skip to main content
research-article

Axiom: DTLS-Based Secure IoT Group Communication

Published:28 April 2017Publication History
Skip Abstract Section

Abstract

This article presents Axiom, a DTLS-based approach to efficiently secure multicast group communication among IoT-constrained devices. Axiom provides an adaptation of the DTLS record layer, relies on key material commonly shared among the group members, and does not require one to perform any DTLS handshake. We made a proof-of-concept implementation of Axiom based on the tinyDTLS library for the Contiki OS and used it to experimentally evaluate performance of our approach on real IoT hardware. Results show that Axiom is affordable on resource-constrained platforms and performs significantly better than related alternative approaches.

References

  1. L. Atzori, A. Iera, and G. Morabito. 2010. The Internet of things: A survey. Computer Networks 54, 15 (2010), 2787--2805. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. M. Baugher, R. Canetti, L. Dondeti, and F. Lindholm. 2005. RFC 4046 - Multicast Security (MSEC) Group Key Management Architecture. Internet Engineering Task Force.Google ScholarGoogle Scholar
  3. Olaf Bergmann. 2015a. tinyDTLS. Retrieved from http://sourceforge.net/projects/tinydtls/.Google ScholarGoogle Scholar
  4. B. Briscoe. 2010. RFC 6040 - Tunnelling of Explicit Congestion Notification. Internet Engineering Task Force.Google ScholarGoogle Scholar
  5. D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. 2008. RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Internet Engineering Task Force.Google ScholarGoogle Scholar
  6. T. Dierks and E. Rescorla. 2008. RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2. Internet Engineering Task Force.Google ScholarGoogle Scholar
  7. G. Dini and M. Tiloca. 2013. HISS: A highly scalable scheme for group rekeying. Computer Journal 56, 4 (2013), 508--525. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. A. Dunkels, F. Österlind, N. Tsiftes, and Z. He. 2007. Software-based on-line energy estimation for sensor nodes. In Proceedings of the 4th Workshop on Embedded Networked Sensors (EmNets’07). ACM, New York, NY, 28--32. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. P. Eronen and H. Tschofenig. 2005. RFC 4279 - Pre-Shared Key Ciphersuites for Transport Layer Security (TLS). Internet Engineering Task Force.Google ScholarGoogle Scholar
  10. T. Hardjono and B. Weis. 2004. RFC 3740 - The Multicast Group Security Architecture. Internet Engineering Task Force.Google ScholarGoogle Scholar
  11. H. Harney, U. Meth, A. Colegrove, and G. Gross. 2006. RFC 4535 - GSAKMP: Group Secure Association Key Management Protocol. Internet Engineering Task Force.Google ScholarGoogle Scholar
  12. J. Hui and P. Thubert. 2011. RFC 6282 - Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks. Internet Engineering Task Force.Google ScholarGoogle Scholar
  13. Institute of Electrical and Electronics Engineers. 2006. IEEE Std. 802.15.4-2006, IEEE Standard for Information Technology. Institute of Electrical and Electronics Engineers, Inc., New York, NY.Google ScholarGoogle Scholar
  14. C. Kaufman, P. Hoffman, Y. Nir, P. Eronen, and T. Kivinen. 2014. RFC 7296 - Internet Key Exchange Protocol Version 2 (IKEv2). Internet Engineering Task Force.Google ScholarGoogle Scholar
  15. S. Kent and K. Seo. 2005. RFC 4301 - Security Architecture for the Internet Protocol. Internet Engineering Task Force.Google ScholarGoogle Scholar
  16. S. Keoh, S. Kumar, E. Dijk, and A. Rahman. 2014. DTLS-Based Multicast Security for Low-Power and Lossy Networks (LLNs), Draft-keoh-dice-multicast-security-08 (Work in Progress). Internet Engineering Task Force.Google ScholarGoogle Scholar
  17. G. Kortuem, F. Kawsar, D. Fitton, and V. Sundramoorthy. 2010. Smart objects as building blocks for the internet of things. IEEE Internet Computing 14, 1 (2010), 44--51. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Matthias Kovatsch. 2015. Erbium (Er) REST Engine - C CoAP Implementation. Retrieved from http://people.inf.ethz.ch/mkovatsc/erbium.php.Google ScholarGoogle Scholar
  19. L. Lamport. 1981. Password authentication with insecure communication. Communications of the ACM 24, 11 (1981), 770--772. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. D. McGrew. 2008. RFC 5116 - An Interface and Algorithms for Authenticated Encryption. Internet Engineering Task Force.Google ScholarGoogle Scholar
  21. D. McGrew and D. Bailey. 2012. RFC 6655 - AES-CCM Cipher Suites for Transport Layer Security (TLS). Internet Engineering Task Force.Google ScholarGoogle Scholar
  22. Kirill Nikitin. 2015b. tinygroupdtls. Retrieved from https://github.com/nikirill/tinygroupdtls.Google ScholarGoogle Scholar
  23. D. McGrew and J. Foley. 2014. Authenticated Encryption with Replay Protection (AERO), draft-mcgrew-aero-01 (Work in Progress). Internet Engineering Task Force.Google ScholarGoogle Scholar
  24. A. Rahman and E. Dijk. 2014. RFC 7390 - Group Communication for the Constrained Application Protocol (CoAP). Internet Engineering Task Force.Google ScholarGoogle Scholar
  25. E. Rescorla and N. Modadugu. 2012. RFC 6347 - Datagram Transport Layer Security Version 1.2. Internet Engineering Task Force.Google ScholarGoogle Scholar
  26. J. Salowey, A. Choudhury, and D. McGrew. 2008. RFC 5288 - AES Galois Counter Mode (GCM) Cipher Suites for TLS. Internet Engineering Task Force.Google ScholarGoogle Scholar
  27. P. Savola. 2008. RFC 5110 - Overview of the Internet Multicast Routing Architecture. Internet Engineering Task Force.Google ScholarGoogle Scholar
  28. Z. Shelby, K. Hartke, and C. Bormann. 2014. RFC 7252 - Constrained Application Protocol (CoAP). Internet Engineering Task Force.Google ScholarGoogle Scholar
  29. R. Shirey. 2007. RFC 4949 - Internet Security Glossary, Version 2. Internet Engineering Task Force.Google ScholarGoogle Scholar
  30. Texas Instruments. 2014. CC2538 Powerful System-On-Chip for 2.4-GHz IEEE 802.15.4, 6LoWPAN and ZigBee Applications. Texas Instruments Inc. Retrieved from http://www.ti.com/lit/gpn/cc2538.Google ScholarGoogle Scholar
  31. The Contiki Community. 2015. Contiki: The Open Source Operating System for the Internet of Things. Retrieved from http://www.contiki-os.org/.Google ScholarGoogle Scholar
  32. The Contiki Community. 2015. Radio duty cycling - Contiki Wiki. Retrieved from https://github.com/contiki-os/contiki/wiki/Radio-duty-cycling.Google ScholarGoogle Scholar
  33. M. Tiloca. 2014. Efficient protection of response messages in DTLS-based secure multicast communication. In Proceedings of the 7th International Conference on Security of Information and Networks (SIN’14). ACM, New York, NY, 466--472. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. M. Tiloca and G. Dini. 2016. GREP: A group rekeying protocol based on member join history. In Proceedings of the 21st IEEE Symposium on Computers and Communications (ISCC’16). IEEE, New York, NY, 326--333. Google ScholarGoogle ScholarCross RefCross Ref
  35. M. Tiloca, S. Raza, K. Nikitin, and S. Kumar. 2015. Secure Two-Way DTLS-Based Group Communication in the IoT, Draft-tiloca-dice-secure-groupcomm-00 (Work in Progress). Internet Engineering Task Force.Google ScholarGoogle Scholar
  36. H. Tschofenig and T. Fossati. 2016. RFC 7925 - Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things. Internet Engineering Task Force.Google ScholarGoogle Scholar
  37. B. Weis, G. Gross, and D. Ignjatic. 2008. RFC 5374 - Multicast Extensions to the Security Architecture for the Internet Protocol. Internet Engineering Task Force.Google ScholarGoogle Scholar
  38. T. Winter, P. Thubert, A. Brandt, J. Hui, R. Kelsey, P. Levis, K. Pister, R. Struik, J. P. Vasseur, and R. Alexander. 2012. RFC 6550 - RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks. Internet Engineering Task Force.Google ScholarGoogle Scholar
  39. C. K. Wong, M. Gouda, and S. S. Lam. 2000. Secure group communications using key graphs. IEEE/ACM Transactions on Networking 8, 1 (2000), 16--30. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. P. Wouters, H. Tschofenig, J. Gilmore, S. Weiler, and T. Kivinen. 2014. RFC 7250 - Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). Internet Engineering Task Force.Google ScholarGoogle Scholar

Index Terms

  1. Axiom: DTLS-Based Secure IoT Group Communication

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!