Skip to main content
SpringerLink
Log in

Security Challenges in the IP-based Internet of Things

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

A direct interpretation of the term Internet of Things refers to the use of standard Internet protocols for the human-to-thing or thing-to-thing communication in embedded networks. Although the security needs are well-recognized in this domain, it is still not fully understood how existing IP security protocols and architectures can be deployed. In this paper, we discuss the applicability and limitations of existing Internet protocols and security architectures in the context of the Internet of Things. First, we give an overview of the deployment model and general security needs. We then present challenges and requirements for IP-based security solutions and highlight specific technical limitations of standard IP security protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. AUTO-ID LABS. (2011). http://www.autoidlabs.org/. Online, last visited 30 June 2011.

  2. Kim, E., Kaspar, D., Chevrollier, N., & Vasseur, J. P. (2011). Design and application spaces for 6LoWPANs draft-ietf-6lowpan-usecases-09. Design and application spaces for 6LoWPANs draft-ietf-6lowpan-usecases-09, January 2011.

  3. BACnet. (2011). http://www.bacnet.org/. Online, last visited 30 June 2011.

  4. DALI. (2011). http://www.dalibydesign.us/dali.html. Online, last visited 25 Feb. 2011.

  5. ZigBee. (2011). http://www.zigbee.org/. Online, last visited 30 June 2011.

  6. IETF 6LoWPAN~Working Group. (2011). http://tools.ietf.org/wg/6lowpan/. Online, last visited 30 June 2011.

  7. Montenegro, G., Kushalnagar, N., Hui, J., & Culler, D. (2007). Transmission of IPv6 packets over IEEE 802.15.4 networks. RFC 4944, September 2007.

  8. IETF Constrained RESTful Environment (CoRE)~Working Group. (2011). https://datatracker.ietf.org/wg/core/charter/. Online, last visited 30 June 2011.

  9. Shelby, Z., Hartke, K., Bormann, C., & Frank, B. (2011). Constrained application protocol (CoAP), draft-ietf-core-coap-04 (Internet Draft), January 2011.

  10. Kaufman, C. (2005). Internet key exchange (IKEv2) protocol. RFC 4306, December 2005. Updated by RFC 5282.

  11. Dierks, T., & Rescorla, E. (2008). The transport layer security (TLS) protocol version 1.2. RFC 5246, August 2008. Updated by RFCs 5746, 5878.

  12. Phelan, T. (2008). Datagram transport layer security (DTLS) over the datagram congestion control protocol (DCCP). RFC 5238, May 2008.

  13. Moskowitz, R., Nikander, P., Jokela, P., & Henderson, T. (2008). Host identity protocol. RFC 5201 (Experimental), April 2008.

  14. Moskowitz, R., Jokela, P., Henderson, T., & Heer, T. (2011). Host identity protocol version 2, draft-ietf-hip-rfc5201-bis-03 (Work in progress), October 2011.

  15. Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., & Yegin, A. (2008). Protocol for carrying authentication for network access (PANA). RFC 5191, May 2008.

  16. Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., & Levkowetz, H. (2004). Extensible authentication protocol (EAP). RFC 3748, June 2004.

  17. Ylonen, T., & Lonvick, C. (2006). The secure shell (SSH) protocol architecture. RFC 4251, January 2006.

  18. Moskowitz, R. (2011). HIP diet exchange (DEX), draft-moskowitz-hip-rg-dex-05 (Work in progress).

  19. Chan, H., Perrig, A., & Song, D. (2003) Random key predistribution schemes for sensor networks. In Proceedings of the 2003 IEEE Symposium on Security and Privacy.

  20. Perrig, A., Szewczyk, R., Wen, V., Culler, D., & Tygar, J. D. (2002). Spins: Security protocols for sensor networks. In Wireless Networks Journal, September 2002.

  21. Langheinrich, M. (2005). Personal privacy in ubiquitous computing. Ph.D. thesis, ETH Zurich.

  22. Gupta, V., Wurm, M., Zhu, Y., Millard, M., Fung, S., Gura, N., Eberle, H., & Shantz, S. (2005). Sizzle: A standards-based end-to-end security architecture for the embedded internet. In Proceedings of PerCom.

  23. Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., & Moeller, B. (2006). Elliptic curve cryptography (ECC) cipher suites for transport layer security (TLS). RFC 4492 (Informational), May 2006. Updated by RFC 5246.

  24. Fu, D., & Solinas, J. (2010). Elliptic curve groups modulo a prime (ECP Groups) for IKE and IKEv2. RFC 5903 (Informational), June 2010.

  25. Dworkin, M. (2005). NIST special publication 800-38B. NIST special publication, 800(38B):38B.

  26. Sarikaya, B., Ohba, Y., Cao, Z., & Cragie, R. (2011). Security bootstrapping of resource-constrained devices, January 2011.

  27. Duffy, P., Chakrabarti, S., Cragie, R., Ohba, Y., & Yegin, A. (2011). Protocol for carrying authentication for network access (PANA) relay element, draft-ohba-pana-relay-03 (Work in progress), February 2011.

  28. MSEC WG website. (2011). http://datatracker.ietf.org/wg/msec/. Online, last visited 30 June 2011.

  29. Arkko, J., Carrara, E., Lindholm, F., Naslund, M., & Norrman, K. (2004). MIKEY: Multimedia internet KEYing. RFC 3830, August 2004. Updated by RFC 4738.

  30. Eronen, P. (2006). IKEv2 mobility and multihoming protocol (MOBIKE). RFC 4555, June 2006.

  31. Kivinen, T., & Tschofenig, H. (2006). Design of the IKEv2 mobility and multihoming (MOBIKE) protocol. RFC 4621 (Informational), August 2006.

  32. Nikander, P., & Melen, J. (2009). A bound end-to-end tunnel (BEET) mode for ESP, draft-nikander-esp-beet-mode-09 (Work in progress), February 2009.

  33. Nikander, P., Henderson, T., Vogt, C., & Arkko, J. (2008). End-host mobility and multihoming with the host identity protocol. RFC 5206 (Experimental), April 2008.

  34. Williams, M., & Barrett, J. (2009). Mobile DTLS, draft-barrett-mobile-dtls-00 (Work in progress), September 2009.

Download references

Author information

Authors and Affiliations

  1. COMSYS Group, RWTH Aachen University, Aachen, Germany

    Tobias Heer, René Hummen & Klaus Wehrle

  2. Philips Research, Eindhoven, The Netherlands

    Oscar Garcia-Morchon, Sye Loong Keoh & Sandeep S. Kumar

Authors
  1. Tobias Heer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Oscar Garcia-Morchon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. René Hummen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sye Loong Keoh
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sandeep S. Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Klaus Wehrle
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tobias Heer.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Heer, T., Garcia-Morchon, O., Hummen, R. et al. Security Challenges in the IP-based Internet of Things. Wireless Pers Commun 61, 527–542 (2011). https://doi.org/10.1007/s11277-011-0385-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-011-0385-5

Keywords

Search

Navigation