SecureSense: End-to-end secure communication architecture for the cloud-connected Internet of Things
2017 (English) In: Future Generation Computer Systems, ISSN 0167-739X, E-ISSN 1872-7115, Vol. 77, no Dec, p. 40-51Article in journal (Refereed) Published
Abstract [en]
Constrained Application Protocol (CoAP) has become the de-facto web standard for the IoT. Unlike traditional wireless sensor networks, Internet-connected smart thing deployments require security. CoAP mandates the use of the Datagram TLS (DTLS) protocol as the underlying secure communication protocol. In this paper we implement DTLS-protected secure CoAP for both resource-constrained IoT devices and a cloud backend and evaluate all three security modes (pre-shared key, raw-public key, and certificate-based) of CoAP in a real cloud-connected IoT setup. We extend SicsthSense– a cloud platform for the IoT– with secure CoAP capabilities, and compliment a DTLS implementation for resource-constrained IoT devices with raw-public key and certificate-based asymmetric cryptography. To the best of our knowledge, this is the first effort toward providing end-to-end secure communication between resource-constrained smart things and cloud back-ends which supports all three security modes of CoAP both on the client side and the server side. SecureSense– our End-to-End (E2E) secure communication architecture for the IoT– consists of all standard-based protocols, and implementation of these protocols are open source and BSD-licensed. The SecureSense evaluation benchmarks and open source and open license implementation make it possible for future IoT product and service providers to account for security overhead while using all standardized protocols and while ensuring interoperability among different vendors. The core contributions of this paper are: (i) a complete implementation for CoAP security modes for E2E IoT security, (ii) IoT security and communication protocols for a cloud platform for the IoT, and (iii) detailed experimental evaluation and benchmarking of E2E security between a network of smart things and a cloud platform.
Place, publisher, year, edition, pages 2017. Vol. 77, no Dec, p. 40-51
Keywords [en]
Cloud, CoAP, DTLS, Internet of Things, IoT, Security, Clouds, Internet protocols, Interoperability, Network architecture, Network protocols, Secure communication, Wireless sensor networks, Asymmetric cryptography, Communication architectures, Constrained Application Protocol (CoAP), End-to-end secure communications, Experimental evaluation, Network security
National Category
Computer and Information Sciences
Identifiers URN: urn:nbn:se:ri:diva-30782 DOI: 10.1016/j.future.2017.06.008 Scopus ID: 2-s2.0-85023639574 OAI: oai:DiVA.org:ri-30782 DiVA, id: diva2:1135471
Note Funding details: VINNOVA; Funding text: This research has partly been funded by the Strategic Innovation Program for Internet of Things (SIP-IoT), a joint venture of VINNOVA, Formas och Energimyndigheten; and partly by the EU H2020 project NobelGrid under grant no. 646184.CEBOT;NOBELGRIDVINNOVA;EU, Horisont 2020
2017-08-232017-08-232024-09-04 Bibliographically approved