Carelli Alberto, Palmieri Andrea, Vilei Antonio, Castanier Fabien, Vesco Andrea
Cybersecurity Lab, Connected Systems and Cybersecurity Area, LINKS Foundation, 10138 Turin, Italy.
System Research and Applications, STMicroelectronics, 73100 Lecce, Italy.
Sensors (Basel). 2022 Feb 11;22(4):1384. doi: 10.3390/s22041384.
Internet-of-Things (IoT) and sensor technologies have enabled the collection of data in a distributed fashion for analysis and evidence-based decision making. However, security concerns regarding the source, confidentiality and integrity of the data arise. The most common method of protecting data transmission in sensor systems is Transport Layer Security (TLS) or its datagram counterpart (DTLS) today, but exist an alternative option based on Distributed Ledger Technology (DLT) that promise strong security, ease of use and potential for large scale integration of heterogeneous sensor systems. A DLT such as the IOTA Tangle offers great potential to improve sensor data exchange. This paper presents L2Sec, a cryptographic protocol which is able to secure data exchanged over the IOTA Tangle. This protocol is suitable for implementation on constrained devices, such as common IoT devices, leading to greater scalability. The first experimental results evidence the effectiveness of the approach and advocate for the integration of an hardware secure element to improve the overall security of the protocol. The L2Sec source code is released as open source repository on GitHub.
物联网(IoT)和传感器技术使得能够以分布式方式收集数据,用于分析和基于证据的决策。然而,数据的来源、保密性和完整性引发了安全问题。如今,传感器系统中保护数据传输的最常用方法是传输层安全(TLS)或其数据报对应物(DTLS),但基于分布式账本技术(DLT)存在另一种选择,它有望提供强大的安全性、易用性以及大规模集成异构传感器系统的潜力。诸如IOTA缠结这样的分布式账本技术为改善传感器数据交换提供了巨大潜力。本文提出了L2Sec,这是一种能够保障在IOTA缠结上交换的数据安全的加密协议。该协议适用于在诸如普通物联网设备等受限设备上实现,从而实现更高的可扩展性。首批实验结果证明了该方法的有效性,并主张集成硬件安全元件以提高协议的整体安全性。L2Sec源代码作为开源存储库发布在GitHub上。
