Search for: All records

The Host Identity Protocol (HIP) has emerged as the most suitable solution to uniquely identify smart devices in the mobile and distributed Internet of Things (IoT) systems, such as smart cities, homes, cars, and healthcare. The HIP provides authentication methods that enable secure communications between HIP peers. However, the authentication methods provided by the HIP cannot be adopted by the IoT devices with limited processing power because of the computation-intensive cryptographic operations involved in hash generation, signature validation, and session key establishment. Moreover, IoT devices cannot utilize the HIP as is to communicate securely in the low power and lossy networks as there is a considerable communication overhead, such as packet fragmentation and reassembly, for exchanging certificates over a lossy link. Additionally, the use of static host identifiers makes IoT devices vulnerable to cyber espionage and user-targeted attacks. In this article, we propose an authentication scheme, P-HIP, that protects the identity privacy of an IoT device by enabling the device to compute and use unique host identifiers from networks to networks and sessions to sessions. To make the HIP suitable for resource-constrained IoT devices, P-HIP provides methods that unburden IoT devices from computation-intensive operations, such as modular exponentiation, involved in authentication and session-key exchange. Additionally, P-HIP minimizes the communication overheads for exchanging certificates in lossy networks. We implement a prototype of P-HIP on Contiki enabled IoT that shows P-HIP can reduce computation costs, communication overheads, and the session-key establishment time when used by low-powered devices in a lossy network. 

The Internet of Things (IoT) devices exchange certificates and authorization tokens over the IEEE 802.15.4 radio medium that supports a Maximum Transmission Unit (MTU) of 127 bytes. However, these credentials are significantly larger than the MTU and are therefore sent in a large number of fragments. As IoT devices are resource-constrained and battery-powered, there are considerable computations and communication overheads for fragment processing both on sender and receiver devices, which limit their ability to serve real-time requests. Moreover, the fragment processing operations increase energy consumption by CPUs and radio-transceivers, which results in shorter battery life. In this article, we propose CATComp -a compression-aware authorization protocol for Constrained Application Protocol (CoAP) and Datagram Transport Layer Security (DTLS) that enables IoT devices to exchange smallsized certificates and capability tokens over the IEEE 802.15.4 media. CATComp introduces additional messages in the CoAP and DTLS handshakes that allow communicating devices to negotiate a compression method, which devices use to reduce the credentials’ sizes before sending them over an IEEE 802.15.4 link. The decrease in the size of the security materials minimizes the total number of packet fragments, communication overheads for fragment delivery, fragment processing delays, and energy consumption. As such, devices can respond to requests faster and have longer battery life. We implement a prototype of CATComp on Contiki-enabled RE-Mote IoT devices and provide a performance analysis of CATComp. The experimental results show that communication latency and energy consumption are reduced when CATComp is integrated with CoAP and DTLS. 

The widespread adoption of the Internet of Things (IoT) devices has increased its popularity and usage in diverse dimensions, including smart city, home, healthcare, and vehicles. The pervasiveness of the number of IoT devices that operate in low power and lossy network leads to performance issues. An excessive amount of IoT devices that operate with a fixed number of gateways reduce the quality of service (QoS) due to the increased latency of routing messages between the source and destination sensors. In this paper, we propose an IoT Gateway as a Service (IGaaS) that enables on-demand provisioning of IoT Gateways to maintain and improve QoS in an IoT system with a significant number of sensors. The IGaaS allows both the stationary and mobile gateways to be provisioned on-demand. The mobile devices, such as smartphones and drones, provide gateway services in exchange for incentives. The IGaaS supports both the upscale and downscale of IoT gateways depending on various metrics and requirements. The experimental results show that the IGaaS improves the QoS in terms of latency and power consumption.