Change search
ReferencesLink to record
Permanent link

Direct link
Securing Communication in IP-Connected Industrial Wireless Sensor Networks
Mälardalen University, School of Innovation, Design and Engineering.ORCID iD: 0000-0001-8192-0893
2011 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

With the advent of wireless sensor networks (WSN) and success of wirelesscommunication in the local and personal area networks such asWi-Fi and Bluetoothmore serious efforts to apply standard wireless communication in sensitiveindustrial networks were initiated. This effort resulted in the standardizationof WirelessHART. Other standardization efforts include ISA 100.11a andZigBee. Keeping in mind the nature of wireless communication and sensitivityof industrial environments security of these network gets greater importance.

In this thesis we work on security issues in industrial WSN in general andIP-connected WSN in particular. Currently WirelessHART is the only approvedstandard for secure wireless communication in industrial WSNs. Westart our work with the analysis of security mechanisms in WirelessHART.We propose solutions for the security shortcomings in WirelessHART, and designand implement the missing security components. Particularly, we specify,design, implement, and evaluate the first open security manager for WirelessHARTnetworks.

With the standardization of IP in WSNs (6LoWPAN) and birth of Internetof Things the need for IP communication in industrial WSN is getting importance.The recently proposed ISA 100.11a standard is IP-based since its inception.Also standardization efforts are in progress to apply IP in WirelessHARTand Zigbee. Recently, WSNs and traditional IP networks are more tightly integratedusing IPv6 and 6LoWPAN. We realize the importance of having aninteroperable standardized secure IP communication in industrial WSNs. IPSecurity (IPsec) is a mandatory security solution in IPv6. We propose to useIPsec for 6LoWPAN enabled industrial WSNs. However, it is not meaningfulto use IPsec in its current form in resource constrained WSNs. In additionto providing security solutions for WirelessHART, in this thesis we also specify,design, implement, and extensively evaluate lightweight IPsec that enablesend-to-end secure communication between a node in a 6LoWPAN and a device in the traditional Internet. Our results show that lightweight IPsec is a sensibleand practical solution for securing WSN.

Place, publisher, year, edition, pages
Västerås: Mälardalen University , 2011.
Series
Mälardalen University Press Licentiate Theses, ISSN 1651-9256 ; 135
Keyword [en]
Wireless Sensor Networks, Security, 6LoWPAN, IPsec, WirelessHART
National Category
Computer Science
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:mdh:diva-12261ISBN: 978-91-7485-021-5OAI: oai:DiVA.org:mdh-12261DiVA: diva2:418832
Presentation
2011-06-13, Kappa, Mälardalen University, Västerås, 13:15 (English)
Opponent
Supervisors
Available from: 2011-05-24 Created: 2011-05-16 Last updated: 2014-10-07Bibliographically approved
List of papers
1. Security Considerations for the WirelessHART Protocol
Open this publication in new window or tab >>Security Considerations for the WirelessHART Protocol
2009 (English)In: Emerging Technologies & Factory Automation, 2009. ETFA 2009. IEEE Conference on, 2009, 1-8 p.Conference paper (Refereed)
Abstract [en]

WirelessHART is a secure and reliable communication standard for industrial process automation. The WirelessHART specifications are well organized in all aspects exceptsecurity: there are no separate specifications of security requirements or features. Rather,security mechanisms are described throughout the documentation. This hinders implementation of the standard and development of applications since it requires profound knowledge of all the core specifications on the part of the developer. In this paper we provide a comprehensive overview of WirelessHART security: we analyze the providedsecurity mechanisms against well known threats in the wireless medium, and propose recommendations to mitigate shortcomings. Furthermore, we elucidate the specifications of the security manager, its placement in the network, and interaction with the network manager.

Identifiers
urn:nbn:se:mdh:diva-12283 (URN)10.1109/ETFA.2009.5347043 (DOI)2-s2.0-77949891992 (ScopusID)978-1-4244-2727-7 (ISBN)
Conference
Emerging Technologies & Factory Automation, 2009. ETFA 2009. IEEE Conference on
Note
(c) 2011 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.Available from: 2011-05-24 Created: 2011-05-21 Last updated: 2014-10-07Bibliographically approved
2. Securing Communication in 6LoWPAN with Compressed IPsec
Open this publication in new window or tab >>Securing Communication in 6LoWPAN with Compressed IPsec
2011 (English)In: 7th IEEE International Conference on Distributed Computing in Sensor Systems (IEEE DCOSS '11), 2011Conference paper (Refereed)
Abstract [en]

Real-world deployments of wireless sensor networks(WSNs) require secure communication. It is important that areceiver is able to verify that sensor data was generated bytrusted nodes. It may also be necessary to encrypt sensor datain transit. Recently, WSNs and traditional IP networks are moretightly integrated using IPv6 and 6LoWPAN. Available IPv6protocol stacks can use IPsec to secure data exchange. Thus, itis desirable to extend 6LoWPAN such that IPsec communicationwith IPv6 nodes is possible. It is beneficial to use IPsec becausethe existing end-points on the Internet do not need to be modifiedto communicate securely with the WSN. Moreover, using IPsec,true end-to-end security is implemented and the need for atrustworthy gateway is removed.In this paper we provide End-to-End (E2E) secure communicationbetween IP enabled sensor networks and the traditionalInternet. This is the first compressed lightweight design, implementation,and evaluation of 6LoWPAN extension for IPsec.Our extension supports both IPsec’s Authentication Header (AH)and Encapsulation Security Payload (ESP). Thus, communicationendpoints are able to authenticate, encrypt and check theintegrity of messages using standardized and established IPv6mechanisms.

Identifiers
urn:nbn:se:mdh:diva-12285 (URN)
Conference
7th IEEE International Conference on Distributed Computing in Sensor Systems (IEEE DCOSS '11)
Note
(c) 2011 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.Available from: 2011-05-24 Created: 2011-05-21 Last updated: 2014-10-07Bibliographically approved
3. Design and Implementation of a Security Manager for WirelessHART Networks
Open this publication in new window or tab >>Design and Implementation of a Security Manager for WirelessHART Networks
2009 (English)In: Mobile Adhoc and Sensor Systems, 2009. MASS '09. IEEE 6th International Conference on, 2009, 995-1004 p.Conference paper (Refereed)
Abstract [en]

WirelessHART is the first open standard for wireless sensor networks designed specifically for industrial process automation and control systems. WirelessHART is a secure protocol; however, it relies on a Security Manager for the management of the security keys and the authentication of new devices. The WirelessHART standard does not provide the specification and design of the Security Manager. Also, the security specifications in the standard are not well organized and are dispersed throughout the standard which makes an implementation of the standard more difficult. In this paper we provide the detailed specification and design as well as an implementation of the Security Manager for theWirelessHART standard. We evaluate our security manager against different cryptographic algorithms and measure the latency between the Network Manager and the SecurityManager. Our evaluation shows that the proposed security manager meets theWirelessHART requirements. Our analysis shows that the provided Security Manager is capable of securing both the wireless and wired part of the WirelessHART network.

Research subject
Innovation and Design
Identifiers
urn:nbn:se:mdh:diva-12284 (URN)10.1109/MOBHOC.2009.5337019 (DOI)978-1-4244-5113-5 (ISBN)
Conference
Mobile Adhoc and Sensor Systems, 2009. MASS '09. IEEE 6th International Conference on
Note
(c) 2009 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.Available from: 2011-05-24 Created: 2011-05-21 Last updated: 2014-10-07Bibliographically approved

Open Access in DiVA

fulltext(680 kB)818 downloads
File information
File name FULLTEXT03.pdfFile size 680 kBChecksum SHA-512
48695f1f3e16fee194cdf8da597a038a96f6651f09da1316137bbb73664d9ad6b2821df800d5d81c143e8433ec0f18907237090e9ec33b5ed7566921b4f93f7c
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Raza, Shahid
By organisation
School of Innovation, Design and Engineering
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 818 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 483 hits
ReferencesLink to record
Permanent link

Direct link