Diet-ESP: : IP layer security for IoT
Abstract
The number of devices connected through the Internet of Things (IoT) will significantly grow in the next few years while security of their interconnections is going to be a major challenge. For many devices in IoT scenarios, the necessary resources to send and receive bytes are extremely high and when such devices are powered with battery the amount of exchanged bytes directly impacts their life time. As a result, compression of existing protocols is a widely accepted technique to make IoT benefit from the protocols developed over the last decades.
This paper presents ESP Header Compression (EHC), a framework that enables compression of packets protected with Encapsulating Security Payload (ESP). EHC is composed of EHC Rules, targeting the compression of a specific field and organized according to EHC Strategies. Further, the paper presents Diet-ESP, an EHC Strategy that highly reduces the networking overhead of ESP packets to address the IoT security and bandwidth requirements. Diet-ESP results in sending fewer bytes which in turn reduces the number of required radio frames and thus battery consumption. The measurements showed that sending 10 byte application data on IEEE 802.15.4 radio networks secured with the standard ESP requires sending an additional frame. This results into a 95% energy overhead compared to the unprotected data, while Diet-ESP results only in a 3% overhead compared to unprotected data.
This small overhead is achievable with some compressions being performed within the ESP stack which requires altering the same. Nevertheless, Diet-ESP remains fully security compliant to ESP and performs better than any other compression framework as far as ESP is considered.
References
[1]
B. Aboba, D. Simon and P. Eronen, Extensible Authentication Protocol (EAP) key management framework. RFC 5247, Aug. 2008.
[2]
L. Alliance, The LoRA Allicance, 2016.
[3]
J. Arkko, E. Carrara, F. Lindholm, M. Naslund and K. Norrman, MIKEY: Multimedia Internet KEYing. RFC 3830, Aug. 2004. Updated by RFCs 4738, 6309.
[4]
E. Barker and Q. Dang, Draft NIST special publication 800-57 part 3 revision 1, Recommendation for Key Management, May 2014.
[5]
F. Bonomi, R. Milito, J. Zhu and S. Addepalli, Fog computing and its role in the Internet of Things, 2012.
[6]
C. Bormann, M. Ersue and A. Keranen, Terminology for constrained-node networks. RFC 7228 (Informational), May 2014.
[7]
L. Catuogno and S. Turchi, The dark side of the interconnection: Security and privacy in the web of things, 2015.
[8]
Contiki. Contiki: The open source OS for IoT, 2015.
[9]
S. Deering and R. Hinden, Internet protocol, Version 6 (IPv6) specification. RFC 2460 (Draft Standard), Dec. 1998. Updated by RFCs 5095, 5722, 5871, 6437, 6564, 6935, 6946, 7045, 7112.
[10]
T. Dierks and E. Rescorla, The Transport Layer Security (TLS) protocol version 1.2. RFC 5246, Aug. 2008. Updated by RFCs 5746, 5878, 6176.
[11]
On the pulse of the networked society, Jun. 2016.
[12]
ETSI. Network functions virtualisation (nfv) uses cases. Etsi gs nfv 001 v1.1.1, Network Functions Virtualisation (NFV) ETSI Industry Specification Group (ISG), Oct. 2013.
[13]
N. Ferguson, Authentication weaknesses in gcm, 2005.
[14]
S. Fluhrer, Re: [IPsec] Diet-ESP, Feb. 2015.
[15]
D. Forsberg, Y. Ohba, B. Patil, H. Tschofenig and A. Yegin, Protocol for Carrying Authentication for Network Access (PANA). RFC 5191, May 2008. Updated by RFC 5872.
[16]
T. Fossati and H. Tschofenig, Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) profiles for the Internet of Things. RFC 7925, July 2016.
[17]
S. Frankel and H. Herbert, The AES-XCBC-MAC-96 algorithm and its use with IPsec. RFC 3566, Sept. 2003.
[18]
D. Fu and J. Solinas, IKE and IKEv2 authentication using the Elliptic Curve Digital Signature Algorithm (ECDSA). RFC 4754, Jan. 2007.
[19]
O. Garcia-Morchon, S.L. Keoh, S. Kumar, P. Moreno-Sanchez, F. Vidal-Meca and J.H. Ziegeldorf, Securing the ip-based Internet of Things with hip and dtls, in: Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec ’13, ACM, New York, NY, USA, 2013, pp. 119–124.
[20]
Gartner. Gartner Symposium/ITxpo IoT forecast, Nov. 2015.
[21]
Grand View Research. IoT market analysis by component (devices, connectivity, IT services, platforms), by application (consumer electronics, retail, manufacturing, transportation, healthcare) and segment forecasts to 2022, Apr. 2016.
[22]
J. Gubbi, R. Buyya, S. Marusic and M. Palaniswami, Internet of Things (IoT): A vision, architectural elements, and future directions, Future Gener. Comput. Syst. 29(7) (2013), 1645–1660.
[23]
T. Guggemos, D. Migault and C. Bormann, Requirements for Diet-ESP the IPsec/ESP protocol for IoT. Internet-draft draft-mglt-6lo-diet-esp-requirements-02, Internet Engineering Task Force, July 2016. Work in progress.
[24]
T. Guggemos, D. Migault and Y. Nir, Implicit IV for counter-based ciphers in IPsec. Internet-draft draft-mglt-ipsecme-implicit-iv-02, Internet Engineering Task Force, Nov. 2016. Work in progress.
[25]
T. Heer, O. Garcia-Morchon, R. Hummen, S.L. Keoh, S.S. Kumar and K. Wehrle, Security challenges in the ip-based Internet of Things, Wirel. Pers. Commun. 61(3) (2011), 527–542.
[26]
R. Housley, Using advanced encryption standard (AES) counter mode with IPsec encapsulating security payload (ESP). RFC 3686, Jan. 2004.
[27]
IANA. Internet Key Exchange version 2 (IKEv2) parameters, 2015.
[28]
IEEE Computer Society. IEEE standard for local and metropolitan area networks – Part 15.4: Low-Rate Wireless Personal Area Networks (LR-WPANs). IEEE Std 802.15.4 2011 (Revision of IEEE Std 802.15.4 2006), pages 1–314, 2011.
[29]
IoT-Lab. IoT experimentation at a large scale, 2015.
[30]
IoT-Lab. IoT-LAB M3 nodes, 2015.
[31]
M.W.J. Mattsson, Authentication key recovery on galois counter mode (gcm), Cryptology ePrint Archive, Report 2015/477, 2015.
[32]
V. Jutvik, Implementation of IPsec in Contiki OS, 2011.
[33]
C. Kaufman, P. Hoffman, Y. Nir, P. Eronen and T. Kivinen, Internet Key Exchange Protocol version 2 (IKEv2). RFC 7296 (INTERNET STANDARD), Oct. 2014.
[34]
S. Kent, IP Encapsulating Security Payload (ESP). RFC 4303, Dec. 2005.
[35]
S. Kent and K. Seo, Security architecture for the Internet protocol. RFC 4301, Dec. 2005. Updated by RFC 6040.
[36]
T. Kivinen, Minimal Internet Key Exchange version 2 (IKEv2) initiator implementation. RFC 7815, Mar. 2016.
[37]
T. Kothmayr, C. Schmitt, W. Hu, M. Brünig and G. Carle, DTLS based security and two-way authentication for the Internet of Things. Ad Hoc Networks, 2013.
[38]
H. Lin and N.W. Bergmann, IoT privacy and security challenges for smart home environments, Information 7(3) (2016), 44.
[39]
S. Lucero, IoT platforms: Enabling the Internet of Things, Mar. 2016.
[40]
M. Maternia and S. Eddine, 5G PPP use cases and performance evaluation models, Apr. 2016.
[41]
D. Migault, Diet-ESP context IKEv2 extension. Internet-draft draft-mglt-6lo-diet-esp-context-ikev2-extension-02, Internet engineering task force, Feb. 2015. Work in progress.
[42]
D. Migault, T. Guggemos and C. Bormann, ESP header compression and diet-ESP. Internet-draft draft-mglt-ipsecme-diet-esp-03, Internet Engineering Task Force, Nov. 2016. Work in progress.
[43]
D. Migault, J. Mattsson, P. Wouters, Y. Nir and T. Kivinen, Cryptographic algorithm implementation requirements and usage guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH). Internet-draft draft-ietf-ipsecme-rfc7321bis-00, Internet Engineering Task Force, Oct. 2016. Work in progress.
[44]
R. Moskowitz and R. Hummen, HIP Diet Exchange (DEX). Internet-draft draft-ietf-hip-dex-04, Internet Engineering Task Force, Oct. 2016. Work in progress.
[45]
R. Moskowitz, P. Jokela, T. Heer and T.R. Henderson, Host Identity Protocol version 2 (HIPv2). RFC 7401, Apr. 2015.
[46]
A. Nordrum, Popular Internet of Things forecast of 50 billion devices by 2020 is outdated, Aug. 2016.
[47]
E. Oriwoh and M. Conrad, ‘Things’ in the Internet of Things: Towards a definition, International Journal of Internet of Things 4(1) (2015), 1–5.
[48]
J. Postel, Internet Protocol. RFC 791 (INTERNET STANDARD), Sept. 1981. Updated by RFCs 1349, 2474, 6864.
[49]
S. Raza, T. Chung, S. Duquennoy, D. Yazar, T. Voigt and U. Roedig, Securing internet of Things with lightweight ipsec. SICS Technical Report, Lancaster University, Feb. 2011.
[50]
S. Raza, S. Duquennoy, T. Chung, D. Yazar, T. Voigt and U. Roedig, Securing communication in 6LoWPAN with compressed IPsec, in: Distributed Computing in Sensor Systems and Workshops (DCOSS), 2011 International Conference on, 2011, pp. 1–8.
[51]
S. Raza, S. Duquennoy, J. Höglund, U. Roedig and T. Voigt, Secure communication for the Internet of Things – A comparison of link-layer security and IPsec for 6LoWPAN, Security and Communication Networks, Wiley, Jan. 2012.
[52]
S. Raza, S. Duquennoy and G. Selander, Compression of IPsec AH and ESP headers for constrained environments. Internet-draft draft-raza-6lowpan-ipsec-01, Internet Engineering Task Force, Sept. 2013.
[53]
S. Raza, H. Shafagh, K. Hewage, R. Hummen and T. Voigt, Lithe: Lightweight secure coap for the Internet of Things, Sensors Journal, IEEE 13(10) (2013), 3711–3720.
[54]
S. Raza, D. Trabalza and T. Voigt, 6lowpan compressed dtls for coap, in: Distributed Computing in Sensor Systems (DCOSS), 2012 IEEE 8th International Conference on, IEEE, 2012, pp. 287–289.
[55]
E. Rescorla, The Transport Layer Security (TLS) protocol version 1.3. Internet-draft draft-ietf-tls-tls13-18, Internet Engineering Task Force TLS Working Group, Oct. 2016. Work in progress.
[56]
E. Rescorla and N. Modadugu, Datagram transport layer security version 1.2. RFC 6347, Jan. 2012.
[57]
A.-R. Sadeghi, C. Wachsmann and M. Waidner, Security and privacy challenges in industrial Internet of Things, in: The 52nd Annual Design Automation Conference, Unknown, ed., 2015, pp. 1–6.
[58]
S. Lucero, Internet of Things (IoT) market by software solution (Real-time streaming analytics, security, data management, remote monitoring, and network bandwidth management), platform, service, application domain, and region – global forecast to 2021, Apr. 2016.
[59]
S. Chakrabarti and G. Montenegro, IPv6 over networks of resource-constrained nodes working group (6lo), 2016.
[60]
Y. Sheffer and S. Fluhrer, Additional Diffie–Hellman tests for the Internet Key Exchange Protocol version 2 (IKEv2). RFC 6989, July 2013.
[61]
Z. Shelby and C. Bormann, 6LoWPAN: The Wireless Embedded Internet, Wiley Publishing, 2010.
[62]
S. Sicari, A. Rizzardi, L.A. Grieco and A. Coen-Porisini, Security, privacy and trust in Internet of Things: The road ahead, Computer Networks 76 (2015), 146–164.
[63]
SigFox. SigFox, 2016.
[64]
R. Singh, G. Kalyani, Y. Nir, Y. Sheffer and D. Zhang, Protocol support for high availability of IKEv2/IPsec. RFC 6311, July 2011.
[65]
K. Skala, D. Davidovic, E. Afgan, I. Sovic and Z. Sojat, Scalable distributed computing hierarchy: Cloud, fog and dew computing, Open Journal of Cloud Computing (OJCC) 2(1) (2015), 16–24.
[66]
N. Sklavos, On the hardware implementation cost of crypto-processors architectures, Information Security Journal: A Global Perspective 19(2) (2010), 53–60.
[67]
V. Smyslov, Compact format of IKEv2 payloads. Internet-draft draft-smyslov-ipsecme-ikev2-compact-00, Internet Engineering Task Force, Oct. 2016. Work in progress.
[68]
V. Smyslov, Compression in the Internet Key Exchange protocol version 2 (IKEv2). Internet-draft draft-smyslov-ipsecme-ikev2-compression-02, Internet Engineering Task Force, Sept. 2016. Work in progress.
[69]
T. Kivinen and D. Waltermire, IP Security Maintenance and Extensions Working Group (ipsecme), 2016.
[70]
V. Valancius, N. Laoutaris, L. Massoulié, C. Diot and P. Rodriguez, Greening the Internet with nano data centers, 2009.
[71]
F. Vidal Meca, J. Ziegeldorf, P. Sanchez, O. Morchon, S. Kumar and S. Keoh, Hip security architecture for the ip-based Internet of Things, in: Advanced Information Networking and Applications Workshops (WAINA), 2013 27th International Conference on, 2013, pp. 1331–1336.
[72]
M. Vucinic, B. Tourancheau, F. Rousseau, A. Duda, L. Damon and R. Guizzetti, OSCAR: object security architecture for the Internet of Things, CoRR (2014),.
[73]
D. Whiting, R. Housley and N. Ferguson, Counter with CBC-MAC (CCM). RFC 3610 (Informational), Sept. 2003.
[74]
T. Xu, J.B. Wendt and M. Potkonjak, Security of IoT systems: Design challenges and opportunities, 2014.
Index Terms
- Diet-ESP: IP layer security for IoT
Index terms have been assigned to the content through auto-classification.
Comments
Information & Contributors
Information
Published In
IOS Press and the authors. All rights reserved.
Publisher
IOS Press
Netherlands
Publication History
Published: 01 January 2017
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 16 Oct 2024
Other Metrics
Citations
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in