Corpus ID: 210859468

IoT Content Object Security with OSCORE and NDN: A First Experimental Comparison

  title={IoT Content Object Security with OSCORE and NDN: A First Experimental Comparison},
  author={Cenk G{\"u}ndogan and Christian Ams{\"u}ss and Thomas C. Schmidt and Matthias W{\"a}hlisch},
  journal={2020 IFIP Networking Conference (Networking)},
The emerging Internet of Things (IoT) challenges the end-to-end transport of the Internet by low power lossy links and gateways that perform protocol translations. Protocols such as CoAP or MQTT-SN are degraded by the overhead of DTLS sessions, which in common deployment protect content transfer only up to the gateway. To preserve content security end-to-end via gateways and proxies, the IETF recently developed Object Security for Constrained RESTful Environments (OSCORE), which extends CoAP… Expand
A Guideline on Pseudorandom Number Generation (PRNG) in the IoT
The generation of randomness from the perspective of an IoT operating system that needs to support general purpose or crypto-secure random numbers is revisited and a set of clear recommendations on how to build such a random subsystem and which generators to use are given. Expand
A Performance Study of Crypto-Hardware in the Low-end IoT
Comprehensive resource analysis for widely used cryptographic primitives across different off-the-shelf IoT platforms, and evaluations show that hardware-based crypto outperforms software by considerably over 100 %, which is crucial for nodal lifetime. Expand
Evaluating the performance of the OSCORE security protocol in constrained IoT environments
The evaluation results show that the OSCORE implementation displays moderately better performance than TinyDTLS, in terms of per-message network overhead, memory usage, message round-trip time and energy efficiency, thus providing the security improvements of OSCore with no additional performance penalty. Expand
Sense Your Power
ECO is a hardware-software co-design that adds autonomous energy management capabilities to a large class of low-end IoT devices and shows how it fills the gap of in situ power attribution transparently for consumers and how it improves over existing solutions. Expand
The Cost of OSCORE and EDHOC for Constrained Devices
This paper presents the design of four firmware libraries for object security for Constrained RESTful Environments (OSCORE and μEDHOC) and an evaluation of their implementations in terms of RAM/FLASH requirements and execution speed on a broad range of microcontrollers. Expand
The Impact of Networking Protocols on Massive M2M Communication in the Industrial IoT
This paper analyzes and compares the traditional Message Queuing Telemetry Transport for Sensor Networks (MQTT-SN) with the Constrained Application Protocol (CoAP) as a current IETF recommendation, and also with emerging Information-centric Networking (ICN) approaches, which are ready for deployment. Expand
Trust assessment in 32 KiB of RAM: multi-application trust-based task offloading for resource-constrained IoT nodes
This paper presents a trust model-based system architecture for computation offloading that provides confidentiality, authentication and non-repudiation of messages in required scenarios and will operate within the resource constraints of embedded IoT nodes. Expand
Long-Range IoT: Is LoRaWAN an option for ICN?
It is indicated that the current LoRaWAN MAC layer is impractical for an ICN request-response with caching, and ideas for a new MAC layer that harmonizes the long-range LoRa radios with ICN are presented. Expand
Securing IIoT using Defence-in-Depth: Towards an End-to-End secure Industry 4.0
An analysis of the most relevant security strategies in Industry 4.0 is presented, focusing primarily on Defence-in-Depth, and a combination of DiD, a lightweight E2E encryption algorithm called Attribute-Based-Encryption (ABE) and object security (i.e., OSCORE) is proposed to get a full E 2E security approach. Expand


A survey of information-centric networking
This work compares and discusses design choices and features of proposed ICN architectures, focusing on the following main components: named data objects, naming and security, API, routing and transport, and caching. Expand
Counter with CBC-MAC (CCM)
Counter with CBC-MAC (CCM) is a generic authenticated encryption block cipher mode. CCM is defined for use with 128-bit block ciphers, such as the Advanced Encryption Standard (AES).
Requirements for a Lightweight AKE for OSCORE
This document compiles the requirements for a lightweight authenticated key exchange protocol for OSCORE, and describes how this protocol should be implemented in the future. Expand
AES-CCM Cipher Suites for Transport Layer Security (TLS)
This memo describes the use of the Advanced Encryption Standard (AES) in the Counter with Cipher Block Chaining - Message Authentication Code (CBC-MAC) Mode (CCM) of operation within Transport LayerExpand
RIOT: An Open Source Operating System for Low-End Embedded Devices in the IoT
This paper provides the first comprehensive overview of RIOT, covering the key components of interest to potential developers and users: the kernel, hardware abstraction, and software modularity, both conceptually and in practice for various example configurations. Expand
RIOT OS: Towards an OS for the Internet of Things
RIOT OS is introduced, an OS that explicitly considers devices with minimal resources but eases development across a wide range of devices, and allows for standard C and C++ programming, provides multi-threading as well as real-time capabilities, and needs only a minimum of 1.5 kB of RAM. Expand
CoAP: Echo, Request-Tag, and Token Processing
This document specifies enhancements to the Constrained Application Protocol (CoAP) that mitigate security issues in particular use cases. The Echo option enables a CoAP server to verify theExpand
Comparison of CoAP Security Protocols
This document analyzes and compares the sizes of key exchange flights and the per-packet message size overheads when using different security protocols to secure CoAP. The analyzed security protocolsExpand
Group OSCORE - Secure Group Communication for CoAP
This document defines Group Object Security for Constrained RESTful Environments (Group OSCORE), providing end-to-end security of CoAP messages exchanged between members of a group, e.g. sent over IPExpand
Observe Notifications as CoAP Multicast Responses
This document defines how a CoAP server sends observe notifications as response messages over multicast, by synchronizing all the observers of a same resource on a same shared Token value. Expand