A Security Approach for CoAP-based Internet of Things Resource Discovery

The growth of the Internet of Thing (IoT) results in an expanded attack that requires end-to-end security techniques. IoT applications involve in a business-oriented such as insurance and banking, and mission-critical crisis such as e-health and intelligent transportation systems. One of the most protocols commonly used for resource discovery in IoT is the Constrained Application Protocol (CoAP) protocol which fits the constrained devices. There is a need for security support in CoAP for the IoT environment. This paper presents a security approach using TACACS+ to strengthen the security of CoAP. The proposed security mechanism separately supports access control, authentication, and accounting. It has been implemented using a mobile phone and a Raspberry Pi. The mobile phone is used as a client, and the Raspberry Pi is used as a server. The implementation composes of a TI SensorTag and a WeMo switch that are used as resources. This paper, also, presents performance indexes of the security technique in terms of CPU usage, time computation, latency, energy consumption, and traffic exchange between a client and a server. The experimental results show the proposed method is compatible with IoT devices.