Enhancing secure access to sensor data with user privacy support

Publication date:05/2014

Authors:Jasone Astorga, Eduardo Jacob, Nerea Toledo, Juanjo Unzilla.
Series:Journal article
Publication details
Series: - Book title: -
Chapter: - Edition: -
Volume: 64 Journal: Computer Networks
Number: - Pages: 159-179
ISBN/ISSN: 1389-1286 Publication city: -

With the development of solutions like 6LoWPAN, the implementation of IP technology in sensor devices is already a reality. Therefore, sensors can be natively integrated in the Internet, becoming globally addressable by any other Internet-connected party. Despite the huge potential of this approach, it also gives place to new threats, being one of the most critical ones the effective protection of the information gathered by sensors from unauthorised remote access attempts. A suitable solution to address this issue is the Ladon security protocol, which provides resource-deprived devices with end-to-end authentication, authorisation and key establishment mechanisms. Once the critical security issue has been solved, additional concerns arise. Specially remarkable is the protection of user privacy in order to prevent potential eavesdroppers from tracking users’ access trends and obtaining behavioural patterns. In this regard, authentication and authorisation processes deserve an special consideration, since they imply conveying user identity-related information to the targeted services. In this paper, we present a privacy-enhanced Ladon protocol by integrating the original protocol with the PrivaKERB user privacy framework for Kerberos. Due to the severe resource limitations that characterise the targeted environments, a performance evaluation of the proposed solution is carried out in order to prove that it meets the performance requirements of the considered environments in terms of energy cost and additional delay for each secure session establishment. The obtained results show that privacy-enhanced Ladon is a secure and efficient solution to implement privacy-supporting authentication and authorisation processes in resource-deprived environments.