Resource-conscious network security for the IP-based internet of things

With the proliferation of the Internet of Things (IoT), objects from the physical world increasingly become interconnected, e. g., in home automation and smart city scenarios. Many of these scenarios are expected to employ IP-enabled embedded devices. Such devices then are exposed to the same types of network attacks as conventional Internet hosts and services. Hence, effective network security solutions are a crucial requirement for the IP-based IoT. Standard end-to-end security protocols such as TLS have the potential to provide an important building block for these network security solutions. The device and network constraints in the embedded domain as well as the resource asymmetry in the IoT, however, challenge the design of existing end-to-end security protocols. In this thesis, we address emerging protocol design challenges for end-to-end IP security in the context of resource-constrained embedded devices. In this, we analyze and adapt the computation, transmission, and memory requirements of the DTLS, HIP DEX, and Minimal IKEv2 protocol adaptations for the IoT. Moreover, we identify and resolve fragmentation vulnerabilities at the 6LoWPAN adaptation layer that enable an adversary to prevent the establishment of secure end-to-end connections. Overall, the presented solutions complement each other effectively and, combined, achieve significant security and efficiency improvements for end-to-end security in the IP-based IoT.