Secure and lightweight communication in heterogeneous IoT environments

Abstract

The Internet of Things (IoT) is a fast growing and rapidly evolving field. Everyday objects from smart home appliances (e.g. toasters and refrigerators) to health monitoring products (e.g. pacemakers and blood pressure monitors), to minuscule sensors and actuators, are being redesigned to be able to transfer data over a network. The connection of billions of these new objects to the Internet will cause a dramatic increase in the amount of shared data, which will simultaneously introduce a plethora of security risks. Understanding how to secure the data being sent over IoT links is necessary for the IoT paradigm to succeed. A popular data transfer protocol connecting IoT devices is the Constrained Application Protocol (CoAP). We used an open-source implementation of CoAP along with Datagram Transport Layer Security (DTLS) to implement secure data transfer between IoT devices. We studied the impact of DTLS on CoAP in the real IoT testbed we have developed using resource-constrained IoT devices and open-source software. Our tests showed that utilizing a CoAP-DTLS implementation with a symmetric key cipher suite resulted in noticeable performance costs. A secure connection with DTLS over CoAP used approximately 10% more energy than an unsecure connection. In addition, our latency tests revealed over a 100% increase in average latency time for secure messages compared to when no encryption is used. We also highlight some of the implementation challenges encountered while developing a real IoT testbed for secure experimentation.