Research on Access Control and Encryption Transmission of 6LoWPAN

Fan Tongrang, He Bingchao, Zhao Wenbin, Huang Xin, Yu Tao
2016 International Journal of Security and Its Applications  
Based on research about network mobility, this paper analyzes the security requirements of internet of things and wireless network based on 6LoWPAN, and designs the security architecture based on 6LoWPAN network, especially for the frequent mobile handoff access and data multi-hop forwarding. The access authentication scheme and data encryption method are designed and implemented based on 6LoWPAN mobile switching. Through comparing with non-symmetric encryption and symmetric encryption, AES
more » ... shared key encryption scheme is determined to use for 6LoWPAN, and is compared with typical cryptographic algorithms on internet of things platform and Contiki operate system. In experiment, the lightweight security of IoT mobile communication is realized on CC2530 nodes, including the advanced encryption standard, the payload encryption of network data packet and wireless nodes access authentication. Security architecture for mobile switching scenarios are verified, the feasibility of proposed scheme is confirmed. normal node, cause such as denial of service attacks, or use traps to steal, tamper with data. Therefore, the safety design of the network is essential in this research. Security should be designed to correspond to the specific model of the network, corresponding to the reasonable scheme [3] . Based on previous research of mobility supported of the next-generation Internet [4] and the mobility optimization with 6LoWPAN [5], this paper proposes a 6LoWPAN mobile security communication architecture, which is based on wireless access authentication and data encryption. We can use the pre-shared key method to realize access authentication, that is, use a fixed key in trusted nodes, and send a random string in the reply message. For the access nodes, using the same encryption algorithm and key to encrypt the string. When the access nodes received the message, decrypt the cipher text and compared it with random characters, if the same then allows the node to access the network, or the communication will be cancelled. The certification process is shown in Figure 1 : The encryption and decryption method of CTR mode uses the stream key, which is beneficial to the parallel optimization of the operation. Random number, counter, and key are the parameters included in the CTR model. The random number and the count value can be regarded as a count value as a whole. As long as the algorithm selection is appropriate, the serial operation can be avoided. CBC encryption principle: 9 access request message possible. In Cooja, through the view option on the Network panel to open the traffic view between nodes, show as Figure 6 . The nodes in Figure 7 have the same pan ID and the same channel node and in good communication distance, which the node numbered 1 to 5, and 7 to 10 is UDP communications client, the node numbered 6 and 12 is server node. In the condition of not used authentication mechanism, the client node can communicate with any other server node. After use pre-shared key authentication, nodes can only communicate with the node use the same key authentication. Node 13 is the malicious node which initiates flooding attacks. In the authentication mechanism, the node can't join any network and can only initiate topology request broadcast message.
doi:10.14257/ijsia.2016.10.12.01 fatcat:uimhcpcje5fptafxthhwvhrt4y