Abstract
End-to-end communications between Internet devices and Internet-integrated constrained wireless sensing platforms will provide an important contribution to the enabling of many of the envisioned IoT applications and, in this context, security must be addressed when employing communication technologies such as 6LoWPAN and CoAP. Considering the constraints typically found on sensing devices in terms of energy, memory, and computational capability, the integration of Wireless Sensor Networks (WSN) with the Internet using such technologies will open new threats and attacks that must be dealt with, particularly those originated at devices without the constraints of WSN sensors (e.g., Internet hosts). Existing encryption strategies for communications in IoT environments are unable to protect Internet-integrated WSN environments from Denial of Service (DoS) attacks, as well as from other forms of attacks at the network and application layers using CoAP. We may thus fairly consider that anomaly and intrusion detection will play a major role in the materialization of most of the envisioned IoT applications. In this article, we propose a framework to support intrusion detection and reaction in Internet-integrated CoAP WSN, and in the context of this framework we design and implement various approaches to support security against various classes of attacks. We have implemented and evaluated experimentally the proposed framework and mechanisms, considering various attack scenarios, and our approach was found to be viable, from the point of view of its impact on critical resources of sensing devices and of its efficiency in dealing with the considered attacks.
Highlights
As constrained wireless sensing and actuating devices are progressively integrated with the Internet communications infrastructure, the importance of detecting and dealing with attacks against its security and stability appears as a fundamental requirement. This integration is becoming a reality, thanks to a standardized communications stack being designed for the IoT [1], empowered by protocols such as the 6LoWPAN adaptation layer [2], RPL (IPv6 Routing Protocol for Low Power and Lossy Networks) [3], and the Constrained Application Protocol (CoAP) [4]
It is important to note that, despite the current focus on IEEE 802.15.4 as the low-energy link-layer communication technology supporting Internetintegrated Wireless Sensor Networks (WSN) environments, other technologies are being adopted by the 6LoWPAN adaptation layer, as is the case already with Bluetooth Low-Energy (BLE) [6]
As we focus on intrusion detection and prevention on CoAP IoT networks, security management messages are transported in the payload of CoAP confirmable messages, as such being inherently protected from packet losses [4]
Summary
As constrained wireless sensing and actuating devices are progressively integrated with the Internet communications infrastructure, the importance of detecting and dealing with attacks against its security and stability appears as a fundamental requirement. Other protocols could be considered at the application-layer, such as MQTT (Message Queuing Telemetry Transport) [5], but our focus in CoAP is motivated by its support of low-energy wireless local communication environments, machine-to-machine (M2M) communications between constrained sensors and actuators and other external Internet devices, and its direct compatibility with HTTP. We find this last property to be of particular importance, since it allows to leverage existing web applications.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
