An Overview of Security in CoAP: Attack and Analysis

113

The Internet of Medical Things (IoMT) couples IoT technologies with healthcare services in order to support real-time, remote patient monitoring and treatment. However, the interconnectivity of critical medical devices with other systems in various network layers creates new opportunities for remote adversaries. Since most of the communication protocols have not been specifically designed for the needs of connected medical devices, there is a need to classify the available IoT communication technologies in terms of security. In this paper we classify IoT communication protocols, with respect to their application in IoMT. Then we describe the main characteristics of IoT communication protocols used at the perception, network and application layer of medical devices. We examine the inherent security characteristics and limitations of IoMT-specific communication protocols. Based on realistic attacks we identify available mitigation controls that may be applied to secure IoMT communications, as well as existing research and implementation gaps.

Section: Coapmentioning

confidence: 99%

Section: Security In Iomt Communication Protocolsmentioning

confidence: 99%

Security in IoMT Communications: A Survey

Koutras

Stergiopoulos

Dasaklis

et al. 2020

113

“…The Constrained Application Protocol (CoAP) protocol is designed with resourceconstrained sensors for the IoT application layer [7]. A Datagram TLS (DTLS) is recommended to make the CoAP secure [8]. The DTLS offers authentication, key exchange, and protection of communication between legal entities.…”

Section: Introductionmentioning

confidence: 99%

“…The DTLS/CoAP has to exchange six flight handshake messages between sensors. It fragments the packets into the 127-byte, but it leads to data loss and delays in communication [8,9]. The small packet size increases the number of packets, leading to network traffic due to frequent handshaking and packet loss.…”

Section: Introductionmentioning

confidence: 99%

Lightweight Payload Encryption-Based Authentication Scheme for Advanced Metering Infrastructure Sensor Networks

Abosata

Al‐Rubaye

Tsourdos

2022

The Internet of Things (IoT) connects billions of sensors to share and collect data at any time and place. The Advanced Metering Infrastructure (AMI) is one of the most important IoT applications. IoT supports AMI to collect data from smart sensors, analyse and measure abnormalities in the energy consumption pattern of sensors. However, two-way communication in distributed sensors is sensitive and tends towards security and privacy issues. Before deploying distributed sensors, data confidentiality and privacy and message authentication for sensor devices and control messages are the major security requirements. Several authentications and encryption protocols have been developed to provide confidentiality and integrity. However, many sensors in distributed systems, resource constraint smart sensors, and adaptability of IoT communication protocols in sensors necessitate designing an efficient and lightweight security authentication scheme. This paper proposes a Payload Encryption-based Optimisation Scheme for lightweight authentication (PEOS) on distributed sensors. The PEOS integrates and optimises important features of Datagram Transport Layer Security (DTLS) in Constrained Application Protocol (CoAP) architecture instead of implementing the DTLS in a separate channel. The proposed work designs a payload encryption scheme and an Optimised Advanced Encryption Standard (OP-AES). The PEOS modifies the DTLS handshaking and retransmission processes in PEOS using payload encryption and NACK messages, respectively. It also removes the duplicate features of the protocol version and sequence number without impacting the performance of CoAP. Moreover, the PEOS attempts to improve the CoAP over distributed sensors in the aspect of optimised AES operations, such as parallel execution of S-boxes in SubBytes and delayed Mixcolumns. The efficiency of PEOS authentication is evaluated on Conitki OS using the Cooja simulator for lightweight security and authentication. The proposed scheme attains better throughput while minimising the message size overhead by 9% and 23% than the existing payload-based mutual authentication PbMA and basic DTLS/CoAP scheme in random network topologies with less than 50 nodes.

“…It is a customized and compressed version of HTTP (hypertext transfer protocol). However, CoAP is susceptible to many types of attacks as studied in [7], including but not limited to parsing attacks (where a remote node can be crashed by executing arbitrary code), amplification attacks (an attacker can use end devices to convert small packets into larger packets), and spoofing attacks. This shows how IoT protocols still have many vulnerabilities, and it is becoming increasingly important to protect them against attacks.…”

Section: Introductionmentioning

confidence: 99%

PRISEC: Comparison of Symmetric Key Algorithms for IoT Devices

Saraiva

Leithardt

Paula

et al. 2019

With the growing number of heterogeneous resource-constrained devices connected to the Internet, it becomes increasingly challenging to secure the privacy and protection of data. Strong but efficient cryptography solutions must be employed to deal with this problem, along with methods to standardize secure communications between these devices. The PRISEC module of the UbiPri middleware has this goal. In this work, we present the performance of the AES (Advanced Encryption Standard), RC6 (Rivest Cipher 6), Twofish, SPECK128, LEA, and ChaCha20-Poly1305 algorithms in Internet of Things (IoT) devices, measuring their execution times, throughput, and power consumption, with the main goal of determining which symmetric key ciphers are best to be applied in PRISEC. We verify that ChaCha20-Poly1305 is a very good option for resource constrained devices, along with the lightweight block ciphers SPECK128 and LEA.