The doctoral dissertations of the former Helsinki University of Technology (TKK) and Aalto University Schools of Technology (CHEM, ELEC, ENG, SCI) published in electronic format are available in the electronic publications archive of Aalto University - Aaltodoc.
|
|
|
Evaluating IP Security on Lightweight Hardware
Andrey Khurri
Doctoral dissertation for the degree of Doctor of Science in Technology to be presented with due permission of the Faculty of Information and Natural Sciences for public examination and debate in Auditorium T2 at the Aalto University School of Science (Espoo, Finland) on the 24th of January 2011 at 12 noon.
Dissertation in PDF format (ISBN 978-952-60-4005-9) [1566 KB]
Dissertation is also available in print (ISBN 978-952-60-4004-2)
Abstract
TCP/IP communications stack is being increasingly used to interconnect mobile phones, PDAs, sensor motes and other wireless embedded devices. Although the core functionality of communications protocols has been successfully adopted to lightweight hardware from the traditional Internet and desktop computers, suitability of strong security mechanisms on such devices remains questionable. Insufficient processor, memory and battery resources, as well as constraints of wireless communications limit the applicability of many existing security protocols that involve computationally intensive operations. Varying capabilities of devices and application scenarios with different security and operational requirements complicate the situation further and call for agile and flexible security systems.
This study does an empirical evaluation of applicability of selected existing IP security mechanisms to lightweight (resource-constrained) devices. In particular, we evaluate various components of the Host Identity Protocol (HIP), standardized by the Internet Engineering Task Force for achieving authentication, shared key negotiation, secure mobility and multihoming and, if used with IPsec, integrity and confidentiality of user data. Involving a set of cryptographic operations, HIP might easily stress a lightweight client, while affecting performance of applications running on it and shortening battery lifetime of the device.
We present a background and related work on network-layer security, as well as a set of measurement results of various security components obtained on devices representing lightweight hardware: embedded Linux PDAs, Symbian-based smartphones, OpenWrt Wi-Fi access routers and wireless sensor platforms. To improve computational and energy efficiency of HIP, we evaluate several lightweight mechanisms that can substitute standard protocol components and provide a good trade-off between security and performance in particular application scenarios. We describe cases where existing HIP security mechanisms (i) can be used unmodified and (ii) should be tailored or replaced to suit resource-constrained environments. The combination of presented security components and empirical results on their applicability can serve as a reference framework for building adaptable and flexible security services for future lightweight communication systems.
Keywords: Host Identity Protocol, IP security, cryptography, performance, resource-constrained devices, mobile Internet
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
© 2011 Aalto University
Last update 2011-05-26