Evaluating the performance of the OSCORE security protocol in constrained IoT environments
Gunnarsson, Martin LU ; Brorsson, Joakim LU
; Palombini, Francesca
; Seitz, Ludwig
and Tiloca, Marco
(2021)
In Internet of Things (Netherlands)
13.
- Abstract
The Constrained Application Protocol (CoAP) is a standard communication protocol for resource-constrained devices in the Internet of Things (IoT). Many IoT deployments require proxies to support asynchronous communication between edge devices and the back-end. This allows (non-trusted) proxies to access sensitive parts of CoAP messages. Object Security for Constrained RESTful Environments (OSCORE) is a recent standard protocol that provides end-to-end security for CoAP messages at the application layer. Unlike the commonly used standard Datagram Transport Layer Security (DTLS), OSCORE efficiently provides selective integrity protection and encryption on different parts of CoAP messages. Thus, OSCORE enables end-to-end security through... (More)
The Constrained Application Protocol (CoAP) is a standard communication protocol for resource-constrained devices in the Internet of Things (IoT). Many IoT deployments require proxies to support asynchronous communication between edge devices and the back-end. This allows (non-trusted) proxies to access sensitive parts of CoAP messages. Object Security for Constrained RESTful Environments (OSCORE) is a recent standard protocol that provides end-to-end security for CoAP messages at the application layer. Unlike the commonly used standard Datagram Transport Layer Security (DTLS), OSCORE efficiently provides selective integrity protection and encryption on different parts of CoAP messages. Thus, OSCORE enables end-to-end security through intermediary (non-trusted) proxies, while still allowing them to perform their expected services, with considerable security and privacy improvements. To assess whether these security features consume too much of the limited resources available on a constrained device, we have implemented OSCORE (the implementation is available as open-source), and evaluated its efficiency. This paper provides a comprehensive, comparative and experimental performance evaluation of OSCORE on real resource-constrained IoT devices, using the operating system Contiki-NG as IoT software platform. In particular, we experimentally evaluated the efficiency of our OSCORE implementation on resource-constrained devices running Contiki-NG, in comparison with the DTLS implementation TinyDTLS maintained by the Eclipse Foundation. The evaluation results show that our OSCORE implementation displays moderately better performance than TinyDTLS, in terms of per-message network overhead, memory usage, message round-trip time and energy efficiency, thus providing the security improvements of OSCORE with no additional performance penalty.
(Less)
- author
- Gunnarsson, Martin
LU
; Brorsson, Joakim
LU
; Palombini, Francesca
; Seitz, Ludwig
and Tiloca, Marco
- organization
- publishing date
- 2021
- type
- Contribution to journal
- publication status
- published
- subject
- keywords
- CoAP, Constrained devices, End-to-end security, Internet of things, OSCORE, Security
- in
- Internet of Things (Netherlands)
- volume
- 13
- article number
- 100333
- publisher
- Elsevier
- external identifiers
-
- scopus:85104978440
- ISSN
- 2542-6605
- DOI
- 10.1016/j.iot.2020.100333
- language
- English
- LU publication?
- yes
- id
- c5fa685b-3969-4321-a602-bc58f179ae5d
- date added to LUP
- 2021-12-23 11:36:20
- date last changed
- 2022-04-27 06:55:13
@article{c5fa685b-3969-4321-a602-bc58f179ae5d,
abstract = {{<p>The Constrained Application Protocol (CoAP) is a standard communication protocol for resource-constrained devices in the Internet of Things (IoT). Many IoT deployments require proxies to support asynchronous communication between edge devices and the back-end. This allows (non-trusted) proxies to access sensitive parts of CoAP messages. Object Security for Constrained RESTful Environments (OSCORE) is a recent standard protocol that provides end-to-end security for CoAP messages at the application layer. Unlike the commonly used standard Datagram Transport Layer Security (DTLS), OSCORE efficiently provides selective integrity protection and encryption on different parts of CoAP messages. Thus, OSCORE enables end-to-end security through intermediary (non-trusted) proxies, while still allowing them to perform their expected services, with considerable security and privacy improvements. To assess whether these security features consume too much of the limited resources available on a constrained device, we have implemented OSCORE (the implementation is available as open-source), and evaluated its efficiency. This paper provides a comprehensive, comparative and experimental performance evaluation of OSCORE on real resource-constrained IoT devices, using the operating system Contiki-NG as IoT software platform. In particular, we experimentally evaluated the efficiency of our OSCORE implementation on resource-constrained devices running Contiki-NG, in comparison with the DTLS implementation TinyDTLS maintained by the Eclipse Foundation. The evaluation results show that our OSCORE implementation displays moderately better performance than TinyDTLS, in terms of per-message network overhead, memory usage, message round-trip time and energy efficiency, thus providing the security improvements of OSCORE with no additional performance penalty.</p>}},
author = {{Gunnarsson, Martin and Brorsson, Joakim and Palombini, Francesca and Seitz, Ludwig and Tiloca, Marco}},
issn = {{2542-6605}},
keywords = {{CoAP; Constrained devices; End-to-end security; Internet of things; OSCORE; Security}},
language = {{eng}},
publisher = {{Elsevier}},
series = {{Internet of Things (Netherlands)}},
title = {{Evaluating the performance of the OSCORE security protocol in constrained IoT environments}},
url = {{http://dx.doi.org/10.1016/j.iot.2020.100333}},
doi = {{10.1016/j.iot.2020.100333}},
volume = {{13}},
year = {{2021}},
}