Lightweight Security Framework for IoTs using Identity based Cryptography Sriram Sankaran Center for Cybersecurity Systems and Networks Amrita University Amritapuri, Kollam-690525 Email: srirams@am.amrita.edu Abstract—Internet of Things (IoTs) is gaining increasing sig- nificance due to real-time communication and decision making capabilities of sensors integrated into everyday objects. Securing IoTs is one of the foremost concerns due to the ubiquitous nature of the sensors coupled with the increasing sensitivity of user data. Further, power-constrained nature of the IoTs emphasizes the need for lightweight security that can tailor to the stringent resource requirements of the sensors. In this work, we propose a lighweight security framework for IoTs using Identity based Cryptography. In particular, we develop a hierarchical security architecture for IoTs and further develop protocols for secure communication in IoTs using identity based cryptography. Our proposed mechanism has been evaluated using simulations conducted using Contiki and RELIC. Evaluation shows that our proposed mechanism is lightweight incurring lesser overhead and thus can be applied in IoTs. I. I NTRODUCTION Advances in sensing, computing and communication have changed the Internet for people to Internet of things. IoTs are composed of sensors and actuators embedded into everyday objects that are capable of real-time communication and deci- sion making. In addition, remote monitoring enables IoTs to be deployed in a multitude of application domains such as Smart home, Industrial Automation, Smart Healthcare, Automotive and transportation. The application-driven nature of IoTs leads to numerous challenges which need to be addressed before IoTs are commercially deployed and widely accepted. Security is of paramount concern in IoTs due to its ubiq- uitous nature coupled with the increasing sensitivity of user data. Typically, these sensors are deployed in hostile locations which makes them vulnerable to notorious attacks such as node compromise and false data injection. Further, lightweight mechanisms for security that can tailor to the stringent re- source requirements of sensors are necessary due to the power- constrained nature of the IoTs. In addition, energy-security- performance trade-offs need to be analyzed which vary for different applications. IoTs are characterized by numerous interaction patterns such as periodic and on-demand data transmission which co-exist in different applications. On one hand, sensors can periodically report readings at regular intervals to the gateway node. On the other hand, gateways can query sensors in an on- demand manner and obtain the data. Thus, in order for sensors and gateway nodes to securely communicate with each other, mutual authentication is necessary. Further, mechanisms for securely revoking the sensors in case of compromise or failure need to be devised. Identity based Cryptography (IBC) has been emerging as a promising public key based cryptographic primitive due to the ability to use identities as public keys. Security mechanisms based on IBC have been shown to incur lesser overhead than traditional public key based cryptography due to reduced key size. In addition, the process of bootstrapping in traditional public key cryptography which involves the distribution of keys for communication can be avoided in IBC since identities are used as public keys. In this work, we develop a lightweight security framework for IoTs using Identity based Cryptography. In summary, our contributions include: • Proposing a hierarchical security architecture for IoTs • Developing protocols for secure communication in IoTs such as intra-domain and inter-domain communication, mutual authentication and revocation and evaluating them using simulations. Evaluation of the proposed mechanism demonstrates lesser overhead and thus can be applied in IoTs. II. RELATED WORK The problem of lightweight security has received increased attention from the research community due to resource- constrained nature of the sensors. Mechanisms for providing lightweight security can be classified into symmetric key based cryptography, public key cryptography and hybrid key cryptography. Malan et al. [1] demonstrated the feasibility of public key cryptographic mechanisms based on elliptic curve cryptography on resource constrained sensors. This facilitated the development of numerous public key based cryptographic mechanisms for sensors since they provide non-repudiation compared to symmetric key based mechanisms. Identity based Cryptography has been extensively applied in numerous domains such as Health care [2] [3], delay tolerant networks [4] [5], P2P networks [6], cloud computing [7] and in IoTs [8]. Hengartner et al. [9] developed a mechanism for access control based on identity based cryptography. Oliveira et al. [10] developed a pairing based cryptographic library for resource-constrained sensor nodes. These mechanisms consist of an initial bootstrapping phase where identities 2016 Intl. Conference on Advances in Computing, Communications and Informatics (ICACCI), Sept. 21-24, 2016, Jaipur, India 978-1-5090-2029-4/16/$31.00 @2016 IEEE 880