IPv6 over Low PowerWireless Personal Area Network(6LoWPAN)provides IP connectivity to the highly constrained nodes in the Internet of Things(IoTs).6LoWPANallows nodeswith limited battery power and storage capacity to ...IPv6 over Low PowerWireless Personal Area Network(6LoWPAN)provides IP connectivity to the highly constrained nodes in the Internet of Things(IoTs).6LoWPANallows nodeswith limited battery power and storage capacity to carry IPv6 datagrams over the lossy and error-prone radio links offered by the IEEE 802.15.4 standard,thus acting as an adoption layer between the IPv6 protocol and IEEE 802.15.4 network.The data link layer of IEEE 802.15.4 in 6LoWPAN is based on AES(Advanced Encryption Standard),but the 6LoWPANstandard lacks and has omitted the security and privacy requirements at higher layers.The sensor nodes in 6LoWPANcan join the network without requiring the authentication procedure.Therefore,from security perspectives,6LoWPAN is vulnerable to many attacks such as replay attack,Man-in-the-Middle attack,Impersonation attack,and Modification attack.This paper proposes a secure and efficient cluster-based authentication scheme(CBAS)for highly constrained sensor nodes in 6LoWPAN.In this approach,sensor nodes are organized into a cluster and communicate with the central network through a dedicated sensor node.The main objective of CBAS is to provide efficient and authentic communication among the 6LoWPAN nodes.To ensure the low signaling overhead during the registration,authentication,and handover procedures,we also introduce lightweight and efficient registration,de-registration,initial authentication,and handover procedures,when a sensor node or group of sensor nodes join or leave a cluster.Our security analysis shows that the proposed CBAS approach protects against various security attacks,including Identity Confidentiality attack,Modification attack,Replay attack,Man-in-the-middle attack,and Impersonation attack.Our simulation experiments show that CBAS has reduced the registration delay by 11%,handoff authentication delay by 32%,and signaling cost by 37%compared to the SGMS(Secure GroupMobility Scheme)and LAMS(Light-Wight Authentication&Mobility Scheme).展开更多
基金The authors would like to acknowledge the support of the Deputy for Research and Innovation,Ministry of Education,Kingdom of Saudi Arabia for this research through a Grant(NU/IFC/INT/01/008)under the institutional Funding Committee at Najran University,Kingdom of Saudi Arabia.
文摘IPv6 over Low PowerWireless Personal Area Network(6LoWPAN)provides IP connectivity to the highly constrained nodes in the Internet of Things(IoTs).6LoWPANallows nodeswith limited battery power and storage capacity to carry IPv6 datagrams over the lossy and error-prone radio links offered by the IEEE 802.15.4 standard,thus acting as an adoption layer between the IPv6 protocol and IEEE 802.15.4 network.The data link layer of IEEE 802.15.4 in 6LoWPAN is based on AES(Advanced Encryption Standard),but the 6LoWPANstandard lacks and has omitted the security and privacy requirements at higher layers.The sensor nodes in 6LoWPANcan join the network without requiring the authentication procedure.Therefore,from security perspectives,6LoWPAN is vulnerable to many attacks such as replay attack,Man-in-the-Middle attack,Impersonation attack,and Modification attack.This paper proposes a secure and efficient cluster-based authentication scheme(CBAS)for highly constrained sensor nodes in 6LoWPAN.In this approach,sensor nodes are organized into a cluster and communicate with the central network through a dedicated sensor node.The main objective of CBAS is to provide efficient and authentic communication among the 6LoWPAN nodes.To ensure the low signaling overhead during the registration,authentication,and handover procedures,we also introduce lightweight and efficient registration,de-registration,initial authentication,and handover procedures,when a sensor node or group of sensor nodes join or leave a cluster.Our security analysis shows that the proposed CBAS approach protects against various security attacks,including Identity Confidentiality attack,Modification attack,Replay attack,Man-in-the-middle attack,and Impersonation attack.Our simulation experiments show that CBAS has reduced the registration delay by 11%,handoff authentication delay by 32%,and signaling cost by 37%compared to the SGMS(Secure GroupMobility Scheme)and LAMS(Light-Wight Authentication&Mobility Scheme).