| 1. |
- Hummen, René, et al.
(författare)
-
Delegation-based Authentication and Authorization for the IP-based Internet of Things
- 2014. - 9
-
Konferensbidrag (refereegranskat)abstract
- IP technology for resource-constrained devices enables transparent end-to-end connections between a vast variety of devices and services in the Internet of Things (IoT). To protect these connections, several variants of traditional IP security protocols have recently been proposed for standardization, most notably the DTLS protocol. In this paper, we identify significant resource requirements for the DTLS handshake when employing public-key cryptography for peer authentication and key agreement purposes. These overheads particularly hamper secure communication for memory-constrained devices. To alleviate these limitations, we propose a delegation architecture that offloads the expensive DTLS connection establishment to a delegation server. By handing over the established security context to the constrained device, our delegation architecture significantly reduces the resource requirements of DTLS-protected communication for constrained devices. Additionally, our delegation architecture naturally provides authorization functionality when leveraging the central role of the delegation server in the initial connection establishment. Hence, in this paper, we present a comprehensive, yet compact solution for authentication, authorization, and secure data transmission in the IP-based IoT. The evaluation results show that compared to a public-key-based DTLS handshake our delegation architecture reduces the memory overhead by 64 %, computations by 97 %, network transmissions by 68 %.
|
|
| 2. |
|
|
| 3. |
- Hummen, Rene, et al.
(författare)
-
Towards viable certificate-based authentication for the Internet of Things
- 2013
-
Ingår i: HotWiSec 2013 - Proceedings of the 2013 ACM Workshop on Hot Topics on Wireless Network Security and Privacy. - New York, NY, USA : ACM. - 9781450320030 ; , s. 37-41
-
Konferensbidrag (refereegranskat)abstract
- The vision of the Internet of Things considers smart objects in the physical world as first-class citizens of the digital world. Especially IP technology and RESTful web services on smart objects promise simple interactions with Internet services in the Web of Things, e.g., for building automation or in e-health scenarios. Peer authentication and secure data transmission are vital aspects in many of these scenarios to prevent leakage of personal information and harmful actuating tasks. While standard security solutions exist for traditional IP networks, the constraints of smart objects demand for more lightweight security mechanisms. Thus, the use of certificates for peer authentication is predominantly considered impracticable. In this paper, we investigate if this assumption is valid. To this end, we present preliminary overhead estimates for the certificate-based DTLS handshake and argue that certificates - with improvements to the handshake - are a viable method of authentication in many network scenarios. We propose three design ideas to reduce the overheads of the DTLS handshake. These ideas are based on (i) pre-validation, (ii) session resumption, and (iii) handshake delegation. We qualitatively analyze the expected overhead reductions and discuss their applicability.
|
|
| 4. |
|
|
| 5. |
- Raza, Shahid, 1980-, et al.
(författare)
-
Lithe: Lightweight Secure CoAP for the Internet of Things
- 2013
-
Ingår i: IEEE Sensors Journal. - 1530-437X .- 1558-1748. ; 13, s. 3711-3720
-
Tidskriftsartikel (refereegranskat)abstract
- The Internet of Things (IoT) enables a wide range of application scenarios with potentially critical actuating and sensing tasks, e.g., in the e-health domain. For communication at the application layer, resource-constrained devices are expected to employ the Constrained Application Protocol (CoAP) that is currently being standardized at the IETF. To protect the transmission of sensitive information, secure CoAP (CoAPs) mandates the use of Datagram TLS (DTLS) as the underlying security protocol for authenticated and confidential communica- tion. DTLS, however, was originally designed for comparably powerful devices that are interconnected via reliable, high- bandwidth links.In this paper, we present Lithe – an integration of DTLS and CoAP for the IoT. With Lithe, we additionally propose a novel DTLS header compression scheme that aims to significantly reduce the header overhead of DTLS leveraging the 6LoWPAN standard. Most importantly, our proposed DTLS header com- pression scheme does not compromise the end-to-end security properties provided by DTLS. At the same time, it considerably reduces the number of transmitted bytes while maintaining DTLS standard compliance. We evaluate our approach based on a DTLS implementation for the Contiki operating system. Our evaluation results show significant gains in terms of packet size, energy consumption, processing time, and network-wide response times, when compressed DTLS is enabled.
|
|
