TY  - GEN
A1  - Bock, Benedikt
A1  - Matysik, Jan-Tobias
A1  - Krentz, Konrad-Felix
A1  - Meinel, Christoph
T1  - Link Layer Key Revocation and Rekeying for the Adaptive Key Establishment Scheme
T2  - 2019 IEEE 5TH World Forum on internet of things (WF-IOT)
N2  - While the IEEE 802.15.4 radio standard has many features that meet the requirements of Internet of things applications, IEEE 802.15.4 leaves the whole issue of key management unstandardized. To address this gap, Krentz et al. proposed the Adaptive Key Establishment Scheme (AKES), which establishes session keys for use in IEEE 802.15.4 security. Yet, AKES does not cover all aspects of key management. In particular, AKES comprises no means for key revocation and rekeying. Moreover, existing protocols for key revocation and rekeying seem limited in various ways. In this paper, we hence propose a key revocation and rekeying protocol, which is designed to overcome various limitations of current protocols for key revocation and rekeying. For example, our protocol seems unique in that it routes around IEEE 802.15.4 nodes whose keys are being revoked. We successfully implemented and evaluated our protocol using the Contiki-NG operating system and aiocoap.
KW  - IEEE 802.15.4
KW  - key management
KW  - key establishment
KW  - key revocation
KW  - rekeying
KW  - link layer security
KW  - MAC security
Y1  - 2019
SN  - 978-1-5386-4980-0
U6  - https://doi.org/10.1109/WF-IoT.2019.8767211
SP  - 374
EP  - 379
PB  - IEEE
CY  - New York
ER  - 
TY  - JOUR
A1  - Krentz, Konrad-Felix
A1  - Meinel, Christoph
T1  - Denial-of-sleep defenses for IEEE 802.15.4 coordinated sampled listening (CSL)
JF  - Computer Networks
N2  - Coordinated sampled listening (CSL) is a standardized medium access control protocol for IEEE 80215.4 networks. Unfortunately, CSL comes without any protection against so-called denial-of-sleep attacks. Such attacks deprive energy-constrained devices of entering low-power sleep modes, thereby draining their charge. Repercussions of denial-of-sleep attacks include long outages, violated quality-of-service guarantees, and reduced customer satisfaction. However, while CSL has no built-in denial-of-sleep defenses, there already exist denial-of-sleep defenses for a predecessor of CSL, namely ContikiMAC. In this paper, we make two main contributions. First, motivated by the fact that CSL has many advantages over ContikiMAC, we tailor the existing denial-of-sleep defenses for ContikiMAC to CSL. Second, we propose several security enhancements to these existing denial-of-sleep defenses. In effect, our denial-of-sleep defenses for CSL mitigate denial-of-sleep attacks significantly better, as well as protect against a larger range of denial-of-sleep attacks than the existing denial-of-sleep defenses for ContikiMAC. We show the soundness of our denial-of-sleep defenses for CSL both analytically, as well as empirically using a whole new implementation of CSL. (C) 2018 Elsevier B.V. All rights reserved.
KW  - Internet of things
KW  - Link layer security
KW  - MAC security
KW  - Denial of sleep
Y1  - 2018
U6  - https://doi.org/10.1016/j.comnet.2018.10.021
SN  - 1389-1286
SN  - 1872-7069
VL  - 148
SP  - 60
EP  - 71
PB  - Elsevier
CY  - Amsterdam
ER  -