Securing LwM2M with Mbed TLS in Contiki-NG

Abstract: As the Internet of Things (IoT) becomes increasingly integrated into our personal lives and industries, security concerns and attacks on these devices are growing. This concern is one of the major bottlenecks for adopting IoT, as these devices can often collect sensitive information. Hence, security is an important topic among researchers and developers of IoT.    The challenge in IoT security is different from that of traditional Internet security. IoT devices are often resource-constrained embedded devices with low memory, CPU, and limited energy availability. The TLS and DTLS protocols are used in the traditional Internet to secure communicating applications. They provide authentication, data integrity, and privacy by providing a mechanism to negotiate cryptographic parameters and encrypt/decrypt data between the two communicating parties. These protocols have been securing our Internet for a long time, backed by years of research and standardization work. The integration of TLS and DTLS with IoT poses fresh challenges due to the resourceconstrained nature of IoT devices. Nevertheless, thanks to the work of several researchers, various recommendations make it possible to run these protocols. In recent years, DTLS has become an increasingly popular choice of security for IoT. Hence, IoT products and services must support DTLS to ensure their relevance and long-term usage.    The Contiki-NG is an open-source operating system for resource-constrained IoT devices that focuses on reliable internet communication using standardsbased protocols for IoT. However, the public version of Contiki-NG lacks complete DTLS support. Specifically, it lacks support for certificate-based authentication. Moreover, the implementation is based on an older version of the Tiny DTLS library. In this thesis, we integrate DTLS using the Mbed TLS library into the protocol stack of Contiki-NG. Mbed TLS is a popular TLS and DTLS library with wide community support and is actively maintained at the time of this writing.    This thesis builds upon the thesis of Kalnins, R. A., and Kalnins, K. K., Enhanced DTLS Support for the Contiki-NG OS, which does a partial port of Mbed TLS into Contiki-NG to make DTLS work as a standalone program. This thesis extends and completes their work by integrating DTLS into the protocol stack of Contiki-NG, thereby providing a complete security solution for IoT applications communicating over the Internet. This work extensively evaluates the DTLS  implementation with a popular device management application protocol: LwM2M.    Index Terms — Resource-constrained IoT, IoT security, DTLS, Mbed TLS, Contiki-NG, LwM2M.