Skip to main content
SpringerLink
Log in

ECC-CoAP: Elliptic Curve Cryptography Based Constraint Application Protocol for Internet of Things

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Constraint Application Protocol (CoAP), an application layer based protocol, is a compressed version of HTTP protocol that is used for communication between lightweight resource constraint devices in Internet of Things (IoT) network. The CoAP protocol is generally associated with connectionless User Datagram Protocol (UDP) and works based on Representational State Transfer architecture. The CoAP is associated with Datagram Transport Layer Security (DTLS) protocol for establishing a secure session using the existing algorithms like Lightweight Establishment of Secure Session for communication between various IoT devices and remote server. However, several limitations regarding the key management, session establishment and multi-cast message communication within the DTLS layer are present in CoAP. Hence, development of an efficient protocol for secure session establishment of CoAP is required for IoT communication. Thus, to overcome the existing limitations related to key management and multicast security in CoAP, we have proposed an efficient and secure communication scheme to establish secure session key between IoT devices and remote server using lightweight elliptic curve cryptography (ECC). The proposed ECC-based CoAP is referred to as ECC-CoAP that provides a CoAP implementation for authentication in IoT network. A number of well-known cryptographic attacks are analyzed for validating the security strength of the ECC-CoAP and found that all these attacks are well defended. The performance analysis of the ECC-CoAP shows that our scheme is lightweight and secure.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Vasseur, J. P., & Dunkels, A. (2010). Interconnecting smart objects with IP: The next internet. Burlington, MA: Morgan Kaufmann.

    Google Scholar 

  2. Mikami, S., Watanabe, D., Li, Y., & Sakiyama, K. (2015). Fully integrated passive UHF RFID tag for hash-based mutual authentication protocol. The Scientific World Journal. https://doi.org/10.1155/2015/498610.

    Article  Google Scholar 

  3. Lopez, J., & Rubio, J. E. (2018). Access control for cyber-physical systems interconnected to the cloud. Computer Networks, 134, 46–54.

    Article  Google Scholar 

  4. Keoh, S. L., Kumar, S. S., & Tschofenig, H. (2014). Securing the Internet of Things: A standardization perspective. IEEE Internet of Things Journal, 1(3), 265–275.

    Article  Google Scholar 

  5. Capossele, A., Cervo, V., De Cicco, G., & Petrioli, C. (2015, June). Security as a CoAP resource: An optimized DTLS implementation for the IoT. In 2015 IEEE international conference on communications (ICC) (pp. 549–554). IEEE.

  6. Rahman, R. A., & Shah, B. (2016, March). Security analysis of IoT protocols: A focus in CoAP. In 2016 3rd MEC international conference on big data and smart city (ICBDSC) (pp. 1–7). IEEE.

  7. Nguyen, H. V., & Iacono, L. L. (2015, September). REST-ful CoAP message authentication. In 2015 international workshop on secure Internet of Things (SIoT) (pp. 35–43). IEEE.

  8. Brachmann, M., Garcia-Morchon, O., & Kirsche, M. (2011). Security for practical CoAP applications: Issues and solution approaches. Stuttgart: GI/ITG KuVS Fachgesprch Sensornetze (FGSN). Universitt Stuttgart.

    Google Scholar 

  9. Yassein, M. B., Shatnawi, M. Q., Aljwarneh, S., & Al-Hatmi, R. (2017, May). Internet of Things: Survey and open issues of MQTT protocol. In 2017 international conference on engineering & MIS (ICEMIS) (pp. 1–6). IEEE.

  10. Alliance, O. M. (2002). Generic content download over the air specification. v1. 0 December.

  11. Palattella, M. R., Accettura, N., Vilajosana, X., Watteyne, T., Grieco, L. A., Boggia, G., et al. (2012). Standardized protocol stack for the internet of (important) things. IEEE Communications Surveys & Tutorials, 15(3), 1389–1406.

    Article  Google Scholar 

  12. Alghamdi, T. A., Lasebae, A., & Aiash, M. (2013, November). Security analysis of the constrained application protocol in the Internet of Things. In Second international conference on future generation communication technologies (FGCT 2013) (pp. 163–168). IEEE.

  13. Villaverde, B. C., Pesch, D., Alberola, R. D. P., Fedor, S., & Boubekeur, M. (2012, July). Constrained application protocol for low power embedded networks: A survey. In 2012 sixth international conference on innovative mobile and internet services in ubiquitous computing (pp. 702–707). IEEE.

  14. Moritz, G., Golatowski, F., & Timmermann, D. (2011, October). A lightweight SOAP over CoAP transport binding for resource constraint networks. In 2011 IEEE eighth international conference on mobile ad-hoc and sensor systems (pp. 861–866). IEEE.

  15. Schneider, J., Kamiya, T., Peintner, D., & Kyusakov, R. (2011). Efficient XML interchange (EXI) format 1.0. W3C Proposed Recommendation, 20, 32.

    Google Scholar 

  16. Khalique, A., Singh, K., & Sood, S. (2010). Implementation of elliptic curve digital signature algorithm. International Journal of Computer Applications, 2(2), 21–27.

    Article  Google Scholar 

  17. Bhattacharyya, A., Bose, T., Bandyopadhyay, S., Ukil, A., & Pal, A. (2015, March). LESS: Lightweight establishment of secure session: A cross-layer approach using CoAP and DTLS-PSK channel encryption. In 2015 IEEE 29th international conference on advanced information networking and applications workshops (pp. 682–687). IEEE.

  18. Granjal, J., Monteiro, E., & Silva, J. S. (2015). Security for the Internet of Things: A survey of existing protocols and open research issues. IEEE Communications Surveys & Tutorials, 17(3), 1294–1312.

    Article  Google Scholar 

  19. Ray, S., Biswas, G. P., & Dasgupta, M. (2016). Secure multi-purpose mobile-banking using elliptic curve cryptography. Wireless Personal Communications, 90(3), 1331–1354.

    Article  Google Scholar 

  20. Johnson, D., Menezes, A., & Vanstone, S. (2001). The elliptic curve digital signature algorithm (ECDSA). International Journal of Information Security, 1(1), 36–63.

    Article  Google Scholar 

  21. Levi, A., & Savas, E. (2003, July). Performance evaluation of public-key cryptosystem operations in WTLS protocol. In Proceedings of the eighth IEEE symposium on computers and communications. ISCC 2003 (pp. 1245–1250). IEEE.

  22. Raza, S., Helgason, T., Papadimitratos, P., & Voigt, T. (2017). SecureSense: End-to-end secure communication architecture for the cloud-connected Internet of Things. Future Generation Computer Systems, 77, 40–51.

    Article  Google Scholar 

  23. Iglesias-Urkia, M., Orive, A., & Urbieta, A. (2017, January). Analysis of CoAP implementations for industrial Internet of Things: A survey. In ANT/SEIT (pp. 188–195).

  24. Alaba, F. A., Othman, M., Hashem, I. A. T., & Alotaibi, F. (2017). Internet of Things security: A survey. Journal of Network and Computer Applications, 88, 10–28.

    Article  Google Scholar 

  25. Albalas, F., Al-Soud, M., Almomani, O., & Almomani, A. (2018). Security-aware CoAP application layer protocol for the Internet of Things using elliptic-curve cryptography. Power (mw), 1333, 151.

    Google Scholar 

  26. Harish, M., Karthick, R., Rajan, R. M., & Vetriselvi, V. (2018). Securing CoAP through payload encryption: Using elliptic curve cryptography. International Conference on Communications and Cyber Physical Engineering, 2018, 497–511.

    Google Scholar 

  27. Dey, S., & Hossain, A. (2019). Session-key establishment and authentication in a smart home network using public key cryptography. IEEE Sensors Letters, 3(4), 1–4.

    Article  Google Scholar 

  28. Yeh, H. L., Chen, T. H., Liu, P. C., Kim, T. H., & Wei, H. W. (2011). A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors, 11(5), 4767–4779.

    Article  Google Scholar 

  29. Koblitz, N. (Ed.). (2000). Towards a quarter-century of public key cryptography. New York, NY: Kluwer Academic.

    MATH  Google Scholar 

  30. Miller, V. S. (1985, August). Use of elliptic curves in cryptography. In Conference on the theory and application of cryptographic techniques (pp. 417–426). Berlin: Springer.

  31. Paar, C., & Pelzl, J. (2009). Understanding cryptography: A textbook for students and practitioners. Berlin: Springer.

    MATH  Google Scholar 

  32. Islam, S. H., Amin, R., Biswas, G. P., Farash, M. S., Li, X., & Kumari, S. (2017). An improved three party authenticated key exchange protocol using hash function and elliptic curve cryptography for mobile-commerce environments. Journal of King Saud University-Computer and Information Sciences, 29(3), 311–324.

    Article  Google Scholar 

  33. Ray, S., & Biswas, G. P. (2011, December). Design of mobile-PKI for using mobile phones in various applications. In 2011 international conference on recent trends in information systems (pp. 297–302). IEEE.

  34. Ray, S., & Biswas, G. P. (2012, October). An ECC based public key infrastructure usable for mobile applications. In Proceedings of the second international conference on computational science, engineering and information technology (pp. 562–568).

  35. Sadhukhan, D., Ray, S., Biswas, G. P., Khan, M. K., & Dasgupta, M. (2020). A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography. Journal of Supercomputing. https://doi.org/10.1007/s11227-020-03318-7.

    Article  Google Scholar 

  36. Tribedi, D., Sadhukhan, D., & Ray, S. (2018, July). Cryptanalysis of a secure and privacy preserving mobile wallet scheme with outsourced verification in cloud computing. In International conference on computational intelligence, communications, and business analytics (pp. 411–424). Singapore: Springer.

  37. Sadhukhan, D., & Ray, S. (2018, March). Cryptanalysis of an elliptic curve cryptography based lightweight authentication scheme for smart grid communication. In 2018 4th international conference on recent advances in information technology (RAIT) (pp. 1–6). IEEE.

  38. Turkanović, M., Brumen, B., & Hölbl, M. (2014). A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion. Ad Hoc Networks, 20, 96–112.

    Article  Google Scholar 

  39. Wang, D., Li, W., & Wang, P. (2018). Measuring two-factor authentication schemes for real-time data access in industrial wireless sensor networks. IEEE Transactions on Industrial Informatics, 14(9), 4081–4092.

    Article  Google Scholar 

  40. Chatterjee, U., Sadhukhan, D., & Ray, S. (2020). An improved authentication and key agreement protocol for smart healthcare system in the context of internet of things using elliptic curve cryptography. In Proceedings of international conference on IoT inclusive life (ICIIL 2019), NITTTR Chandigarh, India (pp. 11–22). Singapore: Springer.

  41. Das, A. K., Sharma, P., Chatterjee, S., & Sing, J. K. (2012). A dynamic password-based user authentication scheme for hierarchical wireless sensor networks. Journal of Network and Computer Applications, 35(5), 1646–1656.

    Article  Google Scholar 

  42. Mishra, D., Das, A. K., & Mukhopadhyay, S. (2014). A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications, 41(18), 8129–8143.

    Article  Google Scholar 

  43. Burrows, M., Abadi, M., & Needham, R. M. (1989). A logic of authentication. Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences, 426(1871), 233–271.

    Article  MathSciNet  Google Scholar 

  44. Mahmood, K., Chaudhry, S. A., Naqvi, H., Kumari, S., Li, X., & Sangaiah, A. K. (2018). An elliptic curve cryptography based lightweight authentication scheme for smart grid communication. Future Generation Computer Systems, 81, 557–565.

    Article  Google Scholar 

  45. Adhikari, S., Ray, S., Obaidat, M. S., & Biswas, G. P. (2020). Efficient and secure content dissemination architecture for content centric network using ECC-based public key infrastructure. Computer Communications, 157, 187–203.

    Article  Google Scholar 

  46. Challa, S., Wazid, M., Das, A. K., Kumar, N., Reddy, A. G., Yoon, E. J., et al. (2017). Secure signature-based authenticated key establishment scheme for future IoT applications. IEEE Access, 5, 3028–3043.

    Article  Google Scholar 

  47. Amin, R., & Biswas, G. P. (2016). A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks. Ad Hoc Networks, 36, 58–80.

    Article  Google Scholar 

  48. Ali, R., Pal, A. K., Kumari, S., Karuppiah, M., & Conti, M. (2018). A secure user authentication and key-agreement scheme using wireless sensor networks for agriculture monitoring. Future Generation Computer Systems, 84, 200–215.

    Article  Google Scholar 

  49. Adhikari, S., Ray, S., Biswas, G. P., & Obaidat, M. S. (2019). Efficient and secure business model for content centric network using elliptic curve cryptography. International Journal of Communication Systems, 32(1), e3839.

    Article  Google Scholar 

  50. Kumari, S., & Om, H. (2016). Authentication protocol for wireless sensor networks applications like safety monitoring in coal mines. Computer Networks, 104, 137–154.

    Article  Google Scholar 

  51. Schneier, B. (2007). Applied cryptography: Protocols, algorithms, and source code in C. Hoboken, NJ: Wiley.

    MATH  Google Scholar 

  52. Kilinc, H. H., & Yanik, T. (2013). A survey of SIP authentication and key agreement schemes. IEEE Communications Surveys & Tutorials, 16(2), 1005–1023.

    Article  Google Scholar 

  53. Vermesan, O., Friess, P., Guillemin, P., Sundmaeker, H., Eisenhauer, M., Moessner, K., et al. (2013). Internet of Things strategic research and innovation agenda (p. 7). Brighton: River Publishers Series in Communications.

    Google Scholar 

  54. Kumar, P., Gurtov, A., Iinatti, J., Ylianttila, M., & Sain, M. (2015). Lightweight and secure session-key establishment scheme in smart home environments. IEEE Sensors Journal, 16(1), 254–264.

    Article  Google Scholar 

Download references

Acknowledgement

Authors are immensely grateful to the Editor-in-Chief and anonymous reviewers for their precious comments and beneficial suggestions. The research work is an outcome of the R&D project sanctioned to Dr. Sangram Ray under the Seed Grant funded by TEQIP III, NPIU, Ministry of Education, Government of India. Muhammad Khurram Khan is supported by Researchers Supporting Project number (RSP-2020/12), King Saud University, Riyadh, Saudi Arabia.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, National Institute of Technology Sikkim, Ravangla, Sikkim, 737139, India

    Suman Majumder, Sangram Ray & Dipanwita Sadhukhan

  2. Center of Excellence in Information Assurance, College of Computer & Information Sciences, King Saud University, Riyadh, 11653, Kingdom of Saudi Arabia

    Muhammad Khurram Khan

  3. Department of Computer Application, National Institute of Technology Raipur, Raipur, 492010, India

    Mou Dasgupta

Authors
  1. Suman Majumder
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sangram Ray
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dipanwita Sadhukhan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mou Dasgupta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sangram Ray.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Majumder, S., Ray, S., Sadhukhan, D. et al. ECC-CoAP: Elliptic Curve Cryptography Based Constraint Application Protocol for Internet of Things. Wireless Pers Commun 116, 1867–1896 (2021). https://doi.org/10.1007/s11277-020-07769-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-020-07769-2

Keywords

Search

Navigation