Research Article
BibTex RIS Cite

USING ELLIPTIC CURVE CRYPTOGRAPHY FOR AUTHENTICATION AND KEY EXCHANGE IN CONSTRAINED INTERNET OF THINGS NETWORKS

Year 2024, Volume: 23 Issue: 45, 114 - 132, 26.06.2024
https://doi.org/10.55071/ticaretfbd.1439890

Abstract

It is anticipated that billions of objects will be interconnected with the rise of the Internet of Things, leading to the evolution of the Internet for the upcoming generation. Various applications have been created in different sectors such as health, logistics, industry, and military in recent years. The techniques created for IoT are still in a nascent stage and encounter numerous hurdles. The primary concern is the security issue. These devices are a significant target due to the numerous conveniences offered by the Internet of Things. These gadgets will maintain continuous communication with one other (M2M) and with people (M2H). It is crucial to ensure the safe transmission of key information about people and the environment throughout this communication. Today's security approaches cannot be integrated into Internet of Things networks because of constraints such as limited RAM, ROM ratio, low bandwidth, poor computing power, and low energy supply. The DTLS protocol, created by IETF, utilizes symmetric encryption and may not be suitable for Class-0 and Class-1 devices that require asymmetric encryption. This study examines the security measures in place and the data is securely exposed to the internet using Elliptic Curve Cryptography, then compared with other studies.

References

  • Aazam, M., St-Hilaire, M., Lung, C.-H., & Lambadaris, I. (2016). PRE-Fog: IoT trace based probabilistic resource estimation at Fog. 13th IEEE Annual Consumer Communications & Networking Conference (CCNC).
  • Aloul, F., Zualkernan, I., & Mahmoud, R. (2015). Internet of things (IoT) security: Current status, challenges and prospective measures. 10th International Conference for Internet Technology and Secured Transactions (ICITST), (336-341). Londra.
  • Bergmann, O. (2017). Eclipse tinydtls. Retrieved February 10, 2024 from Eclipse Foundation: https://projects.eclipse.org/projects/iot.tinydtls
  • Bormann, C., Ersue, M., & Keranen, A. (2014). Terminology for Constrained-Node Networks. Internet Engineering Task Force (IETF).
  • Bozkurt, Ö. (2005). Eliptik Eğri Şifreleme Kullanarak Güvenli Soket Katmanı Protokolünün Gerçeklemesi ve Performansının Değerlendirilmesi. [Yüksek Lisans Tezi]. İstanbul: Yıldız Teknik Üniversitesi Fen Bilimleri Enstitüsü, İstanbul.
  • Chavan, A., & Nighot, M. (2014). Secure CoAP Using Enhanced DTLS for Internet of Things. International Journal of Innovative Research in Computer and Communication Engineering. 78, 646-651.
  • Chen, X. (2014). Constrained Application Protocol for Internet of Things. Retrieved February 10, 2024 from https://www.cse.wustl.edu/~jain/cse574-14/ftp/coap.pdf
  • Franco, J. (2024). 20-CS-6053 - Network Security. Retrieved February 10, 2024 from University of Cincinnati Electrical Engineering & Computer Science: http://gauss.ececs.uc.edu/Courses/c6053/lectures/PDF/elliptic.pdf
  • Görmüş, S., Aydın, H., & Ulutaş, G. (2017). Nesnelerin interneti teknolojisi için güveenlik: var olan mekanizmalar, protokoller ve yaşanılan zorlukların araştırılması. Gazi Üniversitesi Mühendislik-Mimarlık Fakültesi Dergisi, 33(4), 1247-1272.
  • Huawei. (2023). Edge Networking. Retrieved February 10, 2024 from Huawei Community Forums: https://forum.huawei.com/enterprise/en/edge-networking/thread/690495115774279680-667213860102352896
  • Karataş, İ., & Bayraklı, S. (2020). Contiki İşletim Sisteminde Cooja Simulatörü Kullanılarak Örnek Bir Nesnelerin İnterneti Uygulaması. Avrupa Bilim ve Teknoloji Dergisi, 19, 763-769.
  • Li, S., & Xu, L. (2017). Securing the Internet of Things. Syngress.
  • Liu, A., & Ning, P. (2008). TinyECC: A configurable library for elliptic curve cryptography in wireless sensor networks. 7th International Conference on Information Processing in Sensor Networks (IPSN’08). Washington DC.
  • McCumber, J. (2004). Assessing and Managing Security Risk in IT Systems. Auerbach Publications.
  • Microsoft. (2021, 07 04). Chapter 3: Functional description of Azure RTOS NetX Secure DTLS. Retrieved February 10, 2024 from Microsoft Learn: https://learn.microsoft.com/en-us/azure/rtos/netx-duo/netx-secure-dtls/chapter3
  • Nakagawa, I., & Shimojo, S. (2017). IoT Agent Platform Mechanism with Transparent Cloud Computing Framework for Improving IoT Security. IEEE 41st Annual Computer Software and Applications Conference (COMPSAC).
  • Orhon, N. (2015, 06 17). Computer Engineering Department Seminar #60. Retrieved February 10, 2024 from Yaşar Üniversitesi Bilgisayar Mühendisliği Bölümü: https://ce.yasar.edu.tr/en/2015/06/neriman-gamze-orhon-elliptic-curve-cryptography-and-efficient-implementations-june-17th-2015-friday/
  • Raza, S., Shafagh, H., Hewage, K., Hummen, R., & Voigt, T. (2013). Lithe: Lightweight Secure CoAP for the Internet of Things. IEEE Sensors Journal, 3711-3720.
  • Rescorla, E., Tschofenig, H., & Modadugu, N. (2022). The Datagram Transport Layer Security (DTLS) Protocol Version 1.3. Internet Engineering Task Force (IETF).
  • Santos, G., Guimaraes, V., Rodrigues, G., Granville, L., & Tarouco, L. (2015). A DTLS-based Security Architecture for the Internet of Things. 20th IEEE Symposium on Computers and Communication (ISCC), 809-815.
  • Shelby, Z., Hartke, K., & Bormann, C. (2014). The Constrained Application Protocol (CoAP). Internet Engineering Task Force (IETF).
  • Stinson, D. (2005). Cryptography: Theory and Practice. Chapman and Hall/CRC.
  • Szczechowiak, P., Oliviera, L., Collier, M., & Dahab, R. (2008). NanoECC: Testing the Limits of Elliptic Curve Cryptography. Sensor Networks, 305-320.
  • Trappe, W., & Washington, L. (2005). Introduction to Cryptography with Coding Theory. Pearson.
  • Zhao, K., & Ge, L. (2013). A Survey on the Internet of Things Security. 9th International Conference on Computational Intelligence and Security, (663-667). Leshan.

KISITLI NESNELERİN İNTERNETİ AĞLARINDA ELİPTİK EĞRİ ŞİFRELEMENİN DOĞRULAMA VE ANAHTAR KARŞILAŞTIRMA AŞAMASINDA KULLANILMASI

Year 2024, Volume: 23 Issue: 45, 114 - 132, 26.06.2024
https://doi.org/10.55071/ticaretfbd.1439890

Abstract

Nesnelerin İnternetinin ortaya çıkmasıyla birlikte milyarlarca nesnenin birbirine bağlanacağı ve gelecek nesil için İnternetin evrimine yol açacağı öngörülmektedir. Son yıllarda sağlık, lojistik, endüstri ve askeri gibi farklı sektörlerde çeşitli uygulamalar oluşturulmuştur. IoT için oluşturulan teknikler henüz başlangıç aşamasındadır ve çok sayıda engelle karşılaşmaktadır. Bunların başında güvenlik sorunu gelmektedir. Nesnelerin İnterneti tarafından sunulan sayısız kolaylık nedeniyle bu cihazlar önemli bir hedeftir. Bu aygıtlar birbirleriyle (M2M) ve insanlarla (M2H) sürekli iletişim halinde olacaktır. Bu iletişim boyunca insanlar ve çevre hakkında önemli bilgilerin güvenli bir şekilde iletilmesini sağlamak çok önemlidir. Günümüzün güvenlik yaklaşımları, sınırlı RAM, ROM oranı, düşük bant genişliği, zayıf hesaplama gücü ve düşük enerji kaynağı gibi kısıtlamalar nedeniyle Nesnelerin İnterneti ağlarına entegre edilememektedir. IETF tarafından oluşturulan DTLS protokolü simetrik şifreleme kullanmaktadır ve asimetrik şifreleme gerektiren Sınıf-0 ve Sınıf-1 cihazlar için uygun olmayabilir. Bu çalışma, mevcut güvenlik önlemlerini incelemekte ve verilerin Eliptik Eğri Kriptografisi kullanılarak güvenli bir şekilde internete maruz kalmasını sağlamakta, ardından diğer çalışmalarla karşılaştırmaktadır.

References

  • Aazam, M., St-Hilaire, M., Lung, C.-H., & Lambadaris, I. (2016). PRE-Fog: IoT trace based probabilistic resource estimation at Fog. 13th IEEE Annual Consumer Communications & Networking Conference (CCNC).
  • Aloul, F., Zualkernan, I., & Mahmoud, R. (2015). Internet of things (IoT) security: Current status, challenges and prospective measures. 10th International Conference for Internet Technology and Secured Transactions (ICITST), (336-341). Londra.
  • Bergmann, O. (2017). Eclipse tinydtls. Retrieved February 10, 2024 from Eclipse Foundation: https://projects.eclipse.org/projects/iot.tinydtls
  • Bormann, C., Ersue, M., & Keranen, A. (2014). Terminology for Constrained-Node Networks. Internet Engineering Task Force (IETF).
  • Bozkurt, Ö. (2005). Eliptik Eğri Şifreleme Kullanarak Güvenli Soket Katmanı Protokolünün Gerçeklemesi ve Performansının Değerlendirilmesi. [Yüksek Lisans Tezi]. İstanbul: Yıldız Teknik Üniversitesi Fen Bilimleri Enstitüsü, İstanbul.
  • Chavan, A., & Nighot, M. (2014). Secure CoAP Using Enhanced DTLS for Internet of Things. International Journal of Innovative Research in Computer and Communication Engineering. 78, 646-651.
  • Chen, X. (2014). Constrained Application Protocol for Internet of Things. Retrieved February 10, 2024 from https://www.cse.wustl.edu/~jain/cse574-14/ftp/coap.pdf
  • Franco, J. (2024). 20-CS-6053 - Network Security. Retrieved February 10, 2024 from University of Cincinnati Electrical Engineering & Computer Science: http://gauss.ececs.uc.edu/Courses/c6053/lectures/PDF/elliptic.pdf
  • Görmüş, S., Aydın, H., & Ulutaş, G. (2017). Nesnelerin interneti teknolojisi için güveenlik: var olan mekanizmalar, protokoller ve yaşanılan zorlukların araştırılması. Gazi Üniversitesi Mühendislik-Mimarlık Fakültesi Dergisi, 33(4), 1247-1272.
  • Huawei. (2023). Edge Networking. Retrieved February 10, 2024 from Huawei Community Forums: https://forum.huawei.com/enterprise/en/edge-networking/thread/690495115774279680-667213860102352896
  • Karataş, İ., & Bayraklı, S. (2020). Contiki İşletim Sisteminde Cooja Simulatörü Kullanılarak Örnek Bir Nesnelerin İnterneti Uygulaması. Avrupa Bilim ve Teknoloji Dergisi, 19, 763-769.
  • Li, S., & Xu, L. (2017). Securing the Internet of Things. Syngress.
  • Liu, A., & Ning, P. (2008). TinyECC: A configurable library for elliptic curve cryptography in wireless sensor networks. 7th International Conference on Information Processing in Sensor Networks (IPSN’08). Washington DC.
  • McCumber, J. (2004). Assessing and Managing Security Risk in IT Systems. Auerbach Publications.
  • Microsoft. (2021, 07 04). Chapter 3: Functional description of Azure RTOS NetX Secure DTLS. Retrieved February 10, 2024 from Microsoft Learn: https://learn.microsoft.com/en-us/azure/rtos/netx-duo/netx-secure-dtls/chapter3
  • Nakagawa, I., & Shimojo, S. (2017). IoT Agent Platform Mechanism with Transparent Cloud Computing Framework for Improving IoT Security. IEEE 41st Annual Computer Software and Applications Conference (COMPSAC).
  • Orhon, N. (2015, 06 17). Computer Engineering Department Seminar #60. Retrieved February 10, 2024 from Yaşar Üniversitesi Bilgisayar Mühendisliği Bölümü: https://ce.yasar.edu.tr/en/2015/06/neriman-gamze-orhon-elliptic-curve-cryptography-and-efficient-implementations-june-17th-2015-friday/
  • Raza, S., Shafagh, H., Hewage, K., Hummen, R., & Voigt, T. (2013). Lithe: Lightweight Secure CoAP for the Internet of Things. IEEE Sensors Journal, 3711-3720.
  • Rescorla, E., Tschofenig, H., & Modadugu, N. (2022). The Datagram Transport Layer Security (DTLS) Protocol Version 1.3. Internet Engineering Task Force (IETF).
  • Santos, G., Guimaraes, V., Rodrigues, G., Granville, L., & Tarouco, L. (2015). A DTLS-based Security Architecture for the Internet of Things. 20th IEEE Symposium on Computers and Communication (ISCC), 809-815.
  • Shelby, Z., Hartke, K., & Bormann, C. (2014). The Constrained Application Protocol (CoAP). Internet Engineering Task Force (IETF).
  • Stinson, D. (2005). Cryptography: Theory and Practice. Chapman and Hall/CRC.
  • Szczechowiak, P., Oliviera, L., Collier, M., & Dahab, R. (2008). NanoECC: Testing the Limits of Elliptic Curve Cryptography. Sensor Networks, 305-320.
  • Trappe, W., & Washington, L. (2005). Introduction to Cryptography with Coding Theory. Pearson.
  • Zhao, K., & Ge, L. (2013). A Survey on the Internet of Things Security. 9th International Conference on Computational Intelligence and Security, (663-667). Leshan.
There are 25 citations in total.

Details

Primary Language English
Subjects Information Security and Cryptology
Journal Section Research Article
Authors

İbrahim Karataş 0000-0002-5558-3691

Selim Bayraklı 0000-0003-3115-6721

Early Pub Date June 6, 2024
Publication Date June 26, 2024
Submission Date February 19, 2024
Acceptance Date April 7, 2024
Published in Issue Year 2024 Volume: 23 Issue: 45

Cite

APA Karataş, İ., & Bayraklı, S. (2024). USING ELLIPTIC CURVE CRYPTOGRAPHY FOR AUTHENTICATION AND KEY EXCHANGE IN CONSTRAINED INTERNET OF THINGS NETWORKS. İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi, 23(45), 114-132. https://doi.org/10.55071/ticaretfbd.1439890
AMA Karataş İ, Bayraklı S. USING ELLIPTIC CURVE CRYPTOGRAPHY FOR AUTHENTICATION AND KEY EXCHANGE IN CONSTRAINED INTERNET OF THINGS NETWORKS. İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi. June 2024;23(45):114-132. doi:10.55071/ticaretfbd.1439890
Chicago Karataş, İbrahim, and Selim Bayraklı. “USING ELLIPTIC CURVE CRYPTOGRAPHY FOR AUTHENTICATION AND KEY EXCHANGE IN CONSTRAINED INTERNET OF THINGS NETWORKS”. İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi 23, no. 45 (June 2024): 114-32. https://doi.org/10.55071/ticaretfbd.1439890.
EndNote Karataş İ, Bayraklı S (June 1, 2024) USING ELLIPTIC CURVE CRYPTOGRAPHY FOR AUTHENTICATION AND KEY EXCHANGE IN CONSTRAINED INTERNET OF THINGS NETWORKS. İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi 23 45 114–132.
IEEE İ. Karataş and S. Bayraklı, “USING ELLIPTIC CURVE CRYPTOGRAPHY FOR AUTHENTICATION AND KEY EXCHANGE IN CONSTRAINED INTERNET OF THINGS NETWORKS”, İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi, vol. 23, no. 45, pp. 114–132, 2024, doi: 10.55071/ticaretfbd.1439890.
ISNAD Karataş, İbrahim - Bayraklı, Selim. “USING ELLIPTIC CURVE CRYPTOGRAPHY FOR AUTHENTICATION AND KEY EXCHANGE IN CONSTRAINED INTERNET OF THINGS NETWORKS”. İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi 23/45 (June 2024), 114-132. https://doi.org/10.55071/ticaretfbd.1439890.
JAMA Karataş İ, Bayraklı S. USING ELLIPTIC CURVE CRYPTOGRAPHY FOR AUTHENTICATION AND KEY EXCHANGE IN CONSTRAINED INTERNET OF THINGS NETWORKS. İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi. 2024;23:114–132.
MLA Karataş, İbrahim and Selim Bayraklı. “USING ELLIPTIC CURVE CRYPTOGRAPHY FOR AUTHENTICATION AND KEY EXCHANGE IN CONSTRAINED INTERNET OF THINGS NETWORKS”. İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi, vol. 23, no. 45, 2024, pp. 114-32, doi:10.55071/ticaretfbd.1439890.
Vancouver Karataş İ, Bayraklı S. USING ELLIPTIC CURVE CRYPTOGRAPHY FOR AUTHENTICATION AND KEY EXCHANGE IN CONSTRAINED INTERNET OF THINGS NETWORKS. İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi. 2024;23(45):114-32.