Abstract
In the Internet of Things some nodes, especially sensors, can be constrained and sleepy, i.e., they spend extended periods of time in an inaccessible sleep state. Therefore, the services they offer may have to be accessed through gateways. Typically this requires that the gateway is trusted to store and transmit the data. However, if the gateway cannot be trusted, the data needs to be protected end-to-end. One way of achieving end-to-end security is to perform a key exchange, and secure the subsequent messages using the derived shared secrets. However, when the constrained nodes are sleepy this key exchange may have to be done in a delayed fashion. We present a novel way of utilizing the gateway in key exchange, without the possibility of it influencing or compromising the exchanged keys. The paper investigates the applicability of existing protocols for this purpose. Furthermore, due to a possible need for protocol translations, application layer use of the exchanged keys is examined.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
TLS_PSK_WITH_AES_128_CCM_8.
- 2.
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8.
References
Giusto, D., Lera, A., Morabito, G., Atzori, L.: The Internet of Things. Springer, New York (2010)
Garcia-Morchon, O., Keoh, S., Kumar, S., Hummen, R., Struik, R.: Security Considerations in the IP-based Internet of Things. Internet-Draft draft-garcia-core-security-04, Internet Engineering Task Force, March 2012, Work in progress
Castellani, A., Loreto, S., Rahman, A., Fossati, T., Dijk, E.: Best Practices for HTTP-CoAP Mapping Implementation. Internet-Draft draft-castellani-core-http-mapping-05, Internet Engineering Task Force, July 2012, Work in progress
Kaufman, C., Hoffman, P., Nir, Y., Eronen, P.: Internet Key Exchange Protocol Version 2 (IKEv2). RFC 5996 (Proposed Standard), September 2010, Updated by RFC 5998
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard), August 2008, Updated by RFCs 5746, 5878, 6176
Shelby, Z., Hartke, K., Bormann, C., Frank, B.: Constrained Application Protocol (CoAP). Internet-Draft draft-ietf-core-coap-11, Internet Engineering Task Force, July 2012, Work in progress
Rescorla, E., Modadugu, N.: Datagram Transport Layer Security. RFC 4347 (Proposed Standard), April 2006, Obsoleted by RFC 6347, updated by RFC 5746
Rescorla, E., Modadugu, N.: Datagram Transport Layer Security Version 1.2. RFC 6347 (Proposed Standard), January 2012
Hartke, K., Bergmann, O.: Datagram Transport Layer Security in Constrained Environments. Internet-Draft draft-hartke-core-codtls-02, Internet Engineering Task Force, July 2012, Work in progress
Nadalin, A., Goodner, M., Gudgin, M., Barbir, A., Granqvist, H.: Oasis ws-trust 1.4. Specification Version 1 (2008)
Shelby, Z.: Embedded web services. IEEE Wirel. Commun. 17(6), 52–57 (2010)
Jones, M., Rescorla, E., Hildebrand, J.: JSON Web Encryption (JWE). Internet-Draft draft-ietf-jose-json-web-encryption-05, Internet Engineering Task Force, July 2012, Work in progress
Sethi, M., Arkko, J., Keranen, A.: End-to-end security for sleepy smart object networks. In: 2012 IEEE 37th Conference on Local Computer Networks Workshops (LCN Workshops), pp. 964–972. IEEE (2012)
Bianchi, G., Capossele, A.T., Mei, A., Petrioli, C.: Flexible key exchange negotiation for wireless sensor networks. In: Proceedings of the Fifth ACM International Workshop on Wireless Network Testbeds, Experimental Evaluation and Characterization, WiNTECH ’10, pp. 55–62. ACM, New York (2010)
Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978)
Vial, M.: CoRE Mirror Server. Internet-Draft draft-vial-core-mirror-proxy-01, Internet Engineering Task Force, July 2012, Work in progress
Kadyk, D., Fishman, N., Seinfeld, M., Kramer, M.: Negotiating secure connections through a proxy server, 7 February 2006, US Patent 6,996,841
Ylitalo, J., Melén, J., Nikander, P., Torvinen, V.: Re-thinking security in IP based micro-mobility. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 318–329. Springer, Heidelberg (2004)
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theor. 29(2), 198–208 (1983)
Nikander, P., Arkko, J., Ohlman, B.: Host identity indirection infrastructure (hi3). In: Proceedings of the 2nd Swedish National Computer Networking Workshop SNCNW 04, 1–4 (2004)
Arkko, J., Kernen, A.: CoAP Security Architecture. Internet-Draft draft-arkko-core-security, Internet Engineering Task Force, July 2011, Expired
Ylitalo, J., Salmela, P., Tschofenig, H.: Spinat: Integrating ipsec into overlay routing. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks, SecureComm 2005, pp. 315–326. IEEE (2005)
Jones, M., Bradley, J., Sakimura, N.: JSON Web Signature (JWS). Internet-Draft draft-ietf-jose-json-web-signature-05, Internet Engineering Task Force, July 2012, Work in progress
Jucker, S.: Securing the constrained application protocol (2012)
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)
Langley, A.: Transport Layer Security (TLS) Next Protocol Negotiation Extension. Internet-Draft draft-agl-tls-nextprotoneg-04, Internet Engineering Task Force, May 2012, Work in progress
Rescorla, E.: Keying Material Exporters for Transport Layer Security (TLS). RFC 5705 (Proposed Standard), March 2010
McGrew, D., Rescorla, E.: Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP). RFC 5764 (Proposed Standard), May 2010
Kivinen, T.: Minimal IKEv2. Internet-Draft draft-kivinen-ipsecme-ikev2-minimal-00, Internet Engineering Task Force, February 2011, Expired
Acknowledgements
The research was conducted in the Internet of Things program of DIGILE (Finnish Strategic Centre for Science, Technology and Innovation in the field of ICT), funded by Tekes.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kannisto, J., Heikkinen, S., Slavov, K., Harju, J. (2015). Delayed Key Exchange for Constrained Smart Devices. In: Garcia Pineda, M., Lloret, J., Papavassiliou, S., Ruehrup, S., Westphall, C. (eds) Ad-hoc Networks and Wireless. ADHOC-NOW 2014. Lecture Notes in Computer Science(), vol 8629. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-46338-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-662-46338-3_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-46337-6
Online ISBN: 978-3-662-46338-3
eBook Packages: Computer ScienceComputer Science (R0)