IP-enabled sensors can be globally addressable by any Internet-connected entity, and therefore, their protection presents different challenges than that of traditional sensors, as they are subject to any potential attacker in the Internet. For this reason, specific security protocols must be developed to address the security requirements of IP-enabled sensors. An interesting approach to achieve this aim is the Ladon security protocol, which allows resource-deprived devices to efficiently implement end-to-end authentication, authorisation and key establishment mechanisms. However, in so limited environments such as sensor networks, not only efficient protocols must be defined, but they must also be optimally parameterised. This paper constitutes a step forward in this direction. First, a state transition model of the Ladon protocol is presented to analytically describe its behaviour. Then, this model is used to select the most effective parameterisation of the protocol in terms of message retransmissions and execution of cryptographic operations. The obtained results show that the selected parameterisation allows maximising the probability of a successful secure session establishment, while keeping the overhead introduced by the protocol low. Additionally, the performance comparison carried out shows that Ladon outperforms alternative approaches to achieve the same objective in terms of message transmission and reception operations.
This is a preview of subscription content, access via your institution.
Buy single article
Instant access to the full article PDF.
Tax calculation will be finalised during checkout.
Montenegro, G., Kushalnagar, N., Hui, J. & Culler, D. (2007). Transmission of IPv6 packets over IEEE 802.15.4 networks, Tech. rep. 4944.
Astorga, J., Jacob, E., Huarte, M., & Higuero, M. (2012). Ladon: End-to-end authorisation support for resource-deprived environments. IET Information Security, 6(2), 93–101.
Neuman, C., Yu, T., Hartman, S., & Raeburn, K. (2005). The Kerberos network authentication service (V5). Tech. rep. 4120.
Karlof, C., Sastry, N., & Wagner, D. (2004). TinySec: A link layer security architecture for wireless sensor networks. In Proceedings of the 2nd international conference on embedded networked sensor systems (SenSys ’04) (pp. 162–175). New York, NY: ACM.
Lighfoot, L. E., Ren, J., & Li, T. (2007). An energy efficient link-layer security protocol for wireless sensor networks. In Proceedings of the 2007 IEEE international conference on electro/information technology (pp. 233–238).
Luk, M., Mezzour, G., Perrig, A., & Gligor, V. (2007). MiniSec: A secure sensor network communication architecture. In Proceedings of the 6th international conference on information processing in sensor networks (IPSN ’07) (pp. 479–488). New York, NY: ACM Press.
Perrig, A., Szewczyk, R., Tygar, J. D., Wen, V., & Culler, D. E. (2002). SPINS: Security protocols for sensor networks. ACM Wireless Networks, 8(5), 521–534.
Ren, K., Lou, W., & Zhang, Y. (2008). LEDS: Providing location-aware end-to-end data security in wireless sensor networks. IEEE Transactions on Mobile Computing, 7(5), 585–598.
Zhu, S., Setia, S., & Jajodia, S. (2003). LEAP: Efficient security mechanisms for large-scale distributed sensor networks. In Proceedings of the 10th ACM conference on computer and communications security (CCS ’03) (pp. 62–72). New York, NY: ACM.
Park, T., & Shin, K. G. (2004). LiSP: A lightweight security protocol for wireless sensor networks. ACM Transactions on Embedded Computing Systems, 3(3), 634–660.
Chan, H., & Perrig, A. (2005). PIKE: Peer intermediaries for key establishment in sensor networks. In Proceedings of the 24th annual joint conference of the IEEE computer and communications societies (INFOCOM 2005) (pp. 524–535).
Barker, E., Barker, W., Burr, W., Polk, W., & Smid, M. (2012). NIST special publication 800-57. Recommendation for key management—Part 1. National Institute of Standards and Technology (NIST), U.S. Department of Commerce.
Watro, R., Kong, D., Cuti, S. F., Gardiner, C., Lynn, C., & Kruus, P. (2004). TinyPK: Securing sensor networks with public key technology. In Proceedings of the 2nd ACM workshop on security of ad hoc and sensor networks (SASN ’04) (pp. 59–64). New York, NY: ACM.
Shaikh, R. A., Lee, S., Khan, M. A. U., & Song, Y. J. (2006). LSec: Lightweight Security protocol for distributed wireless sensor network. In Proceedings of the 11th IFIP international conference on personal wireless communications (PWC ’06) (pp. 367–377).
Hill, J., Szewczyk, R., Woo, A., Hollar, S., Culler, D., & Pister, K. (2000). System architecture directions for networked sensors. ACM SIGPLAN Notices, 35(11), 93–104.
de Meulenaer, G., Gosset, F., Standaert, F. X., & Pereira, O. (2008). On the energy cost of communication and cryptography in wireless sensor networks. In Proceedings of the 2008 IEEE international conference on wireless and mobile computing, networking and communications (WIMOB ’08) (pp. 580–585).
Amin, F., & Jahangir, A. H. (2011). Time and energy cost analysis of Kerberos security protocol in wireless sensor networks. In 7th international conference on information assurance and security (IAS ’11) (pp. 308–313).
Grosschädl, J., Szekely, A., & Tillich, S. (2007). The energy cost of cryptographic key establishment in wireless sensor networks. In Proceedings of the 2nd ACM symposium on information, computer and communications security (ASIACCS ’07) (pp. 380–382). New York, NY: ACM.
He, J., Rexford, J., & Chiang, M. (2007). Don’t optimize existing protocols, design optimizable protocols. SIGCOMM Computer Communication Review, 37(3), 53–58.
Rexford, J. (2006). Network protocols designed for optimizability. In Proceedings of the 40th annual conference on information sciences and systems (pp. 351–354).
Koukoutsidis, I., & Siris, V. A. (2007). 802.11e EDCA protocol parameterization: A modeling and optimization study. In Proceedings of the 2007 IEEE international symposium on a world of wireless, mobile and multimedia networks (WoWMoM 2007) (pp. 1–9).
Friginal, J., de Andres, D., Ruiz, J.-C., & Gil, P. (2011). Resilience-driven parameterisation of ad hoc routing protocols: OLSRD as a case study. In Proceedings of the IEEE 30th international symposium on reliable distributed systems (SRDS ’11) (pp. 85–90). Washington, DC: IEEE Computer Society.
Lin, T. S. (2012). the optimization and parameterization of mac protocols in urban sensor networks. Master’s thesis, INSA Lyon.
Shu, F., Sakurai, T., Zukerman, M., & Vu, H. (2007). Packet loss analysis of the IEEE 802.15.4 MAC without acknowledgements. IEEE Communications Letters, 11(1), 79–81.
Kaijser, P., Parker, T., & Pinkas, D. (1994). SESAME: The solution to security for open distributed systems. Computer Communications, 17(7), 501–518.
Wettstein, G. H., Grosen, J. (2006). IDfusion. An open-architecture for Kerberos based authorization. In Proceedings of the AFS and Kerberos best practices workshop.
Astorga, J., Jacob, E., Toledo, N., & Aguado, M. (2014). Analytical evaluation of a time- and energy-efficient security protocol for IP-enabled sensors. Computers and Electrical Engineering, 40(2), 539–550.
The work described in this paper was produced within the Training and Research Unit UFI11/16 supported by the University of the Basque Country UPV/EHU. This work was also partially funded by the Department of Industry, Innovation, Tourism and Trade of Basque Government through the Future Internet II strategic research project.
About this article
Cite this article
Astorga, J., Jacob, E., Toledo, N. et al. A lossy channel aware parameterisation of a novel security protocol for wireless IP-enabled sensors. Wireless Netw 21, 1289–1308 (2015). https://doi.org/10.1007/s11276-014-0854-3
- IP-enabled sensors
- Optimal parameterisation
- Protocol overhead
- State transition model