A survey on secure communication protocols for IoT systems

Proceedings - 2016 International Workshop on Secure Internet of Things, SIoT 2016

Volumn , Issue , 2017, Pages 47-62

  Dragomir, Dan ^a   Gheorghe, Laura ^b   Costea, Sergiu ^a   Radovici, Alexandru ^a  

^a UNIVERSITY POLITEHNICA OF BUCHAREST   (Romania)

^b ACADEMY OF ROMANIAN SCIENTISTS   (Romania)

Author keywords

authentication; confidentiality; integrity; Internet of Things; security; standard

Indexed keywords

AUTHENTICATION; NETWORK PROTOCOLS; NETWORK SECURITY; STANDARDS;

COMMUNICATION AND CONTROL; CONFIDENTIALITY; INDUSTRY ALLIANCES; INTEGRITY; INTERNET OF THING (IOT); SECURITY; SECURITY CAPABILITY; SECURITY RESEARCH;

INTERNET OF THINGS;

EID: 85019913086     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SIoT.2016.012     Document Type: Conference Paper

References (89)

1. M. Farooq, M. Waseem, A. Khairi, and S. Mazhar, "A Critical Analysis on the Security Concerns of Internet of Things ( IoT )," International Journal of Computer Applications, vol. 111, no. 7, pp. 1-6, 2015.
2. C. Kolias, A. Stavrou, and J. Voas, "Securely making things right," Computer, vol. 48, no. 9, pp. 84-88, 2015.
3. V. Bhuvaneswari and R. Porkodi, "The internet of things (IOT) applications and communication enabling technology standards: An overview," in International Conference on Intelligent Computing Applications, ICICA 2014, 2014, pp. 324-329.
4. S. M. Sajjad and M. Yousaf, "Security analysis of IEEE 802.15.4 MAC in the context of Internet of Things (IoT)," in 2014 Conference on Information Assurance and Cyber Security (CIACS), 2014, pp. 9-14. [Online]. Available: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6861324
5. J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, "Internet of Things (IoT): A vision, architectural elements, and future directions," Future Generation Computer Systems, vol. 29, no. 7, pp. 1645-1660, 2013. [Online]. Available: http://dx.doi.org/10.1016/j.future.2013.01.010
6. K. Ashton, "That internet of things thing," 2009. [Online]. Available: http://www.rfidjournal.com/articles/view?4986
7. "Gartner says 4.9 billion connected "things" will be in use in 2015," 2014. [Online]. Available: http://www.gartner.com/newsroom/id/2905717
8. I. Ishaq, D. Carels, G. Teklemariam, J. Hoebeke, F. Abeele, E. Poorter, I. Moerman, and P. Demeester, IETF Standardization in the Field of the Internet of Things (IoT): A Survey, 2013, vol. 2, no. 2. [Online]. Available: http://www.mdpi.com/2224-2708/2/2/235/htm
9. E. Vasilomanolakis, J. Daubert, and M. Luthra, "On the Security and Privacy of Internet of Things Architectures and Systems," in Secure Internet of Things (SIoT 2015), 2015, pp. 49-57. [Online]. Available: https://www.informatik.tu-darmstadt.de/fileadmin/user upload/Group TK/filesDownload/Published Papers/SIoTpaper.pdf
10. "50 sensor applications for a smarter world." [Online]. Available: http://www.libelium.com/resources/top 50 iot sensor applications ranking/
11. M. Abomhara and G. M. Koien, "Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks," Journal of Cyber Security and Mobility, vol. 4, no. 1, pp. 65-88, 2015. [Online]. Available: http://www.riverpublishers.com/journal read html article.php?j=JCSM/4/1/4
12. "Real-world security and the internet of things," 2016. [Online]. Available: https://www.schneier.com/blog/archives/2016/07/real-world secu.html
13. R. Mahmoud, T. Yousuf, F. Aloul, and I. Zualkernan, "Internet of Things ( IoT ) Security : Current Status , Challenges and Prospective Measures," in 10th International Conference for Internet Technology and Secured Transactions (ICITST), 2015, pp. 336-341.
14. Z. Z.-K., C. M.C.Y., and S. S., "Emerging security threats and countermeasures in IoT," in ASIACCS 2015-Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, 2015, pp. 1-6. [Online]. Available: http://www.scopus.com/inward/record. url?eid=2-s2.0-84942523308{&}partnerID=40{&}md5= 3c4a207d8590001416184468e21e3d27
15. Y. Wang, G. Attebury, and B. Ramamurthy, "A survey of security issues in wireless sensor networks," IEEE Communications Surveys & Tutorials, vol. 8, no. 2, pp. 2-23, 2006. [Online]. Available: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=4109893
16. A. Barki, A. Bouabdallah, S. Gharout, and J. Traore, "M2M Security: Challenges and Solutions," IEEE Communications Surveys & Tutorials, no. c, pp. 1-1, 2016. [Online]. Available: http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=7373528
17. L. Miller, IoT Security for Dummies. John Wiley & Sons, Ltd, 2016.
18. S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, "Security, privacy and trust in Internet of Things: The road ahead," Computer Networks, vol. 76, pp. 146-164, 2015. [Online]. Available: http://dx.doi.org/10.1016/j.comnet.2014. 11.008
19. J. Daubert, A. Wiesmaier, and P. Kikiras, "A view on privacy & trust in IoT," in 2015 IEEE International Conference on Communication Workshop, ICCW 2015, 2015, pp. 2665-2670.
20. A. Pfitzmann and M. Hansen, "A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management," Tech. Rep., 2009. [Online]. Available: http://dud.inf.tu-dresden.de/Anon Terminology.shtml\delimiter"026E30Fnhttp://dud. inf.tu-dresden.de/literatur/Anon Terminology v0.34.pdf
21. Low-Rate Wireless Personal Area Networks (LR-WPANs), IEEE Std. 802.15.4, 2011. [Online]. Available: http: //standards.ieee.org/getieee802/download/802.15.4-2011.pdf
22. Advanced Encryption Sstandard (AES), NIST Std. FIPS-197, 2001. [Online]. Available: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
23. M. Dworkin, Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality, NIST Std. Special Publication 800-38C, 2004. [Online]. Available: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf
24. "2.4 GHz IEEE 802.15.4 /ZigBee-ready RF Transceiver (CC2420)," Texas Instruments, Dallas, USA. [Online]. Available: http://www.ti.com/lit/ds/symlink/cc2420.pdf
25. "2.4 GHz IEEE 802.15.4 /ZigBee RF Transceiver (CC2520)," Texas Instruments, Dallas, USA. [Online]. Available: http://www.ti.com/lit/ds/symlink/cc2530.pdf
26. "8-bit AVR Microcontroller with Low Power 2.4GHz Transceiver for ZigBee and IEEE 802.15.4-ATmega128RFA1," Atmel, San Jose, USA. [Online]. Available: http://www.atmel.com/Images/Atmel-8266-MCU Wireless-ATmega128RFA1 Datasheet.pdf
27. IEEE, "802.11-1997 standard," Tech. Rep. [Online]. Available: http://standards.ieee.org/getieee802/download/802. 11n-2009.pdf
28. -, "802.11n-2009 standard," Tech. Rep. [Online]. Available: http://standards.ieee.org/getieee802/download/802. 11ac-2013.pdf
29. -, "802.11ac-2013 standard," Tech. Rep. [Online]. Available: https://standards.ieee.org/findstds/standard/802.11-1997. html
30. E. Tews and M. Beck, "Practical attacks against wep and wpa," in Proceedings of the second ACM conference on Wireless network security. ACM, 2009, pp. 79-86.
31. ISO, "ISO/IEC 14443," Tech. Rep. [Online]. Available: http://www.iso.org/iso/home/store/catalogue ics/catalogue detail ics.htm?csnumber=70171
32. -, "ISO/IEC 18092," Tech. Rep. [Online]. Available: http: //www.iso.org/iso/catalogue detail.htm?csnumber=56692
33. Sony, "Felica," Tech. Rep. [Online]. Available: http://www.sony.net/Products/felica/business/tech-support/data/M830 NFC FeliCa 1.1e.pdf
34. ISO, "ISO/IEC 15693," Tech. Rep. [Online]. Available: http://www.iso.org/iso/iso catalogue/catalogue ics/catalogue detail ics.htm?csnumber=39694
35. K. Breitfuß and E. Haselsteiner, "Security in near field communication," in Workshop on RFID security, 2006.
36. "LoRaWAN. What is it? A technical overview of LoRa and LoRaWAN," LoRa Alliance, Tech. Rep. November, 2015.
37. "LPWA Technologies. Unlock New IoT Market Potential." LoRa Alliance, Tech. Rep. November, 2015.
38. N. Sornin, M. Luis, T. Eirich, T. Kramp, and O. Hersent, "LoRaWAN Specification," LoRa Alliance, Inc., Tech. Rep., 2015. [Online]. Available: https://www.lora-alliance. org/portals/0/specs/LoRaWANSpecification1R0.pdf
39. "About z-wave technology." [Online]. Available: http: //z-wavealliance.org/about z-wave technology/
40. "Making Sense of IoT Standards," Redbend, Tech. Rep. March, 2015.
41. A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and M. Ayyash, "Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications," IEEE Communications Surveys and Tutorials, vol. 17, no. 4, pp. 2347-2376, 2015.
42. B. Fouladi and S. Ghanoun, "Security Evaluation of the ZWaveWireless Protocol," in Black Hat Conference, 2013, p. 6.
43. G.9959 : Short range narrow-band digital radiocommunication transceivers-PHY and MAC layer specifications, ITU-T Std. G.9959 (02/12), 2012. [Online]. Available: https://www.itu.int/rec/T-REC-G.9959
44. J. D. Fuller, B. W. Ramsey, J. Pecarina, and M. Rice, "Wireless intrusion detection of covert channel attacks in ITU-T G.9959-based networks," in Proceedings of the 11th International Conference on Cyber Warfare and Security, ICCWS 2016, 2016, pp. 137-145.
45. Specification of the Bluetooth System, Bluetooth SIG Core Specification, Rev. 4.2, Dec. 2014. [Online]. Available: https://www.bluetooth.org/DocMan/handlers/DownloadDoc.ashx?doc id=286439
46. Recommended Elliptic Curves for Federal Goverment Use, NIST Std., 1999. [Online]. Available: http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf
47. M. Dworkin, Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, NIST Std. Special Publication 800-38B, 2005. [Online]. Available: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38b.pdf
48. C. Gomez, J. Oller, and J. Paradells, "Overview and evaluation of Bluetooth Low Energy: An emerging low-power wireless technology," Sensors, vol. 12, no. 9, pp. 11 734-11 753, 2012.
49. M. Ryan, "Bluetooth: With low energy comes low security," Presented as part of the 7th USENIX Workshop on Offensive Technologies. USENIX, 2013. [Online]. Available: https://www.usenix.org/conference/woot13/workshop-program/presentation/Ryan
50. "Thread Stack Fundamentals," Thread Group, Tech. Rep., 2015.
51. F. Hao, "J-PAKE: Password Authenticated Key Exchange by Juggling," Internet Engineering Task Force, Internet-Draft draft-hao-jpake-04, Jul. 2016, work in Progress. [Online]. Available: https://tools.ietf.org/html/draft-hao-jpake-04
52. -, "Schnorr NIZK Proof: Non-interactive Zero Knowledge Proof for Discrete Logarithm," Internet Engineering Task Force, Internet-Draft draft-hao-schnorr-04, Jul. 2016, work in Progress. [Online]. Available: https://tools.ietf.org/html/draft-hao-schnorr-04
53. "Thread Commissioning," Thread Group, Tech. Rep., 2015.
54. ZigBee Specification, ZigBee Alliance Std. Document 053 474r17, 2008.
55. G. Dini and M. Tiloca, "Considerations on security in zigbee networks," in International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC). IEEE, Jun. 2010, pp. 58-65.
56. K. Masica, "Recommended practices guide for securing zigbee wireless networks in process control system environments," Lawrence Livermore National Laboratory, Tech. Rep., 2007. [Online]. Available: http: //cms.doe.gov/sites/prod/files/oeprod/DocumentsandMedia/Securing ZigBee Wireless Networks.pdf
57. The Keyed-Hash Message Authentication Code (HMAC), NIST Std. FIPS-198-1, 2008. [Online]. Available: http://csrc. nist.gov/publications/fips/fips198-1/FIPS-198-1 final.pdf
58. G. Montenegro, J. Hui, D. Culler, and N. Kushalnagar, Transmission of IPv6 Packets over IEEE 802.15.4 Networks, Internet Engineering Task Force (IETF) Std. RFC 4944, Sep. 2007. [Online]. Available: https://tools.ietf.org/html/rfc4944
59. Z. Shelby, J. Nieminen, T. Savolainen, M. Isomaki, B. Patil, and C. Gomez, IPv6 over BLUETOOTH(R) Low Energy, Internet Engineering Task Force (IETF) Std. RFC 7668, Oct. 2015. [Online]. Available: https://tools.ietf.org/html/rfc7668
60. A. Brandt and J. Buron, Transmission of IPv6 Packets over ITU-T G.9959 Networks, Internet Engineering Task Force (IETF) Std. RFC 7428, Feb. 2015. [Online]. Available: https://tools.ietf.org/html/rfc7428
61. J.-S. Youn and Y.-G. Hong, "Transmission of IPv6 packets over Near Field Communication," Internet Engineering Task Force (IETF), Internet-Draft draft-ietf-6lo-nfc-04, Jul. 2016, Work in Progress. [Online]. Available: https://tools.ietf.org/html/draft-ietf-6lo-nfc-04
62. P. B. Mariager, J. T. Petersen, M. van de Logt, D. Barthel, and Z. Shelby, "Transmission of IPv6 packets over DECT Ultra Low Energy," Internet Engineering Task Force (IETF), Internet-Draft draft-ietf-6lo-dect-ule-05, Mar. 2016, Work in Progress. [Online]. Available: https://tools.ietf.org/html/draft-ietf-6lo-dect-ule-05
63. K. Lynn, J. Martocci, C. Neilson, and S. Donaldson, "Transmission of IPv6 over MS/TP networks," Internet Engineering Task Force (IETF), Internet-Draft draft-ietf-6lo-6lobac-05, Jun. 2016, Work in Progress. [Online]. Available: https://tools.ietf.org/html/draft-ietf-6lo-6lobac-05
64. S. Raza, T. Chung, S. Duquennoy, T. Voigt, U. Roedig et al., "Securing internet of things with lightweight ipsec," 2010.
65. S. Raza, S. Duquennoy, T. Chung, D. Yazar, T. Voigt, and U. Roedig, "Securing communication in 6LoWPAN with compressed IPsec," in International Conference on Distributed Computing in Sensor Systems and Workshops (DCOSS). IEEE, 2011, pp. 1-8.
66. S. Raza, S. Duquennoy, J. Hoglund, U. Roedig, and T. Voigt, "Secure communication for the Internet of Things-A comparison of link-layer security and IPsec for 6LoWPAN," Security and Communication Networks, vol. 7, no. 12, pp. 2654-2668, 2014.
67. A. Brandt, J. Vasseur, J. Hui, K. Pister, P. Thubert, P. Levis, R. Struik, R. Kelsey, T. H. Clausen, and T. Winter, RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks, Internet Engineering Task Force (IETF) Std. RFC 6550, Mar. 2012. [Online]. Available: https://tools.ietf.org/html/rfc6550
68. P. Pongle and G. Chavan, "A survey: Attacks on RPL and 6LoWPAN in IoT," in International Conference on Pervasive Computing (ICPC). IEEE, 2015, pp. 1-6.
69. B. S. Kaliski, Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1, Internet Engineering Task Force (IETF) Std. RFC 3447, Feb. 2003. [Online]. Available: https://tools.ietf.org/html/rfc3447
70. Secure Hash Standard (SHS), NIST Std. FIPS-180-4, Aug. 2015. [Online]. Available: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
71. S. Kent and K. Seo, "Security architecture for the internet protocol," Tech. Rep. [Online]. Available: https://tools.ietf.org/html/rfc4301
72. C. Kaufman, P. Hoffman, Y. Nir, and P. Eronen, "Internet key exchange protocol version 2 (ikev2)," Tech. Rep. [Online]. Available: https://tools.ietf.org/html/rfc5996
73. J. Granjal, R. Silva, E. Monteiro, J. S. Silva, and F. Boavida, "Why is ipsec a viable option for wireless sensor networks," in 2008 5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems. IEEE, 2008, pp. 802-807.
74. D. McGrew and P. Hoffman, "Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)," Tech. Rep. [Online]. Available: https://tools.ietf.org/html/rfc7321
75. C. Bormann, A. P. Castellani, and Z. Shelby, "CoAP: An application protocol for billions of tiny internet nodes," IEEE Internet Computing, vol. 16, no. 2, pp. 62-67, 2012.
76. C. Bormann, K. Hartke, and Z. Shelby, "The Constrained Application Protocol (CoAP)," RFC 7252, Oct. 2015. [Online]. Available: https://rfc-editor.org/rfc/rfc7252.txt
77. "Constrained restful environments (core)." [Online]. Available: https://datatracker.ietf.org/wg/core/charter/
78. E. Rescorla and N. Modadugu, "Datagram Transport Layer Security," RFC 4347, Oct. 2015. [Online]. Available: https://rfc-editor.org/rfc/rfc4347.txt
79. J. Granjal, E. Monteiro, and J. S. Silva, "Security for the Internet of Things : A Survey of Existing Protocols and Open Research Issues," IEEE Communications Surveys & Tutorials, vol. 17, no. 3, pp. 1294-1312, 2015.
80. S. Raza, "Lightweight Security Solutions for The Internet of Things," Ph.D. dissertation, Swedish Institute of Computer Science (SICS), 2013.
81. S. Raza, H. Shafagh, K. Hewage, R. Hummen, and T. Voigt, "Lithe: Lightweight secure CoAP for the internet of things," IEEE Sensors Journal, vol. 13, no. 10, pp. 3711-3720, 2013.
82. S. L. Keoh, S. S. Kumar, and H. Tschofenig, "Securing the internet of things: A standardization perspective," IEEE Internet of Things Journal, vol. 1, no. 3, pp. 265-275, 2014.
83. S. Raza, H. Shafagh, and O. Dupont, "Compression of Record and Handshake Headers for Constrained Environments," Internet Engineering Task Force, Internet-Draft draft-raza-dice-compressed-dtls-00, Sep. 2014, work in Progress. [Online]. Available: https://tools.ietf.org/html/draft-raza-dice-compressed-dtls-00
84. U. Hunkeler, H. L. Truong, and A. Stanford-Clark, "MQTT-S A publish/subscribe protocol for Wireless Sensor Networks," 3rd International Conference on Communication Systems Software and Middleware and Workshops, pp. 791-791, 2008.
85. M. Singh, M. A. Rajan, V. L. Shivraj, and P. Balamuralidhar, "Secure MQTT for Internet of Things (IoT)," Proceedings-2015 5th International Conference on Communication Systems and Network Technologies, CSNT 2015, no. 4, pp. 746-751, 2015.
86. P. Saint-Andre, K. Smith, and R. Tronon, XMPP: the definitive guide, 2009.
87. P. Saint-Andre, "Extensible Messaging and Presence Protocol (XMPP) : Core," Internet Engineering Task Force, pp. 1-212, 2011.
88. S. Vinoski, "Advanced message queuing protocol," IEEE Internet Computing, vol. 10, no. 6, pp. 87-89, 2006.
89. J. L. Fernandes, I. C. Lopes, J. J. P. C. Rodrigues, and S. Ullah, "Performance evaluation of RESTful web services and AMQP protocol," International Conference on Ubiquitous and Future Networks, ICUFN, pp. 810-815, 2013.