Securing private wireless sensors in a shared ... - IEEE Xplore

Securing private wireless sensors in a shared environment in the internet of things context Anass RGHIOUI*1 , Said BOUCHKAREN2 , Anass KHANNOUS1 , Mohammed BOUHORMA1 1

2

LIST FSTT (Laboratory of Informatics, Systems and Telecommunications) LabTIC ENSAT (Laboratory of Technology of Information and Communication) Abdelmalek Essaadi University Tangier, Morocco [email protected]

Abstract—To lead to the Smart Cities, we should have the possibility of obtaining information from different places and objects anytime and anywhere, in order to collect sufficient data to anticipate problems and take a good decisions. This will promote to an effective and autonomous organization by creating interacted and communicated objects around the city. So, we need to install various and specific IP-based wireless sensors everywhere to collect data remotely and in a real time. The idea of mixing sensors belonging to organizations from different specialties in the same places will involve several experts and encourages competition. But on the other side, it will open the door to new security threats and issues, also this will impose new management problems like how to limit the access to each organization to its sensors. In this paper, we study the security of a set of IP-based wireless sensors, which belongs to different organizations, and form a local network. We propose a model to ensure exchanged information confidentiality and manage the sensors accessibility, while considering the wireless sensors constrained characteristics. Keywords—Smart City; IEEE 802.15.4; 6LoWPAN; Internet of Things; IoT; WSN; Network Security.

I.

I NTRODUCTION

With the immense and rapid development of technology, integrating different devices to the internet becomes possible. Communication interaction are transformed from human-tomachine to machine-to-machine (M2M), and more specifically things-to-things, that what create the Internet of Things (IoT) [1]. This technology progress facilitates the leading of smart cities [2], where different cohabited object can communicate and interact to decide instead of human, or to help managers to make more effective decisions. It supports the improvement on many life applications like logistic, healthcare, industry ... etc. Mainly for monitoring requirement where we must use sensors devices to capture data in physical or environmental conditions. Enabling wireless sensors based on the IEEE 802.15.4 communication protocol [3], to connect to the internet by implementing them by 6LoWPAN (IPv6 over Low power Wireless Area Network) technology [4], [5], gives the possibility to transfer sensed data through the network in the entire world. 6LoWPAN was developed by IETF as an adaptation layer between network layer and data link layer to pass IPv6 packet of 1260 bytes into 802.15.4 that support only 127 bytes

frames. This solution allows the use of existing resources like internet protocols and infrastructure, and addressing a huge number of devices since an IPv6 address is 128 bits long, this provides about 3.4 x 1038 addresses more than 667 million billion addresses per square millimeter of land surface. Inasmuch as the Internet of Things is based on an open architecture [6], and the weaker characteristics of wireless sensors as resource-constrained devices, security issues becomes more sensitive. Attacks can come from two sides: 802.15.4 side and IP side [7]. Another issue is the security management in the case of implementing different sensors from different organization in the same place. In a normal situation, sensors belonging to the same organization form a local network managed by a base station, but in the IoT context, to give the opportunity for intervention from different experts and encourage concurrence, sensors from different origins should be cohabited in the same local area. This paper provides a security model in the context of Internet of Things to ensure confidentiality and access management of a set of IP-based wireless sensors, which belongs to different management agencies and form a local network. The structure of the paper is as follows: Section 2 gives a brief overview of Smart Cities, IoT, 6LoWPAN and IEEE 802.15.4 and their main applications, Section 3 reviews the assumption and discusses the issues of our studied case security, Section 4 discusses the model for securing the network with the focus on key establishment schemes, Section 5 presents an analysis of our model in terms of energy, flexibility and security. Finally, Section 6 concludes the paper. II.

GENERAL CONTEXT

A. Smart Cities projects Smart City is a set of interconnected systems collaborating together and using technology tools in order to offer a better city management system. Used tools are a whole of small connected devices accessed remotely. Interaction between them facilitate communications and offer better coordination. They form a working group with huge possibilities in monitoring, surveillance, and management giving real time data to managers and citizens to anticipate problems and have sufficient information for better decisions. Most of actors involved in such projects are industrial sectors of energy, water, transport, telecom network and in-

978-1-4799-5587-9/14/$31.00 ©2014 IEEE

frastructure companies, builders working on the hardware equipment of smart cities, integrators and services companies. B. Internet of Things concept Internet of Things is a concept that aims to extend the internet to the real world by associating labels bearing codes, RFID tags or URLs to objects or places, making them available and accessible from anywhere and anytime. Many technologies must be used and integrated to achieve this goal. Devices are different, some of them, like Wireless Sensor Network [8] are resource-constrained, they are not compatible with internet communication protocols. These protocols must be adapted or new ones must be developed. Applications domains include: waste management, urban planning, environmental sensing, social interaction gadgets, sustainable urban environment, continuous care, emergency response, intelligent shopping, smart product management, smart meters, home automation and smart events [9]. C. 6LoWPAN technology 6LoWPAN is a combination between the IPv6 and IEEE 802.15.4, two totally different networks. The most important difference is the size of the IPv6 packet measuring 1280 bytes, where the 802.15.4 supports only 127 octet packets. The solution proposed by the IETF 6LoWPAN working group is to add an adaptation layer that optimizes IPv6 packets through fragmentation and assemblies to be supported by the IEEE 802.15.4 link layer (Figure 1).

communications between nodes to configure channel, security keys and addressing. After the bootstrapping phase, and once the data link layer is functional, 6LoWPAN Neighbor Discovery protocol [12] that was chosen instead of the Neighbor Discovery protocol [13] because of its incompatibility with the low-power wireless networks - is used to start the construction of the entire network through some messages exchanged between nodes that allow hosts, routers and Edge Router autoconfiguration. Because of routing issues in 6LoWPAN, another team was created, IETF-ROLL (Routing over Low-power and Lossy Network) working group, to seek a proper routing solution to this kind of networks. They propose RPL (Routing Protocol for Low-power and Lossy-networks) [14]. It is a distance vector routing protocol for IPv6 which constructs a Directed Acyclic Graph. It is implemented in route-over. D. IEEE 802.15.4 standard 802.15.4 is a family of ad hoc networks for low-resource devices known by their low power consumption, low range and low debit. IEEE 802.15.4 protocol is implemented in the two lower layers, ie, data link layer and physical layer. It divides devices into two types: FFD (Full Function Device) with all possible functions, must be at least one in a network, it acts as a PAN coordinator or a router and can communicate with all devices within the same network. And RFD (Reduced Function Device) with limited functions, it acts as a sensor or actuator and can only communicate with FFDs [15]. 802.15.4 defines two types of topologies: star and mesh. In star topology, devices are placed in groups as clusters, each cluster is managed by a cluster-head. Into a cluster, devices communicate only with their cluster-head. Cluster-heads can communicate with each other. In mesh topology, all devices contribute to the formation of the network and every one communicates with others who are within his reach.

Star topology

Mesh topology

FFD (Full Function Device)

Fig. 1.

RFD (Reduced Function Device)

6LoWPAN WSN layers and main protocols

6LoWPAN network consists of one or more stub networks connected to the internet through the Edge Router. This latter, called also Border Router, routes traffic in and out of the LoWPAN, which is the collection of 6LoWPAN nodes sharing the same address prefix IPv6, ie the first 64 bits, it is used with IID (Interface Identifier) [10] to form the IP address. This address is formed using the SSA (Stateless Address Autoconfiguration) [11] in the starting phase of the network construction: the bootstrapping. This phase is managed by the data link layer which allows the establishment of first

Fig. 2.

IEEE 802.15.4 topologies

III.

ASSUMPTIONS

A. Case study Among smart city projects is offering data accessibility from specific places, objects, machines or products via internet. For that, it was a need to set up a lot of sensors belonging to

different organizations, institutions or companies. Depending to the use even if they collect the same data, we must limit the access of each group of sensors to the organizations that they belong. We should implementing them by a security system that preserve the confidentiality of sensed information, because every organization would like to have a limit and exclusive accessibility to its sensors. In this case study, we suppose that it exists a 6LoWPAN WSN (Figure 3) where sensors of different organizations are placed in the same place and forming one local network, i.e. one LoWPAN. The network may be linked to the internet by one or several edge routers. These edge routers are linked by a common backbone link and all sensors in this network have the same IPv6 prefix. This LoWPAN is managed remotely by a remote server.

each node is connected to at least one router. The LoWPAN is managed from a distance by a remote server RS, it offers information and updates to the network sensors. It may play the role of the main base station. Communications within the LoWPAN are of two types: communications exchanged between the sensors and the edge routers, and those exchanged between sensors themselves to establish links and update the network topology. Other communications are those intended for outside the LoWPAN, for responsible organizations or for a remote server. B. Suitable solution To achieve data confidentiality, we must keep secret exchanged data between two devices, for that, we have to use cryptography. There is two types of cryptography, symmetric and asymmetric. In symmetric cryptography, both communicating parties must share the same security key. However, for asymmetric cryptography, each unit has two keys: a public one that attributes it to each device that needs to communicate with it, and a private one which keeps it secret, used to decrypt messages encrypted by the public key. The advantage of asymmetric cryptography is its managing security keys mechanism, instead of symmetric cryptography where the problem of how a device will share its key privately with the other one without being disclosed by unauthorized parties. Since energy conservation is an essential element in WSN networks, most of studies [1], [7], [15][18] recommends the use of symmetric cryptography because, unlike asymmetric cryptography, it implements algorithms that do not require a lot of calculation, as a benefit, it does not consume a lot of energy. The difficult task in symmetric cryptography is security key management since each sender must have the same shared key with the recipient to decrypt the encrypted messages. Both must have specific mechanism in order to exchange the security key without being unveiled by a malicious. IV.

PROPOSED SOLUTION

The main purpose of this paper is not to offer a complete security solution for IP-based WSN, the aim of our study is to propose a general security model to resolve the confidentiality issues: confidentiality of transmitted information and confidentiality of accessing to the device. Our scheme can be adapted and implemented by any IP-based WSN as needed, depending on the used application, in the context of IoT, in order to establish a smart city project.

Fig. 3. 6LoWPAN WSN architecture with a Remote Server and different organizations (Org. A and Org. B)

Our solution is based on symmetric cryptography, it offers three types of security keys: a pairwise key between the ER and the network nodes, a pairwise key between two nodes, and a group key shared by all nodes belonging to the same organization. Also, this solution manages pairwise nodes access from outside the LoWPAN.

We suppose that the LoWPAN, more precisely the 6LoWPAN WSN in our case, consists of following units: an edge router ER, routers and hosts. Each one of routers and hosts has a unique identifier. Hosts do not communicate with each other.

To generate a key, a node use a seed S and its secret ID NiID . The NiID must not be shared in plaintext into the network.

All devices are located in the network in a distributed way, but no one is outside the reach of other network sensors. Thus,

The choice of the cryptographic algorithm and the method to which he will combine between S and NiID to generate

TABLE I. ER RS S SNi Ni NiID Ni KER K Ni,j Org X Org KX L1

L IST OF USED NOTATIONS

Edge Router Remote Server Generated seed by RS Generated seed by Ni Node i The ID of Ni Pairwise key between Ni and ER Pairwise key between two nodes Ni and Ni Organization X (X may be A or B ...) Group key shared between Org X nodes Level of a node towards ER

nodes in the network receives the seed S. This way, each node Ni will use the S with its own ID NiID to generate the secret Ni key KER . Since the RS has the seed and all devices IDs in its database, it will generate for each one its appropriate security key and send them securely to the ERs each one with its MAC address. Upon receiving an encrypted message, ER will check the address of the sender to determine its key that will use to decrypt the message (Figure 4). RS RS

the key, is left to the user according to his needs and his deployment environment.

Generate

Communications between the edge routers, the remote server, and the organizations are well secured as they are powerful and robust machines.

ER ER

S Send S Set

A. Predeployment configurations Generate keys for network nodes

In the RS, we create a database of the nodes that will be present in the network. This database is implemented by data concerning these devices. The two necessary information for our solution are the identifier ID and the MAC address of each node.

B. Security keys establishment In this section we explain the suggested methods for the management and establishment of symmetric keys in the network: the shared pairwise key between the edge router and network nodes, the shared key between two communicated a node into the LoWPAN and the shared group key between the same organizations nodes. Ni 1) KER establishment: The RS generates a seed S, sends it to the ER of the LoWPAN that transfers it to the nodes in the first row, the message is determined as a message of level L1 since it begins from the ER that represents the head of the network. A node Ni receives this message, keeps the seed and increment the level in the received message as its level, so if the first message that is sent by the ER equal to 1, the first devices that receive this message will have L2 , and so on, each node that receives this message for the first time will increment its level. Thus, each node records the one-hop sender address of this message as its gateway to the ER. Thereafter, each node send the received seed to other one-hop nodes, in this case: if a node has already received the seed, it will check the level of the sender, if it is less than or equal to its level, it will reject it, otherwise it will record the sender address as its second gateway. If a device receives the message for the first time, it will proceed as cited before. So on, until all the

L=1 Broadcast S

Increment Send network nodes keys with their MAC Addr

Also, each ER in this network will be implemented by a database of nodes within the LoWPAN. This database will record for each node its addresses (MAC and IP) and its pairwise security key shared whith this node. Ni Every node Ni has three types of security keys: KER a Ni,j pairwise key between Ni and the ER, K between two nodes Ni and Nj (between a host and a router, or between Org shared between all of nodes two routers), and group key KX belonging to the same organization X.

Ni

Fig. 4.

L

N

i KER establishment and sharing

2) K Ni,j establishment: After that each node in the netNi work has a symmetric key KER shared with the ER, they will need to communicate with each other to share some information and update their routing tables. For this, each device generates its own seed SNi and use it with its ID to generate a symmetric key K Ni in order to share it with its neighbors. If a node Ni wants to communicate with another Nj , one of them must be a router node. Firstly, they exchange hello messages, including their level. The node which has the level less than the other, that is to say it is in a position nearest to the ER, will deal with authentication procedures and key exchange. Assuming that Ni level less than Nj . In this case, Ni records in a message Nj MAC address and its own key Ni K Ni , encrypts this message by its key KER and transfers it to ER. The latter, i.e. the ER, decrypting this message will understand that the node owner of the address contained in the message, i.e. Nj , wants to communicate with the node sending the message, which is Ni . The ER will check them by requesting RS. If it is OK, ER encrypts the sender node Nj key K Ni with the solicited node key KER and sends it to this latter, i.e. Nj to use it to communicate securely with the other node Ni (Figure 5). Org 3) KX establishment: In our model, RS acts as a proxy between organizations and their nodes. Every organization that implements these sensors in the network must first register them within the RS, it must provide sensors ID and MAC address. Through the database, the RS will identify each node by its owner, like that, each organization wants to communicate

ER ER

RS RS

Njj N

NNii S

Generate N i

SNi ++Ni ID = =K

Ni

Hello

N

Encrypts Njj MAC address and Ni by Ni

K

KER

(N , K ))K

(Nj

Ni

MAC -j MAC , Addr

Ni ER

Check

Nij andN Nj N i

( K N ))K

(

Fig. 5.

i

server and network nodes, and communication between nodes. A node uses its own information such as the ID to establish the key, it does not store other additional information that will charge its space storage. In terms of computation, a device only needs to combine between the seed and its ID to generate the key, an operation that not require excessive computation.

Nj ER

K Ni,j establishment and sharing

B. Flexibility and scalability In distributed topologies, two elements are important to take into consideration, flexibility and scalability, we deal with this two concepts by modeling a schema that tolerates changes in topology and do not depend in a specific infrastructure. Our scheme is flexible towards changes in: topology, nodes positions, and network density. Each node has a specific key sharing with the edge router, in any position, both can establish a secure communication using their shared key. A device can easily change a router by another, for route optimization, due to a malfunction of a node, a change of position, or for another reason, it will request the connection establishment with the new gateway, it has only to forward its request to the edge router for verification and exchange keys. In the case of a new device that is added to the network, it must be previously added to the database of the remote server. Then, it has only has to send a request the nearest router to establish a connection in the same way mentioned above. C. Security metrics

with its nodes must first pass through the RS. RS plays the role of intermediary between the node and the organization. RS will verify the access authorization of this organization to this node. If it is OK, RS receives the sensor data through ER and forwards it after to this organization. In the case where an organization wants to make an order to its nodes, an update or a configuration change to enhance security, we establish a group key with respect to each set of nodes belonging to the same organization. Each organization will generate a symmetric key Org KX and send it in a secure way to RS. This latter checks Org to each one this organization nodes and sends them the KX Ni encrypted by its symmetric key KER . V.

D ISCUSSION OF THE PROPOSED SOLUTION

We evaluate our work relative to three criteria: energy efficiency, an essential element for LoWPAN networks, flexibility and scalability of this model in a dynamic network like distributed networks, and security our main objective of this study. A. Energy efficiency From energy point of view, which is an essential metric for LoWPAN networks, and a critical criterion of choice to adopt or not a solution, our model does not require a lot of calculation or data exchange between devices to establish security keys, it can be considered as an energy-economizer. Our model is based on symmetric cryptography that is recommended by experts in the field as an appropriate solution for LoWPAN. Our proposal for key management in our scheme has three key types to secure communication within this network: communication between the edge router, the remote

Our solution ensures confidentiality, authentication and authorization of communications in the network. All communications and data exchanged in the network are encrypted, the only information exchanged in plaintext is the seed generated by the remote server that represents only one element among others that are well secured to establish the key. Thus, any node unless those defined in the Remote server has permission to join the network, or has the possibility of establishing a security key. Also, no outsider device can communicate directly with a LoWPAN node, it must firstly pass by the remote server. And only authorized ones can communicate with network nodes, each one can receive only sensed data from its own sensors. We avoided any sharing of information that may present a risk to the network, the key generation is done in the node itself. Thus, we do not share in the network nodes IDs, so no intruder can take a legitimate device ID by a sniffing attack. The remote server is a powerful and well secured machine, it was given the role of monitoring the network basing on the database of legitimate network devices. VI.

C ONCLUSION

We presented a settlement security keys for symmetric cryptography in order to secure a 6LoWPAN-based Wireless Sensor Network in the context of the Internet of Things in the case where many organizations implement their sensor nodes in a shared environment. This model is based on the establishment of three security pairwise keys in order to secure communication between the remote server, edge router and network nodes. This model should ensure the confidentiality and nodes authentication as no intruder cannot get a false

identity or set the security key to integrate the network. The discussion and the analysis showed that this scheme meets the measures that must be taken into account for 6LoWPANWSN, such as energy conservation, and adaptation for network flexibility and scalability. We have not defined any symmetric cryptography algorithms or a specific application utilization to let the choice to the user according to his needs. As future work, this model should be tested using different symmetric cryptographic algorithms with heterogeneous nodes to verify its effectiveness, and to the well-suited for practical use and in a real environment.

R EFERENCES [1]

L. Atzori, A. Iera, and G. Morabito, The Internet of Things: A survey, Comput. Netw., vol. 54, no. 15, pp. 27872805, Oct. 2010.

[2]

K. Su, J. Li, and H. Fu, Smart city and the applications, in 2011 International Conference on Electronics, Communications and Control (ICECC), 2011, pp. 10281031.

[3]

J. A. Gutierrez, M. Naeve, E. Callaway, M. Bourgeois, V. Mitter, and B. Heile, IEEE 802.15.4: a developing standard for low-power low-cost wireless personal area networks, IEEE Netw., vol. 15, no. 5, pp. 1219, Sep. 2001.

[4]

C. P. P. Schumacher, N. Kushalnagar, and G. Montenegro, IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals. [Online]. Available: https://tools.ietf.org/html/rfc4919.

[5]

N. Kushalnagar, G. Montenegro, D. E. Culler, and J. W. Hui, Transmission of IPv6 Packets over IEEE 802.15.4 Networks. [Online]. Available: http://tools.ietf.org/html/rfc4944.

[6]

X. Li, Z. Xuan, and L. Wen, Research on the Architecture of Trusted Security System Based on the Internet of Things, in 2011 International Conference on Intelligent Computation Technology and Automation (ICICTA), 2011, vol. 2, pp. 11721175.

[7]

A. Rghioui, M. Bouhorma, and A. Benslimane, Analytical study of security aspects in 6LoWPAN networks, in 2013 5th International Conference on Information and Communication Technology for the Muslim World (ICT4M), 2013, pp. 15.

[8]

G. J. Pottie, Wireless sensor networks, in Information Theory Workshop, 1998, 1998, pp. 139140.

[9]

D. Kyriazis, T. Varvarigou, A. Rossi, D. White, and J. Cooper, Sustainable smart city IoT applications: Heat and electricity management amp; Eco-conscious cruise control for public transportation, in World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2013 IEEE 14th International Symposium and Workshops on a, 2013, pp. 15.

[10]

R. M. Hinden and S. E. Deering, IP Version 6 Addressing Architecture. [Online]. Available: https://tools.ietf.org/html/rfc4291.

[11]

T. Narten, S. Thomson, and T. Jinmei, IPv6 Stateless Address Autoconfiguration. [Online]. Available: http://tools.ietf.org/html/rfc4862.

[12]

S. Chakrabarti, Z. Shelby, and E. Nordmark, Neighbor Discovery Optimization for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs). [Online]. Available: http://tools.ietf.org/html/rfc6775.

[13]

T. Narten, W. A. Simpson, E. Nordmark, and H. Soliman, Neighbor Discovery for IP version 6 (IPv6). [Online]. Available: https://tools.ietf.org/html/rfc4861.

[14]

T. W. [email protected], RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks. [Online]. Available: http://tools.ietf.org/html/rfc6550.

[15]

S. Ullah, M. Mohaisen, and M. A. Alnuem, A Review of IEEE 802.15.6 MAC, PHY, and Security Specifications, Int. J. Distrib. Sens. Netw., vol. 2013, Apr. 2013.

[16]

X. Chen, K. Makki, K. Yen, and N. Pissinou, Sensor network security: a survey, IEEE Commun. Surv. Tutor., vol. 11, no. 2, pp. 5273, Second 2009.

[17]

Y. Wang, G. Attebury, and B. Ramamurthy, A Survey of Security Issues In Wireless Sensor Networks, CSE J. Artic., Jan. 2006.

[18]

P. Boyle and T. Newe, Security Protocols for Use with Wireless Sensor Networks: A Survey of Security Architectures, in Third International Conference on Wireless and Mobile Communications, 2007. ICWMC 07, 2007, pp. 5454.