Evaluating IP security on lightweight hardware

Thumbnail Image

Files

isbn9789526040059.pdf (1.49 MB)

URL

Journal Title

Journal ISSN

Volume Title

Perustieteiden korkeakoulu | Doctoral thesis (monograph)
Checking the digitized thesis and permission for publishing
Instructions for the author
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.

Authors

Date

2011

Department

Tietotekniikan laitos
Department of Computer Science and Engineering

Major/Subject

Mcode

Degree programme

Language

en

Pages

Verkkokirja (1566 KB, 150 s.)

Series

Aalto University publication series DOCTORAL DISSERTATIONS , 2/2011

Abstract

TCP/IP communications stack is being increasingly used to interconnect mobile phones, PDAs, sensor motes and other wireless embedded devices. Although the core functionality of communications protocols has been successfully adopted to lightweight hardware from the traditional Internet and desktop computers, suitability of strong security mechanisms on such devices remains questionable. Insufficient processor, memory and battery resources, as well as constraints of wireless communications limit the applicability of many existing security protocols that involve computationally intensive operations. Varying capabilities of devices and application scenarios with different security and operational requirements complicate the situation further and call for agile and flexible security systems. This study does an empirical evaluation of applicability of selected existing IP security mechanisms to lightweight (resource-constrained) devices. In particular, we evaluate various components of the Host Identity Protocol (HIP), standardized by the Internet Engineering Task Force for achieving authentication, shared key negotiation, secure mobility and multihoming and, if used with IPsec, integrity and confidentiality of user data. Involving a set of cryptographic operations, HIP might easily stress a lightweight client, while affecting performance of applications running on it and shortening battery lifetime of the device. We present a background and related work on network-layer security, as well as a set of measurement results of various security components obtained on devices representing lightweight hardware: embedded Linux PDAs, Symbian-based smartphones, OpenWrt Wi-Fi access routers and wireless sensor platforms. To improve computational and energy efficiency of HIP, we evaluate several lightweight mechanisms that can substitute standard protocol components and provide a good trade-off between security and performance in particular application scenarios. We describe cases where existing HIP security mechanisms (i) can be used unmodified and (ii) should be tailored or replaced to suit resource-constrained environments. The combination of presented security components and empirical results on their applicability can serve as a reference framework for building adaptable and flexible security services for future lightweight communication systems.

Description

Supervising professor

Ylä-Jääski, Antti

Thesis advisor

Gurtov, Andrei

Keywords

Host Identity Protocol, IP security, cryptography, performance, resource-constrained devices, mobile Internet

Other note

Citation

Permanent link to this item

https://urn.fi/URN:ISBN:978-952-60-4005-9

Collections

[diss] Perustieteiden korkeakoulu / SCI