Change search
ReferencesLink to record
Permanent link

Direct link
Securing Communication in 6LoWPAN with Compressed IPsec
Mälardalen University, School of Innovation, Design and Engineering.ORCID iD: 0000-0001-8192-0893
2011 (English)In: 7th IEEE International Conference on Distributed Computing in Sensor Systems (IEEE DCOSS '11), 2011Conference paper (Refereed)
Abstract [en]

Real-world deployments of wireless sensor networks(WSNs) require secure communication. It is important that areceiver is able to verify that sensor data was generated bytrusted nodes. It may also be necessary to encrypt sensor datain transit. Recently, WSNs and traditional IP networks are moretightly integrated using IPv6 and 6LoWPAN. Available IPv6protocol stacks can use IPsec to secure data exchange. Thus, itis desirable to extend 6LoWPAN such that IPsec communicationwith IPv6 nodes is possible. It is beneficial to use IPsec becausethe existing end-points on the Internet do not need to be modifiedto communicate securely with the WSN. Moreover, using IPsec,true end-to-end security is implemented and the need for atrustworthy gateway is removed.In this paper we provide End-to-End (E2E) secure communicationbetween IP enabled sensor networks and the traditionalInternet. This is the first compressed lightweight design, implementation,and evaluation of 6LoWPAN extension for IPsec.Our extension supports both IPsec’s Authentication Header (AH)and Encapsulation Security Payload (ESP). Thus, communicationendpoints are able to authenticate, encrypt and check theintegrity of messages using standardized and established IPv6mechanisms.

Place, publisher, year, edition, pages
2011.
Identifiers
URN: urn:nbn:se:mdh:diva-12285OAI: oai:DiVA.org:mdh-12285DiVA: diva2:418314
Conference
7th IEEE International Conference on Distributed Computing in Sensor Systems (IEEE DCOSS '11)
Note
(c) 2011 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.Available from: 2011-05-24 Created: 2011-05-21 Last updated: 2014-10-07Bibliographically approved
In thesis
1. Securing Communication in IP-Connected Industrial Wireless Sensor Networks
Open this publication in new window or tab >>Securing Communication in IP-Connected Industrial Wireless Sensor Networks
2011 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

With the advent of wireless sensor networks (WSN) and success of wirelesscommunication in the local and personal area networks such asWi-Fi and Bluetoothmore serious efforts to apply standard wireless communication in sensitiveindustrial networks were initiated. This effort resulted in the standardizationof WirelessHART. Other standardization efforts include ISA 100.11a andZigBee. Keeping in mind the nature of wireless communication and sensitivityof industrial environments security of these network gets greater importance.

In this thesis we work on security issues in industrial WSN in general andIP-connected WSN in particular. Currently WirelessHART is the only approvedstandard for secure wireless communication in industrial WSNs. Westart our work with the analysis of security mechanisms in WirelessHART.We propose solutions for the security shortcomings in WirelessHART, and designand implement the missing security components. Particularly, we specify,design, implement, and evaluate the first open security manager for WirelessHARTnetworks.

With the standardization of IP in WSNs (6LoWPAN) and birth of Internetof Things the need for IP communication in industrial WSN is getting importance.The recently proposed ISA 100.11a standard is IP-based since its inception.Also standardization efforts are in progress to apply IP in WirelessHARTand Zigbee. Recently, WSNs and traditional IP networks are more tightly integratedusing IPv6 and 6LoWPAN. We realize the importance of having aninteroperable standardized secure IP communication in industrial WSNs. IPSecurity (IPsec) is a mandatory security solution in IPv6. We propose to useIPsec for 6LoWPAN enabled industrial WSNs. However, it is not meaningfulto use IPsec in its current form in resource constrained WSNs. In additionto providing security solutions for WirelessHART, in this thesis we also specify,design, implement, and extensively evaluate lightweight IPsec that enablesend-to-end secure communication between a node in a 6LoWPAN and a device in the traditional Internet. Our results show that lightweight IPsec is a sensibleand practical solution for securing WSN.

Place, publisher, year, edition, pages
Västerås: Mälardalen University, 2011
Series
Mälardalen University Press Licentiate Theses, ISSN 1651-9256 ; 135
Keyword
Wireless Sensor Networks, Security, 6LoWPAN, IPsec, WirelessHART
National Category
Computer Science
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-12261 (URN)978-91-7485-021-5 (ISBN)
Presentation
2011-06-13, Kappa, Mälardalen University, Västerås, 13:15 (English)
Opponent
Supervisors
Available from: 2011-05-24 Created: 2011-05-16 Last updated: 2014-10-07Bibliographically approved
2. Lightweight Security Solutions for the Internet of Things
Open this publication in new window or tab >>Lightweight Security Solutions for the Internet of Things
2013 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The future Internet will be an IPv6 network interconnecting traditional computers and a large number of smart object or networks such as Wireless Sensor Networks (WSNs). This Internet of Things (IoT) will be the foundation of many services and our daily life will depend on its availability and reliable operations.

Therefore, among many other issues, the challenge of implementing secure communication in the IoT must be addressed. The traditional Internet has established and tested ways of securing networks. The IoT is a hybrid network of the Internet and resource-constrained networks, and it is therefore reasonable to explore the options of using security mechanisms standardized for the Internet in the IoT.

The IoT requires multi-facet security solutions where the communication is secured with confidentiality, integrity, and authentication services; the network is protected against intrusions and disruptions; and the data inside a sensor node is stored in an encrypted form. Using standardized mechanisms, communication in the IoT can be secured at different layers: at the link layer with IEEE 802.15.4 security, at the network layer with IP security (IPsec), and at the transport layer with Datagram Transport Layer Security (DTLS). Even when the IoT is secured with encryption and authentication, sensor nodes are exposed to wireless attacks both from inside the WSN and from the Internet. Hence an Intrusion Detection System (IDS) and firewalls are needed. Since the nodes inside WSNs can be captured and cloned, protection of stored data is also important.

This thesis has three main contributions. (i) It enables secure communication in the IoT using lightweight compressed yet standard compliant IPsec, DTLS, and IEEE 802.15.4 link layer security; and it discusses the pros and cons of each of these solutions. The proposed security solutions are implemented and evaluated in an IoT setup on real hardware. (ii) This thesis also presents the design, implementation, and evaluation of a novel IDS for the IoT. (iii) Last but not least, it also provides mechanisms to protect data inside constrained nodes.

The experimental evaluation of the different solutions shows that the resource-constrained devices in the IoT can be secured with IPsec, DTLS, and 802.15.4 security; can be efficiently protected against intrusions; and the proposed combined secure storage and communication mechanisms can significantly reduce the security-related operations and energy consumption.

Place, publisher, year, edition, pages
Västerås: Mälardalen University, 2013
Series
Mälardalen University Press Dissertations, ISSN 1651-4238 ; 139
Keyword
Security, Internet of Things, 6LoWPAN, CoAP, RPL, Secure Storage, IDS, DTLS, IPsec
National Category
Engineering and Technology
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-18863 (URN)978-91-7485-110-6 (ISBN)
Public defence
2013-06-05, Kappa, Mälardalens högskola, Västerås, 10:15 (English)
Opponent
Supervisors
Available from: 2013-05-02 Created: 2013-04-30 Last updated: 2014-10-07Bibliographically approved

Open Access in DiVA

fulltext(288 kB)605 downloads
File information
File name FULLTEXT01.pdfFile size 288 kBChecksum SHA-512
bb93b8a1406f574e947dfee99471362381e103a212c6763dbb940096fe483568f4c056eecbd28e887822ae5eed030cb97cd8cb9a203a4b331930380653958710
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Raza, Shahid
By organisation
School of Innovation, Design and Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 605 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 111 hits
ReferencesLink to record
Permanent link

Direct link