Securing communication in 6LoWPAN with compressed IPsec

• Published in: 2011 International Conference on Distributed Computing in Sensor Systems and Workshops (DCOSS) pp. 1 - 8
• Main Authors: Raza, S., Duquennoy, S., Chung, T., Yazar, D., Voigt, T., Roedig, U.
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.06.2011
• Subjects: Authentication; Cryptography; Encoding; Internet; IP networks; Wireless sensor networks
• ISBN: 9781457705120; 1457705125
• ISSN: 2325-2936
• DOI: 10.1109/DCOSS.2011.5982177

Real-world deployments of wireless sensor networks (WSNs) require secure communication. It is important that a receiver is able to verify that sensor data was generated by trusted nodes. It may also be necessary to encrypt sensor data in transit. Recently, WSNs and traditional IP networks are more tightly integrated using IPv6 and 6LoWPAN. Available IPv6 protocol stacks can use IPsec to secure data exchange. Thus, it is desirable to extend 6LoWPAN such that IPsec communication with IPv6 nodes is possible. It is beneficial to use IPsec because the existing end-points on the Internet do not need to be modified to communicate securely with the WSN. Moreover, using IPsec, true end-to-end security is implemented and the need for a trustworthy gateway is removed. In this paper we provide End-to-End (E2E) secure communication between IP enabled sensor networks and the traditional Internet. This is the first compressed lightweight design, implementation, and evaluation of 6LoWPAN extension for IPsec. Our extension supports both IPsec's Authentication Header (AH) and Encapsulation Security Payload (ESP). Thus, communication endpoints are able to authenticate, encrypt and check the integrity of messages using standardized and established IPv6 mechanisms.