End-to-end Transparent Transport-Layer Security for Internet-integrated Mobile Sensing Devices
Authors
Abstract
End-to-end communications with Internet- integrated sensing devices will contribute to the enabling of many of the envisioned IoT applications. Communication technologies with this purpose are currently being designed based on the 6LoWPAN adaptation layer, and of particular interest is CoAP (Constrained Application Protocol). The support of security in end-to-end CoAP communications with mobile Internet-integrated sensing devices is currently a challenge, in particular because of the high cost of performing ECC computations in constrained wireless sensing devices. Other important aspects to consider are the incompatibility of end-to-end security with CoAP proxies and the usage of mobile sensing devices.The mechanisms described in the article offer a practical solution to the previous challenges. We propose a transparently mediated DTLS handshake with mutual authentication and mobility support, with the goal of releasing constrained sensing devices from the burden of having to support costly ECC computations. We employ pre-shared key authentication in sensing devices, together with an authentication protocol for mutual authentication and confidentiality in the WSN side of end- to-end communications. From our experimental evaluation on the impact of the proposed mechanisms on the energy and computational effort required from sensing devices, we are able to verify that the proposed approach is viable in various usage scenarios. Overall, the proposed approach works transparently for the applications running on the Internet clients and sensor devices. It is our goal that, with the proposed mechanisms, distributed IoT applications may benefit from pervasive and transparent end-to-end security, irrespective of the static or mobile nature of the sensing devices employed. Ours is, as far as our knowledge goes, the first proposal with such goals.