Annals of Telecommunications

, Volume 73, Issue 9–10, pp 589–600 | Cite as

μDTNSec: a security layer with lightweight certificates for Disruption-Tolerant Networks on microcontrollers

  • Dominik Schürmann
  • Georg von Zengen
  • Marvin Priedigkeit
  • Sebastian Willenborg
  • Lars Wolf


In Delay/Disruption-Tolerant Networks, man-in-the-middle attacks are easy: due to the store-carry-forward principle, an attacker can simply place itself on the route between source and destination to eavesdrop or alter bundles. This weakness is aggravated in networks, where devices are energy-constrained but the attacker is not. To protect against these attacks, we design and implement μDTNSec, a security layer for Delay/Disruption-Tolerant Networks on microcontrollers. Our design establishes a public key infrastructure with lightweight certificates as an extension to the Bundle Protocol. It has been fully implemented as an addition to μDTN on Contiki OS and uses elliptic curve cryptography and hardware-backed symmetric encryption. In this enhanced version of μDTNSec, public key identity bindings are validated by exchanging certificates using neighbor discovery. μDTNSec provides a signature mode for authenticity and a sign-then-encrypt mode for added confidentiality. Our performance evaluation shows that the choice of the curve dominates the influence of the payload size. We also provide energy measurements for all operations to show the feasibility of our security layer on energy-constrained devices. Because a high quality source of randomness is required, we evaluated the random number generators by the AT86RF231 radio, its successor AT86RF233, and one based on the noise of the A/D converter. We found that only AT86RF233 provides the required quality.


Disruption-tolerant networking DTN Microcontroller Security PKI 


  1. 1.
    Schürmann D, von Zengen G, Priedigkeit M, Wolf L (2017) uDTNSec: a security layer for disruption-tolerant networks on microcontrollers. In: Mediterranean ad hoc networking workshop (Med-Hoc-Net), pp 1–7Google Scholar
  2. 2.
    Chen S, Xu H, Liu D, Hu B, Wang H (2014) A vision of IoT: applications, challenges, and opportunities with China perspective. IEEE Int Things J 1(4):349–359CrossRefGoogle Scholar
  3. 3.
    von Zengen G, Büsching F, Pöttner W-B, Wolf L (2012) An overview of μDTN: unifying DTNs and WSNs. In: Proceedings of the 11th GI/ITG KuVS Fachgespräch Drahtlose Sensornetze (FGSN), DarmstadtGoogle Scholar
  4. 4.
    Burleigh S, Scott K (2007) Bundle protocol specification. RFC 5050Google Scholar
  5. 5.
    Ellard D, Altman R, Gladd A, Brown D, in’t Velt R (2015) DTN IP Neighbor Discovery (IPND). draft-irtf-dtnrg-ipnd-03Google Scholar
  6. 6.
    Symington S, Farrell S, Weiss H, Lovell P (2011) Bundle security protocol specification. RFC 6257Google Scholar
  7. 7.
    Schildt S, Morgenroth J, Pöttner W-B, Wolf L (2011) IBR-DTN: a lightweight, modular and highly portable bundle protocol implementation. Electron Commun EASST 37:1–11Google Scholar
  8. 8.
    DTN2 Reference ImplementationGoogle Scholar
  9. 9.
    Burleigh S (2011) Compressed bundle header encoding (CBHE). RFC 6260Google Scholar
  10. 10.
    Pöttner W-B, Büsching F, von Zengen G, Wolf L (2012) Data elevators: applying the bundle protocol in delay tolerant wireless sensor networks. In: The ninth IEEE international conference on mobile ad-hoc and sensor systems (MASS), Las VegasGoogle Scholar
  11. 11.
    Rottmann S, Hartung R, Käberich J, Wolf L (2016) Amphisbaena: a two-platform DTN node. In: The 13th international conference on mobile ad-hoc and sensor systems (MASS 2016), BrasiliaGoogle Scholar
  12. 12.
    Feldmann M, Walter F (2015) μ PCN—a bundle protocol implementation for microcontrollers. In: 2015 international conference on wireless communications signal processing (WCSP)Google Scholar
  13. 13.
    Nedevschi S, Patra R (2003) DTNLite: a reliable data transfer architecture for sensor networks. CS294-1: deeply embedded networks (Lecture)Google Scholar
  14. 14.
    Trappe W, Howard R, Moore RS (2015) Low-energy security: limits and opportunities in the internet of things. IEEE Secur Priv 13(1):14–21CrossRefGoogle Scholar
  15. 15.
    Gura N, Patel A, Wander A, Eberle H, Shantz S C (2004) Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In: Cryptographic hardware and embedded systems (CHES). Springer, pp 119–132Google Scholar
  16. 16.
    NIST (2016) Recommendation for key management. Special Publication 800-57 Part 1 Rev. 4Google Scholar
  17. 17.
    Xiao Y, Rayi VK, Sun B, Du X, Hu F, Galloway M (2007) A survey of key management schemes in wireless sensor networks. Comput Commun 30(11–12):2314–2341CrossRefGoogle Scholar
  18. 18.
    Szczechowiak P, Oliveira LB, Scott M, Collier M, R Dahab (2008) NanoECC: testing the limits of elliptic curve cryptography in sensor networks. In: Verdone R (ed) Wireless sensor networks, volume 4913 of lecture notes in computer science. Springer, pp 305–320Google Scholar
  19. 19.
    Oliveira LB, Dahab R (2006) Pairing-based cryptography for sensor networks. In: 5th IEEE international symposium on network computing and applications, CambridgeGoogle Scholar
  20. 20.
    Oliveira LB, Aranha DF, Gouvêa C PL, Scott M, Câmara DF, López J, Dahab R (2011) TinyPBC: pairings for authenticated identity-based non-interactive key distribution in sensor networks. Comput Commun 34(3):485–493. Special Issue of Computer Communications on Information and Future Communication SecurityCrossRefGoogle Scholar
  21. 21.
    Aranha DF, Gouvêa CPL RELIC is an Efficient LIbrary for Cryptography.
  22. 22.
    Sethi M, Arkko J, Keranen A (2012) End-to-end security for sleepy smart object networks. In: IEEE 37th conference on local computer networks workshops (LCN workshops), pp 964–972Google Scholar
  23. 23.
    de Clercq R, Uhsadel L, Van Herrewege A, Verbauwhede I (2014) Ultra low-power implementation of ECC on the ARM Cortex-M0 + . In: Proceedings of the 51st annual design automation conference (DAC). ACM, New York, pp 112:1–112:6Google Scholar
  24. 24.
    Atmel Corporation. AT86RF231/ZU/ZF datasheetGoogle Scholar
  25. 25.
    Schürmann D, Büsching F, Willenborg S, Wolf L (2017) RAIM: redundant array of independent motes. In: Conference on networked systems (NetSys’17), GöttingenGoogle Scholar
  26. 26.
    Karlof C, Sastry N, Wagner D (2004) TinySec a link layer security architecture for wireless sensor networks. In: Proceedings of the 2nd international conference on embedded networked sensor systems (SenSys ’04). ACM, New York, pp 162–175Google Scholar
  27. 27.
    Doriguzzi Corin R, Russello G, Salvadori E (2011) TinyKey: a light-weight architecture for wireless sensor networks securing real-world applications. In: Eighth international conference on wireless on-demand network systems and services (WONS), pp 68–75Google Scholar
  28. 28.
    Luk M, Mezzour G, Perrig A, Gligor V (2007) MiniSec: a secure sensor network communication architecture. In: 6th international symposium on information processing in sensor networks (IPSN), IEEE, pp 479–488Google Scholar
  29. 29.
    Liu A, Ning P (2008) TinyECC: a configurable library for elliptic curve cryptography in wireless sensor networks. In: International conference on information processing in sensor networks (IPSN’08). IEEE, pp 245–256Google Scholar
  30. 30.
    Casado L, Tsigas P (2009) ContikiSec: a secure network layer for wireless sensor networks under the contiki operating system. In: Identity and privacy in the internet age, pp 133–147CrossRefGoogle Scholar
  31. 31.
    Capossele A, Cervo V, De Cicco G, Petrioli C (June 2015) Security as a CoAP resource: an optimized DTLS implementation for the IoT. In: 2015 IEEE international conference on communications (ICC), pp 549–554Google Scholar
  32. 32.
    David PP, Noël T (2016) DTLS improvements for fast handshake and bigger payload in constrained environments. In: Mitton N, Loscri V, Mouradian A (eds) Ad-hoc, mobile, and wireless networks. Springer International Publishing, Cham, pp 251–262Google Scholar
  33. 33.
    Moosavi SR, Gia TN, Nigussie E, Rahmani AM, Virtanen S, Tenhunen H, Isoaho J (2016) End-to-end security scheme for mobility enabled healthcare Internet of Things. Futur Gener Comput Syst 64:108–124CrossRefGoogle Scholar
  34. 34.
    ‘Bg’. AVR–Crypto–LibGoogle Scholar
  35. 35.
    SEC 2 SECG (January 2010) Recommended elliptic curve domain parameters. In: Standards for efficient cryptography group, Certicom CorpGoogle Scholar
  36. 36.
    Büsching F, Kulau U, Wolf L (2012) Architecture and evaluation of INGA—an inexpensive node for general applications. In: IEEE sensors. IEEE, Taipei, pp 842–845Google Scholar
  37. 37.
    SEC 1 SECG (2009) Elliptic curve cryptography, Standards for Efficient Cryptography Group, Certicom CorpGoogle Scholar
  38. 38.
    Johnson D, Menezes A, Vanstone S (2001) The elliptic curve digital signature algorithm (ECDSA). Int J Inf Secur 1(1):36–63CrossRefGoogle Scholar
  39. 39.
    Hartung R, Kulau U, Wolf LC (2016) Demo; PotatoScope—scalable and dependable distributed energy measurement for WSNs. In: IEEE SECON 2016 conference proceedings. LondonGoogle Scholar
  40. 40.
    Jansma N, Arrendondo B (2004) Performance comparison of elliptic curve and RSA digital signatures. Technical report, University of Michigan, College of EngineeringGoogle Scholar
  41. 41.
    Dunkels A, Gronvall B, Voigt T (2004) Contiki—a lightweight and flexible operating system for tiny networked sensors. In: Proceedings of the 29th annual IEEE international conference on local computer networks, LCN ’04. IEEE Computer Society, Washington, DC, pp 455–462Google Scholar
  42. 42.
    Brown RG (2011) Dieharder: a random number test suite v3.31.1Google Scholar
  43. 43.
    Atmel Corporation. Low Power 2.4 GHz Transceiver for ZigBee IEEE 802.15.4 6LoWPAN (2009)Google Scholar
  44. 44.
    Atmel Corporation (2009) 8-bit AVR Microcontroller with 128K Bytes In-System Programmable Flash - ATmega1284PGoogle Scholar
  45. 45.
    Atmel Corporation (July 2014) Low Power 2.4 GHz Transceiver for ZigBee, IEEE 802.15.4, 6LoWPAN, RF4CE, SP100, WirelessHART, and ISM Applications - AT86RF233Google Scholar

Copyright information

© Institut Mines-Télécom and Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Institute of Operating Systems and Computer NetworksTU BraunschweigBraunschweigGermany

Personalised recommendations