Guggemos, T. (2014):
Diet-ESP: Applying IP-Layer Security in Constrained Environments
The Internet of Things (IoT) is a research topic the significance of which is continuously increasing. The devices taking part in the IoT are significantly more resource constrained than the devices used in today's networks. In order to cope with these restrictions, the protocols used in the Internet have to be reviewed and adapted to the requirements of these devices. One of these constraints is the combination of limited power and high cost for networking. To satisfy this requirement, many IoT protocols use compression techniques to limit the protocol overhead. The security protocols in use today already put a lot of strain on the large and complex infrastructures they have been designed for and are therefore too costly for IoT devices. The IPsec protocol suite is one such protocol, which is mainly designed for securely interconnecting large networks, but not for constrained devices. However, the proper design of the IPsec architecture, together with the separation of key exchange and data security to different protocols, would provide proven security features for IoT. In order to combine the security features of IPsec with the constraints of IoT devices, this thesis introduces Diet-ESP, which is an adaption of the ESP protocol. Diet-ESP considers the requirements of constrained devices but sustains the security features initially provided by IPsec. By introducing a compression context which can be directly accessed by the IPsec implementation, Diet-ESP allows high compression rates. Additionally, it is flexible and easy to implement. The results show that Diet-ESP is able to reduce the energy consumption by 40% which can nearly double the lifetime of a sensor. With the start of the standardization process of Diet-ESP at the IETF, it has the potential to be included to the ongoing development of the Internet of Things.