Chapter the security in the network. The section includes

Chapter 1
introduces the basic concept of WSN and the privacy threats in a network and
the theory of IoT. In this chapter we are going to discuss the past work that
had been done in this relative field for improving the security in the network.
The section includes the work done in chronological order. At last it contains
the paper, which is referred as base paper.

2.1.IoT

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Internet of things is a network of computing devices those are
imbedded in instruments that we use in our daily routine, which make them
intelligent enough to communicate in the web by sending and receiving data. It
may be anunderwired or wireless association that comprises of several software
and hardware entities such as manufacturing administration, energy management,
agriculture irrigation, electronic commerce, logistic management, therapeutic
and healthcare system, aerospace survey, building and homebasedmechanization,
infrastructure management, large scale deployments and transportation 10

The main aim of the internet
of things is to turn traditional products into connected products by taking
advantage of gather data from multiple sources, exchanging that data among
multiple applications and communicating with one another in direction to
monitor, control and make enhancedusage of the product or to achieve certain
objectives.

Protocol
stack that is castoff in IoT is different from one that is castoff in the most of
internet applications. The modification in protocols for separate layer is
shown in the Table 2.1.

 

 

 

 

Table 2.1.
Protocols for each layer in IoT

Layer
 

IoT

General
Applications

Application
layer

CoAP,
CoAP’s

HTTP,
HTTPs

Transport
Security

layer
DTLS

TLS

Transport
layer

UDP

TCP

Network
layer

IPv6

IPv6,
IPv4

6LoWPAN

Link
layer

IEEE
802.15.4

IEEE
802.3, 802.11

           

T. Aura, 2005the
main advantage behind the DTLS protocol is to practice Transport Layer Security
(TLS) above an unreliable datagram transport layer. DTLS consist of exact set
of 4 sub protocols as TLS.The Handshake protocol propose authentication,
exchange of key for communication, and establish a reliable connection. The
alert protocol shows the error notification. The ChangeCipher Spec protocol
enclosessimply one message which is logically a part of handshake process but
separated into a different protocol8.

 

G. Montenegro,
et al., 2007 When the control and
data channel are identical, the bootstrapping is done In-Band, otherwise
Out-of-Band. Depending on whether the control medium is secured or not,
different bootstrap security methods can be chosen. Typically, some
high-security method must be castoff to generate a shared secret, which is then
used to secure the actual bootstrapping channel using symmetric encryption. The
writersrecommend several methods and reminder that the negotiated technique
should take advantage of the available hardware resource (such as hardware
encryption accelerators) etc. 11.

 

 G.
Montenegro, N. Kushalnagar, et. al, 2007The IEEE 802.15.4
radio protocol that is broadlycastoffin wireless sensor network on the link
layer has 127 bytes MTU. At the identical time IPv6 standard requires MTU to be
at least 1280 octets. In spite of the fact that applications that apply IEEE 802.15.4
link layer in utmostcircumstances have a very restricted payload size, there
still can be cases when the IP packet cannot be transmitted without
fragmentation. To overcome this issue 6LoWPAN defines the new layer above the
IEEE 802.15.4 link layer and below IP layer. In direction to attainsupremeperformance,
the 6LoWPAN standard defines two important concepts 12.


Header compression that describes the technique to wrapping IP and UDP headers
to minimize the payload.


Fragmentation that defines an algorithm to fragment and assemble IP packets
those are larger than IEEE 802.15.4 MTU12.

           

L. Huai, X. Zou,et,al 2009The
ZigBee IP border router will translate packets from 6LoWPAN network to an IPv6
network and vice versa. The equivalent to the session, presentation and
application layers of the OSI model is the proprietary part of ZigBee IP. They
are presented as a solitary layer under the term of the application profile
layer and the application layer. The profiles are created on the ZigBee Smart
Energy Version 2 (SEP2) with the determination of reaching the maximum
standardization possible between different chips manufacturers and ZigBee
applications established by the clients. The current specification of ZigBee IP
is not companionable with nodes using the other ZigBee specifications, at least
not without special intermediary nodes13.      

S. F. Pileggi, C. E. Palau et al, 2010proposes
a multimode wireless sensor node (MM WSN Node), a hybrid between RFID tags and
a sensor. Within RFID components, this sensor should be capable to transmit any
type of value as it has a Point-to-Point Protocol (PPP) as a base for
communication. Additionally, the sensors are capable to use the IEEE 802.15.4
standard to communicate the measured values to other stations. This work is
mostly a definition of the architecture; however, there is not sufficient
evidence of a real benefit on cost efficiency or performance14.

B. Zhang, K. Hu, and Y. Zhu, et al. 2010is
an analysis and a comparison of three common integrations of RFID to a WSN. The
integration with the best power performance has as a negative factor on the
fundamentals of complexity while the ones with a lower complexity lack
real-time performance. The contribution of this effort is an alternative mix
between performance and complexity, on the other hand they are basically RFID
readers working as sensors with extra nodes working as the RFID tags. Other
important factors that the beforestated works are unable to answer are the
safety of the network and the transmission chart data of only the original 96
bits of the tag values. Therefore, it is of our opinion that RFID is not a
suitable architecture for our environment15.

D. Giusto, A. Iera,2010these
implementations are also different from the discussed on the
precedingsegmentowing to the lack of a security evaluation. For the works that
make use of DTLS we have a special interest for cipher suites TLS ECDHE ECDSA
WITH AES 128 CCM 8 and TLS PSK WITH AES 128 CCM 8 as they are specifically
requested to be supported by the CoAP specifications. Some of those works are
making explicit practice of the Trusted Platform Module (TPM) embedded chip.
This chip can execute operations related to encryption helping the
micro-controller to save resources. This contributes reducing the time
requisite for the DTLS handshake procedure16.

R. H. Weber, 2010in this evaluation is not well-defined precisely which stacks
were used for DTLS or CoAP.Privacy threat: Dependent on the sort of data
gathered, the tracking of the location of one or more sensors and usage may
lead to a privacy risk to the users as the attacker could deducedata based on
them Apart from the implementations using 3DES, CoAP with DTLS has a higher
impact on memory compared to the network layer17.

S. Tozlu, et.al,2011The
IEEE 802.11x is under the control of the Wi-Fi Alliance and most of the
standards are not intended to work with constrained networks, due those
networks were covered by the IEEE 802.15.4 standard. Yet, some companies have
made some modifications to the hardware that is obtainable for the 802.11
standard by adding a duty cycle. They assume that a Wi-Fi node can achieve a
very little power ingestion with a native support for IPv4 and IPv6 while also
providing protocols for safety, such as the WPA2 18.

D. Pauli and D. I. Obersteg ,2011
The IPsec Security Payload (SP) is a protocol for safeguarding Internet
Protocol (IP) communications by encrypting and authenticating every IP packet
20. Unlike DTLS, it operates at the network layer of the Internet protocol
suite and therefore it is transparent to the application layer and does not
require any considerations for a CoAP implementation. This fact has its upside
as well as its downside: It provides confidentiality and data-origin
authentication at the price of approximately 10 bytes per packet 19.

 

C. Bormann and Z. Shelby, 2012at
the similar time DTLS is different because of unreliable datagram transport.
The probable message loss is as well a reason to maintain its own retransmission
timer. Promising message rearrangement forces DTLS to maintain a sequence number
for messages and explicitly include this number in the header. In order to
reduce the Round Trip Time (RTT) messages can be grouped into flights 20.

 

 T. Winter, P.
Thubert 2012discussed in this segment have
implemented DTLS over sensors, including some that have been combined with CoAP
for reaching CoAPS. The negotiation of a DTLS session is called a DTLS
handshake process. The DTLS session is a secure channel between the nodes
(client and server) involved. The practice of different cipher suites has an
impact on the kind of keys, the requisite mechanism for the process and on the
size of each message (called DTLS records) required for the handshake process
21.

Z. Shelby, K. Hartke et al. 2012
is another comparison of DTLS for WSN. This work was one of the foremost
adapting DTLS to WSN, using public cryptography keys such as RSA. As a testbed
is used TinyOS 2.x, with an integrated TPM chip and the OpenSSL 1.0.0d for the
DTLS stack. The hardware castoff for the sensor is an Opal Sensor (48 KB RAM
and 256 KB Flash) which falls in the C2 category. The power was measured
through an oscilloscope using a 10 Ohm resistor. “This yielded a value for the
electric potential which be able to converted into a value for the current draw
by dividing it through the value of the resistance”. As one of the conclusions,
a required energy of 485.2 mJ was estimated for completing a fully DTLS
session8.

 S. Raza, D.
Trabalza et al. 2012 where the cipher suite
TLS ECDHE ECDSA WITH AES 128 CCM 8 required 10.89 mJ. As the
dissimilaritiesamong cipher suites are huge, the CoAP specifications request to
avoid the usage of RSA with the sensors. In general, this work validates the
practice of only the cipher suites TLS PSK WITH AES 128 CCM 8 and TLS ECDHE
ECDSA WITH AES 128 CCM 8 for WSN22.

B. Sarikaya, Y. Ohba et al. 2012
is a performance test of TinyDTLS 0.8.2 with Contiki 3.X. Its main contribution
is the evaluation of the duration of the DTLS handshake with three duty cycles
models: preamble sampling, IEEE 802.15.4 beacon-enabled and IEEE 802.15.4e time
slotted channel hopping. The measurement is done by means of the MSPSim tool
and the Cooja simulator. Around 100 DTLS negotiations with the cipher suite TLS
PSK WITH AES 128 CCM 8 were executed. The hardware tested were the Wismote and
ST GreenNet platforms (32 KB of RAM and 256 KB of FLASH). The ST GreenNet
platform also made use of TPM 23.

C. Lerche, K. Hartke, DTLS, 2012
session handled by TinyDTLS requires 400 bytes or more. The session includes
enough data for identifying its states which are the IPv6 and port addresses of
the nodes, their role, the master secret for the keys, and other variables
dependent on the cipher suite. According to their results, DTLS has a
pitiableenactment of in radio duty cycle networks. For the preamble sampling
protocol, the DTLS handshake procedure can be larger than 50 seconds. In IEEE
802.15.4 beacon-enable mode, the duration was of up to 35 seconds. Also, they
concluded that DTLS is acceptable for applications where the DTLS handshake
occurrences are limited during the sensor lifetime and that applications that
are expecting a high number of DTLS client for the DTLS server must be
reflected carefully 24.

JAIN, A., KANT, et al. 2012
describes a framework for initially configuring smart objects securely. They
name two distinct phases during the bootstrapping process: the provisioning and
bootstrapping phase. In the provisioning stage, the thing is provisioned with
statically organizedfactors like certificates (potentially, this has previously
been done during the manufacturing phase), which are needed in the
bootstrapping phase. Using this statically configured information, the
dynamically configured information is set up. Further, they define two distinct
mediums through which two nodes can communicate: the control and data channel. The
data medium is during normal network operation and the control medium is based
on the bootstrapping stage 5.

 

S. Tozlu and M. Senel et. Al, 2012
is an evaluation of one modified hardware (G2M5477) for the low-power Wi-Fi
against more popular implementations of the 802.15.4/6LoWPAN for TinyOSand
Contiki O.S. The conclusions are two: I) the low-energy Wi-Fi provides an
upgradingabove the original standard on latency and energy consumption with
limited impact on battery supplies owing to the introduced duty cycle. II) Both
standards have a similar performance when working with a small quantity of
information to transmit. However, owing to the difference in the MTU of both,
Low-power Wi-Fi handles the communication of bigger frames such as 1024 MB in a
better way. A minor problem with this work is the wrongly estimated value of
MTU for the 802.15.4 of 102 bytes instead of the 127 bytes; while most probably
this discrepancy comes from the summation of the headers of the 802.15.4 and
6LoWPAN protocols, it is not specified. Also, the value of 8 bytes’castoff in
the tests is too small for any type of transmission: a test with a value of 45
bytes would have been better25.

Z. Shelby, K. Hartke, 2012The
HART Communication Foundation has adopted the IEEE 802.15.4 as the bases for
the WirelessHART networks. The webs are self-possessed of sensors, routers,
hand-hold devices, Gateways and a network manager. The CSMA-CA mechanism is
substituted by the Time Division Multiple Access (TDMA) for achieving the Time
Slotted Channel Hopping (TSCH) mechanism for continual transmission without
collision. The implementation of super-frame: a collection of cells, which
repeat at regular intervals to help to minimize the risk of collision and to resolve
the hidden node problem. The MAC layer is capable of block some channels at the
frequency of 2.4 GHz when it detects other wireless networks making use of
them. The snooze stage of the nodes is impacted, as WirelessHART will be giving
feedback each 20 msec. It is still possible to use the AES 128-bits, however
the overhead on the packet size will be at the limit of the transmission 8.

 O.
Garcia-Morchon ,2012 The works discussed in
this segment are implementations made with the determination of mitigating the
threats. They are pigeonholed by their focus on the power performance of the
sensors. This is because their discussion is about if the sensors in the C1 and
C2 categories are able or not to support the standard security implementations
(TLS, DTLS or IPsec) with their limited resources 26.

M. Hulea, G. Mois, S. Folea et al. 2013
the RN-131C Wi-Fi chip is presented. This work is a proofconcept and its main
contribution is the approximation of the power supply centered on the
duty-cycle, which is around 2 years of life in a best case scenario. The main
drawback of these works is the non-standardization of the current
implementations. All the previous works have implemented their own product with
a result unique to them. Another problem is that no one considered scenarios
where the area to cover is superior to the default range of the Wi-Fi products,
and therefore the devices are forced to work in a mesh topology instead of a
star topology. One last issue is the high price of the hardware compared to
other options such as those for the IEEE 802.15.4 27.

F. P. Rezha and S. Y. Shin, 2014
IEEE 802.15.4 standard for Wireless Personal Area Network is ideal to
deliverdata over comparativelysmall distances, involving little or no
infrastructure. This feature permitsminor, power effective,
economicalresolutions to be applied for a widespread range of devices with
small battery consumption requirements and typically operating in the reach
range of 10 meters. This standard describes two layers called the physical
layer (PHY) and the medium access control (MAC) layer. Both of them are closely
equivalent to their counterparts in the OSI model layer28.

J. Kim, J. Lee, et. al 2014The
IEEE 802.15.4 incorporates features aimed to minimize the power consumption, in
addition to handling the duty cycles for saving the battery life. This standard
also can make a smart selection of channel
frequency for scenarios where other services are using the 2.4 GHz channel.
As the IEEE 802.15.4 is a very robust open standard, it has been accepted by
different entities for their own WSN devices. Each one of them handles their
own upper layers. The ZigBee Alliance is the most popular. Other entities like
Wireless HART and ISA, have also adopted it for the industrial environment. It
is similarly popular with different open source platforms such as TinyOS,
Contiki and RIOT29.

J. Hui and P. Thubert, 2014 ZigBee
is a description for a set of high level communiqué protocols used to form personal
area networks fabricated from minor, small power digital radios. ZigBee is
based on the IEEE 802.15.4 standard and is under the control of the ZigBee
Alliance. The ZigBee Alliance has defined a sum of significant ZigBee variances
or specifications: ZigBee (2004), ZigBee PRO (2007), ZigBee Green Power (2012)
and ZigBee IP (2013). Each one has their own defined layers, having in common
the practice of the 802.15.4 standard. Only the ZigBee IP can support IPv6
networks by means of 6LoWPAN. The others require making use of additional
devices to have access to any IP network. The typical nodes of the WSN are
represented by the ZigBee IP host and the ZigBee IP router which are the sensor
and sink nodes respectively 30.

Granjal et al., 2015is
an evaluation of power performance when security is implemented at the network
layer and application layer. Their main contribution was the proposition,
implementation and evaluation of a custom 6LoWPAN dispatch for integrating
IPSec to 6LoWPAN, with provision for the Authentication Header (AH) and
Encapsulating Security Payload (ESP). Their testbed is self-possessed of two
TelosB sensors and a Linux host where one of the TelosB acts as a bridge
router. TinyOS is castoff as a platform for both sensors; the TelosB sensors
specifications are a 16-bit RISC MSP 430 micro-controller with 48 KB of ROM and
10 KB of RAM. This work evaluated eleven different modes of security
implementations divided into 3 different protocols: 6LoWPAN with the dispatches
for AH and ESP; and CoAP using three different cipher suites, including TLS
ECDHE ECDSA WITH AES 128 CCM 8 and TLS PSK WITH AES 128 CCM 8. It is essential
to emphasize that the tests with AES were executed with the TPM chip
implemented in the sensors 31.

 

S. Park, K. Kim,et.al. 2015In
internet applications that apply the request-response pattern it is common to
use the TCP protocol on the transport level. This protocol has significant benefits
as it assurances delivery of packages in addition to order of delivery. At the
same time, it requires a communication overhead for connection, additional
resources to uphold the connection state and package delivery confirmation,
which may cause timeouts due to the IEEE 802.15.4 network latencies. Properties
mentioned above are significant shortcomings for the 4 application of TCP in
the IoT. Moreover, many applications in the IoT do not benefit from guaranteed
package delivery. As a result, UDP has become the preferred transport layer
solution for the IoT. If order and guaranteed delivery is required, it becomes
a part of application level protocol such as CoAP 32.

 

Base
paper

Shahid Raza, Luding Seitz, Denis Sitenkov, and Goran
Selander thekeyclue about the DTLS protocol is to
practice Transport Layer Security (TLS) in excess of an unreliable datagram
transport layer. DTLS structures the same 4 sub protocols as TLS. The Handshake
protocol defines authentication, key exchange, and setting up the reliable
connection. The Record protocol defines secured communication. The Alert protocol
defines error notification. The ChangeCipherSpec protocol comprisessimply one
message which is logically a part of handshake process but separated into a
different protocol 33.

 

 

 

 

 

  Table 2.2.symmetric
keys DTLS handshake successful

Flight

Client

Server
 

1

ClientHello

 

2

 

HelloVerifyRequest

3

ClientHello

 

4

 

ServerHello
ServerKeyExchange*
ServerHelloDone

 

5

ClientKeyExchange
ChangeCipherSpec
Finished

 

6

 

ChangeCipherSpec
Finished

 

The
client starts the handshake by sending a ClientHello message (Flight 1).As DTLS
functionsabove the connectionless UDP protocol it has a defensecontrary to
Denial of Service (DoS) attack. DTLS creates the cookie that is anHMAC of a
randomly produced secret, client IP address, and ClientHello parameters and
directs it to the client in HelloVerifyRequest (Flight 2). Client in return
repeats the same ClientHello message with cookie included (Flight 4). When
server obtains ClientHello with cookie it confirms the cookie and if it is
valid produces random numeral and sends it in ServerHello message with
ServerHelloDone (Flight 4). Client, in its turn, produces master secret and
sends ClientKeyExchange that comprises psk_identity, ChangeCipherSpec, and
Finish message that contains all previous messages encrypted with generated
master secret (Flight 5). The psk_identity field identifies the key that server
should use for a handshake. It is used only in PSK mode. Upon receiving Flight
5 server confirms the content of the Finish message and replies
withChangeCipherSpec, and Finish messages (Flight 6).

x

Hi!
I'm Kara!

Would you like to get a custom essay? How about receiving a customized one?

Check it out