The Internet of Things (IoT) has enabled as well as boosted several applications that will radically change everyday life, including smart building, environmental monitoring, smart energy grids, and intelligent transportation. Unlike traditional IT systems, IoT deployments will be directly exposed and reachable over the Internet, and massively composed of constrained devices equipped with limited resources. In such a context, security has been unanimously acknowledged as a fundamental requirement to fulfill, with evident implications on service reliability, privacy, and even safety of facilities and people. At the same time, it is particularly challenging to effectively and efficiently ensure security in the IoT, given the wide range of heterogeneous, dynamic, and possibly large‐scale environments, and the resource‐constrained nature of deployed devices. This chapter overviews the current main security protocols and technologies for the IoT, presents related security issues, and discusses solutions to address them based on recent research and standardization activities

Communication security of an Internet-of-Things (IoT) product depends on the variety of protocols employed throughout its lifetime. The underlying low-power radio communication technologies impose constraints on maximum transmission units and data rates. Surpassing maximum transmission unit thresholds has an important effect on the efficiency of the solution: transmitting multiple fragments over low-power IoT radio technologies is often prohibitively expensive. Furthermore, IoT communication paradigms such as one-to-many require novel solutions to support the applications executing on constrained devices. Over the last decade, the Internet Engineering Task Force (IETF) has been working through its various Working Groups on defining lightweight protocols for Internet-of-Things use cases. “Lightweight” refers to the minimal processing overhead, memory footprint and number of bytes in the air, compared to the protocol counterparts used for non-constrained devices in the Internet. This article overviews the standardization efforts in the IETF on lightweight communication security protocols. It introduces EDHOC, a key exchange protocol, OSCORE and Group OSCORE, application data protection protocols adapted for securing IoT applications. The article additionally highlights the design considerations taken into account during the design of these protocols, an aspect not present in the standards documents. Finally, we present an evaluation of these protocols in terms of the message sizes and compare with the non-constrained counterpart, the (D)TLS protocol. We demonstrate that the novel key exchange protocol EDHOC achieves ×5 reduction over DTLS 1.3 authenticated with pre-shared keys in terms of total number of bytes transmitted over the air, while keeping the benefits of authentication with asymmetric credentials.

The standard ACE framework provides authentication and authorization mechanisms similar to those of the standard OAuth 2.0 framework, but it is intended for use in Internet-of-Things environments. In particular, ACE relies on OAuth 2.0, CoAP, CBOR, and COSE as its core building blocks. In ACE, a non-constrained entity called Authorization Server issues Access Tokens to Clients according to some access control and policy evaluation mechanism. An Access Token is then consumed by a Resource Server, which verifies the Access Token and lets the Client accordingly access a protected resource it hosts. Access Tokens have a validity which is limited over time, but they can also be revoked by the Authorization Server before they expire. In this work, we propose the Usage Control framework as an underlying access control means for the ACE Authorization Server, and we assess its performance in terms of time required to issue and revoke Access Tokens. Moreover, we implement and evaluate a method relying on the Observe extension for CoAP, which allows to notify Clients and Resource Servers about revoked Access Tokens. Through results obtained in a real testbed, we show how this method reduces the duration of illegitimate access to protected resources following the revocation of an Access Token, as well as the time spent by Clients and Resource Servers to learn about their Access Tokens being revoked. 

The standard Constrained Application Protocol (CoAP) is a lightweight, web-transfer protocol based on the REST paradigm and specifically suitable for constrained devices and the Internet-of-Things. Object Security for Constrained RESTful Environment (OSCORE) is a standard, lightweight security protocol that provides end-to-end protection of CoAP messages. A number of methods exist for managing keying material for OSCORE, as to its establishment and update. This paper provides a detailed comparison of such methods, in terms of their features, limitations and security properties. Also, it especially considers the new key update protocol KUDOS, for which it provides a more extended discussion about its features and mechanics, as well as a formal verification of its security properties.

This paper analyzes the problem and requirements of securely distributing software updates over the Internet, to devices in an Industrial Control System (ICS) and more generally in Internet of Things (IoT) infrastructures controlling a physical system, such as power grids and water supply systems. We present a novel approach that allows to securely distribute software updates of different types, e.g., device firmware and customer applications, and from sources of different type, e.g., device operators, device manufacturers and third-party library providers. Unlike previous works on this topic, our approach keeps the device operator in control of the update process, while ensuring both authenticity and confidentiality of the distributed software updates.

I ett elsystem med stor andel intermittent elproduktion från vind och sol kommer behovet av flexibilitet för att balansera variationer i elproduktionen att öka. Efterfrågeflexibilitet kan bidra till att minska problem med flaskhalsar och brist på kapacitet i elnätet samt undvika nedreglering av förnybara energikällor. Det här projektet har undersökt möjligheter och begränsningar för ett koncept där villavärmepumpar aggregeras och styrs via tillverkarnas molntjänster för att hjälpa till att stödja elsystemet med efterfrågeflexibilitet. Fokus har legat på att leverera efterfrågeflexibilitet till tre typer av tjänster, Svenska kraftnäts balanstjänster, lokala flexibilitetsmarknader eller bilaterala avtal. Projektet har tittat på flera aspekter, såsom värmepumpars tekniska begränsningar, hinder kopplat till elmarknaden och elnätet, cybersäkerhetsfrågor samt informationskedjan med fokus på lämpliga kommunikationsprotokoll. Projektets resultat bygger på såväl expertintervjuer som litteraturstudier och fälttester. Resultaten från projektet visar att det finns flera hinder på elmarknaden som försvårar för värmepumpar att erbjuda efterfrågeflexibilitet. Ett hinder är krav på minsta budstorlek för medverkan på Svenska kraftnäts balanstjänster eller de lokala flexibilitetsmarknaderna, vilket medför att ett flertal värmepumpar behöver aggregeras. Ett annat hinder är behovet av att ha samma balansansvarig för alla medverkande i ett bud, samtidigt som det finns en mängd balansansvariga i Sverige. Ett tredje hinder är kravet på realtidsmätning av flexibilitetsresurser. Detta är ett potentiellt problem eftersom dagens värmepumpar saknar elmätare, vilket riskerar att minska noggrannheten i mätningen av efterfrågeflexibilitet. Inom projektet intervjuades tekniska experter från värmepumptillverkarna. De har en gemensam syn på hur snabbt deras värmepumpar kan styras för att minska eller öka effektförbrukningen. Tillsatsvärmaren kan ändra sin effekt på sekunden, men den kan behöva ny programvara anpassade för att leverera flexibilitet. On/offkompressorer kan också stängas av på sekundbasis, men behöver lite mer tid för att starta igen. Värmepumpar med varvtalsstyrda kompressorer justerar sin effekt betydligt långsammare. De kan ta minuter att starta, stoppa, eller reglera varvtalet på. Projektet har undersökt olika sätt att kommunicera mellan aggregator, molntjänst och värmepump. Sju olika kommunikationsstandarder har utvärderats, främst så kallade kommunikations-middleware. OpenADR och IEEE 2030.5 är två USAbaserade standarder som bedöms har stor potential för att möjliggöra efterfrågeflexibilitet från värmepumpar. En potentiell nackdel är att de fortfarande inte är så vanliga i Europa. Intressanta europeiska alternativ är EEBus och EFI/S2. Alla dessa fyra standarder är gratis eller kan köpas för en mindre kostnad. De är inte rangordnade här och mer arbete behövs för att rekommendera någon av dem. Värmepumpar måste styras via internet för att kunna bidra till flexibilitet på ett effektivt sätt. Detta kan, liksom för alla internetanslutna enheter, göra dem sårbara för cyberattacker. Hotet från cyberattacker måste tas på allvar, hackade värmepumpar kan orsaka stora problem inte bara för de enskilda värmepumpsägarna utan också vara en risk för elsystemet som helhet.

The Constrained Application Protocol (CoAP) is a major application-layer protocol for the Internet of Things (IoT). The recently standardized security protocol Object Security for Constrained RESTful Environments (OSCORE) efficiently provides end-to-end security of CoAP messages at the application layer, also in the presence of untrusted intermediaries. At the same time, CoAP supports one-to-many communication, targeting use cases such as smart lighting and building automation, firmware update, or emergency broadcast. Securing group communication for CoAP has additional challenges. It can be done using the novel Group Object Security for Constrained RESTful Environments (Group OSCORE) security protocol, which fulfills the same security requirements of OSCORE in group communication environments. While evaluations of OSCORE are available, no studies exist on the performance of Group OSCORE on resource-constrained IoT devices.This article presents the results of our extensive performance evaluation of Group OSCORE over two popular constrained IoT platforms, namely Zolertia Zoul and TI Simplelink. We have implemented Group OSCORE for the Contiki-NG operating system and made our implementation available as open source software. We compared Group OSCORE against unprotected CoAP as well as OSCORE. To the best of our knowledge, this is the first comprehensive and experimental evaluation of Group OSCORE over real constrained IoT devices. © 2022 Copyright held by the owner/author(s).

The 6TiSCH architecture defined by the IETF provides a standard solution for extending the Internet of Things (IoT) paradigm to industrial applications with stringent reliability and timeliness requirements. In this context, communication security is another crucial requirement, which is currently less investigated in the literature. In this article, we present a deep assessment of the security vulnerabilities of 6P, the protocol used for resource negotiation at the core of the 6TiSCH architecture. Specifically, we highlight two possible attacks against 6P, namely the Traffic Dispersion and the Overloading attacks. These two attacks effectively and stealthy alter the communication schedule of victim nodes and severely thwart network basic functionalities and efficiency, by specifically impacting network availability and energy consumption of victim nodes. To assess the impact of the attacks two analytical models have been defined, while, to demonstrate their feasibility, they have been implemented in Contiki-NG. The implementation has been used to quantitatively evaluate the impact of the two attacks by both simulations and measurements in a real testbed. Our results show that the impact of both attacks may be very significant. The impact, however, strongly depends on the position of the victim node(s) in the network and it is highly influenced by the dynamics of the routing protocol. We have investigated mitigation strategies to alleviate this impact and proposed an extended version of the Minimal Scheduling Function (MSF), i.e., the reference scheduling algorithm for 6TiSCH. This allows network nodes to early detect anomalies in their schedules possibly due to an Overloading attack, and thus curb the attack impact by appropriately revising their schedule.

The 6TiSCH architecture defined by the IETF provides a standard solution for extending the Internet of Things (IoT) paradigm to industrial applications with stringent reliability and timeliness requirements. In this context, communication security is another crucial requirement, which is currently less investigated in the literature. In this article, we present a deep assessment of the security vulnerabilities of 6P, the protocol used for resource negotiation at the core of the 6TiSCH architecture. Specifically, we highlight two possible attacks against 6P, namely the Traffic Dispersion and the Overloading attacks. These two attacks effectively and stealthy alter the communication schedule of victim nodes and severely thwart network basic functionalities and efficiency, by specifically impacting network availability and energy consumption of victim nodes. To assess the impact of the attacks two analytical models have been defined, while, to demonstrate their feasibility, they have been implemented in Contiki-NG. The implementation has been used to quantitatively evaluate the impact of the two attacks by both simulations and measurements in a real testbed. Our results show that the impact of both attacks may be very significant. The impact, however, strongly depends on the position of the victim node(s) in the network and it is highly influenced by the dynamics of the routing protocol. We have investigated mitigation strategies to alleviate this impact and proposed an extended version of the Minimal Scheduling Function (MSF), i.e., the reference scheduling algorithm for 6TiSCH. This allows network nodes to early detect anomalies in their schedules possibly due to an Overloading attack, and thus curb the attack impact by appropriately revising their schedule. 

The Constrained Application Protocol (CoAP) is a standard communication protocol for resource-constrained devices in the Internet of Things (IoT). Many IoT deployments require proxies to support asynchronous communication between edge devices and the back-end. This allows (non-trusted) proxies to access sensitive parts of CoAP messages. Object Security for Constrained RESTful Environments (OSCORE) is a recent standard protocol that provides end-to-end security for CoAP messages at the application layer. Unlike the commonly used standard Datagram Transport Layer Security (DTLS), OSCORE efficiently provides selective integrity protection and encryption on different parts of CoAP messages. Thus, OSCORE enables end-to-end security through intermediary (non-trusted) proxies, while still allowing them to perform their expected services, with considerable security and privacy improvements.

To assess whether these security features consume too much of the limited resources available on a constrained device, we have implemented OSCORE (the implementation is available as open-source), and evaluated its efficiency. This paper provides a comprehensive, comparative and experimental performance evaluation of OSCORE on real resource-constrained IoT devices, using the operating system Contiki-NG as IoT software platform. In particular, we experimentally evaluated the efficiency of our OSCORE implementation on resource-constrained devices running Contiki-NG, in comparison with the DTLS implementation TinyDTLS maintained by the Eclipse Foundation. The evaluation results show that our OSCORE implementation displays moderately better performance than TinyDTLS, in terms of per-message network overhead, memory usage, message round-trip time and energy efficiency, thus providing the security improvements of OSCORE with no additional performance penalty.