Abstract
Transport Layer Security (TLS) is one of the most popular security protocols for end-to-end communications. The handshake process of TLS has high computation complexity and heavy delay, while the devices in Internet of Things (IoT) always have limited resources. Therefore, it is hard to deploy TLS in IoT. To tackle this problem, we propose a novel method to simplify the TLS handshake protocol based on Software Defined Network (SDN) for a general end-to-end communication scenario. Firstly, instead of doing the Diffie-Hellman key exchange to calculate the premaster secret of TLS, the controller is used to generate the premaster secret dynamically and then distributes this secret to the IoT devices through the encrypted channel between the SDN switch and the controller. Secondly, the certificate verification of TLS is transferred from the IoT devices to the more powerful controller. Furthermore, the security of our simplified protocol is validated by the deduction of BAN logic and the analysis for malicious attacks. The experimental results show that our protocol reduces both the latency in the whole handshake process and the computational overhead in the IoT devices compared with the traditional TLS.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
OpenFlow switch specification, March 2015. https://www.opennetworking.org/wp-content/uploads/2014/10/openflow-switch-v1.5.1.pdf
Burrows, M., Abadi, M., Needham, R.M.: A logic of authentication. Proc. R. Soc. Lond. A Math. Phys. Eng. Sci. 426(1871), 233–271 (1989). https://doi.org/10.1098/rspa.1989.0125
Cai, J., et al.: A handshake protocol with unbalanced cost for wireless updating. IEEE Access 6, 18570–18581 (2018). https://doi.org/10.1109/ACCESS.2018.2820086
Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol version 1.2. RFC 5246, August 2008. https://tools.ietf.org/html/rfc5246
Dragomir, D., Gheorghe, L., Costea, S., Radovici, A.: A survey on secure communication protocols for IoT systems. In: 2016 International Workshop on Secure Internet of Things (SIoT), pp. 47–62, September 2016. https://doi.org/10.1109/SIoT.2016.012
Farris, I., Taleb, T., Khettab, Y., Song, J.: A survey on emerging SDN and NFV security mechanisms for IoT systems. IEEE Commun. Surv. Tutorials 21(1), 812–837 (2019). https://doi.org/10.1109/COMST.2018.2862350
Feng, Z., Hu, G.: Secure cooperative event-triggered control of linear multiagent systems under DoS attacks. IEEE Trans. Control Syst. Technol. 1–12 (2019). https://doi.org/10.1109/TCST.2019.2892032
Gomez, C., Arcia-Moret, A., Crowcroft, J.: TCP in the Internet of Things: from ostracism to prominence. IEEE Internet Comput. 22(1), 29–41 (2018). https://doi.org/10.1109/MIC.2018.112102200
Gueron, S., Krasnov, V.: Fast prime field elliptic-curve cryptography with 256-bit primes. J. Crypt. Eng. 5(2), 141–151 (2015). https://doi.org/10.1007/s13389-014-0090-x
Gupta, V., Stebila, D., Fung, S., Shantz, S.C., Gura, N., Eberle, H.: Speeding up secure Web transactions using elliptic curve cryptography. In: NDSS (2004)
Hummen, R., Shafagh, H., Raza, S., Voig, T., Wehrle, K.: Delegation-based authentication and authorization for the IP-based Internet of Things. In: 2014 Eleventh Annual IEEE International Conference on Sensing, Communication, and Networking (SECON), pp. 284–292, June 2014. https://doi.org/10.1109/SAHCN.2014.6990364
Koponen, T., et al.: Onix: a distributed control platform for large-scale production networks. In: OSDI, vol. 10, pp. 1–6 (2010)
Malik, K.M., Malik, H., Baumann, R.: Towards vulnerability analysis of voice-driven interfaces and countermeasures for replay attacks. In: 2019 IEEE Conference on Multimedia Information Processing and Retrieval (MIPR), pp. 523–528, March 2019. https://doi.org/10.1109/MIPR.2019.00106
Mirsky, Y., Kalbo, N., Elovici, Y., Shabtai, A.: Vesper: using echo analysis to detect man-in-the-middle attacks in LANs. IEEE Trans. Inf. Forensics Secur. 14(6), 1638–1653 (2019). https://doi.org/10.1109/TIFS.2018.2883177
Mzid, R., Boujelben, M., Youssef, H., Abid, M.: Adapting TLS handshake protocol for heterogenous IP-based WSN using identity based cryptography. In: 2010 International Conference on Wireless and Ubiquitous Systems, pp. 1–8, October 2010. https://doi.org/10.1109/ICWUS.2010.5671367
Park, J., Kang, N.: Lightweight secure communication for CoAP-enabled Internet of Things using delegated DTLS handshake. In: 2014 International Conference on Information and Communication Technology Convergence (ICTC), pp. 28–33, October 2014. https://doi.org/10.1109/ICTC.2014.6983078
Park, J., Kwon, H., Kang, N.: IoT–cloud collaboration to establish a secure connection for lightweight devices. Wireless Netw. 23(3), 681–692 (2017). https://doi.org/10.1007/s11276-015-1182-y
Peng, C., Zhang, Q., Tang, C.: Improved TLS handshake protocols using identity-based cryptography. In: 2009 International Symposium on Information Engineering and Electronic Commerce, pp. 135–139, May 2009. https://doi.org/10.1109/IEEC.2009.33
Pittoli, P., David, P., Noël, T.: DTLS improvements for fast handshake and bigger payload in constrained environments. In: Mitton, N., Loscri, V., Mouradian, A. (eds.) ADHOC-NOW 2016. LNCS, vol. 9724, pp. 251–262. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40509-4_18
Rescorla, E., Modadugu, N.: Datagram transport layer security version 1.2. RFC 6347 (2012). https://tools.ietf.org/html/rfc6347
Seo, J., et al.: An ECDH-based light-weight mutual authentication scheme on local SIP. In: 2015 Seventh International Conference on Ubiquitous and Future Networks, pp. 871–873, July 2015. https://doi.org/10.1109/ICUFN.2015.7182668
Tiburski, R.T., Amaral, L.A., de Matos, E., de Azevedo, D.F.G., Hessel, F.: Evaluating the use of TLS and DTLS protocols in IoT middleware systems applied to E-health. In: 2017 14th IEEE Annual Consumer Communications Networking Conference (CCNC), pp. 480–485, January 2017. https://doi.org/10.1109/CCNC.2017.7983155
Tootoonchian, A., Ganjali, Y.: HyperFlow: a distributed control plane for OpenFlow. In: Proceedings of the 2010 Internet Network Management Conference on Research on Enterprise Networking, p. 3 (2010)
Wu, D., Li, J., Das, S.K., Wu, J., Ji, Y., Li, Z.: A novel distributed denial-of-service attack detection scheme for software defined networking environments. In: 2018 IEEE International Conference on Communications (ICC), pp. 1–6, May 2018. https://doi.org/10.1109/ICC.2018.8422448
Yan, Q., Huang, W., Luo, X., Gong, Q., Yu, F.R.: A multi-level DDoS mitigation framework for the industrial Internet of Things. IEEE Commun. Mag. 56(2), 30–36 (2018). https://doi.org/10.1109/MCOM.2018.1700621
Acknowledgments
We appreciate the financial support from Ministry of Education, Singapore through the Academic Research Fund (AcRF) Tier 1 for the project of 2018-T1-001-092. This work is also supported by Project U1603261 supported by Joint Funds of National Natural Science Foundation of China and Xinjiang.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Yan, L., Ma, M., Ma, Y. (2019). TLShps: SDN-Based TLS Handshake Protocol Simplification for IoT. In: Wang, G., Feng, J., Bhuiyan, M., Lu, R. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2019. Lecture Notes in Computer Science(), vol 11611. Springer, Cham. https://doi.org/10.1007/978-3-030-24907-6_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-24907-6_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24906-9
Online ISBN: 978-3-030-24907-6
eBook Packages: Computer ScienceComputer Science (R0)