Duy An Ha
ABSTRACT
This paper introduces a design and implementation of a security scheme for the Internet of Things (IoT) based on ECQV Implicit Certificates and Datagram Transport Layer Security (DTLS) protocol. In this proposed security scheme, Elliptic curve cryptography based ECQV implicit certificate plays a key role allowing mutual authentication and key establishment between two resource-constrained IoT devices. We present how IoT devices get ECQV implicit certificates and use them for authenticated key exchange in DTLS. An evaluation of execution time of the implementation is also conducted to assess the efficiency of the solution.
- Certicom Research 2013. SEC 4: Elliptic Curve QuVanstone Implicit Certificate Scheme. Standards for Efficient Cryptography Group, Version 1.0 (Jan. 2013).Google Scholar
- Certicom 2004. Explaining Implicit Certificate. Technical Report, Certicom.Google Scholar
- Porambage, P., Shmitt, C., Kumar, P., Gurtov, A. and Ylianttlila M. 2014. Two-phase Authentication Protocol for Wireless Sensor Networks in Distributed IoT Applications. In IEEE Wireless Communications and Networking Conference (WCNC) (Istanbul, Turkey, Apr. 6, 2014), 2728--2733.Google Scholar
- Porambage, P., Kumar, P., Gurtov, A., Ylianttila, M. and Harjula, E. 2013. Certificate based keying scheme for DTLS secured IoT. Internet-Draft: draft-pporamba-dtls-certkey-01. Internet Engineering Task Force (IETF) (Dec. 2013).Google Scholar
- Rescorla, E., Modadugu, N. 2012. Datagram Transport Layer Security Version 1.2. RFC6347. Internet Engineering Task Force (IETF) (Jan. 2012).Google Scholar
- Sciancalepore, S., Capossele, A., Piro, G., Boggia G. and Bianchi, G. 2015. Key management protocol with implicit certificates for IoT systems. In Proceedings of ACM MobiSys 2015 Workshop (Florence, Italy, May 18, 2015). Google ScholarDigital Library
- Porambage, P., Kumar, P., Schmitt, C., Gurtov A. and Ylianttila, M. 2013. Certificate-based pairwise key establishment protocol for wireless sensor netwoks. In IEEE 16th International Conference on Computational Science and Engineering (Sydney, Australia, Dec. 2013). Google ScholarDigital Library
- Fan, X. and Gong, G. 2013. Securing ZigBee Smart Energy Profile 1.x with OpenECC library. In 20th ACM Conference on Computer and Communications Security (Berlin, Germany, Nov. 2013). Google ScholarDigital Library
- Kothmayr, T., Schmitt, C., Hu, W., Brünig, M. and Carle. G. 2012. A DTLS based end-to-end security architecture for the internet of things with two-way authentication. In IEEE 37th Conference on Local Computer Networks (Florida, U.S.A., Oct. 2012).Google ScholarCross Ref
- ETSI 2015. Architecture Part 1: Analysis of the architectures proposed for consideration by oneM2M. Technical Report: TR 118 502, ETSI Standards (Apr. 2015).Google Scholar
- OneM2M 2015. Security Solutions. Technical Specification: TS 0003, OneM2M Standards (Jan. 2015).Google Scholar
- Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C. and Moeller, B. 2006. Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS). RFC4492, Informational. Internet Engineering Task Force (IETF) (May 2006).Google Scholar
- Certicom Research 2009. SEC 1: Elliptic Curve Cryptography. Standards for Efficient Cryptography Group, Version 2.1 (May 2009).Google Scholar
- ITU-T 2012. ITU-T Recommendation X.501, Information Technology - Open Systems Interconnection - The Directory: Models. ITU-T (Oct. 2012).Google Scholar
- Pellikka, J. An open source ECQV implementation. https://github.com/jpellikk/ecqv-keygen (Jun. 20, 2012).Google Scholar
Index Terms
- Efficient authentication of resource-constrained IoT devices based on ECQV implicit certificates and datagram transport layer security protocol
Recommendations
Protecting IoT devices from security attacks using effective decision-making strategy of appropriate features
AbstractThe term "Internet of things (IoT)” refers to a network in which data from all connected devices may be gathered, analyzed, and modified as per requirements to offer new services. IoT devices require a constant Internet connection to exchange ...
Comments