Skip to main content

Advertisement

Springer Nature Link
Log in

μDTNSec: a security layer with lightweight certificates for Disruption-Tolerant Networks on microcontrollers

  • Published:
Annals of Telecommunications Aims and scope Submit manuscript

Abstract

In Delay/Disruption-Tolerant Networks, man-in-the-middle attacks are easy: due to the store-carry-forward principle, an attacker can simply place itself on the route between source and destination to eavesdrop or alter bundles. This weakness is aggravated in networks, where devices are energy-constrained but the attacker is not. To protect against these attacks, we design and implement μDTNSec, a security layer for Delay/Disruption-Tolerant Networks on microcontrollers. Our design establishes a public key infrastructure with lightweight certificates as an extension to the Bundle Protocol. It has been fully implemented as an addition to μDTN on Contiki OS and uses elliptic curve cryptography and hardware-backed symmetric encryption. In this enhanced version of μDTNSec, public key identity bindings are validated by exchanging certificates using neighbor discovery. μDTNSec provides a signature mode for authenticity and a sign-then-encrypt mode for added confidentiality. Our performance evaluation shows that the choice of the curve dominates the influence of the payload size. We also provide energy measurements for all operations to show the feasibility of our security layer on energy-constrained devices. Because a high quality source of randomness is required, we evaluated the random number generators by the AT86RF231 radio, its successor AT86RF233, and one based on the noise of the A/D converter. We found that only AT86RF233 provides the required quality.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Notes

  1. https://www.ibr.cs.tu-bs.de/projects/mudtn/

  2. http://contiki-os.org

  3. http://freertos.org

  4. https://upcn.eu

  5. https://github.com/tinyos

  6. The ATmega1284P [44] of the INGA platform runs with 8 MHz and supports a maximum SPI data rate of f/2.

References

  1. Schürmann D, von Zengen G, Priedigkeit M, Wolf L (2017) uDTNSec: a security layer for disruption-tolerant networks on microcontrollers. In: Mediterranean ad hoc networking workshop (Med-Hoc-Net), pp 1–7

  2. Chen S, Xu H, Liu D, Hu B, Wang H (2014) A vision of IoT: applications, challenges, and opportunities with China perspective. IEEE Int Things J 1(4):349–359

    Article  Google Scholar 

  3. von Zengen G, Büsching F, Pöttner W-B, Wolf L (2012) An overview of μDTN: unifying DTNs and WSNs. In: Proceedings of the 11th GI/ITG KuVS Fachgespräch Drahtlose Sensornetze (FGSN), Darmstadt

  4. Burleigh S, Scott K (2007) Bundle protocol specification. RFC 5050

  5. Ellard D, Altman R, Gladd A, Brown D, in’t Velt R (2015) DTN IP Neighbor Discovery (IPND). draft-irtf-dtnrg-ipnd-03

  6. Symington S, Farrell S, Weiss H, Lovell P (2011) Bundle security protocol specification. RFC 6257

  7. Schildt S, Morgenroth J, Pöttner W-B, Wolf L (2011) IBR-DTN: a lightweight, modular and highly portable bundle protocol implementation. Electron Commun EASST 37:1–11

    Google Scholar 

  8. DTN2 Reference Implementation

  9. Burleigh S (2011) Compressed bundle header encoding (CBHE). RFC 6260

  10. Pöttner W-B, Büsching F, von Zengen G, Wolf L (2012) Data elevators: applying the bundle protocol in delay tolerant wireless sensor networks. In: The ninth IEEE international conference on mobile ad-hoc and sensor systems (MASS), Las Vegas

  11. Rottmann S, Hartung R, Käberich J, Wolf L (2016) Amphisbaena: a two-platform DTN node. In: The 13th international conference on mobile ad-hoc and sensor systems (MASS 2016), Brasilia

  12. Feldmann M, Walter F (2015) μ PCN—a bundle protocol implementation for microcontrollers. In: 2015 international conference on wireless communications signal processing (WCSP)

  13. Nedevschi S, Patra R (2003) DTNLite: a reliable data transfer architecture for sensor networks. CS294-1: deeply embedded networks (Lecture)

  14. Trappe W, Howard R, Moore RS (2015) Low-energy security: limits and opportunities in the internet of things. IEEE Secur Priv 13(1):14–21

    Article  Google Scholar 

  15. Gura N, Patel A, Wander A, Eberle H, Shantz S C (2004) Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In: Cryptographic hardware and embedded systems (CHES). Springer, pp 119–132

  16. NIST (2016) Recommendation for key management. Special Publication 800-57 Part 1 Rev. 4

  17. Xiao Y, Rayi VK, Sun B, Du X, Hu F, Galloway M (2007) A survey of key management schemes in wireless sensor networks. Comput Commun 30(11–12):2314–2341

    Article  Google Scholar 

  18. Szczechowiak P, Oliveira LB, Scott M, Collier M, R Dahab (2008) NanoECC: testing the limits of elliptic curve cryptography in sensor networks. In: Verdone R (ed) Wireless sensor networks, volume 4913 of lecture notes in computer science. Springer, pp 305–320

  19. Oliveira LB, Dahab R (2006) Pairing-based cryptography for sensor networks. In: 5th IEEE international symposium on network computing and applications, Cambridge

  20. Oliveira LB, Aranha DF, Gouvêa C PL, Scott M, Câmara DF, López J, Dahab R (2011) TinyPBC: pairings for authenticated identity-based non-interactive key distribution in sensor networks. Comput Commun 34(3):485–493. Special Issue of Computer Communications on Information and Future Communication Security

    Article  Google Scholar 

  21. Aranha DF, Gouvêa CPL RELIC is an Efficient LIbrary for Cryptography. https://github.com/relic-toolkit/relic

  22. Sethi M, Arkko J, Keranen A (2012) End-to-end security for sleepy smart object networks. In: IEEE 37th conference on local computer networks workshops (LCN workshops), pp 964–972

  23. de Clercq R, Uhsadel L, Van Herrewege A, Verbauwhede I (2014) Ultra low-power implementation of ECC on the ARM Cortex-M0 + . In: Proceedings of the 51st annual design automation conference (DAC). ACM, New York, pp 112:1–112:6

  24. Atmel Corporation. AT86RF231/ZU/ZF datasheet

  25. Schürmann D, Büsching F, Willenborg S, Wolf L (2017) RAIM: redundant array of independent motes. In: Conference on networked systems (NetSys’17), Göttingen

  26. Karlof C, Sastry N, Wagner D (2004) TinySec a link layer security architecture for wireless sensor networks. In: Proceedings of the 2nd international conference on embedded networked sensor systems (SenSys ’04). ACM, New York, pp 162–175

  27. Doriguzzi Corin R, Russello G, Salvadori E (2011) TinyKey: a light-weight architecture for wireless sensor networks securing real-world applications. In: Eighth international conference on wireless on-demand network systems and services (WONS), pp 68–75

  28. Luk M, Mezzour G, Perrig A, Gligor V (2007) MiniSec: a secure sensor network communication architecture. In: 6th international symposium on information processing in sensor networks (IPSN), IEEE, pp 479–488

  29. Liu A, Ning P (2008) TinyECC: a configurable library for elliptic curve cryptography in wireless sensor networks. In: International conference on information processing in sensor networks (IPSN’08). IEEE, pp 245–256

  30. Casado L, Tsigas P (2009) ContikiSec: a secure network layer for wireless sensor networks under the contiki operating system. In: Identity and privacy in the internet age, pp 133–147

    Chapter  Google Scholar 

  31. Capossele A, Cervo V, De Cicco G, Petrioli C (June 2015) Security as a CoAP resource: an optimized DTLS implementation for the IoT. In: 2015 IEEE international conference on communications (ICC), pp 549–554

  32. David PP, Noël T (2016) DTLS improvements for fast handshake and bigger payload in constrained environments. In: Mitton N, Loscri V, Mouradian A (eds) Ad-hoc, mobile, and wireless networks. Springer International Publishing, Cham, pp 251–262

  33. Moosavi SR, Gia TN, Nigussie E, Rahmani AM, Virtanen S, Tenhunen H, Isoaho J (2016) End-to-end security scheme for mobility enabled healthcare Internet of Things. Futur Gener Comput Syst 64:108–124

    Article  Google Scholar 

  34. ‘Bg’. AVR–Crypto–Lib

  35. SEC 2 SECG (January 2010) Recommended elliptic curve domain parameters. In: Standards for efficient cryptography group, Certicom Corp

  36. Büsching F, Kulau U, Wolf L (2012) Architecture and evaluation of INGA—an inexpensive node for general applications. In: IEEE sensors. IEEE, Taipei, pp 842–845

  37. SEC 1 SECG (2009) Elliptic curve cryptography, Standards for Efficient Cryptography Group, Certicom Corp

  38. Johnson D, Menezes A, Vanstone S (2001) The elliptic curve digital signature algorithm (ECDSA). Int J Inf Secur 1(1):36–63

    Article  Google Scholar 

  39. Hartung R, Kulau U, Wolf LC (2016) Demo; PotatoScope—scalable and dependable distributed energy measurement for WSNs. In: IEEE SECON 2016 conference proceedings. London

  40. Jansma N, Arrendondo B (2004) Performance comparison of elliptic curve and RSA digital signatures. Technical report, University of Michigan, College of Engineering

  41. Dunkels A, Gronvall B, Voigt T (2004) Contiki—a lightweight and flexible operating system for tiny networked sensors. In: Proceedings of the 29th annual IEEE international conference on local computer networks, LCN ’04. IEEE Computer Society, Washington, DC, pp 455–462

  42. Brown RG (2011) Dieharder: a random number test suite v3.31.1

  43. Atmel Corporation. Low Power 2.4 GHz Transceiver for ZigBee IEEE 802.15.4 6LoWPAN (2009)

  44. Atmel Corporation (2009) 8-bit AVR Microcontroller with 128K Bytes In-System Programmable Flash - ATmega1284P

  45. Atmel Corporation (July 2014) Low Power 2.4 GHz Transceiver for ZigBee, IEEE 802.15.4, 6LoWPAN, RF4CE, SP100, WirelessHART, and ISM Applications - AT86RF233

Download references

Author information

Authors and Affiliations

  1. Institute of Operating Systems and Computer Networks, TU Braunschweig, Braunschweig, Germany

    Dominik Schürmann, Georg von Zengen, Marvin Priedigkeit, Sebastian Willenborg & Lars Wolf

Authors
  1. Dominik Schürmann
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Georg von Zengen
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Marvin Priedigkeit
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Sebastian Willenborg
    View author publications

    You can also search for this author inPubMed Google Scholar

  5. Lars Wolf
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Dominik Schürmann.

Additional information

This paper is an extended version of “D. Schürmann, G. von Zengen, M. Priedigkeit, L. Wolf: μDTNSec: A Security Layer for Disruption-Tolerant Networks on Microcontrollers” [1].

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Schürmann, D., von Zengen, G., Priedigkeit, M. et al. μDTNSec: a security layer with lightweight certificates for Disruption-Tolerant Networks on microcontrollers. Ann. Telecommun. 73, 589–600 (2018). https://doi.org/10.1007/s12243-018-0655-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12243-018-0655-2

Keywords