Corinna Schmitt

DTLS based security and two-way authentication for the Internet of Things

In this paper, we introduce the first fully implemented two-way authentication security scheme for the Internet of Things (IoT) based on existing Internet standards, specifically the Datagram Transport Layer Security (DTLS) protocol. By relying on an established standard, existing implementations, engineering techniques and security infrastructure can be reused, which enables easy security uptake. Our proposed security scheme is therefore based on RSA, the most widely used public key cryptography algorithm. It is designed to work over standard communication stacks that offer UDP/IPv6 networking for Low power Wireless Personal Area Networks (6LoWPANs). Our implementation of DTLS is presented in the context of a system architecture and the schemes feasibility (low overheads and high interoperability) is further demonstrated through extensive evaluation on a hardware platform suitable for the Internet of Things.

The Quest for Privacy in the Internet of Things

The Internet of Things (IoT) is the current evolutionary paradigm of networking and the key driving force toward a smart world. Although privacy in the IoT is highly regarded to ensure the protection of users and personal information from the perspective of individual or cooperative users, its insufficiently studied. As members of the always-connected paradigm of the massive IoT world, people can scarcely control the disclosure of their personal information. The biggest challenge is to allow users to experience the best utilization of IoT-based products and services with the fewest privacy threats and failures. This article provides a holistic view of the challenges of and issues related to preserving IoT privacy, as well as the existing solutions. Privacy by design (PbD) is identified as the key solution for many IoT privacy issues. The article also discusses hot topics in IoT privacy and future research directions.

PAuthKey: A Pervasive Authentication Protocol and Key Establishment Scheme for Wireless Sensor Networks in Distributed IoT Applications

Wireless sensor Networks (WSNs) deployed in distributed Internet of Things (IoT) applications should be integrated into the Internet. According to the distributed architecture, sensor nodes measure data, process, exchange information, and perform collaboratively with other sensor nodes and end-users, which can be internal or external to the network. In order to maintain the trustworthy connectivity and the accessibility of distributed IoT, it is important to establish secure links for end-to-end communication with a strong pervasive authentication mechanism. However, due to the resource constraints and heterogeneous characteristics of the devices, traditional authentication and key management schemes are not effective for such applications. This paper proposes a pervasive lightweight authentication and keying mechanism for WSNs in distributed IoT applications, in which the sensor nodes can establish secured links with peer sensor nodes and end-users. The established authentication scheme PAuthKey is based on implicit certificates and it provides application level end-to-end security. A comprehensive description for the scenario based behavior of the protocol is presented. With the performance evaluation and the security analysis, it is justified that the proposed scheme is viable to deploy in the resource constrained WSNs.

Two-phase authentication protocol for wireless sensor networks in distributed IoT applications

In the centralized Wireless Sensor Network (WSN) architecture there exists a central entity, which acquires, processes and provides information from sensor nodes. Conversely, in the WSN applications in distributed Internet of Things (IoT) architecture, sensor nodes sense data, process, exchange information and perform collaboratively with other sensor nodes and endusers. In order to maintain the trustworthy connectivity and the accessibility of distributed IoT, it is important to establish secure links for end-to-end communication with proper authentication. The authors propose an implicit certificate-based authentication mechanism for WSNs in distributed IoT applications. The developed two-phase authentication protocol allows the sensor nodes and the end-users to authenticate each other and initiate secure connections. The proposed protocol supports the resource scarcity of the sensor nodes, heterogeneity and scalability of the network. The performance and security analysis justify that the proposed scheme is viable to deploy in resource constrained WSNs.

Group Key Establishment for Enabling Secure Multicast Communication in Wireless Sensor Networks Deployed for IoT Applications

Wireless sensor networks (WSNs) are a prominent fundamental technology of the Internet of Things (IoTs). Rather than device-to-device communications, group communications in the form of broadcasting and multicasting incur efficient message deliveries among resource-constrained sensor nodes in the IoT-enabled WSNs. Secure and efficient key management is in many cases used to protect the authenticity, integrity, and confidentiality of multicast messages. This paper develops two group key establishment protocols for secure multicast communications among the resource-constrained devices in IoT. Major deployment conditions and requirements of each protocol are described in terms of the specific IoT application scenarios. Furthermore, the applicability of the two protocols is analyzed and justified by a comprehensive analysis of the performance, scalability, and security of the protocols proposed.

Certificate-Based Pairwise Key Establishment Protocol for Wireless Sensor Networks

In order to guarantee the privacy and safety of data transactions in Wireless Sensor Networks (WSNs), secure key transportation and unique node identification have become major concerns. WSNs are deployed in a wide range of applications with a high demand for secure communications. When designing a secure key management protocol for WSNs, special attention should be given to the resource constraints of the devices and the scalability of the network. In this paper, we exploit public-key nature protocols to define a hybrid key establishment algorithm for symmetric key cryptography. We propose an Elliptic Curve Cryptography based implicit certificate scheme and show how to utilize the certificates for deriving pair-wise link keys in a WSN. By a performance and security analysis, we justify that the proposed scheme is well fitting with the functional and architectural features of WSNs. Both experimental results and theoretical analysis show that the proposed key establishment protocol is viable to deploy in a real-time WSN application.

TinyIPFIX: An efficient application protocol for data exchange in cyber physical systems ☆

Abstract Wireless sensor networks (WSNs) as a central part of cyber-physical systems are gaining commercial momentum in many areas, including building monitoring and intelligent home automation. Users wish to successively deploy hardware from different vendors. Interoperability is taken for granted by the customers who want to avoid the need for exhaustive configuration and set-up. Therefore, the need for an interoperable and efficient application layer protocol for machine-to-machine communication in and across the boundaries of WSNs arises. We address these issues with our implementation of TinyIPFIX, an adaption of the IP Flow Information Export (IPFIX) protocol. Throughout the paper we show how to leverage TinyIPFIX in the context of an office scenario and we discuss how the protocol may be applied to other significant WSN deployments presented in literature over the past few years. This article additionally shows how to improve the functionality of TinyIPFIX by adding both syntactic and semantic aggregation functionality to the established system. Finally, we evaluate the performance of TinyIPFIX in a large test bed with over 40 motes running TinyOS and analyze TinyIPFIX’s system performance in comparison with previous approaches.

V2VUNet — A filtering out concept for packet forwarding decision in three-dimensional inter-vehicular communication scenarios

Reliability and stability for connectivity are the important factors to enhance inter-vehicular communication. In order to achieve such factors, challenges especially in a large city environment due to signal attenuation and a typically poor transmission coverage issues are investigated. Both issues are caused by the existence of obstacles (i.e., overpass constructions and buildings) and road level topology (i.e., a three-dimensional case). Thus, this paper investigates explicitly the horizontal and vertical transmission distances that apply in a three-dimensional case. These distances are covered by existing propagation models of a large city by modeling them as a log-distance path loss with obstacle fading. The scenario of the dedicated three-dimensional case is simulated through the introduction of Vertical Relative Angles (VRA) and Horizontal Relative Angles (HRA) as supporting factors for the forwarding decision. The evaluation shows that applying HRA and VRA reach higher delivery ratio and reduces relatively lower delay in a large city scenario.

CoMaDa: An adaptive framework with graphical support for Configuration, Management, and Data handling tasks for wireless sensor networks

Nowadays, users request comfortable frameworks and development environments independent of the applications. Those solutions should offer as many support as possible, should be user friendly, and allow manipulation and visualization of different things at the same time. Those requirements become very important in the area of wireless sensor networks due to different vendors, wide range of application field, and the high amount of collected data. Currently existing solutions cover only a limited range of service and are usually fixed on hardware, operating system or application. In order to offer the user the wide range of flexibility the CoMaDa framework was developed, which is presented in this paper and combines all above mentioned user requirements by working with virtual representation of real wireless sensor networks and support in real time. CoMaDa offers the user support for configuration of components, network management functionalities, and data visualization at the same time. CoMaDa is build in a flexible way, which allows the user to integrate new features (e.g. personal code, hardware support, visualization option) with less input and, therefore, adapt the existing CoMaDa to every setup as requested.

Impact of a Three Dimensional Environment to Inter-vehicle Connectivity

Developing non-safety applications, such as Web surfing and social network, for inter-vehicle networks requires a reliable and stable connectivity among vehicles. One challenge to reach such a reliable and stable connectivity is the road in a large city environment, as it appears in a three dimensional topology (i.e. a road with overpasses). These situations lead potentially to restricted connectivity since with respect to propagation vehicles are driven on different road levels, which can well form obstacles such that the connectivity among vehicles is disturbed. This paper addresses specifically the three dimensional topology of roads in terms of a level environment model and investigates the impact of various height of overpass between two communicating vehicles.