Accepted Manuscript
Energy-efficient Mechanisms in Security of the Internet of Things: A
survey
Hamed Hellaoui, Mouloud Koudil, Abdelmadjid Bouabdallah
PII: S1389-1286(17)30314-6
DOI: 10.1016/j.comnet.2017.08.006
Reference: COMPNW 6279
To appear in: Computer Networks
Received date: 24 February 2017
Revised date: 8 July 2017
Accepted date: 14 August 2017
Please cite this article as: Hamed Hellaoui, Mouloud Koudil, Abdelmadjid Bouabdallah, Energy-efficient
Mechanisms in Security of the Internet of Things: A survey, Computer Networks (2017), doi:
10.1016/j.comnet.2017.08.006
This is a PDF file of an unedited manuscript that has been accepted for publication. As a service
to our customers we are providing this early version of the manuscript. The manuscript will undergo
copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please
note that during the production process errors may be discovered which could affect the content, and
all legal disclaimers that apply to the journal pertain.
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
Energy-efficient Mechanisms in Security of the Internet of Things: A survey
Hamed Hellaouia,∗, Mouloud Koudila, Abdelmadjid Bouabdallahb
aEcole nationale Sup´erieure d’Informatique ESI, LMCS Laboratory, BP 68 M 16309 Oued Smar, El Harrach, Algiers, Algeria.
bSorbonne Universit´es, Universit´e de Technologie de Compi`egne UTC, CNRS, Heudiasyc UMR 7253 CS 60 319, 60 203 Compi`egne cedex, France.
Abstract
Security primitives in the IoT (Internet of Things) are energy consuming. Finding the best solutions that reduce energy con-
sumption while ensuring the required security services is not an easy task. Many works proposed in the literature address security
overhead issues by tackling some aspects such as cryptographic primitives, deployment environments, target applications, etc.
This paper is a survey on energy-efficient mechanisms used in IoT security services. By studying the techniques that allow
developing energy-efficient security solutions, it goes further than the previous surveys which focus more on the energy-efficient
solutions themselves. To the best of our knowledge, this is the first work that tackles IoT security from this perspective. Not only
security issues are addressed in this survey, but the energy impact of the solutions are also discussed. Energy consumption related
to security services is first introduced. A taxonomy is then proposed for energy-efficient mechanisms in IoT security. The main
factors affecting the application of an energy-saving technique for security solutions are finally analyzed.
Keywords: Internet of Things (IoT), Security, Energy efficiency.
1. Introduction
The Internet of Things (IoT) is a relatively new paradigm that
is attracting increasing attention from both scientific and indus-
trial communities. It consists in extending the network to the
real world, allowing the connection of physical objects. Thanks
to communication technologies, objects (such as sensors, actu-
ators, RFID tags) are able to communicate with each other and
with users in order to achieve common objectives. Although the
potential offered by the IoT allows many applications in differ-
ent areas (e.g. smart cities, smart grids, healthcare monitoring,
etc.), a large-scale deployment of this technology depends on
its robustness and its security [1, 2].
Many IoT applications are very sensitive. As an example, pa-
rameters measured by sensor nodes in a healthcare application
are related to human physiological signs, such as heart rate or
body temperature. These sensitive data must not be available
for unauthorized parties for capture or modification.In the other
hand, the IoT is vulnerable to many types of attacks. The abil-
ity to listen, alter or disrupt information is easier to do in such
networks, which typically use wireless communications with-
out infrastructure. Objects can also be compromised and ma-
licious nodes can be injected in the network, which may result
in unauthorized actions on data and network resources. More-
over, as connected objects tend to invest our daily lives, the IoT
could become a huge breach in users’ privacy. It is therefore
important to consider the required security services to ensure
IoT protection from attacks.
∗Corresponding author.
[email protected] (Mouloud Koudil),
[email protected] (Abdelmadjid Bouabdallah)
Security services are typically instantiated on the basis
of heavy schemes (e.g. encryption/decryption and signa-
ture/verification). They are generally designed to maintain a
high security level without taking resource consumption into
account. However, the IoT includes devices that are constrained
in terms of resources (e.g. energy, storage, communication).
The application of heavy security primitives on some nodes, as
sensors and RFID tags, would consume resources and may di-
vert these nodes from executing their main tasks. As the nodes
can be battery-powered and expected to operate for a long time,
energy consumption is therefore critical in this network. Re-
placing the battery may even be impossible in many situations,
where objects must operate autonomously without human in-
tervention. Security solutions must therefore be adapted to the
energy constraints of the nodes in order to prolong their life-
time.
With the emergence of Low-power and Lossy Networks
(LLNs), several research works have been led to propose
energy-saving solutions for security services. These proposals
are varied and cover diverse aspects, such as security primitives,
deployment environments, target applications, etc. Therefore,
finding the efficient method that reduces the energy consump-
tion while ensuring the required security service is not a trivial
task, and it requires careful study so as not to sacrifice secu-
rity. The objective of this work is to survey energy-efficient
mechanisms that can be applied in IoT security solutions. It is
intended to assist security protocol designers to select appro-
priate mechanisms for energy saving, before proceeding with
implementation. It is with this aim in mind that this paper pro-
poses a taxonomy of energy-efficient mechanisms in IoT se-
curity, studies each one, and analyzes their applicability. The
added value of this survey is to contribute to the application of
Preprint submitted to Computer Networks August 14, 2017
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
energy-efficient mechanisms in IoT security solutions. While
existing IoT security surveys focus more on reviewing energy-
efficient protocols, the proposed work goes beyond this and
studies what makes a security solution energy-efficient. As far
as we know, this is the first survey with such an objective.
Contributions of this survey can be summarized in the three
following points:
•A discussion on security services in the IoT is performed,
from an energy consumption point of view.
•A taxonomy of energy-efficient mechanisms in IoT security
is proposed. Each one is studied, in addition to some proposed
solutions that use the mechanism.
•A discussion is devoted to the environment and the applica-
bility of energy-saving mechanisms in the IoT security services.
The rest of this paper is organized as follows. Section 2
presents the related surveys led on IoT security and highlights
the motivation behind of this work. Section 3 discusses services
that can be addressed to ensure security in the IoT. It also deals
with energy consumption related to security services. Energy-
saving mechanisms in security are studied in section 4. This
section provides a taxonomy of existing mechanisms and sur-
veys relevant solutions that use these techniques. In section 5,
a discussion is conducted on the appropriate environment and
the applicability of energy-saving mechanisms for IoT security
solutions. Finally section 6 concludes this paper.
2. Related works
Several surveys have been led to deal with security issues in
the IoT. Most of these studies aim to review existing security
protocols and solutions. For instance, Atzori et al. present in
[1] a general survey on the IoT evoking some limits of security
and privacy solutions, as well as the related open issues that can
be addressed. The same observation can be made for the survey
of Miorandi et al. [2].
Other surveys tackle a specific security service in the IoT.
The work of Roman et al. [3] evaluates existing key man-
agement systems for wireless sensor networks (WSNs) in the
IoT context. It covers public-key cryptography, pre-shared key
strategies, and link-layer oriented key management systems. In
[4], Yan et al. present a survey on the trust management issue
for the Internet of Things. The authors identify objectives of
trust management systems and evaluate existing solutions for
the IoT. Nguyen and al. focus in [5] on bootstrapping in the
context of the IoT. They provide a taxonomy of existing secu-
rity protocols proposed for a secure bootstrapping process in
WSNs and the IoT. They also discuss their applicability and
limitations.
Others surveys led in IoT security address the deployment
and the architectural aspects in this network. Authors in [6] fo-
cus on security and privacy in distributed IoT. They evoke the
distributed approach features, analyze attacker models and ex-
plore existing security solutions. In another study, Granjal et
al. [7] deal with the way security should be addressed when
connecting objects to the Internet. The paper focuses on strate-
gies of integrating low-power WSN with the Internet, and the
required security depending on the integration approach.
The deployment of the IoT is associated to the development
of new communication protocols and standards. In the work
of Granjal et al. [8], authors address security in IoT communi-
cation standards. They consider a stack of standardized com-
munication protocols designed for the IoT. Then, they discuss
security and open issues for each communication protocol of
the stack.
Security proposals are also related to projects and middle-
ware solutions. Sicari et al. [9] lead a survey in the field of IoT
security. They analyze available solutions regarding security,
trust and privacy, as well as exiting projects and middlewares
that deal with these issues.
IoT security and privacy issues can also be seen from a le-
gal point of view. In [10], Weber addressed IoT security from
this perspective. He presents security and privacy needs, and
discusses milestones for the establishment of an adequate legal
framework by an international legislator.
Survey
reference
Survey targets in terms of security
[1, 2] General open issues in IoT security
[3] KMS for WSN in the context of the IoT
[4] Trust management solutions and challenges
[5] Solutions for a secure bootstrapping process
[6] Security & privacy issues in distributed IoT
[7] Security solutions of Internet-integrated
WSNs
[8] Security for IoT communication standards
[9] Security, privacy, trust requirements and solu-
tions
[10] Legislative security and privacy challenges
Table 1: Surveys on security in the Internet of Things
This survey differs from the mentioned studies in the way
it tackles IoT security. Indeed, a great number of solutions
has been proposed to ensure the effectiveness of network secu-
rity. Energy remains a key factor when it comes to IoT security,
since resource-constrained objects are expected to operate au-
tonomously for a long time. On the other hand, there has been
several works dealing with energy-saving problems in security.
The mentioned surveys focus more on studying solutions that
are adequate for the IoT (a summary is provided in Table 1);
mainly energy-efficient solutions. The goal of this work is to
survey techniques that allow developing energy-efficient secu-
rity solutions. This approach provides a guideline and helps se-
curity protocol designer to develop energy-efficient solutions.
No such approach is used in the previous surveys.
In order to achieve the established objective of the survey, we
start in the next section by presenting some security services
that can be addressed in the IoT, while highlighting the related
energy consumption.
2
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
3. Security services in the IoT
Security can be ensured by applying specific services to pro-
vide protection from attacks. Indeed, security services are dis-
tinguished according to the countermeasures required to face
threats. In the following of this section, some security services
that can be used in the IoT are presented 1. This section also
deals with the resource consumption related to the security ser-
vices.
3.1. Confidentiality
Data confidentiality is a security service which ensures that
contents of a given message cannot be available for an unau-
thorized party. It is performed by encrypting messages, using
symmetric or asymmetric cryptographies, so that it can be de-
crypted only by the authorized party.
Due to their low consumption cost, symmetric cryptography
schemes have been widely used in constrained networks such
as WSNs. Many evaluations, as [11, 12], show that symmetric
ciphers (like AES [13], RC5 [14] or Skipjack [15]) are fully
suitable for constrained objects. However, key management in
symmetric cryptography becomes a problem when the network
scales.
In the IoT, the scalability issue arises with more acuity. In-
deed, since 2006, authors such as Lopez [16] highlight the limit
of using symmetric cryptography for WSNs. In the other hand,
asymmetric cryptography provides efficient key management,
but induces more consumption compared to the symmetric one.
Protocols such as RSA [14] or IBE [17], which are widely
used in the Internet, are known to be very intensive in terms
of computation. Direct application of these protocols for the
IoT would be very heavy.
3.2. Authentication and access control
Authentication is a security service used to ensure that enti-
ties are who they claim to be (entity authentication), or that the
received message is as originated (message authentication). As
for access control, it is used to allow or deny entities to access
resources according to policies. Access control is generally per-
formed after authenticating the entities/data.
Because of its low cost computation, some access control and
authentication solutions proposed for constrained networks are
based on symmetric cryptography (e.g. [18–20]). This often
imposes using mechanisms for pre-distribution of keys. How-
ever, this also may make these solutions working only for appli-
cations they are designed for, and may not support large-scale
networks. In addition, it is difficult to ensure message authenti-
cation with non-repudiation when using symmetric cryptogra-
phy. Even if some solutions, such as SNEP and µTESLA [21],
achieve non-repudiation by emulating asymmetry (through de-
layed key disclosure and one-way function key chains), the em-
ulation of asymmetric cryptography requires time synchroniza-
1Note that other security services might be required for the IoT, such as
trust management. This section interests in energy consuming security services,
which are the target of this survey.
tion and key management with ample storage of keys and mes-
sages [22]. This becomes problematic for high-traffic and large-
scale networks, as the IoT.
On the other hand, authentication and access control solu-
tions based on asymmetric cryptography would eliminate the
need for complicated protocols and increase the security. How-
ever, public-key cryptography is considered to be very heavy
for constrained nodes, as it is mentioned previously. For in-
stance, Attribute Based Encryption (ABE) [23] and its related
protocols are widely considered to ensure fine-grained access
control with scalability management. The issue when consider-
ing these protocols for constrained networks, as the IoT, has to
do with their consumption cost.
3.3. Signature/verification
Digital signature is a security service that provide a means for
an entity to bind its identity to a piece of information. It ensures
authentication, integrity, and non-repudiation. One of the most
significant applications of digital signatures is the certification
of public keys.
Public-key cryptography is the most used for digital signa-
ture. Standards such X.509 and ISO/IEC 9796 are based on
public-key cryptography. RSA cryptosystem [14], or El-Gamal
scheme [24] are examples of the used asymmetric cryptogra-
phy. However, these asymmetric protocols are so heavy and
their direct application for the IoT would be inefficient.
Although one-time signature schemes (many of which arise
from symmetric-key cryptography) are computationally less
expensive, they require changing keys after each use; other-
wise, signatures can be forged [25]. This affects the storage
and the communication capacities in high-traffic networks, and
mitigates the use of these schemes for some applications.
3.4. Key establishment
Key establishment, or key bootstrapping, is the process that
allows transferring settings between two or more parties, for the
purpose of sharing cryptographic keys. It is basically required
to setup any secure communication channel between nodes (be-
fore the network can operate or when a re-keying is needed),
and enable them to perform other security services.
Pre-distribution key establishment schemes, commonly
known as symmetric-key schemes, involve low computation.
They are based on pre-shared credentials (before deployment).
Several pre-distribution solutions have been proposed in the lit-
erature, mainly for WSNs (such as [26–30]). However, these
schemes can work for the local networks they are designed for,
and do not address key establishing with a remote entity. Many
IoT applications require establishing secure communications
between entities without any initial knowledge of each other,
or any pre-shared keys.
In contrast, asymmetric-key schemes are the most widely
considered for the Internet, and do not require any initial knowl-
edge. However, the two categories of asymmetric-key schemes,
key transport and key agreement, involve high computations.
Key transport protocols (such as TLS handshake [31]) are based
on public-key cryptography which is commonly known to be
3
ACCEPTED MANUSCRIPT
ACCEPTED MANUSCRIPT
resource intensive. Key agreement protocols (such as Internet
Key Exchange (IKE) [32], Host Identity Protocol (HIP) [33])
are also resource intensive as they use asymmetric primitives.
In addition, an authentication mechanism might be required for
asymmetric-key schemes to bind the key with the communicat-
ing peer. This makes asymmetric key establishment schemes
very heavy for resource-constrained networks, such as the IoT.
3.5. Discussion
Several security services are required for the IoT and many
of them involve heavy primitives. The issue of energy saving in
security was tackled in some LLNs. For instance, several key
establishment solutions for WSNs are based on pre-distribution
(less energy-consuming but not efficient for large-scale net-
works). However, the IoT comes with new characteristics, such
as the scalability. This makes some already developed energy-
efficient security solutions inappropriate for IoT applications.
The problem of energy consumption in security services arises
with greater acuity.
To understand the reasons behind the overhead consumption,
an analysis is led on the application of security services in the
context of the IoT. The results of this analysis can be summa-
rized in three levels: heavy operations, size of data, and number
of calls. Table 2 provides a summary on the led analysis.
Heavy operations
The most important reason for the consumption related to
security services is the involved heavy operations. These op-
erations are mainly used in asymmetric cryptography. Indeed,
asymmetric cryptography is based on using hard-to-solve prob-
lems in order to make the task of recovering private parameters
from public ones extremely difficult [25]. The underlying used
mathematic operations for these problems are generally heavy,
such as exponentiations and modular exponentiations.
Exponentiations (ge) and modular exponentiations
(gemod p) are the basis of many cryptographic protocols,
such as Diffie-Hellman (DH) [34] (which is the basis of many
key agreement protocols) or RSA. These operations are very
computationally expensive as the used parameters are generally
big for security reasons. Lowering the parameters can reduce
the overhead of the operation, but it is not always possible.
Watro et al. proposed in [35] an adaptation of the RSA protocol
to resource-constrained devices. Their idea relies on the use of
smaller parameters such as the exponent. However, this comes
at the price of a lower security level [36]. The evaluation
performed by Watro et al. [35] on Mica1 motes shows that the
RSA exponentiation can take more than 10 seconds, even using
small exponents.
Another operation that is used in many cryptographic proto-
cols is the bilinear pairing. The latter is applied to enable some
security concepts, such as IBE [17] and its variants (whose
idea was formulated by Shamir [37] since 1984) or ABE [23]
and its variants. However, this is a very costly operation for
constrained nodes (the underlying mathematical operations are
heavy). In [38], Oliveira et al. show that the execution of the
pairing operation on a MicaZ node using their proposal imple-
mentation, TinyPBC, requires more than 5.5 seconds. Consid-
ering the fact that cryptographic operations require generally
at least two pairing means that the security service could take
more than 11 seconds.
Size of data
A security service is employed aiming at securing a given
data. The time consumed in executing a security service is pro-
portional to the the data size. The more the data size is big,
the more it takes time to run. The energy consumption depends
directly on this fact.
The size of data concerns not only the data to process, but
also the meta-data related to the security protocol. Indeed, in
security protocols that specify communication aspects (e.g. In-
ternet Protocol security (IPsec) [39], Transport Layer Security
(TLS) [40], or Datagram TLS (DTLS) [41]), a packet header
is considered. The size of this header affects also the energy
overhead, as it is sent and received by the constrained nodes.
Number of calls
Another aspect that affects the consumption overhead of ap-
plying security services is the number of calls. This parameter
is related to the use manner of the security service and the num-
ber of times it needs to be requested. Let us take for example a
key establishment protocol that is relatively heavy (in the order
of a few seconds or dozens of seconds). A constrained node
can support this protocol as it is executed only one time at the
beginning. However, if this phase is called several times (e.g.
due to re-keying), the consequences on energy can be critical.
A frequent use of a security service will have a big impact on
the consumption compared to only few uses.
The cause Justification
Heavy operations The underlying operations used in asym-
metric cryptography are generally heavy
Size of data The size of data is proportional to the
overhead of energy consumption
Number of calls Frequent use of a security service can
have a big impact on consumption
Table 2: Analysis on causes of consumption when applying security services
It appears that many security protocols required in the IoT are
computationally intensive. This raises the necessity for mech-
anisms allowing to reduce energy consumption in security so-
lutions. The next section is devoted to review energy-efficient
techniques in security.
4. Energy-efficient techniques in security
In this section, the major existing mechanisms used to save
energy in security services are reviewed. Relevant solutions
that use these techniques are also presented. The proposed tax-
onomy of energy-efficient mechanisms is summarized in Figure
1.
4.1. On-line/off-line security
The concept of on-line/off-line security consists in transform-
ing the cryptographic scheme into two phases. The first one is
performed off-line, before the start of the security service (be-
fore knowing the destination, the message to encrypt or to sign,
4
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
1
/
22
100%
