Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.6.1307

Access Control Mechanism for Secure CoAP Applications Based on DTLS  

Jeong, Yeon-seong (Dankook University)
Park, Chang-seop (Dankook University)
Abstract
While the PSK mode of the DTLS is the most efficient in terms of the performance, it is not easy to pre-distribute and manage the symmetric key pairs as the number of sensor devices increases. On the other hand, both the RPK and certificate modes offer a convenient key management tool, but they do not guarantee a good computational performance. In this paper, the end-to-end security protocol suitable for the constrained devices is proposed, based on both the ECQV certificate and the PSK mode. Namely, the initial DTLS handshake is performed using the ECQV certificate, and the subsequent DTLS handshakes with the other CoAP servers in the same group are performed using the PSK mode for the purpose of reducing the overall computational load. Furthermore, a fine-grained access control for the CoAP client can be enforced to allow access to the limited number of CoAP servers.
Keywords
DTLS; CoAP; IoT;
Citations & Related Records
연도 인용수 순위
  • Reference
1 IEEE std. 802.15.4-2011, Part 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (LR-WPANs), Standard for Information Technology Std. June 2011.
2 E. Rescorla and N. Modadugu, "Datagram Transport Layer Security," IETF RFC 6347, Jan. 2012.
3 Z. Shelby, K. Hartke, and C. Bormann, "The Constrained Application Protocol (CoAP)," IETF RFC 7252, Jun. 2014.
4 D. R. L. Brown, R. Gallant, and S. A. Vanstone, "Provably Secure Implicit Certificate Schemes," Financial Cryptography, LNCS 2339, Springer-Verlag, pp. 156-165, Feb. 2001.
5 R. Hummen, J. Ziegeldorf, H. Shafagh, S. Raza, and K. Wehrle, "Towards Viable Certificate-based Authentication for the Internet of Things," in Proc. of the 2nd ACM Workshop on Hot Topics on Wireless Security and Privacy, pp. 37-42, Apr. 2013.
6 N. Kang, J. Park, H. Kwon and S. Jung, "ESSE: Efficient Secure Session Establishment for Internet-Integrated Wireless Sensor Networks," International Journal of Distributed Sensor Networks, vol. Jan. 2015, Article ID 393754.
7 S. Raza, L. Seitz, D. Sitenkov, and G. Selander, "S3K: Scalable Security With Symmetric Keys-DTLS Key Establishment for the Internet of Things," IEEE Transactions on Automation Science and Engineering, vol. 13, no. 3, pp. 1270-1280, July. 2016.   DOI
8 T. Kothmayr, C. Schmitt, W. Hu, M. Brunig, and G. Carle, "DTLS based Security and Two-way Authentication for the Internet of Things," Ad Hoc Networks, vol. 11, Issue 8, pp. 2710-2723, Nov. 2013.   DOI
9 Y. B. Saied, A. Olivereau, D. Zeghlache, and M. Laurent, "Lightweight Collaborative Key Establishment Scheme for the Internet of Things," Computer Networks, vol. 64, pp. 273-295, May. 2014.   DOI
10 J. Granjal, E. Monteiro, and J. Sa Silva, "End-to-End Transport-Layer Security for Internet-Integrated Sensing Applications with Mutual and Delegated ECC Public-Key Authentication," in Proc. of IFIP Networking Conference and Workshop, pp. 1-9, New York, U.S.A, May 17-19, 2013.
11 S. Raza, H. Shafagh, K. Hewage, R. Hummen, and T. Voigt, "Lithe: Lightweight Secure CoAP for the Internet of Things," IEEE Sensors Journal, vol. 13, no. 10, pp. 3711-3720, Oct. 2013.   DOI
12 Texas Instrument, CC2538 Powerful Wireless Microcontroller System-On-Chip Datasheet, Apr. 2015.
13 J. Hui and P. Thubert, "Compression Format for IPv6 Datagrams over IEEE 802.15.4-based Networks," IETF RFC 6282, Sep. 2011.
14 J. Salowey, H. Zhou, P. Eronen, and H. Tschofenig, "Transport Layer Security (TLS) Session Resumption without Server-Side State," IETF RFC 4507, Jan. 2008.
15 P. Wouters, H. Tschofenig, J. Gilmore, S. Weiler, and T. Kivinen, "Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)," IETF RFC 7250, Jun. 2014.
16 CETIC 6lbr, https://github.com/cetic/6lbr/wiki
17 TinyDTLS, https://projects.eclipse.org/projects /iot.tinydtls
18 Certicom Research, "SEC 2: Recommended Elliptic Curve Domain Parameters," Standards for Efficient Cryptography, ver. 2.0, Jan. 27 2010.