Secure and lightweight communication in heterogeneous IoT environments

Farhan Siddiqui, Jake Beley, Sherali Zeadally, Grant Braught

Research output: Contribution to journalArticlepeer-review

17 Scopus citations


The Internet of Things (IoT) is a fast growing and rapidly evolving field. Everyday objects from smart home appliances (e.g. toasters and refrigerators) to health monitoring products (e.g. pacemakers and blood pressure monitors), to minuscule sensors and actuators, are being redesigned to be able to transfer data over a network. The connection of billions of these new objects to the Internet will cause a dramatic increase in the amount of shared data, which will simultaneously introduce a plethora of security risks. Understanding how to secure the data being sent over IoT links is necessary for the IoT paradigm to succeed. A popular data transfer protocol connecting IoT devices is the Constrained Application Protocol (CoAP). We used an open-source implementation of CoAP along with Datagram Transport Layer Security (DTLS) to implement secure data transfer between IoT devices. We studied the impact of DTLS on CoAP in the real IoT testbed we have developed using resource-constrained IoT devices and open-source software. Our tests showed that utilizing a CoAP-DTLS implementation with a symmetric key cipher suite resulted in noticeable performance costs. A secure connection with DTLS over CoAP used approximately 10% more energy than an unsecure connection. In addition, our latency tests revealed over a 100% increase in average latency time for secure messages compared to when no encryption is used. We also highlight some of the implementation challenges encountered while developing a real IoT testbed for secure experimentation.

Original languageEnglish
Article number100093
JournalInternet of Things (Netherlands)
StatePublished - Jun 2021

Bibliographical note

Funding Information:
One of the main challenges in this research was being able to work with the limited SRAM of the constrained device. The Texas Instrument SensorTag CC2650 has only 20 KB of SRAM. This constraint in SRAM had to be considered at each stage of this research. For example, when implementing a REST sensor resource, the sensors required space for their drivers and additional functionality code. This presented a problem when using the CoAP-DTLS server build because the additional SRAM space it required left little room to implement one out of the ten sensors supported by the SensorTag. SRAM was also a challenge when implementing a public-key cryptography algorithm for testing, such as Elliptical Curve Cryptography (ECC), which is supported by TinyDTLS. ECC is unique compared to other cryptographic primitives because of its ability to secure data with smaller key sizes [27] . Due to the constraints of IoT devices, ECC's smaller key sizes could further aid in securing the IoT. The specifics of how ECC functions is outside the scope of this paper.

Publisher Copyright:
© 2019 Elsevier Ltd


  • CoAP
  • DTLS
  • IoT
  • Security
  • sensors

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Science Applications
  • Information Systems
  • Software
  • Hardware and Architecture
  • Computer Science (miscellaneous)
  • Management of Technology and Innovation
  • Engineering (miscellaneous)


Dive into the research topics of 'Secure and lightweight communication in heterogeneous IoT environments'. Together they form a unique fingerprint.

Cite this