Sye Loong Keoh

Security Challenges in the IP-based Internet of Things

A direct interpretation of the term Internet of Things refers to the use of standard Internet protocols for the human-to-thing or thing-to-thing communication in embedded networks. Although the security needs are well-recognized in this domain, it is still not fully understood how existing IP security protocols and architectures can be deployed. In this paper, we discuss the applicability and limitations of existing Internet protocols and security architectures in the context of the Internet of Things. First, we give an overview of the deployment model and general security needs. We then present challenges and requirements for IP-based security solutions and highlight specific technical limitations of standard IP security protocols.

Securing the Internet of Things: A Standardization Perspective

The Internet of Things (IoT) is the next wave of innovation that promises to improve and optimize our daily life based on intelligent sensors and smart objects working together. Through Internet Protocol (IP) connectivity, devices can now be connected to the Internet, thus allowing them to be read, controlled, and managed at any time and at any place. Security is an important aspect for IoT deployments. However, proprietary security solutions do not help in formulating a coherent security vision to enable IoT devices to securely communicate with each other in an interoperable manner. This paper gives an overview of the efforts in the Internet Engineering Task Force (IETF) to standardize security solutions for the IoT ecosystem. We first provide an in-depth review of the communication security solutions for IoT, specifically the standard security protocols to be used in conjunction with the Constrained Application Protocol (CoAP), an application protocol specifically tailored to the needs of adapting to the constraints of IoT devices. Since Datagram Transport Layer Security (DTLS) has been chosen as the channel security underneath CoAP, this paper also discusses the latest standardization efforts to adapt and enhance the DTLS for IoT applications. This includes the use of 1) raw public key in DTLS; 2) extending DTLS record Layer to protect group (multicast) communication; and 3) profiling DTLS for reducing the size and complexity of implementations on embedded devices. We also provide an extensive review of compression schemes that are being proposed in IETF to mitigate message fragmentation issues in DTLS.

End-to-End Transport Security in the IP-Based Internet of Things

The IP-based Internet of Things refers to the interconnection of smart devices in a Low-power and Lossy Network (LLN) with the Internet by means of protocols such as 6LoWPAN or CoAP. The mechanisms to protect the LLN from attacks from the Internet and provisioning of an end-to-end (E2E) secure connection are key requirements for functionalities ranging from network access to software updates. Interconnecting such resource constrained devices with high-performance machines requires new security mechanisms that cannot be covered by already known solutions. This paper describes attacks at transport layer against the LLN launched from the Internet. It also introduces approaches to ensure E2E security between two devices located in homogeneous networks using either HTTP/TLS or CoAP/DTLS by proposing a mapping between TLS and DTLS.

Securing the IP-based internet of things with HIP and DTLS

The IP-based Internet of Things (IoT) refers to the pervasive interaction of smart devices and people enabling new applications by means of new IP protocols such as 6LoWPAN and CoAP. Security is a must, and for that we need a secure architecture in which all device interactions are protected, from joining an IoT network to the secure management of keying materials. However, this is challenging because existing IP security protocols do not offer all required functionalities and typical Internet solutions do not lead to the best performance. We propose and compare two security architectures providing secure network access, key management and secure communication. The first solution relies on a new variant of the Host Identity Protocol (HIP) based on pre-shared keys (PSK), while the second solution is based on the standard Datagram Transport Layer Security (DTLS). Our evaluation shows that although the HIP solution performs better, the currently limited usage of HIP poses severe limitations. The DTLS architecture allows for easier interaction and interoperability with the Internet, but optimizations are needed due to its performance issues.

Self-Managed Cell: A Middleware for Managing Body-Sensor Networks

Body sensor networks consisting of low-power on- body wireless sensors attached to mobile users will be used in the future to monitor the health and well being of patients in hospitals or at home. Such systems need to adapt autonomously to changes in context, user activity, device failure, and the availability or loss of services. To this end, we propose a policy- based architecture that uses the concept of a Self-Managed Cell (SMC) to integrate services, managed resources and a policy interpreter by means of an event bus. Policies permit the declarative specification of adaptation strategy for self- configuration and self-management. We present the design and implementation of the SMC and describe its potential use in a scenario for management of heart monitoring. Preliminary performance measurements are also presented and discussed.

A lightweight policy system for body sensor networks

Body sensor networks (BSNs) for healthcare have more stringent security and context adaptation requirements than required in large-scale sensor networks for environment monitoring. Policy-based management enables flexible adaptive behavior by supporting dynamic loading, enabling and disabling of policies without shutting down nodes. This overcomes many of the limitations of sensor operating systems, such as TinyOS, which do not support dynamic modification of code. Alternative schemes for adaptation, such as network programming, have a high communication cost and suffer from operational interruption. In addition, a policy-driven approach enables fine-grained access control through specifying authorization policies. This paper presents the design, implementation and evaluation of an efficient policy system called Finger which enables policy interpretation and enforcement on distributed sensors to support sensor level adaptation and fine-grained access control. It features support for dynamic management of policies, minimization of resources usage, high responsiveness and node autonomy. The policy system is integrated as a TinyOS component, exposing simple, well-defined interfaces which can easily be used by application developers. The system performance in terms of processing latency and resource usage is evaluated.

Towards flexible credential verification in mobile ad-hoc networks

Ad-hoc networks facilitate interconnectivity between mobile devices without the support of a network infrastructure. In this paper we propose a flexible credential verification mechanism, which improves the likelihood that participants in an ad-hoc network can verify each others credentials despite the lack of access to certification and attribute authorities. Users maintain Credential Assertion Statements (CASs), which are formed through extraction of X.509 and attribute certificates into an interoperable XML form. Trusted entities that can verify the credentials listed in the CAS can then issue signed Assertion Signature Statements (ASSs) to other participants in the ad-hoc network. In addition, each user maintains a key ring, which comprises the list of public-keys trusted to sign credential assertion statements. All public-keys in the ring are assigned a trustworthiness level. When a user presents his/her CAS together with matching ASSs to a verifier, the verifier checks the signatures in the ASSs against its key ring to determine whether credentials in the CAS are authentic and acceptable. Transitivity of trust is generally not allowed, but there are exceptional cases in which it is permitted.

Policy-based Management for Body-Sensor Networks

Body sensor networks e.g., for health monitoring, consist of several low-power on-body wireless sensors, higher-level devices such as PDAs and possibly actuators such as drug delivery pumps. It is important that such networks can adapt autonomously to changing conditions such as failures, changes in context e.g., user activity, or changes in the clinical condition of patients. Potential reconfiguration actions include changing the monitoring thresholds on sensors, the analysis algorithms or the configuration of the network itself. This paper presents a policy-based approach for autonomous management of body-sensor networks using the concept of a Self- Managed Cell (SMC). Ponder2 is an implementation of this approach that permits the specification and enforcement of policies that facilitate management and adaptation of the response to changing conditions. A Tiny Policy Interpreter has also been developed in order to provide programmable decision- making capability for BSN nodes.

Towards Supporting Interactions between Self-Managed Cells

Management in pervasive systems cannot rely on human intervention or centralised decision-making functions. It must be devolved, based on local decision-making and feedback control-loops embedded in autonomous components. We have previously proposed the self-managed cell (SMC) as an architectural pattern for building ubiquitous applications, where a SMC consists of hardware and software components that form an autonomous administrative domain. SMCs may be realised at different scales, from body-area networks for health monitoring, to an entire room or larger distributed settings. However, to scale to larger systems, SMCs must collaborate with each other, and federate or compose in larger SMC structures. This paper discusses requirements for interactions between SMCs and proposes key abstractions and protocols for realising peer-to-peer and composition interactions. These enable SMCs to exchange data, react to external events and exchange policies that govern their collaboration. Dynamically customisable interfaces are used for encapsulation and interaction mediation. Although the examples used here are based on healthcare scenarios, the principles and abstractions described in the paper are more generally applicable.

Finger: An efficient policy system for body sensor networks

Body sensor networks (BSNs) for healthcare put more emphasis on security and adaptation to changes in context and application requirement. Policy-based management enables flexible adaptive behaviour by supporting dynamic loading, enabling and disabling of policies without shutting down nodes. This overcomes many of the limitations of sensor operating systems, such as TinyOS, which do not support dynamic modification of code. Alternative schemes for network adaptation, such as networking programming, suffer from high communication cost and operational interruption. In addition, the policy-driven approach enables fine-grained access control through specifying authorization policies. This paper presents an efficient policy system called finger which enables policy interpretation and enforcement on distributed sensors to support sensor level adaptation and fine-grained access control. It features support for dynamic management of policies, minimization of resources usage, high responsiveness and node autonomy. The policy system is integrated as a TinyOS component, exposing simple, well-defined interfaces which can easily be used by application developers. The system performance in terms of processing latency and resource usage is evaluated.