’s network processor, protocol stack development on RTOS and
embedded system and multiple device drivers, automated teller machine (ATM) and
Multiprotocol Label Switching (MPLS). She has contributed toward multiple standard bodies on
behalf of TCS. Academically she is an MTech and BTech in Computer Science & Engineering
from the University of Calcutta, India. She did her graduation in Physics (Hons) from the same
university.
Abhijan Bhattacharyya is presently working as a scientist in TCS, Innovation Lab, Kolkata,
India. He has done his Bachelor’s of Technology in Information Technology from the University
 IJPCC of Calcutta, India, and Bachelor’s of Science with Honours in Electronics from the same university.
His primary areas of interest are network protocols, wireless baseband communication protocols,
10,4 digital signal processing, etc. He has a vast industrial experience of working with contemporary
wireless protocol layers. His present area of research interest is application layer protocols for
constrained devices. He has been representing his organization in IETF meetings on
standardization efforts on M2M/IoT-related technologies.
Arpan Pal received his PhD from Aalborg University, Denmark, and his BTech and MTech
392 from Indian Institute of Technology, Kharagpur, India, in Electronics and Telecommunications.
He has more than 21 years of experience in the area of Signal Processing, Communication and
Real-time Embedded Systems. Currently, he is with TCS, where he is heading research at
Innovation Lab, Kolkata. He is also a member of Systems Research Council of TCS with special
focus on Cyber-physical Systems. His current research interests include Mobile phone and
Camera-based Sensing and Analytics, Physiological Sensing, M2M communications, Distributed
Computing and Semantic Analytics for IoT-based Applications. He has more than 55
publications, till date, in reputed journals and conferences along with a couple of book chapters.
Downloaded by Doctor Arpan Pal At 06:09 13 November 2014 (PT)

He has also filed for more than 45 patents and has 5 patents granted to him. He is an editor for
reputed journals like ACM Transactions on Embedded Computing and IEEE Transactions on
Emerging Topics in Computing (special issue on Emerging Computing Technologies for Resilient
& Robust Intelligent Infrastructure). He is in the program committee of various eminent
conferences and is a senior member of IEEE. He had been earlier with Defense Research and
Development Organization (DRDO) of Indian Govt. working on Missile Seeker Signal Processing.
He has also worked with Macmet Interactive Technologies, leading their real-time systems group
in the area of Interactive TV and Set-top boxes.
Tulika Bose is presently working as a Developer at TCS, Innovation Labs, Kolkata. She did her
masters in Distributed and Mobile Computing from Jadavpur University, Kolkata, and is a gold
medalist. She did her BTech in Computer Science and Engineering from Haldia Institute of
Technology, West Bengal. Her areas of research interests are primarily Network Security and
network protocols.

To purchase reprints of this article please e-mail: reprints@emeraldinsight.com

Or visit our web site for further details: www.emeraldinsight.com/reprints

View publication stats