Two-Way Authentication for the Internet-of-Things

  • Corinna SchmittEmail author
  • Thomas Kothmayr
  • Wen Hu
  • Burkhard Stiller
Part of the Studies in Big Data book series (SBD, volume 25)


This chapter introduces the first fully implemented two-way authentication security scheme for Internet-of-Things (IoT) based on existing Internet standards, specifically the Datagram Transport Layer Security (DTLS) protocol. By relying on an established standard, existing implementations, engineering techniques, and security infrastructure can be reused, which enables an easy security uptake. The proposed security scheme uses two public key cryptography algorithms, RSA (Rivest, Shamir und Adleman) and Elliptic Curve Cryptography (ECC), tailored for the resource heterogeneous nature of IoT devices. The two-way authentication solution presented is designed to work over standard communication stacks that offer UDP/IPv6 networking for Low power Wireless Personal Area Networks (LoWPANs). A prototype implementation of DTLS is presented here in the context of a system architecture, and the scheme’s feasibility (low overheads and high interoperability) is demonstrated through extensive evaluations on the DTLS-supporting platform OPAL as clusterhead with children of different IoT hardware platforms.


Sensor Node Packet Loss Transmission Control Protocol Block Cipher Security Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



The DTLS solution presented was supported partially by the German Federal Ministry of Education and Research: the SODA Project under Grant Agreement No. 01IS09040A and the AutHoNe Project under Grant Agreement No. 01BN070[25]. The standardization activity within IETF was supported partially by FLAMINGO and SmartenIT, funded by the EU FP7 Program under Contract No. FP7-2012-ICT-318488 and No. FP7-2012-ICT317846, respectively.


  1. 1.
    Lehong, H., Velosa, A.: Hype cycle for the internet of things. White Paper, Stamford CT, Gartner Inc (2012)Google Scholar
  2. 2.
    European Telecommunications Standards Institute: Machine-to-machine communications (M2M); Smart Metering Use Cases (2010)Google Scholar
  3. 3.
    Leontiadi, I., Efstratiou, C., Mascolo, C., and Crowcroft, J.: SenShare: transforming sensor networks into multi-application sensing infrastructures. In: Proceedings of European Conference on Wireless Sensor Networks, pp. 65–81, Springer, Heidelberg (2012)Google Scholar
  4. 4.
    Shelby, Z., Bormann, C.: 6LoWPAN: The Wireless Embedded Internet. Wiley, United Kingdom (2009)CrossRefGoogle Scholar
  5. 5.
    Shelby, Z., Hartke, K., Bormann, C.: The constrained application protocol (CoAP). Req. Comments 7252, 1–112 (2014)Google Scholar
  6. 6.
    Dawson-Haggerty, S., Tavakoli, A., and Culler, D: Hydro: A hybrid routing protocol for low-power and lossy networks. In: Proceedings of 1st IEEE International Conference on Smart Grid Communications, pp. 268–273 (2010)Google Scholar
  7. 7.
    Kothmayr, T., Schmitt, C., Hu, W., Brünig, M., Carle, G.: DTLS based security and two-way authentication for the internet of things. Ad Hoc Netw. 11(8), 2710–2723 (2013)CrossRefGoogle Scholar
  8. 8.
    Noack, M.: Optimization of two-way authentication protocol in internet of things. Master thesis, University of Zurich, Communication Systems Group, Department of Informatics, Zurich, Switzerland (2014)Google Scholar
  9. 9.
    Bellare, M., Canetti, R., and Krawczyk, H.: Keyed hash functions and message authentication. In: Proceedings of Advances in Cryptology, pp. 1–15 (1996)Google Scholar
  10. 10.
    Karl, H., Willig, A.: Protocols and Architectures for Wireless Sensor Networks. Wiley, England (2007)Google Scholar
  11. 11.
    Miorande, D., Siciari, S., De Pellegrini, F., Chlamtac, I.: Internet of things: vision, applications and research challenges. Ad Hoc Netw. 10(7), 1497–1516 (2012)CrossRefGoogle Scholar
  12. 12.
    Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)CrossRefzbMATHGoogle Scholar
  13. 13.
    Bormann, C., Ersue, M., Keranen, A.: Terminology for constrained-node networks. Req. Comments 7228, 1–17 (2014)Google Scholar
  14. 14.
    Akyildiz, I.F., Su, W., Sankarasubramaniam, Y., Cayirci, E.: Wireless sensor networks: a survey. Comput. Netw. 38(4), 393–422 (2002)CrossRefGoogle Scholar
  15. 15.
    Raymond, D.R., Midkiff, S.F.: Denial-of-service in wireless sensor networks: attacks and defenses. IEEE Pervasive Comput. 7(1), 74–81 (2008)CrossRefGoogle Scholar
  16. 16.
    Luk, M., Mezzour, G., Perrig, A., Gligor, V.: MiniSec: A secure sensor network communication architecture. In: Proceedings of 6th ACM International Conference on Information Processing in Sensor Networks, pp. 470–488 (2007)Google Scholar
  17. 17.
    Gupta, V., Wurm, M., Zhu, Y., Millard, M., Fung, S., Gura, N., Eberle, H., Shantz, S.C.: Sizzle: a standards-based end-to-end security architecture for the embedded internet. Pervasive Mob. Comput. 1(4), 425–445 (2005)CrossRefGoogle Scholar
  18. 18.
    Hu, W., Tan, H., Corke, P., Shih, W.C., Jha, S.: Toward trusted wireless sensorn networks. ACM Trans. Sens. Netw. 7(1), 5 (2010)CrossRefGoogle Scholar
  19. 19.
    Chan, H., Perrig, A., Song, D.: Random key predistribution schemes for sensor networks. In: Proccedings of IEEE Symposium on Security and Privacy, pp. 197–213 (2003)Google Scholar
  20. 20.
    Jung, W., Hong, S., Ha, M., Kim, Y.J., Kim, D.: SSL-based lightweight security of IP-based wireless sensor networks. In: Proceedings of IEEE International Conference on Advanced Information Networking and Applications Workshops, pp. 1112–1117 (2009)Google Scholar
  21. 21.
    Raza, S., Voigt, T., Rödig, U.: 6LoWPAN extension for IPsec. In: Proceedings of Workshop Interconnecting Smart Objects with the Internet, IAB, pp. 1–3 (2011)Google Scholar
  22. 22.
    Raza, S., Voigt, T., and Jutvik, V.: Lightweight IKEv2: a key management solution for both the compressed IPsec and the IEEE 802.15.4 security. In: Proceedings of the IETF Workshop on Smart Object Security, pp. 1–2 (2012)Google Scholar
  23. 23.
    Raza, S., Trabalza, D., Voigt, T.: 6LoWPAN compressed DTLS for CoAP. In: Proceedings of 8th IEEE International Conference on Distributed Computing in Sensor Systems, pp. 287–289 (2012)Google Scholar
  24. 24.
    Winter, T., Thubert, P., Brandt, A., Hui, J., Kelsey, P., Levis, K., Pister, K., Struik, R., Vasseur, J.P., Alexander, R.: RPL: IPv6 routing protocol for low-power and lossy networks. Req. Comments 6550, 1–157 (2012)Google Scholar
  25. 25.
    Schmitt, C.: Secure data transmission in wireless sensor networks. Ph.D. thesis, Technische Universität München, Institut für Informatik, pp. 1–190 (2013)Google Scholar
  26. 26.
    Schmitt, C., Stiller, B., Noack, M.: Two-way authentication for internet of things. White Paper, IETF ser. ACE Working. Group 14, 1–19 (2014)Google Scholar
  27. 27.
    Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. Request for Comments, 5280, pp. 1–151 (2008)Google Scholar
  28. 28.
    Watro, R., Kong, D., Cuti, S., Gardiner, C., Lynn, C., Kruus, P.: TinyPK: securing sensor networks with public key technology. In: Proceedings of 2nd ACM Workshop on Security of AdHoc and Sensor Networks, pp. 59–64 (2004)Google Scholar
  29. 29.
    Modadugu, N., Rescorla, E.: The design and implementation of datagram TLS. In: Proccedings of Network and Distributed System Security Symposium, pp. 1–13 (2004)Google Scholar
  30. 30.
    Ning, P., Liu, A., Wenliang, D.: Mitigating DoS attacks against broadcast authentication in wireless sensor networks. ACM Trans. Sens. Netw. 4(1), 1–35 (2008). doi: 10.1145/1325651.1325652 CrossRefGoogle Scholar
  31. 31.
    Schmitt, C., Kothmayr, T., Benjamin, E., Wen, H., Braun, L., Carle, G.: TinyIPFIX: an efficient application protocol for data exchange in cyber physical systems. Comput. Commun. 74(2), 63–76 (2016)CrossRefGoogle Scholar
  32. 32.
    Blake-Wilson, S., Menezes, A.: Authenticated Diffie-Hellman key agreement protocols. In: Proceedings of the Selected Areas in Cryptography, pp. 339–361 (1998)Google Scholar
  33. 33.
    Advantic: CM5000-Datasheet. White Paper, pp. 1–20 (2015).
  34. 34.
    Jurdak, R., Klues, K., Kusy, B., Richter, C., Langendoen, K., Brunig, M.: OPAL: a multiradio platform for high throughput wireless sensor networks. IEEE Embed. Syst. Lett. 3(4), 121–124 (2011)CrossRefGoogle Scholar
  35. 35.
    Kothmayr, T.: A security architecture for wireless sensor networks based on DTLS. Master’s thesis, Technische Universität München, pp. 1–83 (2011)Google Scholar
  36. 36.
    Atmel: Smart ARM-based flash MCU - Datasheet. White Paper, pp. 1–1163 (2015).
  37. 37.
    Atmel Corporation: The atmel trusted platform module. White Paper, pp. 1–4 (2007).
  38. 38.
    Grossschaedl, J., Tillich, S., Rechberger, C., Hofmann, M., Medwed, M.: Energy evaluation of software implementations of block ciphers under memory constraints. In: Proceedings of Conference on Design, Automation and Test in Europe, pp. 1110–1115 (2007)Google Scholar
  39. 39.
    Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for key management - Part 1: General (Revised). White Paper, National Institute of Standards and Technology, pp. 1–143 (2007)Google Scholar
  40. 40.
    McGrew, D.A., Viega, J.: The galois/counter mode of operation (GCM). White Paper, National Institute of Standards and Technology, pp. 1–43 (2005)Google Scholar
  41. 41.
    yaSSL: Implementation and performance of AES-NI in CyaSSL embedded SSL. White Paper, pp. 1–14 (2010).
  42. 42.
    Liu, A., Ning, P.: TinyECC: a configurable library for elliptic curve cryptography in wireless sensor networks. In: Proceedings of 5th International Conference on Information Processing in Sensor Networks, pp. 245–256 (2008)Google Scholar
  43. 43.
    Kothmayr, T., Schmitt, C.: Tiny pkc implementation. Check the reference (year, page number)
  44. 44.
    GNU: The GNU general public license version 2. White Paper (1991).
  45. 45.
    NIST: Recommended elliptic curves for federal government use. White Paper, pp. 1–43 (1999)Google Scholar
  46. 46.
    Fouladgar, S., Mainaud, B., Masmoudi, K., Afifi, H.: Tiny 3-TLS: a trust delegation protocol for wireless sensor networks. In: Levente, B., Gligor, V.D., Westhoff, D. (eds.) Proceedings of the Third European Conference on Security and Privacy in Ad-Hoc and Sensor Networks, pp. 32–42. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  47. 47.
    Raza, S., Chung, T., Duquennoy, S., Dogan, Y., Voigt, T., Rodig, U.: Securing internet of things with lightweight IPsec. SICS Technical report, 1–27 (2011)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Corinna Schmitt
    • 1
    Email author
  • Thomas Kothmayr
    • 2
  • Wen Hu
    • 3
  • Burkhard Stiller
    • 1
  1. 1.Communication Systems Group CSG, Department of Informatics IfIUniversity of ZurichZurichSwitzerland
  2. 2.Fakultät Für InformatikTechnische Universität MünchenGarchingGermany
  3. 3.School of Computer Science and EngineeringThe University of New South WalesSydneyAustralia

Personalised recommendations