DTLShps: SDN-Based DTLS Handshake Protocol Simplification for IoT

摘要

Datagram transport layer security (DTLS) protocol is widely used in Internet of Things (IoT) for providing security services. The computational overhead makes it hard to implement DTLS on resource-constrained IoT devices. The two significant costly computations in the DTLS handshake are the Diffie-Hellman (DH) key exchange and the certificate verification. A simplified handshake protocol of DTLS (DTLShps) is proposed to reduce the computational overhead of the IoT devices for a general scenario of end-to-end communications based on software-defined networking (SDN). First, a controller is utilized to generate a symmetric key dynamically, then encrypt and distribute this key to two communicating IoT devices. Second, the certificate verification is shifted from the IoT device to the more powerful controller. Third, the controller replaces the DTLS server to make a cookie exchange with the DTLS client. Furthermore, the BAN logic and the tool Scyther are used to validate the security of our scheme. The performance evaluation shows that not only the computational overhead and the energy consumption in the IoT devices are effectively decreased but also the overall duration of the whole handshake is reduced.