Advertisement

Wireless Personal Communications

, Volume 61, Issue 3, pp 527–542 | Cite as

Security Challenges in the IP-based Internet of Things

  • Tobias Heer
  • Oscar Garcia-Morchon
  • René Hummen
  • Sye Loong Keoh
  • Sandeep S. Kumar
  • Klaus Wehrle
Article

Abstract

A direct interpretation of the term Internet of Things refers to the use of standard Internet protocols for the human-to-thing or thing-to-thing communication in embedded networks. Although the security needs are well-recognized in this domain, it is still not fully understood how existing IP security protocols and architectures can be deployed. In this paper, we discuss the applicability and limitations of existing Internet protocols and security architectures in the context of the Internet of Things. First, we give an overview of the deployment model and general security needs. We then present challenges and requirements for IP-based security solutions and highlight specific technical limitations of standard IP security protocols.

Keywords

Security Internet of Things IETF 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    AUTO-ID LABS. (2011). http://www.autoidlabs.org/. Online, last visited 30 June 2011.
  2. 2.
    Kim, E., Kaspar, D., Chevrollier, N., & Vasseur, J. P. (2011). Design and application spaces for 6LoWPANs draft-ietf-6lowpan-usecases-09. Design and application spaces for 6LoWPANs draft-ietf-6lowpan-usecases-09, January 2011.Google Scholar
  3. 3.
    BACnet. (2011). http://www.bacnet.org/. Online, last visited 30 June 2011.
  4. 4.
    DALI. (2011). http://www.dalibydesign.us/dali.html. Online, last visited 25 Feb. 2011.
  5. 5.
    ZigBee. (2011). http://www.zigbee.org/. Online, last visited 30 June 2011.
  6. 6.
    IETF 6LoWPAN~Working Group. (2011). http://tools.ietf.org/wg/6lowpan/. Online, last visited 30 June 2011.
  7. 7.
    Montenegro, G., Kushalnagar, N., Hui, J., & Culler, D. (2007). Transmission of IPv6 packets over IEEE 802.15.4 networks. RFC 4944, September 2007.Google Scholar
  8. 8.
    IETF Constrained RESTful Environment (CoRE)~Working Group. (2011). https://datatracker.ietf.org/wg/core/charter/. Online, last visited 30 June 2011.
  9. 9.
    Shelby, Z., Hartke, K., Bormann, C., & Frank, B. (2011). Constrained application protocol (CoAP), draft-ietf-core-coap-04 (Internet Draft), January 2011.Google Scholar
  10. 10.
    Kaufman, C. (2005). Internet key exchange (IKEv2) protocol. RFC 4306, December 2005. Updated by RFC 5282.Google Scholar
  11. 11.
    Dierks, T., & Rescorla, E. (2008). The transport layer security (TLS) protocol version 1.2. RFC 5246, August 2008. Updated by RFCs 5746, 5878.Google Scholar
  12. 12.
    Phelan, T. (2008). Datagram transport layer security (DTLS) over the datagram congestion control protocol (DCCP). RFC 5238, May 2008.Google Scholar
  13. 13.
    Moskowitz, R., Nikander, P., Jokela, P., & Henderson, T. (2008). Host identity protocol. RFC 5201 (Experimental), April 2008.Google Scholar
  14. 14.
    Moskowitz, R., Jokela, P., Henderson, T., & Heer, T. (2011). Host identity protocol version 2, draft-ietf-hip-rfc5201-bis-03 (Work in progress), October 2011.Google Scholar
  15. 15.
    Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., & Yegin, A. (2008). Protocol for carrying authentication for network access (PANA). RFC 5191, May 2008.Google Scholar
  16. 16.
    Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., & Levkowetz, H. (2004). Extensible authentication protocol (EAP). RFC 3748, June 2004.Google Scholar
  17. 17.
    Ylonen, T., & Lonvick, C. (2006). The secure shell (SSH) protocol architecture. RFC 4251, January 2006.Google Scholar
  18. 18.
    Moskowitz, R. (2011). HIP diet exchange (DEX), draft-moskowitz-hip-rg-dex-05 (Work in progress).Google Scholar
  19. 19.
    Chan, H., Perrig, A., & Song, D. (2003) Random key predistribution schemes for sensor networks. In Proceedings of the 2003 IEEE Symposium on Security and Privacy.Google Scholar
  20. 20.
    Perrig, A., Szewczyk, R., Wen, V., Culler, D., & Tygar, J. D. (2002). Spins: Security protocols for sensor networks. In Wireless Networks Journal, September 2002.Google Scholar
  21. 21.
    Langheinrich, M. (2005). Personal privacy in ubiquitous computing. Ph.D. thesis, ETH Zurich.Google Scholar
  22. 22.
    Gupta, V., Wurm, M., Zhu, Y., Millard, M., Fung, S., Gura, N., Eberle, H., & Shantz, S. (2005). Sizzle: A standards-based end-to-end security architecture for the embedded internet. In Proceedings of PerCom.Google Scholar
  23. 23.
    Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., & Moeller, B. (2006). Elliptic curve cryptography (ECC) cipher suites for transport layer security (TLS). RFC 4492 (Informational), May 2006. Updated by RFC 5246.Google Scholar
  24. 24.
    Fu, D., & Solinas, J. (2010). Elliptic curve groups modulo a prime (ECP Groups) for IKE and IKEv2. RFC 5903 (Informational), June 2010.Google Scholar
  25. 25.
    Dworkin, M. (2005). NIST special publication 800-38B. NIST special publication, 800(38B):38B.Google Scholar
  26. 26.
    Sarikaya, B., Ohba, Y., Cao, Z., & Cragie, R. (2011). Security bootstrapping of resource-constrained devices, January 2011.Google Scholar
  27. 27.
    Duffy, P., Chakrabarti, S., Cragie, R., Ohba, Y., & Yegin, A. (2011). Protocol for carrying authentication for network access (PANA) relay element, draft-ohba-pana-relay-03 (Work in progress), February 2011.Google Scholar
  28. 28.
    MSEC WG website. (2011). http://datatracker.ietf.org/wg/msec/. Online, last visited 30 June 2011.
  29. 29.
    Arkko, J., Carrara, E., Lindholm, F., Naslund, M., & Norrman, K. (2004). MIKEY: Multimedia internet KEYing. RFC 3830, August 2004. Updated by RFC 4738.Google Scholar
  30. 30.
    Eronen, P. (2006). IKEv2 mobility and multihoming protocol (MOBIKE). RFC 4555, June 2006.Google Scholar
  31. 31.
    Kivinen, T., & Tschofenig, H. (2006). Design of the IKEv2 mobility and multihoming (MOBIKE) protocol. RFC 4621 (Informational), August 2006.Google Scholar
  32. 32.
    Nikander, P., & Melen, J. (2009). A bound end-to-end tunnel (BEET) mode for ESP, draft-nikander-esp-beet-mode-09 (Work in progress), February 2009.Google Scholar
  33. 33.
    Nikander, P., Henderson, T., Vogt, C., & Arkko, J. (2008). End-host mobility and multihoming with the host identity protocol. RFC 5206 (Experimental), April 2008.Google Scholar
  34. 34.
    Williams, M., & Barrett, J. (2009). Mobile DTLS, draft-barrett-mobile-dtls-00 (Work in progress), September 2009.Google Scholar

Copyright information

© Springer Science+Business Media, LLC. 2011

Authors and Affiliations

  • Tobias Heer
    • 1
  • Oscar Garcia-Morchon
    • 2
  • René Hummen
    • 1
  • Sye Loong Keoh
    • 2
  • Sandeep S. Kumar
    • 2
  • Klaus Wehrle
    • 1
  1. 1.COMSYS GroupRWTH Aachen UniversityAachenGermany
  2. 2.Philips ResearchEindhovenThe Netherlands

Personalised recommendations