Innovative TLS/DTLS security modules for IoT applications: Concepts and experiments

Abstract

The Internet of Things is a new technological step in the anytime, everywhere, anything IP connectivity context. Things (sensors, wearable objects, connected cars…) are equipped with computers and various communication resources. IoT devices deal with Wireless Local Area Network, Wireless Personal Area Network, Near Field Communication, or new operated radio networks with low throughput such as SIGFOX or LoRA. In this context security and trust are very critical topics, both for users and service providers. In this paper we present new and innovative security modules based on ISO7816 chips, which have been recently introduced by an IETF draft. These low cost, low power, tamper resistant devices, run TLS and DTLS stacks. DTLS is the datagram adaptation of the well known TLS protocol, which is de facto standard for the internet security. It is the security layer of the Constrained Application Protocol (CoAP) targeting sensors networks in a context of smart energy and building automation. We shortly recall TLS and DTLS features, and introduce the flights concept. We present the TLS/DTLS security module interface, which is based on previous work dealing with the EAP-TLS protocol, widely used for authentication in wireless networks and VPNs. We describe our prototype platform based on a java framework that implement a software bridge with the TLS/DTLS security module and which is compatible with the popular Raspberry Pi board. Finally we detail the experimental performances, compatible with the constraints of IoT, observed for an implementation running in a javacard.