research-article

Handling Reboots and Mobility in 802.15.4 Security

Authors:

Konrad-Felix Krentz,

Christoph MeinelAuthors Info & Claims

ACSAC '15: Proceedings of the 31st Annual Computer Security Applications Conference

Pages 121 - 130

https://doi.org/10.1145/2818000.2818002

Published: 07 December 2015 Publication History

Abstract

To survive reboots, 802.15.4 security normally requires an 802.15.4 node to store both its anti-replay data and its frame counter in non-volatile memory. However, the only non-volatile memory on most 802.15.4 nodes is flash memory, which is energy consuming, slow, as well as prone to wear. Establishing session keys frees 802.15.4 nodes from storing anti-replay data and frame counters in non-volatile memory. For establishing pairwise session keys for use in 802.15.4 security in particular, Krentz et al. proposed the Adaptable Pairwise Key Establishment Scheme (APKES). Yet, APKES neither supports reboots nor mobile nodes. In this paper, we propose the Adaptive Key Establishment Scheme (AKES) to overcome these limitations of APKES. Above all, AKES makes 802.15.4 security survive reboots without storing data in non-volatile memory. Also, we implemented AKES for Contiki and demonstrate its memory and energy efficiency. Of independent interest, we resolve the issue that 802.15.4 security stops to work if a node's frame counter reaches its maximum value, as well as propose a technique for reducing the security-related per frame overhead.

References

[1]

IEEE Standard 802.15.4, 2011. http://standards.ieee.org/getieee802/download/802.15.4-2011.pdf.

[2]

IEEE Standard 802.15.4e, 2012. http://standards.ieee.org/getieee802/download/802.15.4e-2012.pdf.

[3]

C. Alcaraz, J. Lopez, R. Roman, and H.-H. Chen. Selecting key management schemes for WSN applications. Computers & Security, 31(38):956--966, 2012.

Digital Library

[4]

R. Blom. An optimal class of symmetric key generation systems. In Advances in Cryptology - EUROCRYPT 84, pages 335--338. Springer, 1984.

Digital Library

[5]

H. Chan, A. Perrig, and D. Song. Random key predistribution schemes for sensor networks. In Proceedings of the 2003 IEEE Symposium on Security and Privacy, pages 197--213. IEEE, 2003.

Digital Library

[6]

C.-Y. Chen and H.-C. Chao. A survey of key distribution in wireless sensor networks. Security and Communication Networks, 2011.

[7]

L. Chen. Recommendation for Key Derivation Using Pseudorandom Functions, 2009. NIST Special Publication 800-108.

Digital Library

[8]

R. Daidone, G. Dini, and G. Anastasi. On evaluating the performance impact of the IEEE 802.15.4 security sub-layer. Computer Communications, 47(0):65 -- 76, 2014.

[9]

J. Deng, C. Hartung, R. Han, and S. Mishra. A practical study of transitory master key establishment for wireless sensor networks. In Proceedings of the First IEEE/CreateNet Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm 2005), pages 289 -- 302. IEEE, 2005.

Digital Library

[10]

W. Du, J. Deng, Y. S. Han, P. K. Varshney, J. Katz, and A. Khalili. A pairwise key predistribution scheme for wireless sensor networks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03), pages 42--51. ACM, 2003.

Digital Library

[11]

A. Dunkels. The ContikiMAC radio duty cycling protocol. Technical Report T2011:13, Swedish Institute of Computer Science, 2011.

[12]

A. Dunkels, B. Grönvall, and T. Voigt. Contiki - a lightweight and flexible operating system for tiny networked sensors. In Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks (LCN 2004), pages 455--462. IEEE, 2004.

Digital Library

[13]

A. Dunkels, F. Österlind, and Z. He. An adaptive communication architecture for wireless sensor networks. In Proceedings of the 5th International Conference on Embedded Networked Sensor Systems (SenSys '07), pages 335--349. ACM, 2007.

Digital Library

[14]

A. Dunkels, F. Osterlind, N. Tsiftes, and Z. He. Software-based on-line energy estimation for sensor nodes. In Proceedings of the 4th Workshop on Embedded Networked Sensors (EmNets '07), pages 28--32. ACM, 2007.

Digital Library

[15]

J. Eriksson, F. Österlind, N. Finne, N. Tsiftes, A. Dunkels, T. Voigt, R. Sauter, and P. J. Marrón. COOJA/MSPSim: interoperability testing for wireless sensor networks. In Proceedings of the 2nd International Conference on Simulation Tools and Techniques (Simutools '09). ICST, 2009.

Digital Library

[16]

M. G. Gouda, Y. ri Choi, and A. Arora. Antireplay protocols for sensor networks. In J. Wu, editor, Handbook on Theoretical and Algorithmic Aspects of Sensor, Ad Hoc Wireless, and Peer-to-Peer Networks, pages 561--574. CRC, 2005.

[17]

J. Großschädl, A. Szekely, and S. Tillich. The energy cost of cryptographic key establishment in wireless sensor networks. In Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS '07), pages 380--382. ACM, 2007.

Digital Library

[18]

J. Hui and P. Thubert. Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks. RFC 6282, 2011. Updates RFC 4944.

[19]

D. Jinwala, D. Patel, S. Patel, and K. Dasgupta. Optimizing the replay protection at the link layer security framework in wireless sensor networks. 2012.

[20]

E. Kim, D. Kaspar, and J. Vasseur. Design and Application Spaces for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs). RFC 6568, 2012.

[21]

K.-F. Krentz, H. Rafiee, and C. Meinel. 6LoWPAN security: adding compromise resilience to the 802.15.4 security sublayer. In Proceedings of the International Workshop on Adaptive Security & Privacy Management for the Internet of Things (ASPI '13). ACM, 2013.

Digital Library

[22]

K.-F. Krentz and G. Wunder. 6LoWPAN security: avoiding hidden wormholes using channel reciprocity. In Proceedings of the International Workshop on Trustworthy Embedded Devices (TrustED '14). ACM, 2014.

Digital Library

[23]

P. Levis, T. Clausen, J. Hui, O. Gnawali, and J. Ko. The Trickle Algorithm. RFC 6206, 2011.

[24]

A. Liu and P. Ning. TinyECC: a configurable library for elliptic curve cryptography in wireless sensor networks. Technical Report TR-2007-36, North Carolina State University, 2008.

[25]

M. Luk, G. Mezzour, A. Perrig, and V. Gligor. MiniSec: a secure sensor network communication architecture. In Proceedings of the 6th International Conference on Information Processing in Sensor Networks (IPSN '07), pages 479--488. ACM, 2007.

Digital Library

[26]

G. Montenegro, N. Kushalnagar, J. Hui, and D. Culler. Transmission of IPv6 Packets over IEEE 802.15.4 Networks. RFC 4944, 2007.

[27]

A. Perrig, R. Szewczyk, J. Tygar, V. Wen, and D. E. Culler. SPINS: security protocols for sensor networks. Wireless networks, 8(5), 2002.

Digital Library

[28]

A. d. l. Piedra, A. Braeken, and A. Touhafi. Extending the IEEE 802.15.4 security suite with a compact implementation of the NIST P-192/B-163 elliptic curves. Sensors, 13(8):9704--9728, 2013.

[29]

G. Piro, G. Boggia, and L. A. Grieco. Layer-2 security aspects for the IEEE 802.15.4e MAC. Internet-Draft, 2014. Version 3.

[30]

J. Polastre, R. Szewczyk, and D. Culler. Telos: enabling ultra-low power wireless research. In Proceedings of the 4th International Symposium on Information Processing in Sensor Networks (IPSN 2005), pages 364--369. IEEE, 2005.

Digital Library

[31]

N. Sastry and D. Wagner. Security considerations for IEEE 802.15.4 networks. In Proceedings of the 3rd ACM Workshop on Wireless Security (WiSe '04), pages 32--42. ACM, 2004.

Digital Library

[32]

Z. Shelby, S. Chakrabarti, E. Nordmark, and C. Bormann. Neighbor Discovery Optimization for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs). RFC 6775, 2012.

[33]

N. Tsiftes, A. Dunkels, Z. He, and T. Voigt. Enabling large-scale storage in sensor networks with the coffee file system. In Proceedings of the 2009 International Conference on Information Processing in Sensor Networks (IPSN '09), pages 349--360. IEEE, 2009.

Digital Library

[34]

D. Whiting, R. Housley, and N. Ferguson. Counter with CBC-MAC (CCM). RFC 3610, 2003.

Digital Library

[35]

T. Winter, P. Thubert, A. Brandt, J. Hui, R. Kelsey, P. Levis, K. Pister, R. Struik, J. Vasseur, and R. Alexander. RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks. RFC 6550, 2012.

Cited By

Krentz KVoigt T(2024)Secure opportunistic routing in 2-hop IEEE 802.15.4 networks with SMORComputer Communications10.1016/j.comcom.2024.01.024217:C(57-69)Online publication date: 25-Jun-2024
https://dl.acm.org/doi/10.1016/j.comcom.2024.01.024
Thungon LAhmed NDe DHussain M(2024)A Survey on 6LoWPAN Security for IoT: Taxonomy, Architecture, and Future DirectionsWireless Personal Communications10.1007/s11277-024-11382-y137:1(153-197)Online publication date: 6-Jul-2024
https://doi.org/10.1007/s11277-024-11382-y
Wang ZXie WWang BTao JWang E(2021)A Survey on Recent Advanced Research of CPS SecurityApplied Sciences10.3390/app1109375111:9(3751)Online publication date: 21-Apr-2021
https://doi.org/10.3390/app11093751
Show More Cited By

Index Terms

Handling Reboots and Mobility in 802.15.4 Security
1. Hardware
  1. Communication hardware, interfaces and storage
2. Networks
  1. Network architectures

Recommendations

6LoWPAN security: adding compromise resilience to the 802.15.4 security sublayer
ASPI '13: Proceedings of the International Workshop on Adaptive Security

6LoWPAN is a protocol stack for seamlessly integrating 802.15.4-based wireless sensor networks with IPv6 networks. The security of 6LoWPAN widely depends on the 802.15.4 security sublayer. This sublayer also supports pairwise keys so as to mitigate node ...
A Survey on 6LoWPAN Security for IoT: Taxonomy, Architecture, and Future Directions
Abstract
Provisioning security to the communications, data, and partaking things in resource-constrained IoT is a huge challenge. Due to the scalability and interoperability among low power-consuming networks, 6LoWPAN is used widely in IoT. However, ...
6LoWPAN Compressed DTLS for CoAP
DCOSS '12: Proceedings of the 2012 IEEE 8th International Conference on Distributed Computing in Sensor Systems

Real deployments of the IoT require security. CoAP is being standardized as an application layer protocol for the Internet of Things (IoT). CoAP proposes to use DTLS to provide end-to-end security to protect the IoT. DTLS is a heavyweight protocol and ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '15: Proceedings of the 31st Annual Computer Security Applications Conference

December 2015

489 pages

ISBN:9781450336826

DOI:10.1145/2818000

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 December 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ACSAC 2015

ACSAC 2015: 2015 Annual Computer Security Applications Conference

December 7 - 11, 2015

CA, Los Angeles, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
261
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)2

Reflects downloads up to 18 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Krentz KVoigt T(2024)Secure opportunistic routing in 2-hop IEEE 802.15.4 networks with SMORComputer Communications10.1016/j.comcom.2024.01.024217:C(57-69)Online publication date: 25-Jun-2024
https://dl.acm.org/doi/10.1016/j.comcom.2024.01.024
Thungon LAhmed NDe DHussain M(2024)A Survey on 6LoWPAN Security for IoT: Taxonomy, Architecture, and Future DirectionsWireless Personal Communications10.1007/s11277-024-11382-y137:1(153-197)Online publication date: 6-Jul-2024
https://doi.org/10.1007/s11277-024-11382-y
Wang ZXie WWang BTao JWang E(2021)A Survey on Recent Advanced Research of CPS SecurityApplied Sciences10.3390/app1109375111:9(3751)Online publication date: 21-Apr-2021
https://doi.org/10.3390/app11093751
Cetinkaya MDede JFörster AGiustiniano DKoutsonikolas DBanchs AMingozzi EChowdhury K(2018)An RFID Based Secure Key and Configuration Distribution for ContikiProceedings of the 2018 International Conference on Embedded Wireless Systems and Networks10.5555/3234847.3234909(258-263)Online publication date: 16-Feb-2018
https://dl.acm.org/doi/10.5555/3234847.3234909
Meinel KGraupner HGiustiniano DKoutsonikolas DBanchs AMingozzi EChowdhury K(2018)Denial-of-Sleep-Resilient Session Key Establishment for IEEE 802.15.4 Security: From Adaptive to ResponsiveProceedings of the 2018 International Conference on Embedded Wireless Systems and Networks10.5555/3234847.3234852(25-36)Online publication date: 16-Feb-2018
https://dl.acm.org/doi/10.5555/3234847.3234852
Krentz KMeinel CGraupner H(2018)More Lightweight, yet Stronger 802.15.4 Security Through an Intra-layer OptimizationFoundations and Practice of Security10.1007/978-3-319-75650-9_12(173-188)Online publication date: 17-Feb-2018
https://doi.org/10.1007/978-3-319-75650-9_12
Arockia Baskaran ANanda PNepal SHe S(2018)Testbed evaluation of Lightweight Authentication Protocol (LAUP) for 6LoWPAN wireless sensor networksConcurrency and Computation: Practice and Experience10.1002/cpe.486831:23Online publication date: 27-Aug-2018
https://doi.org/10.1002/cpe.4868
Krentz KMeinel CGraupner HGunningberg PVoigt TMottola LLu C(2017)Countering Three Denial-of-Sleep Attacks on ContikiMACProceedings of the 2017 International Conference on Embedded Wireless Systems and Networks10.5555/3108009.3108024(108-119)Online publication date: 20-Feb-2017
https://dl.acm.org/doi/10.5555/3108009.3108024
Roselin ANanda PNepal S(2017)Lightweight Authentication Protocol (LAUP) for 6LoWPAN Wireless Sensor Networks2017 IEEE Trustcom/BigDataSE/ICESS10.1109/Trustcom/BigDataSE/ICESS.2017.260(371-378)Online publication date: Aug-2017
https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.260
Krentz KMeinel CSchnjakin M(2016)POTR: Practical On-the-Fly Rejection of Injected and Replayed 802.15.4 Frames2016 11th International Conference on Availability, Reliability and Security (ARES)10.1109/ARES.2016.7(59-68)Online publication date: Aug-2016
https://doi.org/10.1109/ARES.2016.7

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents