Internet of Things: An End-to-End Security Layer

A case is made in this paper for a single end-to-end Application Security Layer (ASL). The ASL caters for reliable and confidential communications within a constrained Internet of Things (IoT) environment. To provide a secure key exchange and to setup a secure data connection, the TLS protocol is used. This paper studies the use of TLS over JSON via a CoAP RESTful service. This method provides a way for end-to-end communication flexibility and potentially retain identity information for repudiation. A proof of concept has been developed to prove the hypothesis. The prototype simulates an IoT software client with the capability of hosting a CoAP RESTful service. To prove reputability and integrity of TLS JSON messages, JSON messages were intercepted and verified against a simulated MITM attack. The experimental results confirm that TLS over JSON is possible. Using TLS over CoAP forced larger TLS packets to be split into multiple sections. This provided an unexpected security benefit, as each TLS record larger than 1024 bytes is fractured, and reassembled only at the receiving end-point. The encrypted data is thus scattered and could take different routes to reach the intended recipient.