Jorge Granjal

Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues

The Internet of Things (IoT) introduces a vision of a future Internet where users, computing systems, and everyday objects possessing sensing and actuating capabilities cooperate with unprecedented convenience and economical benefits. As with the current Internet architecture, IP-based communication protocols will play a key role in enabling the ubiquitous connectivity of devices in the context of IoT applications. Such communication technologies are being developed in line with the constraints of the sensing platforms likely to be employed by IoT applications, forming a communications stack able to provide the required power-efficiency, reliability, and Internet connectivity. As security will be a fundamental enabling factor of most IoT applications, mechanisms must also be designed to protect communications enabled by such technologies. This survey analyzes existing protocols and mechanisms to secure communications in the IoT, as well as open research issues. We analyze how existing approaches ensure fundamental security requirements and protect communications on the IoT, together with the open challenges and strategies for future research work in the area. This is, as far as our knowledge goes, the first survey with such goals.

Why is IPSec a viable option for wireless sensor networks

Many issues still remain to be addressed in order to achieve acceptable security in wireless sensor networks (WSNs). This necessity, together with the adoption of IPv6 on WSNs being defined at the 6lowpan working group of the IETF, motivates our investigation on the feasibility of the application of IPSec on sensor nodes. IPSec is already part of IPv6, which makes it a natural candidate to be directly employed or adapted for WSNs. We discuss results obtained from practical experiments on the usage of cryptographic algorithms typically employed within IPSec in real sensor nodes. We analyze the security and performance tradeoffs involved when employing cryptography measures in WSNs, also in the context of their usage side-by-side with IPv6. The results obtained show that the adoption of a security architecture such as IPSec is viable, and also point towards the successful design and deployment of a security architecture for WSNs.

Security in the integration of low-power Wireless Sensor Networks with the Internet

The integration of low-power wireless sensing and actuating devices with the Internet will provide an important contribution to the formation of a global communications architecture encompassing Wireless Sensor Networks (WSN), and to enable applications using such devices designed to bring unprecedented convenience and economical benefits to our life. Such applications also take place in the context of our current vision on an Internet of Things (IoT), which promises to encompass heterogeneous devices and communication technologies, including WSN. Due to the characteristics of the devices in WSN and to the requirements of applications, low-power wireless communications are employed and the functionalities supported must be carefully balanced against the limited resources at the disposal of applications. Low-power communication technologies are also currently being designed with the purpose of supporting the integration of WSN with the Internet and, as in isolated WSN environments, security will be a fundamental enabling factor of future applications using Internet-integrated WSN. Although various surveys currently exist addressing security mechanisms for WSN environments, our goal is to analyze how security may be addressed as an enabling factor of the integration of low-power WSN with the Internet, in the context of its contribution to the IoT. We analyze the current research and industry proposals supporting this integration, together with the security solutions and mechanisms designed in its context. Our discussion is supported by an analysis on the attack and threat model against Internet-integrated WSN, and on the security requirements to consider in this context. We believe that a survey with such goals may provide an important contribution to readers interested in embracing this important area of research and ours is, as far as our knowledge goes, the first article with such goals.

On the Effectiveness of End-to-End Security for Internet-Integrated Sensing Applications

While realizing that most of the applications currently envisioned for the Internet of Things (IoT) are critical in respect to security, we may expect that such sensing applications may benefit from the availability of end-to-end IPv6 communications with Internet hosts. Research and standardization work is starting to produce mechanisms that may enable end-to-end communications using IPv6-enabled constrained sensing devices, and such communications will raise serious security challenges that must be addressed in the context of a proper integration architecture that is yet to be standardized for the IoT. In our work we target the fundamental question on the effectiveness of the usage of security mechanisms to protect end-to-end communications involving Internet hosts and constrained sensing devices. We describe mechanisms to enable security at the network-layer and at the application-layer and perform an extensive experimental evaluation study with the goal of identifying the most appropriate secure communications mechanisms and the limitations of current sensing platforms in supporting end-to-end secure communications in the context of Internet-integrated sensing applications.

Network-layer security for the Internet of Things using TinyOS and BLIP

SUMMARY The design of standard communications and security mechanisms for resource-constrained sensing applications and devices may provide an important contribution for its integration with the Internet and consequently towards the realization of what we nowadays identify as the Internet of Things. This vision will only be realizable if appropriate security mechanisms are available, and in this context we target the design and experimental evaluation of security mechanisms for communications at the network-layer with sensing devices (smart objects) using the standard IPv6 protocol. Our work proposes and evaluates the usage of new compressed security headers for the network layer with smart objects. We implement and evaluate what is, as far as we know, the first proposal of security at the network layer experimentally evaluated using the TinyOS operating system and its networking stack. As we verify in the course of our evaluation study, various scenarios employing network-layer secure communications involving smart objects are feasible, particularly when security mechanisms are designed to benefit from cross-layer interactions that allow the optimization of expensive cryptographic operations. Copyright

On the feasibility of secure application-layer communications on the Web of Things

The availability of inexpensive sensing devices capable of wireless communications enables the design of exciting and new distributed sensing applications. The integration of such applications with the Internet will contribute to materialize a vision of a future Web that we nowadays describe as the Web of Things (WoT). Many security-related aspects are still open on how to address security for communications on the WoT, and that must be targeted before such applications can realistically be considered ready for deployment. We discuss the experimental evaluation of mechanisms proposed to secure end-to-end web communications with IPv6-capable sensing applications and devices, as such mechanisms may provide an important contribution towards the WoT. Our experimental evaluation study considers the impact of security on real sensing devices and requirements from sensing applications, allowing the identification of the limitations of current sensing platforms in supporting the proposed mechanisms.

A secure interconnection model for IPv6 enabled wireless sensor networks

The usage of IPv6 on Wireless Sensor Networks (WSNs) can enable the integration of existing and new sensing applications with the Internet, therefore contributing to a major evolution towards the realization of the internet of things. We believe this vision to be realizable only if security is properly addressed. Although many proposals do exist in the literature to address specific security issues on sensor networks, a new security model and security mechanisms are needed to support the secure integration of IP enabled WSNs with the Internet. Such a security model should allow for end-to-end security and should be able to provide mechanisms that allow for the flexible adaptation of security to the resource limitations of sensor nodes. We propose and evaluate a new secure interconnection model and security mechanisms to enable the secure integration of IP enabled WSNs with the Internet. Our model introduces 6lowpan security headers to enable end-to-end security between sensor nodes and hosts in the Internet, while also providing mechanisms to selectively control the energy expended with security operations on the WSN. Although the usage of security at the network layer on WSNs is not consensual, we believe that its proper design and implementation can bring a substantial contribution to the evolution of the Internet.

Application-Layer Security for the WoT: Extending CoAP to Support End-to-End Message Security for Internet-Integrated Sensing Applications

Future Web of Things (WoT) applications employing constrained wireless sensing devices will require end-to-end communications with more powerful devices as Internet hosts. While the Constrained Application Protocol (CoAP) is currently being designed with this purpose, its current approach to security is to adopt a transport-layer solution. Transport-layer security may be limitative, considering that it does not provide a granular and flexible approach to security that many applications may require or benefit from. In this context, we target the design and experimental evaluation of alternative security mechanisms to enable the usage of end-to-end secure communications at the application-layer using CoAP. Rather than replacing security at the transport-layer, it is our goal that the proposed mechanisms may be employed in the context of a broader security architecture supporting Internet-integrated wireless sensing applications. Ours is, as far as we known, the first proposal with such goals.

Security Issues and Approaches on Wireless M2M Systems

Wireless communications will be fundamental in future Machine-to- Machine (M2M) pervasive environments where new applications are expected to employ sensing and actuating devices that are able to autonomously communicate without human intervention. M2M devices using wireless communications are expected to represent fundamental components of a future Internet where applications will allow users to transparently interact with its physical surroundings. The heterogeneity of the characteristics envisioned for M2M devices and applications calls for new approaches regarding how devices communicate wirelessly at the various protocol layers and how security should be designed for such communications. As such devices and communications are expected to support security-critical applications, the security of M2M wireless communications is particularly important.

A Taxonomy of Wireless Sensor Networks with QoS

Wireless Sensor Networks (WSNs) are no longer limited to scenarios of uncontrolled performance. A new emerging range of applications demand specific Quality of Service (QoS) assurance and the support of critical scenarios. However, QoS in WSNs, and a reference model to characterize and measure it, are yet challenges to be met. In this paper, a new taxonomy of WSNs with QoS is proposed, including information and communication perspectives. The goal is to contribute to the establishment of a reference model to enable the classification of WSNs in general, including the ones with QoS, and aid in the development of a new set of QoS metrics that fully characterize this new type of networks.