Abstract
This article presents Axiom, a DTLS-based approach to efficiently secure multicast group communication among IoT-constrained devices. Axiom provides an adaptation of the DTLS record layer, relies on key material commonly shared among the group members, and does not require one to perform any DTLS handshake. We made a proof-of-concept implementation of Axiom based on the tinyDTLS library for the Contiki OS and used it to experimentally evaluate performance of our approach on real IoT hardware. Results show that Axiom is affordable on resource-constrained platforms and performs significantly better than related alternative approaches.
- L. Atzori, A. Iera, and G. Morabito. 2010. The Internet of things: A survey. Computer Networks 54, 15 (2010), 2787--2805. Google Scholar
Digital Library
- M. Baugher, R. Canetti, L. Dondeti, and F. Lindholm. 2005. RFC 4046 - Multicast Security (MSEC) Group Key Management Architecture. Internet Engineering Task Force.Google Scholar
- Olaf Bergmann. 2015a. tinyDTLS. Retrieved from http://sourceforge.net/projects/tinydtls/.Google Scholar
- B. Briscoe. 2010. RFC 6040 - Tunnelling of Explicit Congestion Notification. Internet Engineering Task Force.Google Scholar
- D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. 2008. RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Internet Engineering Task Force.Google Scholar
- T. Dierks and E. Rescorla. 2008. RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2. Internet Engineering Task Force.Google Scholar
- G. Dini and M. Tiloca. 2013. HISS: A highly scalable scheme for group rekeying. Computer Journal 56, 4 (2013), 508--525. Google Scholar
Digital Library
- A. Dunkels, F. Österlind, N. Tsiftes, and Z. He. 2007. Software-based on-line energy estimation for sensor nodes. In Proceedings of the 4th Workshop on Embedded Networked Sensors (EmNets’07). ACM, New York, NY, 28--32. Google Scholar
Digital Library
- P. Eronen and H. Tschofenig. 2005. RFC 4279 - Pre-Shared Key Ciphersuites for Transport Layer Security (TLS). Internet Engineering Task Force.Google Scholar
- T. Hardjono and B. Weis. 2004. RFC 3740 - The Multicast Group Security Architecture. Internet Engineering Task Force.Google Scholar
- H. Harney, U. Meth, A. Colegrove, and G. Gross. 2006. RFC 4535 - GSAKMP: Group Secure Association Key Management Protocol. Internet Engineering Task Force.Google Scholar
- J. Hui and P. Thubert. 2011. RFC 6282 - Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks. Internet Engineering Task Force.Google Scholar
- Institute of Electrical and Electronics Engineers. 2006. IEEE Std. 802.15.4-2006, IEEE Standard for Information Technology. Institute of Electrical and Electronics Engineers, Inc., New York, NY.Google Scholar
- C. Kaufman, P. Hoffman, Y. Nir, P. Eronen, and T. Kivinen. 2014. RFC 7296 - Internet Key Exchange Protocol Version 2 (IKEv2). Internet Engineering Task Force.Google Scholar
- S. Kent and K. Seo. 2005. RFC 4301 - Security Architecture for the Internet Protocol. Internet Engineering Task Force.Google Scholar
- S. Keoh, S. Kumar, E. Dijk, and A. Rahman. 2014. DTLS-Based Multicast Security for Low-Power and Lossy Networks (LLNs), Draft-keoh-dice-multicast-security-08 (Work in Progress). Internet Engineering Task Force.Google Scholar
- G. Kortuem, F. Kawsar, D. Fitton, and V. Sundramoorthy. 2010. Smart objects as building blocks for the internet of things. IEEE Internet Computing 14, 1 (2010), 44--51. Google Scholar
Digital Library
- Matthias Kovatsch. 2015. Erbium (Er) REST Engine - C CoAP Implementation. Retrieved from http://people.inf.ethz.ch/mkovatsc/erbium.php.Google Scholar
- L. Lamport. 1981. Password authentication with insecure communication. Communications of the ACM 24, 11 (1981), 770--772. Google Scholar
Digital Library
- D. McGrew. 2008. RFC 5116 - An Interface and Algorithms for Authenticated Encryption. Internet Engineering Task Force.Google Scholar
- D. McGrew and D. Bailey. 2012. RFC 6655 - AES-CCM Cipher Suites for Transport Layer Security (TLS). Internet Engineering Task Force.Google Scholar
- Kirill Nikitin. 2015b. tinygroupdtls. Retrieved from https://github.com/nikirill/tinygroupdtls.Google Scholar
- D. McGrew and J. Foley. 2014. Authenticated Encryption with Replay Protection (AERO), draft-mcgrew-aero-01 (Work in Progress). Internet Engineering Task Force.Google Scholar
- A. Rahman and E. Dijk. 2014. RFC 7390 - Group Communication for the Constrained Application Protocol (CoAP). Internet Engineering Task Force.Google Scholar
- E. Rescorla and N. Modadugu. 2012. RFC 6347 - Datagram Transport Layer Security Version 1.2. Internet Engineering Task Force.Google Scholar
- J. Salowey, A. Choudhury, and D. McGrew. 2008. RFC 5288 - AES Galois Counter Mode (GCM) Cipher Suites for TLS. Internet Engineering Task Force.Google Scholar
- P. Savola. 2008. RFC 5110 - Overview of the Internet Multicast Routing Architecture. Internet Engineering Task Force.Google Scholar
- Z. Shelby, K. Hartke, and C. Bormann. 2014. RFC 7252 - Constrained Application Protocol (CoAP). Internet Engineering Task Force.Google Scholar
- R. Shirey. 2007. RFC 4949 - Internet Security Glossary, Version 2. Internet Engineering Task Force.Google Scholar
- Texas Instruments. 2014. CC2538 Powerful System-On-Chip for 2.4-GHz IEEE 802.15.4, 6LoWPAN and ZigBee Applications. Texas Instruments Inc. Retrieved from http://www.ti.com/lit/gpn/cc2538.Google Scholar
- The Contiki Community. 2015. Contiki: The Open Source Operating System for the Internet of Things. Retrieved from http://www.contiki-os.org/.Google Scholar
- The Contiki Community. 2015. Radio duty cycling - Contiki Wiki. Retrieved from https://github.com/contiki-os/contiki/wiki/Radio-duty-cycling.Google Scholar
- M. Tiloca. 2014. Efficient protection of response messages in DTLS-based secure multicast communication. In Proceedings of the 7th International Conference on Security of Information and Networks (SIN’14). ACM, New York, NY, 466--472. Google Scholar
Digital Library
- M. Tiloca and G. Dini. 2016. GREP: A group rekeying protocol based on member join history. In Proceedings of the 21st IEEE Symposium on Computers and Communications (ISCC’16). IEEE, New York, NY, 326--333. Google Scholar
Cross Ref
- M. Tiloca, S. Raza, K. Nikitin, and S. Kumar. 2015. Secure Two-Way DTLS-Based Group Communication in the IoT, Draft-tiloca-dice-secure-groupcomm-00 (Work in Progress). Internet Engineering Task Force.Google Scholar
- H. Tschofenig and T. Fossati. 2016. RFC 7925 - Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things. Internet Engineering Task Force.Google Scholar
- B. Weis, G. Gross, and D. Ignjatic. 2008. RFC 5374 - Multicast Extensions to the Security Architecture for the Internet Protocol. Internet Engineering Task Force.Google Scholar
- T. Winter, P. Thubert, A. Brandt, J. Hui, R. Kelsey, P. Levis, K. Pister, R. Struik, J. P. Vasseur, and R. Alexander. 2012. RFC 6550 - RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks. Internet Engineering Task Force.Google Scholar
- C. K. Wong, M. Gouda, and S. S. Lam. 2000. Secure group communications using key graphs. IEEE/ACM Transactions on Networking 8, 1 (2000), 16--30. Google Scholar
Digital Library
- P. Wouters, H. Tschofenig, J. Gilmore, S. Weiler, and T. Kivinen. 2014. RFC 7250 - Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). Internet Engineering Task Force.Google Scholar
Index Terms
Axiom: DTLS-Based Secure IoT Group Communication
Recommendations
SecureSense
Constrained Application Protocol (CoAP) has become the de-facto web standard for the IoT. Unlike traditional wireless sensor networks, Internet-connected smart thing deployments require security. CoAP mandates the use of the Datagram TLS (DTLS) protocol ...
Efficient Protection of Response Messages in DTLS-Based Secure Multicast Communication
SIN '14: Proceedings of the 7th International Conference on Security of Information and NetworksDTLS is a standardized security protocol designed to provide end-to-end secure communication among two peers, and particularly considered for the emerging Internet of Things. In order to protect group communication, the IETF is currently working on a ...
Fusion: coalesced confidential storage and communication framework for the IoT
Comprehensive security mechanisms are required for a successful implementation of the Internet of Things IoT. Existing solutions focus mainly on securing the communication links between Internet hosts and IoT devices. However, as most IoT devices ...






Comments