Object Security in the Internet of Things

Palombini, Francesca

January 2015

The Internet of Things and the constrained environment that comes from the growth of constrained devices connected to the Internet brings new security challenges that cannot be solved in a satisfactory way with only transport layer security. A more flexible solution is required, both to protect sensitive data and user privacy but also to distribute policies in a secure and standardized way. The same privacy problems arise in the general web setting with processing and storage more and more moving into the cloud. One solution is to move the security higher up in the network stack and to protect objects instead of byte streams, as proposed in the IETF draft [15] evaluated in this thesis. Focusing on this solution, an implementation has been proposed, and tests and measurements have been carried out to show its overhead. The implementation, as well as the measurement results, is presented in this work. / I takt med att ”Internet of things” växer och antalet begränsade enheter ökar uppstår allt fler säkerhetsutmaningar som inte kan lösas tillräckligt bra med transport layer security. Det finns ett behov av en mer flexibel lösning, dels för att skydda känslig data och användarnas integritet och dels för att distribuera policyer på ett säkert och standardiserat sätt. Samma integritetsproblem återfinns i generella webbmiljön då beräkning och lagring blir mer molnbaserat. En lösning på problemet är att flytta säkerhetsåtgärder högre upp i internetstacken och skydda objekt istället för byte-strömmar. Dessa säkerhetsåtgärder har föreslagits i utkastet från IETF [15] som utvärderas i denna avhandling. En implementation, med fokus på denna lösningen, föreslås i avhandlingen. Tester och mätningar har utförts för att visa lösningens overhead. Genomförandet av testerna och mätresultaten presenteras också i detta arbete.

Constrained nodes

Constrained Application Protocol (CoAP)

REST

DTLS

object security

Constrained nodes

Constrained Application Protocol (CoAP)

REST

DTLS

object security

End-to-end Security Enhancement of an IoT Platform Using Object Security

Tjäder, Hampus

January 2017

The Internet of Things (IoT) is seen as one of the next Internet revolutions. In a near future the majority of all connected devices to the Internet will be IoT devices. These devices will connect previously offline constrained systems, thus it is essential to ensure end-to-end security for such devices. Object Security is a concept where the actual packet or sensitive parts of the packet are encrypted instead of the radio channel. A compromised node in the network will with this mechanism still have the data encrypted ensuring full end-to-end security. This paper proposes an architecture for using the object security format COSE in a typical constrained short-range radio based IoT platform. The IoT platform utilizes Bluetooth Low Energy and the Constrained Application Protocol for data transmission via a capillary gateway. A proof-of-concept implementation based on the architecture validates that the security solution is implementable. An overhead comparison between current channel security guidelines and the proposed object security solution results in a similar size for each data packet. The thesis concludes that object security should be seen as an alternative for ensuring end-to-end security for the Internet of Things.

Object security

COSE

IoT security

End-to-end security

CoAP

LWM2M

Bluetooth Low Energy

BLE security

Elektroteknik och elektronik