Abstract
The Internet of Things (IoT) presents a new paradigm of the future Internet that intends to provide interactive communication between various processing objects via heterogeneous networks. The IPv6 over Low power Wireless Personal Area Networks (6LoWPAN) is an IPv6 adaptation sub-layer and provides the requirements of IP connectivity between resource-constrained devices in lossy, low power networks. Since the size of a packet in the IPv6 is larger than the size of a frame in the IEEE 802.15.4, the 6LoWPAN adaptation layer performs packet fragmentation. In this paper, first, the 6LoWPAN fragmentation mechanism in terms of security issues is analyzed and then, fragment duplication attack which an attacker can selectively disrupt the reassembly of fragments of a particular packet at a receiver node is identified. Next, signcryption, which is a high performance cryptographic primitive, is discussed. Finally, a lightweight Offline-Online SignCryption (OOSC) scheme is proposed to counter fragment duplication attack. The evaluation shows that the proposed scheme is secure in the random oracle model and in terms of computational cost, and energy consumption efficiently counters with this attack.
Similar content being viewed by others
Change history
07 June 2018
The Publisher regrets an incorrect figure was placed in the pdf version of the article.
References
Tsai CW, Lai CF, Vasilakos AV (2014) Future internet of things: open issues and challenges. J Wireless Networks 20(8):2201–2217
Roman R, Zhou J, Lopez J (2013) On the features and challenges of security and privacy in distributed internet of things. J Computer Networks 57(10):2266–2279
Jing Q, Vasilakos AV, Wan J, Lu J, Qiu D (2014) Security of the internet of things: perspectives and challenges. J Wireless Networks 20(8):2481–2501
Kim E, Kaspar D, Vasseur J (2012) Design and application spaces for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs). https://tools.ietf.org/html/rfc6568. Accessed April 2012
IEEE. Part 15.4: wireless medium access control (MAC) and physical layer (PHY) specifications for low-rate wireless personal area networks (WPANs) (2006). IEEE 802.15.4, IEEE Computer Society, 2006
Zheng Y (1977) Digital signcryption or how to achieve cost (signature & encryption) < cost (signature) + cost (encryption). Adv Cryptol Lect Notes Comput Sci 1294:165–179
Boneh D, Franklin M (2001) Identity-based encryption from the weil pairing. Adv Cryptol, Lect Notes Comput Sci 2139:213–229
Kim H (2007) Protection against packet fragmentation attacks at 6LoWPAN adaptation layer. In: Convergence and Hybrid Information Technology, 2008. In: Proceedings. 2008 IEEE International Conference on, pp 796–801
Montenegro G, Kushalnagar N, Hui J, Culler D (2007) Transmission of IPv6 packets over IEEE 802.15.4 networks. https://tools.ietf.org/html/rfc4944, Accessed September 2007
Ziemba G, Reed D,Traina P (1995) Security considerations for IP fragment filtering. https://tools.ietf.org/html/rfc1858.html, Accessed October 1995
Ptacek T, Newsham T (1998) Insertion, evasion, and denial of service: eluding network intrusion detection. Eluding network intrusion detection. SECURE NETWORKS INC CALGARY ALBERTA
Hummen R, Hiller J, Wirtz H, Henze M, Shafagh H, Wehrle K (2013) 6LoWPAN fragmentation attacks and mitigation mechanisms. In: security and privacy in wireless and mobile networks, 2013. WiSec’13. In: Proceedings. 2013 6th ACM conference on, pp 55-66
Libert B, Quisquater JJ (2003) A new identity based signcryption schemes from pairings. In: Proceedings of the 2003 IEEE workshop on information theory, pp 155–158
Boyen X (2003) Multipurpose identity-based signcryption: a swiss army knife for identity-based cryptography. Adv Cryptol Lect Notes Comput Sci 2729:383–399
Barreto PSLM, Libert B, McCullagh N, Quisquater JJ (2005) Efficient and provably-secure identity-based signatures and signcryption from bilinear maps. Adv Cryptol Lect Notes Comput Sci 3788:515–532
Jo HJ, Paik JH, Lee DH (2014) Efficient privacy preserving authentication in wireless mobile networks. Trans Mobile Comput IEEE 13(7):1469–1481
An JH, Dodis Y, Rabin T (2002) On the security of joint signature and encryption. Advances in cryptology, Eurocrypt 2002, lecture notes in computer science 2332: 83–107
Xu Z, Dai G, Yang D (2007) An efficient online/offline signcryption scheme for MANET. In: proceedings of the 2007 workshop on advanced information networking and applications, pp 171–176
Yan F, Chen X, Zhang Y (2013) Efficient online/offline signcryption without key exposure. J Grid Util Comput 4(1):85–93
Sun D, Huang X, Mu Y, Susilo W (2008) Identity-based on-line/off-line signcryption. In: network and parallel computing, 2008. In: proceedings. 2008 IFIP international conference on, pp 34–41
Liu JK, Baek J, Zhou J (2011) Online/offline identity based signcryption re-visited. In: information security and cryptology, Inscrypt 2010, lecture notes in computer science 6584: 36–51
Li F, Khan MK, Alghathbar K, Takagi T (2012) Identity-based online/offline signcryption for low power devices. J Network Comput Appl 35(1):340–347
Li F, Xiong P (2013) Practical secure communication for integrating wireless sensor networks into the internet of things. J IEEE Sensors 13(10):3677–3684
Senthil kumaran U, Ilango P (2015) Secure authentication and integrity techniques for randomized secured routing in WSN. J Wireless Networks 21(2):443–451
Li F, Zheng Z, Jin C (2016) Secure and efficient data transmission in the internet of things. J Telecommun Syst 62(1):111–122
Bormann C (2012) Guidance for light-weight implementations of the internet protocol suite. https://tools.ietf.org/html/draft-bormann-lwig-guidance-01, Accessed 24 January 2012
Wilhelm M, Martinovic I, Schmitt JB, Lenders V (2011) reactive jamming in wireless networks: how realistic is the threat?. In: wireless network security, 2011. WiSec’11. In: Proceedings. 2011 4th ACM conference on, pp 47–52
Becher A, Benenson Z, Dornseif M (2006) Tampering with motes: real-world physical attacks on wireless sensor networks. In: security in pervasive computing, 2006. SPC’06. In: Proceedings. 2006 3rd international conference on, pp 104–118
Heer T, Garcia-Morchon O, Hummen R, Keoh S, Kumar S, Wehrle K (2011) Security challenges in the IP-based internet of things. J. Wirel Pers Commun 61(3):527–542
Daemen J, Rijmen V (2002) The design of Rijndael: AES the advanced encryption standard. Springer, Berlin
Secure Hash Standard (1995) Nat’l Inst. of standards and technology (NIST), Fed. Inf Process Stand Publ 180(1)
Pointcheval D, Stern J (2000) Security arguments for digital signatures and blind signatures. J Cryptology 13(3):361–396
Boneh D, Boyen X (2004) Short signatures without random oracles. In: advances in cryptology. Lect Notes Comput Sci 3027:56–73
Cha JC, Cheon JH (2003) An identity-based signature from gap Diffie-Hellman groups. Public Key Cryptogr, Lect Notes Comput Scie 2567:18–30
Li J, Zhao J, Zhang Y (2015) Certificateless online/offline signcryption scheme. J Secur Commun Netw 8(11):1979–1990
Li F, Han Y, Jin C (2017) Certificateless online/offline signcryption for the internet of things. J. Wirel Netw 23(1):145–158
Luo M, Tu M, Xu J (2014) A security communication model based on certificateless online/offline signcryption for internet of things. J Sec Commun Netw 7(10):1560–1569
Shi W, Kumar N, Gong P, Chilamkurti N, Chang H (2015) On the security of a certificateless online/offline signcryption for internet of things. J Peer-to-Peer Network Appl 8(5):881–885
Shim KA (2012) CPAS: an efficient conditional privacy preserving authentication scheme for vehicular sensor networks. Trans Veh Technol IEEE 61(4):1874–1883
Shim KA, Lee YR, Park CM (2013) EIBAS: an efficient identity-based broadcast authentication scheme in wireless sensor networks. J Ad Hoc Netw 11(1):182–189
Gura N, Patel A, Wander A, Eberle H, Shantz SC (2004) Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In: international workshop on cryptographic hardware and embedded systems, 2004. CHES’04. Lect Notes Comput Sci 3156:119–132
Cao X, Kou W, Dang L, Zhao B (2008) IMBAS: Identitybased multi-user broadcast authentication in wireless sensor networks. J. Comput Commun 31(4):659–667
Ma C, Xue K, Hong P (2014) Distributed access control with adaptive privacy preserving property for wireless sensor networks. J Secur Commun Netw 7(4):759–773
Shim KA (2014) S2DRP: secure implementations of distributed reprogramming protocol forwireless sensor networks. J. Ad Hoc Netw 19:1–8
Chang C, Muftic S (2007) Measurement of energy costs of security in wireless sensor nodes. In: computer communications and networks, 2007. ICCCN’07. In: proceedings. 2007 IEEE 16th international conference on, pp 95–102
Prasithsangaree P, Krishnamurthy P (2003) Analysis of energy consumption of Rc4 and AES algorithms in wireless Lans. In: Global telecommunications, 2003. GLOBECOM'03. 2003 IEEE Conference on 3: 1445–1449
Robinson DJS (1996) A course in the theory of groups. Springer, Heidelberg
Martin L (2008) Introduction to identity-based encryption. Artech House, Boston, London, England
Rescorla E, Modadugu N (2012) Datagram transport layer security, http://www.rfc-editor.org/rfc/rfc6347.txt. Accessed January 2012
Author information
Authors and Affiliations
Corresponding author
Additional information
The original version of this article was revised: The Publisher regrets an incorrect figure was placed in the pdf version of the article.
Rights and permissions
About this article
Cite this article
Nikravan, M., Movaghar, A. & Hosseinzadeh, M. A lightweight signcryption scheme for defense against fragment duplication attack in the 6LoWPAN networks. Peer-to-Peer Netw. Appl. 12, 209–226 (2019). https://doi.org/10.1007/s12083-018-0659-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-018-0659-8