Security for the Internet of Things

I had the pleasure to work with Wen Hu as my adviser at CSIRO in Brisbane, Australia on security for the Internet of Things (IoT) as the topic of my Master’s thesis. Our goal was to develop a security architecture based on existing standards, but tailored to the limitations inherent in Wireless Sensor Networks (WSNs). Most previous work focused on SSL/TLS which requires reliable transport. However, the majority of IoT use cases prefer unreliable transport over UDP to reduce overhead. One notable example would be the Constrained Application Protocol (CoAP) which aims to become for the Internet of  Things what HTTP is today for the plain old Internet.

The natural choice then is DTLS, an adaption of TLS for unreliable datagram transport. Since CoAP even defines a binding to DTLS for security purposes, implementation and benchmarking of DTLS for constrained devices presented itself as an interesting research subject. So, we implemented a full DTLS handshake for TinyOS 2.x based on RSA. Traditionally, RSA is considered to computationally expensive for sensor nodes. However, the OPAL mote from CSIRO is equipped with a Trusted Platform Module (TPM) which performs RSA operations in hardware and thus enables usage of this public-key cryptosystem in WSNs. For devices without a TPM, we suggest ECC instead. Have a look at my TinyOS software implementation of RSA and ECC, if you want.

The DTLS handshake with RSA performed reasonably well in WSNs. We used UDP over IP6 as provided by the Berkeley Low-power IP stack (BLIP) over the IEEE 802.15.4 physical and MAC layers. Most of the handshake time is spent on the public key operations in the TPM. The large standard deviation in some of the measurements is due to the retransmission behavior of DTLS when packet loss occurrs.

DTLS handshake times for different RSA keysizes

DTLS handshake times for different RSA keysizes

So what about bulk data transfer? Without it, a DTLS handshake is of not much use. We implemented a ciphersuite with AES-128 as blockcipher used in the CBC-mode of operation together with SHA-1 as hash for the HMAC. The benchmarks looked like this:

Round trip times for different payload sizes, protected by DTLS

Round trip times for different payload sizes, protected by DTLS

Most of the increase in round trip time (read: network and processing overhead) is due to the substantial amount of network overhead introduced by the DTLS headers and the security format. They can take up to 64 bytes, which is large considering that a single IEEE 802.15.4 packet can only hold up to 102 bytes of payload. Future work could address this issue by performing header compression on the DTLS records and exchanging the ciphersuite with one based on Authenticated Encryption with Associated Data (AEAD). The network-energy overhead would then look more like in this picture:

Overall we consider DTLS as a feasible choice for security in wireless sensor networks or the Internet-of-Things. The total energy use of a DTLS handshake was just under 500mJ with the TPM. Devices without a TPM can rely on ECC or a even a pre-shared key variant. The bulk data transfer incurs manageable cryptographical overhead (under 20 ms on our platform) bur suffers from large network overhead. However, this can be reduced with header compression techniques or more suitable modes of operation.

Network-energy overhead with a CBC mode of operation and an AEAD mode of operation (here: GCM)

Network-energy overhead with a CBC mode of operation and an AEAD mode of operation (here: GCM)

My related publications

2013

  • [PDF] [DOI] T. Kothmayr, C. Schmitt, W. Hu, M. Brünig, and G. Carle, “DTLS based security and two-way authentication for the Internet of Things,” Ad Hoc Networks, 2013.
    [Bibtex]
    @article{kothmayr2013dtls,
      title = {{DTLS based security and two-way authentication for the Internet of Things}},
      author = {Thomas Kothmayr and Corinna Schmitt and Wen Hu and Michael Brünig and Georg Carle},
      journal = {Ad Hoc Networks},
      year = {2013},
      publisher = {Elsevier},
      doi = {10.1016/j.adhoc.2013.05.003},
      url = {http://dx.doi.org/10.1016/j.adhoc.2013.05.003},
    }

2012

  • [PDF] [DOI] T. Kothmayr, C. Schmitt, W. Hu, M. Brunig, and G. Carle, “A DTLS based end-to-end security architecture for the Internet of Things with two-way authentication,” in Local Computer Networks Workshops (LCN Workshops), 2012 IEEE 37th Conference on, 2012, pp. 956-963.
    [Bibtex]
    @inproceedings{kothmayr2012dtls,
      title={A DTLS based end-to-end security architecture for the Internet of Things with two-way authentication},
      author={Kothmayr, Thomas and Schmitt, Corinna and Hu, Wen and Brunig, Michael and Carle, Georg},
      booktitle={Local Computer Networks Workshops (LCN Workshops), 2012 IEEE 37th Conference on},
      pages={956--963},
      year={2012},
      organization={IEEE},
      doi={10.1109/LCNW.2012.6424088},
      url={http://dx.doi.org/10.1109/LCNW.2012.6424088}
    }

2011

  • [PDF] T. Kothmayr, “A Security Architecture for Wireless Sensor Networks based on DTLS,” , 2011.
    [Bibtex]
    @article{kothmayr2011master,
      title={A Security Architecture for Wireless Sensor Networks based on DTLS},
      author={Kothmayr, Thomas},
      year={2011}
    }
  • [PDF] [DOI] T. Kothmayr, W. Hu, C. Schmitt, M. Bruenig, and G. Carle, “Securing the internet of things with DTLS,” in Proceedings of the 9th ACM Conference on Embedded Networked Sensor Systems, 2011, pp. 345-346.
    [Bibtex]
    @inproceedings{kothmayr2011securing,
      title={Securing the internet of things with DTLS},
      author={Kothmayr, Thomas and Hu, Wen and Schmitt, Corinna and Bruenig, Michael and Carle, Georg},
      booktitle={Proceedings of the 9th ACM Conference on Embedded Networked Sensor Systems},
      pages={345--346},
      year={2011},
      organization={ACM},
      doi={10.1145/2070942.2070982},
      url={http://dx.doi.org/10.1145/2070942.2070982}
    }