IETF CoRE working group proposed to use DTLS for supporting secure IoT services. In this paper, we examine problems that can happen when applying the DTLS protocol to IoT networks directly. To solve the problems, we separate the DTLS protocol into two; the handshake phase and the encryption phase. Our approach enhances performance in both device and network by using a way to delegate the DTLS handshake phase. We also present two scenarios (inbound and outbound) based on the properties of Constrained Application Protocol (CoAP) enabled sensors. The proposed scheme supports secure end-toend communication despite using delegation.
The dramatically increasing number of connected things based on Internet protocol is leading to a new concept called the Internet of Things (IoT). The Internet-integrated wireless sensor network has recently become one of the most important service targets in IoT field. To provide secure IoT services, the IETF proposed using Datagram Transport Layer Security (DTLS) as a de facto security protocol. In this paper, we examine problems that can happen when applying the DTLS protocol to the IoT, which comprises constrained devices and constrained networks. To solve the problems at hand, we separate the DTLS protocol into a handshake phase (i.e., establishment phase) and an encryption phase (i.e., transmission phase). Our approach enhances the performance of both device and network by using a way to delegate the DTLS handshake phase. The proposed scheme supports secure end-to-end communication despite using delegation.
Confidentiality, mutual authentication and message origin authentication are required to make a secure service in IoT.Security protocols used in traditional IP Networks cannot be directly adopted to resource constrained devices in IoT.Under the respect, a IETF standard group proposes to use lightweight version of DTLS protocol for supporting security services in IoT environments. However, the protocol can not cover up all of very constrained devices. To solve the problem, we propose a scheme which tends to support mutual authentication and session key agreement between devices that contain only a single crypto primitive module such as hash function or cipher function because of resource constrained property. The proposed scheme enhances performance by pre-computing a session key and is able to defend various attacks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.