Speaker:Chen-Yu Tseng Advisor : Dr. Ho-Ting, Wu 6LoWPAN multi-layered security protocol based on IEEE 802.15.4 security features Speaker:Chen-Yu Tseng Advisor : Dr. Ho-Ting, Wu
Outline Introduction Networks Security 6LoWPAN Routing 6LoWPAN Security Attack Protocol Description Evaluation Conclusion
Introduction 6LoWPAN (IPv6 over Low Power Wireless Personal Area Networks) enable IP-based connection between smart devices, yielding autonomous Internet links without using centralized architecture. Remain an open research area with several unspecified security flaws reflected in threats and lack of trust.
Introduction This paper propose a security protocol named ”Combined 6LoWPSec”,operating alternately at the MAC and the adaptation layers, offering both end-to-end and hop-by-hop security features.
Introduction This alternation favoring end-to-end data protection due to its major importance in characterizing the network effectiveness. The hop-by-hop security is permanently arranged but for a limited period in order to maintain a convenient equilibrium with the quality of services. This solution therefore benefits from the hardware ciphering and verification structures offered by the AES-CCM algorithm.
Networks Security End-to-End (E2E) approaches provide the benefit of enabling secure communications between IPv6 enabled sensor networks and the Internet. Most previous proposed E2E Security protocol for WSN needs support with robust hardware.
Networks Security Hop-By-Hop(HbH) security provides secured communication between neighboring sensors. By IEEE 802.15.4, while setting the SecurityEnabled field an Auxiliary Security Header will be attached to the MAC frame.
Security Control : affords general information about the security level and the operation mode. Security Level subfield Key Identifier Mode subfield reserved bits
Frame Counter: incremented while securing the outgoing frame to provide semantic security and replay protection services.
Key Identifier : furnish details about the generated keyreference. Key Source Key Index
IEEE 802.15.4 link layer security features defines eight types of security based on AES(Advanced Encryption Standard) with CCM block cipher mode given variable MIC (Message Integrity Code) size.
6LoWPAN Routing Routing schema in 6LoWPAN networks could influence the security methodology decision since different layers could be responsible for building paths. Two basic routing schema operating distinguish in distinct levels, which are mesh under and route over.
Route Over Achieving routing discovery procedure based on directed acyclic graph (DAG). This tree-based routing focuses on the construction of a stable route framework using a metric value called Rank and exchanging several control messages.
Mesh Under Performed by the adaptation layer, forwarding the packet fragments towards the destination without resorting to the network layer.
Mesh under Route Over Application Layer Transport Layer (TCP/UDP) Network Layer (IPv6) 6LoWPAN Adaption Layer 802.12.4 MAC 802.12.4 PHY Routing Routing
LOADng LOADng routing (Lightweight Ad hoc On-Demand-Next Generation) is a reactive routing protocol intended to mesh under scheme and derived from AODV.
Route Requests (RREQs): genrate by originator node to discover a route to destination. Route Replies (RREPs): created to answer the originator of the RREQ.
6LoWPAN Security Attack Hop-by-hop attacks: Internal malicious nodes that aim to cause a direct damage to the network, by affecting physical links, radio hops and routing discovery. Selective forwarding attack consists in dropping or delaying arbitrary a part of the packets received by attackers.
6LoWPAN Security Attack End-to-end attacks: Man in middle modify or peeking packets. DoS attack to deplete nodes resources.
Protocol Description Works between MAC and adaptation layers. LOADng mesh under routing for E2E security since fragments are gathered at the end device and not at each node hop. During exchange data between nodes, security protocol will ensure the good running of the communication process within and outside the LoWPAN.
Evaluation Experimental setup: COOJA network simulator for Contiki OS Tmoste Sky node 16-bit msp430 MCU 48kB of ROM 10 kB of RAM CC2420 radio transceiver
Analyze memory allocation: 40.53 KB of memory for 6LoWPAN motes(CBC-MAC 4 mode) 43.21 KB for border router (CCM 16) -(CBC-MAC 4 mode) -(CCM 16)
Analyze energy consumption: Measurements are captured during a period of 30 min. SecDelay= 0.068ms MaxE2EDelay= 0.21ms MaxHopNum= 6 HbHDelay= 0.018ms,
For balance the alternation between these two modes, n = 50 is chose which corresponds to 9.5mJ of energy consumption.
HbyH attack affects a very limited zone of motes,unlike E2E attack affects the whole network and obliges all the nodes to retransmit the dropped messages leading then to battery exhausting.
End-to-End delay
Conclusion Provide a security protocol for 6LoWPAN networks,based on the IEEE 802.15.4 security features. ?- Instead of protocol more like a schema?
Reference G. Glissa and A. Meddeb, “6LoWPAN multi-layered security protocol based on IEEE802.15.4 security features,” in 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC) , 2017, pp. 264–269. J.V. Sobral, J.J. Rodrigues, K. Saleem, J. AI-Muhtadi, "Performance evaluation of loadng routing protocol in iot p2p and mp2p applications", Computer and Energy Science (SpliTech) International Multidisciplinary Conference on, pp. 1-6, 2016.