Journal article published in IEEE TNSM
Our paper "Content Object Security in the Internet of Things: Challenges, Prospects, and Emerging Solutions" has been published in IEEE Transactions on Network and Service Management.
News from Mar 12, 2022
- Cenk Gündogan, Christian Amsüss, Thomas C. Schmidt, Matthias Wählisch,
Content Object Security in the Internet of Things: Challenges, Prospects, and Emerging Solutions,
IEEE Transactions on Network and Service Management, Vol. 19, No. 1, pp. 538--553, IEEE, March 2022.
HTML PDF Code BibTeX Abstract
Abstract: Content objects are confined data elements that carry meaningful information. Massive amounts of content objects are published and exchanged every day on the Internet. The emerging Internet of Things (IoT) augments the network edge with reading sensors and controlling actuators that comprise machine-to-machine communication using small data objects. IoT content objects are often messages that fit into single IPv6 datagram. These IoT messages frequently traverse protocol translators at gateways, which break end-to-end transport and security of Internet protocols. To preserve content security from end to end via gateways and proxies, the IETF recently developed Object Security for Constrained RESTful Environments (OSCORE), which extends the Constrained Application Protocol (CoAP) with content object security features commonly known from Information Centric Networking (ICN). This paper revisits the current IoT protocol architectures and presents a comparative analysis of protocol stacks that protect request-response transactions. We discuss features and limitations of the different protocols and analyze emerging functional extensions. We measure the protocol performances of CoAP over Datagram Transport Layer Security (DTLS), OSCORE, and the information-centric Named Data Networking (NDN) protocol on a large-scale IoT testbed in single- and multi-hop scenarios. Our findings indicate that (a) OSCORE improves on CoAP over DTLS in error-prone wireless regimes due to omitting the overhead of maintaining security sessions at endpoints, (b) NDN attains superior robustness and reliability due to its intrinsic network caches and hop-wise retransmissions, and (c) OSCORE/CoAP offers room for improvement and optimization in multiple directions.