Master thesis: “Secure Tunneling for the IoT Using CoAP and OSCORE"

In the Internet of Things (IoT), a large number of connectable devices will be connected to the Internet, with many of them being heterogeneous or resource-constrained in terms of processing power, memory, accessibility, and energy budget. Many IoT devices may communicate through assisting intermediaries, such as proxies or gateways, which can perform tasks including message forwarding and caching, or protocol translation.

State-of-the art protocols for IoT-based networks and applications are the standard Constrained Application Protocol (CoAP) and the standard security protocol Object Security for Constrained RESTful Environments (OSCORE). CoAP enables lightweight communication between client and server peers according to the same RESTful paradigm of HTTP, and natively supports intermediary proxies. OSCORE efficiently protects CoAP messages at the application layer, providing end-to-end security between the client and server peers also in the presence of intermediaries.

Particularly in IoT scenarios involving intermediaries like proxies, ensuring a high security level across all communication segments is crucial. To this end, a secure tunneling approach can be used for protecting application messages in two steps. First, a CoAP message is protected end-to-end with OSCORE between the client and server peers exchanging application data. Second, the same CoAP message is additionally protected with OSCORE by applying a second security layer that pertains to the client and the proxy. Among other benefits, the second OSCORE protection allows the proxy to securely identify the client before forwarding request messages to the server.

Thesis description
The goal of this project is to design, implement, and evaluate a solution for enabling the nested protection of CoAP messages using OSCORE, towards secure tunneled communication between IoT devices. Ongoing activities within the standardization body Internet Engineering Task Force (IETF) will be considered as a starting point for the work on the solution.

RISE will provide background information and the necessary guidance during the Master Thesis work. The tasks of the student for this Master Thesis project are:

• Study IoT communication and security protocols, with focus on the Constrained Application Protocol (CoAP) and the security protocol Object Security for Constrained RESTful Environments (OSCORE).
• Design and implement a solution for secure tunneling of CoAP messages with OSCORE, by relying on relevant building blocks such as related IETF specifications and the renowned Java Eclipse Californium framework.
• Experimentally evaluate the solution for secure tunneling. Performance assessment can include evaluation of memory usage, communication overhead, and efficiency.
• Evaluate the correctness and effectiveness of the implemented solutions, also in the presence of an adversary.
• Document the activities and results as a thesis report.

Student profile
We are looking for an ambitious MSc student who has fulfilled the course requirements.

Good Java programming skills are required, as is good spoken and written English. Experience with network and communication security is a plus.

Applications should include a brief personal statement, a CV, and a list of grades. The application has to mention previous activities or other projects that are relevant for the position.

Welcome with your application
Candidates are encouraged to send in their application as soon as possible. Suitable applicants will be interviewed as applications are received. Last day of application is November 29, 2024. A successful candidate will have the opportunity to contribute to European Research & Development security projects. For more information, please contact Rikard Höglund (rikard.hoglund@ri.se) or Marco Tiloca (marco.tiloca@ri.se).