skip to main content
10.1145/3302505.3310081acmconferencesArticle/Chapter ViewAbstractPublication PagesiotdiConference Proceedingsconference-collections
research-article

D2TLS: delegation-based DTLS for cloud-based IoT services

Published: 15 April 2019 Publication History

Abstract

The Internet of Things (IoT) becomes proliferated due to the advances in embedded devices, wireless communications, and cloud technologies. However, the security problem in the Internet will be worsened in IoT services considering the constrained resources of IoT devices. We propose a delegation-based DTLS framework (D2TLS) for cloud-based IoT services. D2TLS aims to achieve mutual authentication and to lower the burden of setting up secure connections significantly while keeping the private keys of the IoT devices secret. Leveraging the session resumption in the DTLS standard and introducing a security agent, D2TLS achieves these goals while requiring the modifications only on the client side. That is, the cloud and PKI systems need not change to deploy D2TLS. Numerical results show that D2TLS can achieve better performance in terms of delay and energy consumption than the current DTLS protocol in standalone mode.

References

[1]
Mario Ballano Barcerna and Candid Wueest. 2015. Insecurity in the Internet of Things. White Paper. Symantec (2015). http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/insecurity-in-the-internet-of-things.pdf
[2]
Carsten Bormann, Klaus Hartke, and Zach Shelby. 2014. The Constrained Application Protocol (CoAP). RFC 7252. (June 2014).
[3]
Carsten Bormann, Simon Lemay, Hannes Tschofenig, Klaus Hartke, Bill Silverajan, and Brian Raymor. 2018. CoAP (Constrained Application Protocol) over TCP, TLS, and WebSockets. RFC 8323. (Feb. 2018).
[4]
Tim Dierks. 2008. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246. (Aug. 2008).
[5]
Thomas Fossati and Hannes Tschofenig. 2016. Transport Layer Security (TLS) / Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things. RFC 7925. (19 July 2016).
[6]
Jayavardhana Gubbi, Rajkumar Buyya, Slaven Marusic, and Marimuthu Palaniswami. 2013. Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems 29, 7 (2013), 1645 -- 1660.
[7]
R. Hummen, H. Shafagh, S. Raza, T. Voig, and K. Wehrle. 2014. Delegation-based authentication and authorization for the IP-based Internet of Things. In 2014 Eleventh Annual IEEE International Conference on Sensing, Communication, and Networking (SECON). 284--292.
[8]
Jinjin Liang, Jian Jiang, Haixin Duan, Kang Li, Tao Wan, and Jianping Wu. 2014. When HTTPS Meets CDN: A Case of Authentication in Delegated Service. In IEEE S&P 2014. 67--82.
[9]
Julien Mineraud, Oleksiy Mazhelis, Xiang Su, and Sasu Tarkoma. 2016. A gap analysis of Internet-of-Things platforms. Computer Communications 89--90 (2016), 5--16. Internet of Things Research challenges and Solutions.
[10]
S. R. Moosavi, T. N. Gia, E. Nigussie, A. M. Rahmani, S. Virtanen, H. Tenhunen, and J. Isoaho. 2015. Session Resumption-Based End-to-End Security for Healthcare Internet-of-Things. In Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on. 581--588.
[11]
oneM2M Partners. 2014. oneM2M Security Solutions. Web page. oneM2M Partners (1 August 2014). http://onem2m.org/images/files/deliverables/TS-0003-Security_solutions-V-2014-08.pdf
[12]
Eric Rescorla. 2016. The Transport Layer Security (TLS) Protocol Version 1.3. Internet-Draft draft-ietf-tls-tls13-18. Internet Engineering Task Force. https://tools.ietf.org/html/draft-ietf-tls-tls13-18 Work in Progress.
[13]
Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446. (Aug. 2018).
[14]
Eric Rescorla and Nagendra Modadugu. 2012. Datagram Transport Layer Security Version 1.2. RFC 6347. (Jan. 2012).
[15]
Eric Rescorla, Hannes Tschofenig, and Nagendra Modadugu. 2018. The Datagram Transport Layer Security (DTLS) Protocol Version 1.3. Internet-Draft draft-ietf-tls-dtls13-28. Internet Engineering Task Force. https://datatracker.ietf.org/doc/html/draft-ietf-tls-dtls13-28 Work in Progress.
[16]
Joseph A. Salowey. 2008. Transport Layer Security (TLS) Session Resumption without Server-Side State. RFC 5077. (Jan. 2008).
[17]
Zach Shelby, Michael Koster, Carsten Bormann, Peter Van der Stok, and Christian AmsÃijss. 2018. CoRE Resource Directory. Internet-Draft-ietf-core-resource-directory-15. Internet Engineering Task Force. https://datatracker.ietf.org/doc/html/draft-ietf-core-resource-directory-15 Work in Progress.
[18]
J. Singh, T. Pasquier, J. Bacon, H. Ko, and D. Eyers. 2016. Twenty Security Considerations for Cloud-Supported Internet of Things. IEEE Internet of Things Journal 3, 3 (June 2016), 269--284.
[19]
A. Sivanathan, H. Habibi Gharakheili, F. Loi, A. Radford, C. Wijenayake, A. Vish-wanath, and V. Sivaraman. 2018. Classifying IoT Devices in Smart Environments Using Network Traffic Characteristics. IEEE Transactions on Mobile Computing (2018), 1-1.
[20]
Douglas Stebila and Nick Sullivan. 2015. An analysis of tls handshake proxying. In Trustcom/BigDataSE/ISPA, 2015 IEEE, Vol. 1. IEEE, 279--286.
[21]
Hannes Tschofenig, Jari Arkko, Dave Thaler, and Danny R. McPherson. 2015. Architectural Considerations in Smart Object Networking. RFC 7452. (March 2015).
[22]
wolfSSL. 2018. TLS 1.3 Performance Part 1 - Resumption. Web page. wolfSSL (23 May 2018). https://www.wolfssl.com/tls-1-3-performance-resumption/

Cited By

View all
  • (2023)Encryption Algorithms in IoT: Security vs LifetimeSSRN Electronic Journal10.2139/ssrn.4636161Online publication date: 2023
  • (2023)Intrusion Detection Systems for IoTIoT for Defense and National Security10.1002/9781119892199.ch13(237-258)Online publication date: 6-Jan-2023
  • (2022)Revisiting the Feasibility of Public Key Cryptography in Light of IIoT CommunicationsSensors10.3390/s2207256122:7(2561)Online publication date: 27-Mar-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
IoTDI '19: Proceedings of the International Conference on Internet of Things Design and Implementation
April 2019
299 pages
ISBN:9781450362832
DOI:10.1145/3302505
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

In-Cooperation

  • IEEE CS

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 April 2019

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. DTLS
  2. TLS
  3. cloud service
  4. delegation
  5. internet-of-things

Qualifiers

  • Research-article

Funding Sources

Conference

IoTDI '19
Sponsor:

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)14
  • Downloads (Last 6 weeks)0
Reflects downloads up to 25 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Encryption Algorithms in IoT: Security vs LifetimeSSRN Electronic Journal10.2139/ssrn.4636161Online publication date: 2023
  • (2023)Intrusion Detection Systems for IoTIoT for Defense and National Security10.1002/9781119892199.ch13(237-258)Online publication date: 6-Jan-2023
  • (2022)Revisiting the Feasibility of Public Key Cryptography in Light of IIoT CommunicationsSensors10.3390/s2207256122:7(2561)Online publication date: 27-Mar-2022
  • (2022)Improving efficiency and security of IIoT communications using in-network validation of server certificateComputers in Industry10.1016/j.compind.2022.103802(103802)Online publication date: Nov-2022
  • (2021)Blockchain-Based Context-Aware Authorization Management as a Service in IoTSensors10.3390/s2122765621:22(7656)Online publication date: 18-Nov-2021
  • (2021)How to Survive Identity Management in the Industry 4.0 EraIEEE Access10.1109/ACCESS.2021.30922039(93137-93151)Online publication date: 2021

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media