Abstract | ||
---|---|---|
Recent standardization efforts focus on a number of lightweight IP security protocol variants for end-to-end security in the Internet of Things (IoT), most notably DTLS, HIP DEX, and minimal IKEv2. These protocol variants commonly consider public-key-based cryptographic primitives in their protocol design for peer authentication and key agreement. In this paper, we identify several performance and security issues that originate from these public-key-based operations on resource-constrained IoT devices. To illustrate their impact, we additionally quantify these protocol limitations for HIP DEX. Most importantly, we find that public-key-based operations significantly hamper a peer's availability and response time during the protocol handshake. Hence, IP security protocols in the IoT must be tailored to reduce the need for expensive cryptographic operations, to protect resource-constrained peers against DoS attacks targeting these cryptographic operations, and to account for high message processing times. To this end, we present three complementary, lightweight protocol extensions for HIP DEX: i) a comprehensive session resumption mechanism, ii) a collaborative puzzle-based DoS protection mechanism, and iii) a refined retransmission mechanism. Our focus on common protocol functionality allows to generalize our proposed extensions to the wider scope of DTLS and IKE. Finally, our evaluation confirms the considerable achieved improvements at modest trade-offs. |
Year | DOI | Venue |
---|---|---|
2013 | 10.1109/ICNP.2013.6733571 | Network Protocols |
Keywords | Field | DocType |
Internet of Things,computer network security,cryptographic protocols,public key cryptography,DTLS,DoS attacks,HIP DEX,HIP diet exchange,IKEv2,Internet of Things,collaborative puzzle-based DoS protection mechanism,comprehensive session resumption mechanism,denial of service attack,end-to-end IP security protocol,key agreement,peer authentication,public-key-based cryptographic primitives,public-key-based operations,refined retransmission mechanism,resource-constrained IoT devices,resource-constrained peers | IPsec,Internet Protocol,Lightweight protocol,Cryptographic protocol,Computer science,Computer security,Datagram Transport Layer Security,Computer network,Internet protocol suite,Security association,Cryptographic primitive | Conference |
ISSN | Citations | PageRank |
1092-1648 | 24 | 1.41 |
References | Authors | |
12 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Rene Hummen | 1 | 86 | 5.62 |
Hanno Wirtz | 2 | 119 | 13.62 |
Ziegeldorf, J.H. | 3 | 24 | 1.41 |
Hiller, J. | 4 | 24 | 1.41 |