Lithe: Lightweight Secure CoAP for the Internet of Things

Similar documents
Lithe: Lightweight Secure CoAP for the Internet of Things

Constrained Application Protocol (CoAP) Vilen Looga, M.Sc. Doctoral

Constrained Application Protocol (CoAP) Vilen Looga, M.Sc. Doctoral

Compression of IPsec AH and ESP Headers for Constrained Environments dra%-raza-6lo-ipsec-04

Set of IP routers. Set of IP routers. Set of IP routers. Set of IP routers

Security Issues in Constrained Application Protocol: A Literary Survey

Lesson 5 TCP/IP suite, TCP and UDP Protocols. Chapter-4 L05: "Internet of Things ", Raj Kamal, Publs.: McGraw-Hill Education

Security Embedded CoAP using DTLS for IoT

Denial of Service prevention in the IoT

Cloud Based IoT Application Provisioning (The Case of Wireless Sensor Applications)

Mobile Communications

Internet of Things: An Introduction

IPv6 Stack. 6LoWPAN makes this possible. IPv6 over Low-Power wireless Area Networks (IEEE )

Diet-ESP: A flexible and compressed format for IPsec/ESP

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

Enhancement of CoAP Packet Delivery Performance for Internet of Things. Hang Liu

Performance and overhead evaluation of OSCOAP and DTLS

Transport Layer Security

Interoperability. Luca Mottola slides partly by Simon Duquennoy. Politecnico di Milano, Italy and Swedish Institute of Computer Science

Transport Level Security

Jonas Green, Björn Otterdahl HMS Industrial Networks AB. February 22, 2017

Design Considerations for Low Power Internet Protocols. Hudson Ayers Paul Crews, Hubert Teo, Conor McAvity, Amit Levy, Philip Levis

Loosely Coupled Actor Systems

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

CSCE 715: Network Systems Security

Securing IoT applications with Mbed TLS Hannes Tschofenig Arm Limited

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec

ETSI M2M workshop Nov 2013

Communication and Networking in the IoT

CS 3516: Computer Networks

CS 3516: Advanced Computer Networks

Internet based IoT connectivity Technologies

MatrixDTLS Developer s Guide

Plaintext-Recovery Attacks Against Datagram TLS

Lightweight DTLS Implementation in CoAP-based IoT

Evaluating the Performance of CoAP, MQTT, and HTTP in Vehicular Scenarios

Smart Waste Management using Internet of Things Architecture

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

Security in IPv6-enabled Wireless Sensor Networks: An Implementation of TLS/DTLS for the Contiki Operating System

Securing the Constrained Application Protocol (CoAP) for the Internet of Things (IoT) Mohammed Hassan Alamri

CASAN: A New Communication Architecture for Sensors Based on CoAP

RF and network basics. Antonio Liñán Colina

Communication stacks: Constrained Application Protocol

Design and development of embedded systems for the Internet of Things (IoT) Fabio Angeletti Fabrizio Gattuso

IoT Roadmap in the IETF. Ines Robles

Internet security and privacy

Integrating Custom Hardware into Sensor Web. Maria Porcius Carolina Fortuna Gorazd Kandus Mihael Mohorcic

Lesson 3. IPv4 and IPv6 Protocols. Chapter-4 L03: "Internet of Things ", Raj Kamal, Publs.: McGraw-Hill Education

Wireless Sensor Networks Module 3: Application Protocol - CoAP

Computer Networks (Introduction to TCP/IP Protocols)

ISA100.11a. Pengfei Ren.

ARM IoT Tutorial. CoAP: The Web of Things Protocol Zach Shelby. April 30 th, 2014

Lesson 4 RPL and 6LoWPAN Protocols. Chapter-4 L04: "Internet of Things ", Raj Kamal, Publs.: McGraw-Hill Education

Design and Implementation of SCTP-aware DTLS

DTLS Performance in Duty-Cycled Networks

Wireless Sensor Networks Module 3: Application Protocol CoAP

Secure routing in IoT networks with SISLOF

An IoT-Aware Architecture for Smart

ZigBee IP update IETF 87 Berlin. Robert Cragie

Proposed Node and Network Models for M2M Internet

Web Real-Time Data Transport

Evaluation of 6LoWPAN Implementations

Schahin Rajab TCP or QUIC Which protocol is most promising for the future of the internet?

LSCHC: Layered Static Context Header Compression for LPWANs

CoAP an introduction. SUNET Dagarna i Östersund Robert Olsson UU/KTH

The Internet of Things. Thomas Watteyne Senior Networking Design Engineer Linear Technology, Dust Networks product group

(JBE Vol. 21, No. 3, May 2016) 6LoWPAN. Implementation of CoAP/6LoWPAN over BLE Networks for IoT Services. Abstract

Implementation and Evaluation of the Enhanced Header Compression (IPHC) for 6LoWPAN

Experimental Evaluation of Transport Services CoAP, HTTP and SPDY for Internet of Things

Constrained Node Networks

Kepware Whitepaper. IIoT Protocols to Watch. Aron Semle, R&D Lead. Introduction

W3C Workshop on the Web of Things

Linux-wpan: IEEE and 6LoWPAN in Linux

Hardware-Assisted IEEE Transmissions and Why to Avoid Them. Andreas Weigel, Volker Turau. IDCS 2015 September 2 nd, 2015

CS 356 Internet Security Protocols. Fall 2013

Implementation of SNMP Protocol with ContikiOS [Kur10] for WSN430 targets

Internet of Things: Latest Technology Development and Applications

IPSO 6LoWPAN IoT Software for Yocto Project* for Intel Atom Processor E3800 Product Family

Internet Draft Intended status: Standards Track Expires: January 16, 2019 D. Xiong Chongqing University of Posts and Telecommunications July 15, 2018

CPSC 441 COMPUTER COMMUNICATIONS MIDTERM EXAM SOLUTION

Linux-based 6LoWPAN border router

T Computer Networks II. Transport Issues Contents. TCP and UDP. Congestion Prevention. Motivation for Congestion Control

Advanced Computer Networking. CYBR 230 Jeff Shafer University of the Pacific QUIC

Overview. SSL Cryptography Overview CHAPTER 1

OSI Layer OSI Name Units Implementation Description 7 Application Data PCs Network services such as file, print,

System Architecture Challenges in the Home M2M Network

Chapter 16 Networking

Internet Protocol version 6

WIRELESS FREIGHT SUPERVISION USING OPEN STANDARDS

Network protocol for Internet of Things based on 6LoWPAN

Outline. Introduction. The Internet Architecture and Protocols Link Layer Technologies Introduction to 6LoWPAN The 6LoWPAN Format Bootstrapping

Politecnico di Milano Advanced Network Technologies Laboratory. 6LowPAN

UG103.11: Thread Fundamentals

Secure CoAP for IoT/WoT 덕성여자대학교디지털미디어학과강남희

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

Enabling Multicast IPsec for Internet of Things

TCP /IP Fundamentals Mr. Cantu

CS 161 Computer Security

Transport Layer Security

A New Internet? RIPE76 - Marseille May Jordi Palet

Transcription:

Lithe: Lightweight Secure CoAP for the Internet of Things S. Raza, H. Shafagh, etc. IEEE Sensors 2013, Volume 13 1 Mahmoud Kalash 28 March 2016

2 Summary: IEEE Sensors journal 2013. Security problem in IOT. Secure communication protocol in in resource-constrained IOT environments. Implementation and evaluation.

3 Outline Introduction Background CoAP and DTLS 6LoWPAN DTLS Compression DTLS-6LoWPAN Integration 6LoWPAN-NHC for the Record and Handshake Headers 6LoWPAN-NHC for ClientHello / ServerHello 6LoWPAN-NHC for other Handshake Messages Implementation Evaluation Packet Size Reduction RAM and ROM Requirement Run-Time Performance Future work

4 Outline Introduction Background CoAP and DTLS 6LoWPAN DTLS Compression DTLS-6LoWPAN Integration 6LoWPAN-NHC for the Record and Handshake Headers 6LoWPAN-NHC for ClientHello / ServerHello 6LoWPAN-NHC for other Handshake Messages Implementation Evaluation Packet Size Reduction RAM and ROM Requirement Run-Time Performance Future work

5 Introduction 6LoWPAN (IPv6 over Low power Wireless Personal Area Network) enables IPv6 in low-power and lossy wireless networks such as WSNs. 6LoWPAN defines header compression mechanisms. HTTP is inefficient in lossy and constrained IOT environment(low power radios). The Internet Engineering Task Force (IETF ). CoAP (Constrained Application Protocol) Simplicity. Low overhead. Multicast support.

6 Introduction DTLS (Datagram Transport Layer Security) is used by CoAP as the security protocol key management. data encryption. integrity protection. CoAPs is CoAP with DTLS support, similar to HTTPs. Problem: DTLS is inefficient or constrained IOT devices. Solution: Apply the 6LoWPAN header compression mechanisms to compress DTLS header.

7 Introduction: Lithe Lithe is the proposed solution in this paper. Lithe: a lightweight CoAPs by compressing the DTLS protocol with 6LoWPAN header compression mechanisms. To achieve energy efficiency by reducing the message size; To avoid 6LoWPAN fragmentation as 6LoWPAN protocol is vulnerable to fragmentation attacks.

8 E2E Communication with CoAPs 6BR: 6LoWPAN Border Router is used between 6LoWPAN networks and the Internet to compress/decompress or/and fragment/reassemble messages before forwarding between the two realms.

9 Outline Introduction Background CoAP and DTLS 6LoWPAN DTLS Compression DTLS-6LoWPAN Integration 6LoWPAN-NHC for the Record and Handshake Headers 6LoWPAN-NHC for ClientHello / ServerHello 6LoWPAN-NHC for other Handshake Messages Implementation Evaluation Packet Size Reduction RAM and ROM Requirement Run-Time Performance Future work

10 Background Goal: To enable secure and efficient communication among IoT devices that utilize the CoAP protocol.

11 CoAP CoAP is a web protocol that runs over the UDP for IOT. Datagram Transport Layer Security (DTLS) is used to protect CoAP transmission. Similar to HTTPs (TLS-secured HTTP), CoAPs is DTLS-secured CoAP. Coaps://myIPv6Address:port/MyResource

12 Layout of a packet secured with DTLS Upper layer Lower layer

13 DTLS-Handshake Process The handshake messages are used to negotiate: security keys, encryption algorithms and compressing methods.

14 6LoWPAN This paper is limited to the header compression process only. DTLS Layer IPHC NHC Lithe

15 Outline Introduction Background CoAP and DTLS 6LoWPAN DTLS Compression DTLS-6LoWPAN Integration 6LoWPAN-NHC for the Record and Handshake Headers 6LoWPAN-NHC for ClientHello / ServerHello 6LoWPAN-NHC for other Handshake Messages Implementation Evaluation Packet Size Reduction RAM and ROM Requirement Run-Time Performance Future work

16 DTLS-6LoWPAN Integration Apply 6LoWPAN header compression mechanism to compress headers in the UDP payload. The ID bits in the NHC for UDP defined in 6LoWPAN: 11110 means the UDP payload is not compressed; 11011 means the UDP payload is compressed with 6LoWPAN-NHC. IPHC NHC Lithe

17 6LoWPAN-NHC-R & 6LoWPAN-NHC-RHS First 4 bits represent the ID field: 1000 6LoWPAN-NHC-RHS 1001 6LoWPAN-NHC-R Version (v): DTLS version 0 omit version field (16 bits) Epoch (EC): 0, 8 bit epoch is used and the left most 8 bits are omitted. 1, all16 bit epoch is used. Sequence Number (SN): 0, 16 bit SN, omit 32 bits 1, 48 bit SN Fragment (F): 0, not fragment. Omit 2 x ( offset + length ) 6 bytes. 1, fragment applied.

18 6LoWPAN-NHC-CH First 4 bits is ID, 1010 When the parameter is set to 0, the corresponding field is omitted. Session ID (SI): omit 8 bits Cookie (C): omit 16 bits Cipher Suites (CS): omit 16bits Compression Method (CM): Omit 8 bits

19 6LoWPAN-NHC-SH Similar to ClientHello except: ID field is 1011 V (Server DTLS Version): 0 - DTLS 1.0, omit 16 bits

20 6LoWPAN-NHC for ClientHello

21 Outline Introduction Background CoAP and DTLS 6LoWPAN DTLS Compression DTLS-6LoWPAN Integration 6LoWPAN-NHC for the Record and Handshake Headers 6LoWPAN-NHC for ClientHello / ServerHello 6LoWPAN-NHC for other Handshake Messages Implementation Evaluation Packet Size Reduction RAM and ROM Requirement Run-Time Performance Future work

22 Implementation Lithe was implemented in the Contiki OS. Hardware platform: WiSMote. Lithe implementation consists of four components: DTLS: open source tinydtls. CoAP: default CoAP in Contiki. CoAP-DTLS integration module: Connects the CoAP and DTLS to enable CoAPs. DTLS header compression.

23 Outline Introduction Background CoAP and DTLS 6LoWPAN DTLS Compression DTLS-6LoWPAN Integration 6LoWPAN-NHC for the Record and Handshake Headers 6LoWPAN-NHC for ClientHello / ServerHello 6LoWPAN-NHC for other Handshake Messages Implementation Evaluation Packet Size Reduction RAM and ROM Requirement Run-Time Performance Future work

24 Evaluation - Packet Size Reduction

25 Evaluation RAM/ROM Requirement

26 Evaluation - Run-Time Performance CH ClientHello CH(C) ClientHello with Cookie CKE ClientKeyExchange HV HelloVerify SH ServerHello SHD - ServerHelloDone

27 Evaluation - Run-Time Performance 15% less energy is used transmit/receive compressed packets.

28 Evaluation Energy Consumption The Energy Consumption from Client/Server w/out RH Compression The Energy Consumption from the sum of Client/Server w/out RH Compression

29 Evaluation Round Time Trip (RTT)

30 Outline Introduction Background CoAP and DTLS 6LoWPAN DTLS Compression DTLS-6LoWPAN Integration 6LoWPAN-NHC for the Record and Handshake Headers 6LoWPAN-NHC for ClientHello / ServerHello 6LoWPAN-NHC for other Handshake Messages Implementation Evaluation Packet Size Reduction RAM and ROM Requirement Run-Time Performance Future work

31 Future work: deploy Lithe in a real world IOT system with a real application scenario.

32 References http://www.ujjwal.com/technical-optimization/https-seo-662/ https://www.micrium.com/iot/internet-protocols/ http://www.wismote.com/ http://contiki-os.blogspot.ca/ http://s3.amazonaws.com/ppt-download/lithe-150602124705-lva1- app6891.pdf

33

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback