Abstract-Real-world deployments of wireless sensor networks (WSNs) require secure communication. It is important that a receiver is able to verify that sensor data was generated by trusted nodes. It may also be necessary to encrypt sensor data in transit. Recently, WSNs and traditional IP networks are more tightly integrated using IPv6 and 6LoWPAN. Available IPv6 protocol stacks can use IPsec to secure data exchange. Thus, it is desirable to extend 6LoWPAN such that IPsec communication with IPv6 nodes is possible. It is beneficial to use IPsec because the existing end-points on the Internet do not need to be modified to communicate securely with the WSN. Moreover, using IPsec, true end-to-end security is implemented and the need for a trustworthy gateway is removed.In this paper we provide End-to-End (E2E) secure communication between IP enabled sensor networks and the traditional Internet. This is the first compressed lightweight design, implementation, and evaluation of 6LoWPAN extension for IPsec. Our extension supports both IPsec's Authentication Header (AH) and Encapsulation Security Payload (ESP). Thus, communication endpoints are able to authenticate, encrypt and check the integrity of messages using standardized and established IPv6 mechanisms.
Abstract-Real-world deployments of wireless sensor networks require secure communication. In many application cases it is sufficient to provide message authentication at the sink. To implement this requirement using symmetric ciphers, keys shared between each sensor node and the sink have to be established and kept fresh during network operation. This paper presents a key distribution scheme based on the well known Elliptic Curve Diffie-Hellman key exchange mechanism that allows us to fulfil the previously outlined requirements efficiently. The DHB-KEY scheme requires only the distribution of a single sink-initiated broadcast message to set individual keys on all sensor nodes. Thus, DHB-KEY has a low complexity and preserves scarce resources such as bandwidth and energy. In the paper we present a protocol specification based on the DHB-KEY scheme and its implementation for the well known TinyOS platform. A physical intrusion detection system in an office building is used to evaluate the protocol implementation. The evaluation shows that DHB-KEY is practical in real-world deployments.
The future Internet of Things (IoT) may be based on the existing and established Internet Protocol (IP). Many IoT application scenarios will handle sensitive data. However, as security requirements for storage and communication are addressed separately, work such as key management or cryptographic processing is duplicated. In this paper we present a framework that allows us to combine secure storage and secure communication in the IP-based IoT. We show how data can be stored securely such that it can be delivered securely upon request without further cryptographic processing. Our prototype implementation shows that combined secure storage and communication can reduce the security-related processing on nodes by up to 71% and energy consumption by up to 32.1%.
Mobile networking i s becoming popular. The increase inmobile cwmunicationmakes the lackingproblem in number of addresses for IPV4 more serious. To solve this problem, this paper proposes an approach to f u l f i l l a m b i l e IPprotocol byusingastateful NAT(Netw0rkaddress Translation) technology. This approach i s able to c o m i c a t e through information sharingby theNATaddress mapping between HA and FA. Iherefore, the preferred protocol i s not requiring an additional procedure between HAandFAforprocessing, whichrelatethemobilityandit's showing a normal procedure of the mobile IP. This paper presents a detailed design of the statful NAT approach.
A new generation of WSN communication transceivers are now available that support time-of-flight distance measurement. This measurement can be inseparably integrated with message transmission making it possible to authenticate messages based on distance. In this paper we present a practical implementation of Distance Based Message Authentication (DBMA) for WSNs using Nanotron NA5TR1 transceivers. We show that DBMA can be used to reject messages sent from outside a secure (trusted) area. With DBMA, messages can be authenticated without involving costly cryptographic algorithms. The DBMA implementation is evaluated in two different deployment scenarios. Distance measurement errors and their impact on the size of the required secure area are evaluated. Furthermore, we present methods to reduce the size of the required secure area.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.