Security architecture of Internet of things using recursive encryption algorithm and CoAP

Yuan-yuan FENG, Wei-qun ZHANG, Li ZHAO

(1Department of Electrical Information Engineering, Sichuan Engineering Technical College, Deyang 618000, China) (2School of Software, Shanxi University, Taiyuan 030013, China)

Abstract: Aiming at the security problems in the Internet of things, the end to end security architecture of Internet of things is proposed based on recursive encryption algorithm (ESARE). Architecture model is used to bridge the server and client state, object security concepts and related data are used to describe the communication terminal, Constrained Application Protocol (CoAP) is used to issue a certificate to the limited node authorization server, and access key is subscribed by a client, so as to ensure the client can request resources from the restricted CoAP node based on recursive encryption. The experimental results show that ESARE is superior to Datagram Transport Layer Security (DTLS) and DNS-SEC security schemes in terms of computational overhead, response latency and security performance.

Key words: Internet of things, Recursive encryption, Constrained application protocol, Computational overhead, Response latency

Internet of Things is not only an important part of the new generation of information technology but also an important period of information technology development stage [1]. Internet of Things, which has been widely used in the integration of the network, brings a lot of convenience for people on both work and life. However, with the increasingly popular of Internet of Things, the security issues have become one of the major bottlenecks restricting the development of Internet of Things [2].

At present, the Internet-related security research focuses on how to design lightweight security protocol variants and migrate these variants to restricted nodes [3]. For example, Datagram Transport Layer Security (DTLS) is applied under the leadership of IETF [4] through a complete point-to-point security protocol to protect the communication between the limited equipment based on Constraint Application Protocol (CoAP) with the client. However, the memory of the restricted node limits the number of DTLS sessions and causes DTLS lacking universality, which means that though CoAP can fully support the application requirements, but the calculation cost is very expensive. In addition, the literature [5] emphasizes that DNS is a security extension based on the application layer’s DNS-SEC [6], rather than the connection-oriented DTLS protocol, the information trust depends on the trusted entity, the calculation cost is relatively reduced, however, DNS exists a larger problem about the response latency [7].

Based on the above analysis, the authors propose an end to end Security Architecture of Internet of things based on Recursive Encryption algorithm (ESARE), this framework bridges the state between the server and the client through the architecture model and describes the communication terminal with the data security concept associated with the data, causes the restricted CoAP node to issue a certificate to the authorized server, subscribes to the access key obtained by the client, and ensures that the client can request resources from the restricted CoAP node by the recursive encryption algorithm. The performance of the proposed architecture is analyzed and evaluated on two typical networking equipment platforms, the results show that the proposed ESARE performance is superior to DTLS and DNS-SEC security scheme.

1 Proposed security architecture

ESARE relies on the security and authentication channels which are established based on DTLS for certificate and access key distribution. The proposed architecture is a combination of connection-oriented security concepts and content-centric networks.

1.1 ESARE security architecture

ESARE security architecture, the main structure is as follows:

(1) Producer: A restricted CoAP node provides data in the form of signature and encryption of resources, such as temperature, humidity and CO2.

(2) Consumer: The representation of the request from CoAP client to the producer for the resource.

(3) Authorization server: A trusted entity for storing a digital certificate, receiving a subscriber’s subscription, and providing a representation of access to the encrypted protected producer resource. When the consumer requests access to the producer resource, the authorization server returns the access key represented by the producer resource.

(4) Proxy server: Provides a cache service between producers and consumers and hides unused producers, producers, and consumers with the same interface.

Assume that a valid certificate is issued by the certification institutions to the producer and the consumer. The producer uses the private key to sign the resource representation, which is the token generated by the authorization server (namely, the producer derives a symmetric encryption key to encrypt the resource representation). The access key has a corresponding public identifier that can be shared by multiple producers to protect common resources. For example, all the temperature of a building can be protected with the same access key. Producers, consumers, and authorized servers could use secure DTLS session to exchange encrypted messages [8].

The producerPmanages a set of resources and a set of access keysSjfrom the authorization server, 1≤i≤M. The access keySjdefines a group of access authorities with different authorization levels, and the relationship between thejthaccess keySjand the first resource representation depends on the authorization strategy. The memory overhead is introduced to define the total number of access keys (namely, the necessary space for the local storage ofP). {X}Kjrepresents the resource symmetric encryption based on the access keyKj. AndKjis derived from the access keySj, which is expressed as follows:

Kj=f(Sj,MID,CEFID)

(1)

Where,f( ) is the general random function,MIDis the CoAP header identifier information,CEFIDis the unique identifier of the node in the certificate.

The consumer, producer, and authorization server will manage the access key, and the authorization server uses idempotent method of CoAP to create or update the key. Once the consumers obtain the access keySjfrom the authorization server, the GET method on the resourceRican be invoked. The producer returns the resource that is encrypted with private keyKj, and only the consumer with the access keySjcan decrypt the resource. In addition, the digital certificate and the firmware device of producer and consumer are bound together, the certificate itself will contain a list of support keys. Producers and consumers can learn the keys in digital certificates distributed by authorized servers and save the cost of negotiating passwords. To support this operation, the additional receive option of CoAP header is required to carry the password selected by the requesting originator.

1.2 ESARE

If the nodexis a leaf node, seti=attrx, ifi∈S, then

(2)

(3)

(4)

1.3 Packet overhead

Except for the specific cipher overhead, ESARE requires two additional fields for each transport packet: ① access key ID, identifier of the access key used to export the encryption key;② certificate ID, the node identifier of the signature object, that is, the certificate of the corresponding key. In addition, if the local access key ID cannot be requested from the authorization server, the receiver access key ID is used as the index of the corresponding access key. Similarly, the certificate ID is firstly imported during the key generation process, and then it is used to find the digital certificate for signature verification. If the certificate is not available locally, one can apply from the authorization server. The proposed scheme uses a byte field as the unique identifier, and a major part of the packet overhead comes from the digital signature. For example, in the case of the secp160r1 ECC curve, the length of the signature is 48 bytes; in the larger secp192r1 curve, the length of the signature is 60 bytes. The ESARE payload byte used for communication uses a key based on the CoAP content format option, which adds 2 bytes as a signaling before the CoAP minimum header.

All the required components of ESARE implementation are available from the open source code, for example, the password suite achieved by DTLS can be fully used. The only thing need to do during the creation process of ESARE block is to add DTLS implementation of the object security analysis database and a small part of the memory overhead [9]. According to the application requirements, access keys and other certificates can be preloaded into the cache to improve performance and then the communication with the authorized server can be avoided. Besides, there is no need to modify the operating system kernel when operate ESARE from the aspect of the application layer.

1.4 Replay Attacks

In order to protect the communication between producers and consumers as well as to avoid replay attacks, it is necessary to manage some states between producers and consumers. The method of obtaining the encryption key from the access key and the MID allows the consumer to detect the replay of the resource is an approach to deal this problem, but after the producer/consumer loses the MID or MID has finished, this method is vulnerable to replay attacks. In order to solve this problem, the update of access key is performed based on the key management scheme. Because the group members of the shared access key maybe on the same local network, this update may increase communication overhead between restricted networks. In order to weight and balance the security and the network performance, it is necessary to select an appropriate update rate of access key. Thus, the proposed architecture takes the random update of access key and optimal system performance acquired based on different communication modes into account.

Assume that the MID handles CoAP continuously to provide long-term copy detection. Based on this assumption, it is assumed that consumers and producers monotonically increase local MID variables and track their communication nodes. The locally sent CoAP packet contains a resource payload and has a continuous time Markov chain. In the CoAP specification, the MID is 16 bits, the maximum length of the unique allowed identified packets is 216-1 bits.

If the MID is not updated when the MID is packaged, the node enters a state that suffered from the replay attacks. At any time, the update of access key will effectively reset the Markov chain to the initial state {0,0}, the possibility of replay attacks could be determined by finding the sum state of the conditional probabilityπij:

(5)

and then:

(6)

According to the equations (5) and (6)，whenρ=λ/μ，the following formula can be obtained：

(7)

Since the encryption key is bound to the producer’s unique identifier, the probability is independent of the number of nodes sharing the same access key, which is important for the extensibility of ESARE. A network attacker can replay an old message with a MID. Since the encryption key of the payload of the message relies on the MID, the consumer is not aware of the injection and will wrongly think that the received old message is a new message. By updating the access key over time, the node can be effectively protected from such attacks. By using different access keys can reduce the attack probability as much as possible, which will be helpful to the parameterization of access key update frequency.

After receiving the ciphertext, the receiver will obtain the plaintext through the decoding algorithm DectNode. DectNode can be described as a recursive algorithm, in order to facilitate the discussion, proposed a simple decoding algorithm.

2 Experimental results

Based on two typical Internet of Things equipment platforms, the elliptic curve of ESARE based on constrained nodes [10-11] is used to calculate the computational cost and request response delay of digital signatures. The two platforms are as follows: ① 16-bit MSP430 and 32KB RAM microcontrollers (Microcontroller unit, MCU), instruction-level simulator and Contiki simulator [12]. ② ST GreenNet energy collection prototype platform, based on 32KB RAM ultra-low power 32-bit ARM Cortex-M3 MCU and 802.15.4 wireless transceiver. Experiments are conducted based on the above two platforms for ESARE to compare the performance with DTLS and DNS-SEC.

In the network deployment of 16 client experiments, ESARE and DTLS, DNS-SEC under high computational load conduct wireless communication transactions. As shown in Table 1, the MSP430 platform node runs the clients based on the above three methods, respectively. The DTLS consumes 83.12% of the energy in the request response exchange process (including the DTLS handshake). The DNS-SEC consumes 75.43% of the energy, and ESARE consumes only 60.37% of the energy. Similarly, in the ARM Cortex M3 platform nodes are running respectively based on the above three methods of the client, DTLS in response to the request to exchange the process (including DTLS handshake) MCU cost 71.57%, DNS-SEC consumes 62.21% of the energy, while ESARE consumes only 51.78% of the energy. Thus, ESARE has better performance in terms of computational overhead than DTLS and DNS-SEC.

Table 1 also gives the total cost-per-request delay for ESARE, DTLS and DNS-SEC at different nodes. It can be seen that the effect of increasing the number of nodes on ESARE is small because ESARE does not need a secure handshake before the request is sent, and the delay is mainly the signature verification overhead. However, both DTLS and DNS-SEC methods will lead to higher latency along with the increase of the number of nodes.

In addition, the large-scale evaluation network based on 16 clients in both platforms, are shown in Table 2, the DTLS and DNS-SEC handshake failure rates will get increased due to randomness of the wireless link. It is noteworthy that, as the number of nodes increases, the handshake failure rate of ESARE will be significantly lower than those of the DTLS and DNS-SEC, which is the result of that the ESARE has larger ECC curve compensates for the authentication signature and offsetting the impact of the increase in the node.

Table 1 Comparison of computing overhead and time delay of security architecture based on typical IOT platform

Security Architec-tureMSP430 platformcomputa-tional over-head /%Response latency/msARM Cortex M3 platformcomputa-tional over-head /%Response latency/msDTLS83.128.2171.576.27DNS-SEC75.4315.3962.2112.15ESARE60.377.6851.785.93

Table 2 Comparison of security architecture of typical IOT platform

Security ArchitectureNumber of nodes5102050DTLS handshake failure rate/%1.212.235.459.83DNS-SEC handshake failure rate/%1.143.587.6712.32ESARE handshake failure rate/%1.071.693.835.27

3 Conclusion

Aiming at the security problem in the Internet of Things, this paper puts forward a security method based on ESARE. This method is based on the concept of object security, and the application payload security is designed to make up the shortcomings of the existing security algorithms. The proposed architecture is analyzed and evaluated based on two typical networking equipment platforms. The experimental results show that the proposed ESARE is superior to DTLS and DNS-SEC in terms of computational overhead, request response delay and security performance.

Acknowledgements

Supported by Basic Research Project of Shanxi Province-Youth Science and Technology Research Fund (No.2014021039-6).