Bootstrapping Secure Sensor Networks in the Internet of Things

Abstract: The Internet of Things has become an integral part of modern society and continues to grow and evolve. The devices are expected to operate in various conditions and environments while securely transmitting sensor data and keeping low manufacturing costs. Security for the Internet of Things is still in its infancy and a serious concern. Although there are several schemes and protocols for securing communication over insecure channels, they are deemed too costly to perform on these constrained devices. As a result, substantial effort has been committed to developing secure protocols and adapting existing ones to be more lightweight. What remains seemingly absent in protocol specifications and key management schemes, however, is how to bootstrap and secure the initial communication. While it is possible to use pre-shared keys, such solutions are problematic with security and administrative overhead in mind. When the sensor networks grow in scale, with an increasing number of devices, this becomes especially problematic as autonomous deployment becomes necessary. By reviewing proposed bootstrapping techniques and evaluating suitable candidates, this work aims to provide an overview of approaches, their trade-offs and feasibility. Results of the study show that advancements in high-speed, lightweight and elliptic curve implementations have made public-key cryptography a viable option even on the very constrained platform, with session keys established within the minute. When analysing the node’s capability to generate randomness, a cornerstone of cryptographic security, initial findings indicate that it is not well equipped for the task. Consequently, sources of entropy must be evaluated thoroughly in resource-constrained devices before use and dedicated hardware for randomness might be necessary for the most constrained nodes if any security is to be guaranteed.