Abstract
In the paradigms of the Internet of Things (IoT) as well as the evolving Web of Things (WoT) and the emerging Wisdom Web of Things (W2T), not only can the data collected by the sensor nodes (i.e., the things) in the wireless sensor networks (WSNs) be transmitted to and processed at Internet nodes and subsequently transformed into information, knowledge, wisdom and eventually into services to serve humans, but human users can also access, control and manage the sensor nodes in the WSNs through nodes in the Internet. Since data are the basis for enabling applications and services in W2T, it becomes imperative that enabling technologies for end-to-end security be developed to secure data communication between Internet user nodes and sensor server nodes to protect the exchange of data. However, traditional security protocols developed for the Internet rely mostly on symmetric authentication and key management based on public key algorithms, thus are deemed to be unsuitable for WSNs due to resource constraints in the sensor nodes. Specifically, acting as the server nodes in this scenario, sensor nodes cannot take on the heavy duty like regular servers in the Internet. Meanwhile, current security mechanisms developed for WSNs have mainly focused on the establishment of keys between neighboring nodes at the link layer and thus are not considered to be effective for end-to-end security in the W2T scenario. In this paper, we propose an end-to-end secure communication scheme for W2T in WSNs in which we follow an asymmetric approach for authentication and key management using signcryption and symmetric key encryption. In our proposed scheme, a great part of the work for authentication and access control is shifted to a gateway between a WSN and the Internet to reduce the burden and energy consumption in the sensor nodes. In addition, our scheme can ensure the privacy of user identities and key negotiation materials, and denial of service (DoS) attacks targeted at the sensor nodes can be effectively blocked at the gateway. We will also conduct quantitative analysis and an experiment to show that our proposed scheme can enhance the effectiveness of end-to-end security while reducing the cost of sensor nodes in terms of computation, communication and storage overhead as well as the latency of handshaking compared to similar schemes that are based on Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.
Similar content being viewed by others
References
Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)
Cao, X., Kou, W., Zeng, X., Dang, L.: Identity-based anonymous remote authentication for value-added services in mobile networks. IEEE Trans. Veh. Technol. 58(7), 3508–3517 (2009)
Cao, X., et al.: IMBAS: identity-based multi-user broadcast authentication in wireless sensor networks. Comput. Commun. 31(4), 659–667 (2008)
Christophe, B., et al.: The web of things vision: things as a service and interaction patterns. Bell Labs. Tech. J. 16(1), 55–62 (2011)
CoRE (Constrained RESTful Environments) Working Group, IETF draft. Available at: http://datatracker.ietf.org/wg/core/ (2011)
Crossbow, “MICA2”. Available at: http://www.xbow.com/Products/Product_pdf_files/Wireless_pdf/MICA2_Datasheet.pdf
Crossbow, “MICAz”. Available at: http://www.xbow.com/Products/Product_pdf_files/Wireless_pdf/MICAz_Datasheet.pdf
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) protocol version 1.2. IETF RFC 5246, (2008)
Du, W., et al.: A pairwise key predistribution scheme for wireless sensor networks. ACM Trans. Inf. Syst. Secur. 8(2), 228–258 (2005)
Ericsson, M.: The effects of XML compression on SOAP performance. World Wide Web 10(3), 279–307 (2007)
Eronen, P., Tschofenig, H.: Pre-shared Key Ciphersuites for Transport Layer Security (TLS). IETF RFC 4279, (2005)
Freier, A., Karlton, P., Kocher, P.: The Secure Sockets Layer (SSL) protocol version 3.0. IETF RFC 5246, (2011)
Gopinath, R.S., Khan, I., Suryady, Z.: Optimized web service architecture for 6LoWPAN. In: Proceeding of the International Conference on Information Networking, Chiang Mai, Thailand, pp. 1–3 (2009)
Granjal, J., Monteiro, E., Silva, J.S.: A Secure interconnection model for IPv6 enabled wireless sensor networks. In: Proceeding of the 2010 IFIP Wireless Days, Venice, Italy, pp. 1–6 (2010)
Granjal, J., Monteiro, E., Silva, J.S.: Enabling network-layer security on IPv6 wireless sensor networks. In: Proceeding of the 2010 IEEE Global Telecommunications Conference, Miami, Florida, pp. 1–6 (2010)
Granjal, J., et al.: Why is IPSec a viable option for wireless sensor networks. In: Proceeding of the 5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems, Atlanta, Georgia, pp. 802–807 (2008)
Gupta, V., Poursohi, A., Udupi, P.: Sensor network: an open data exchange for the web of things. In: Proceeding of the 8th IEEE International Conference on Pervasive Computing and Communications Workshops, Menlo Park, California, pp. 753–755 (2010)
Gupta, V., et al.: Sizzle: a standards-based end-to-end security architecture for the embedded internet. In: Proceedings of the 3rd IEEE International Conference on Pervasive Computing and Communications, Kauai, Hawaii, pp. 425–445 (2005)
Gura, N., et al.: Comparing elliptic curve cryptography and RSA on 8-Bit CPUs. In: Proceedings of the 6th International Workshop on Cryptographic Hardware and Embedded Systems, Cambridge, Massachusetts, Lecture Notes in Computer Science, Vol. 3156, pp. 119–132 (2004)
Hoa, N.T., Naoe, K., Takefuji, Y.: Micro secure socket layer for micro server. In: Proceeding of the 2nd International Conference on Future Networks, Sanya, China, pp. 286–289 (2010)
Hui, J., Thubert, P.: Compression format for IPv6 datagrams over IEEE 802.15.4-Based Networks. IETF RFC 6282 (2011)
Jung, W., et al.: SSL-based lightweight security of IP-based wireless sensor networks. In: Proceeding of the International Conference on Advanced Information Networking and Applications Workshops, Bradford, UK, pp. 1112–1117 (2009)
Kamilaris, A., Trifa, V., Pitsillides, A.: HomeWeb: An application framework for web-based smart homes. In: Proceeding of the 2011 18th International Conference on Telecommunications, Ayia Napa, Cyprus, pp. 134–139 (2011)
Kushalnagar, N., Montenegro, G., Schumacher, C.: IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Overview, assumptions, problem statement, and goals. IETF RFC 4919 (2007)
Lerche, C., et al.: Implementing Powerful web services for highly resource-constrained devices. In: Proceeding of the IEEE International Conference on Pervasive Computing and Communications Workshops, Seattle, Washington, pp.332–335 (2011)
Liu, D., Ning, P., Li, R.: Establishing pairwise keys in distributed sensor networks. ACM Trans. Inf. Syst. Secur. 8(1), 41–77 (2005)
Montenegro, G., Kushalnagar, N., Hui, J.: Transmission of IPv6 packets over IEEE 802.15.4 Networks. IETF RFC 4944 (2007)
Mzid, R., Boujelben, M., Youssef, H., Abid, M.: Adapting TLS handshake protocol for heterogeneous IP-based WSN using identity based cryptography. In: Proceeding of the International Conference on Wireless and Ubiquitous Systems, Sousse, Tunisia, pp. 1–8 (2010)
OASIS Web Services Security TC. Available at: http://www.oasis-open.org/committees/wss/
Park, S., et al.: IPv6 over low power WPAN security analysis. IETF Internet Draft draft-6lowpan-security-analysis-05, (2011)
Raza, S., et al.: Securing communication in 6LoWPAN with compressed IPsec. In: Proceeding of the 2011 International Conference on Distributed Computing in Sensor Systems and Workshops, Barcelona, Spain, pp. 1–8 (2011)
Revision, A.: Stargate NetBridge gateway user’s manual. (2007)
Riaz, R., Hyung, K.K., Ahmed, H.F.: Security analysis survey and framework design for IP Connected 6LoWPANs. In: Proceeding of the International Symposium on Autonomous Decentralized Systems, Athens, Greece, pp.1–6 (2009)
Riaz, R., et al.: A unified security framework with three key management schemes for wireless sensor networks. Comput. Commun. 31(18), 4269–4280 (2008)
RoLL (Routing over Low power and Lossy networks) Working Group, IETF RFC 5548, 5673, 5826, 5867. Available at: http://datatracker.ietf.org/wg/roll/ (2009)
Roman, R., et al.: Key management systems for sensor networks in the context of the internet of things. Comput. Electr. Eng. 37(2), 147–159 (2011)
Yu, H., He, J.: Trust-based mutual authentication for bootstrapping in 6LoWPAN. J. Commun. Technol. 7(8), 634–642 (2012)
Zheng, Y., Imai, H.: How to construct efficient signcryption schemes on elliptic curves. Inf. Process. Lett. 68(1998), 227–233 (1998)
Zheng, Y.: Signcryption and its applications in efficient public key solutions. In: Proceedings of the 1st International Workshop on Information Security, Tatsunokuchi, Japan, Lecture Notes in Computer Science, vol. 1396, pp. 291–312 (1998)
Zhong, N., et al.: Research challenges and perspectives on wisdom web of things (W2T). Journal of Supercomputing, Springer, (2010)
Zhu, S., Setia, S., Jajodia, S.: LEAP+: efficient security mechanisms for large-scale distributed sensor networks. ACM Trans. Sens. Netw. 2(4), 500–528 (2006)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Yu, H., He, J., Zhang, T. et al. Enabling end-to-end secure communication between wireless sensor networks and the Internet. World Wide Web 16, 515–540 (2013). https://doi.org/10.1007/s11280-012-0194-0
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11280-012-0194-0