An Empirical Study of VPN Options for Resource-Constrained IoT Devices
Added on 2022-12-19
25 Pages6293 Words1 Views
An Empirical Study of VPN Options for Resource-Constrained IoT Devices
BSC301: Applied Research Skills In ICT
ICT Project Plan
Semester 1, 2019
Group: David_1
Supervisor:
Dr David Murray
Group members:
Michael Schwenger 33087838
Daniel Alberts 32969931
Enrique Getino Reboso 33163823
Khalid Bin Walid Baeisa 32490882
Patrick Nkhata 33254798
Robert Edmonds 33110938
Abstract: In this study, we will be comparing the different VPN technologies for resource-
constrained IoT devices. We will be looking at: OpenVPN, ZeroTier, Tinc and Wireguard to
compare the subjective setup complexity and security, as well as the objective CPU, Memory
and packet overheads of each option.
1
BSC301: Applied Research Skills In ICT
ICT Project Plan
Semester 1, 2019
Group: David_1
Supervisor:
Dr David Murray
Group members:
Michael Schwenger 33087838
Daniel Alberts 32969931
Enrique Getino Reboso 33163823
Khalid Bin Walid Baeisa 32490882
Patrick Nkhata 33254798
Robert Edmonds 33110938
Abstract: In this study, we will be comparing the different VPN technologies for resource-
constrained IoT devices. We will be looking at: OpenVPN, ZeroTier, Tinc and Wireguard to
compare the subjective setup complexity and security, as well as the objective CPU, Memory
and packet overheads of each option.
1
Table of Contents
Summary of Project 3
Problem Statement 3
Literature Review 3
Research Aims and Research Questions 4
Research Design 5
Overview 5
Hardware Requirements 5
Software Requirements 5
Special Resources Required 5
Data Collection 6
Project Scope Management 7
Project Time Management 10
Discussion of the Work Breakdown Structure 12
Project Communications Management 13
Communications plan 13
Project information storage 17
Project Risk Management 18
Project Human Resources Management 19
Project roles and responsibilities 19
Procedures to resolve conflicts within the team 19
Conclusion 19
Appendices 20
Glossary 20
References 20
Team Contract 21
Team Roles 22
ICT301 Group Declaration Sheet 23
2
Summary of Project 3
Problem Statement 3
Literature Review 3
Research Aims and Research Questions 4
Research Design 5
Overview 5
Hardware Requirements 5
Software Requirements 5
Special Resources Required 5
Data Collection 6
Project Scope Management 7
Project Time Management 10
Discussion of the Work Breakdown Structure 12
Project Communications Management 13
Communications plan 13
Project information storage 17
Project Risk Management 18
Project Human Resources Management 19
Project roles and responsibilities 19
Procedures to resolve conflicts within the team 19
Conclusion 19
Appendices 20
Glossary 20
References 20
Team Contract 21
Team Roles 22
ICT301 Group Declaration Sheet 23
2
Summary of Project
The objective of this project is to state if the new VPN protocols are suitable to be used on
resource-constraint hardware from IoT devices. It will be compared against other VPN
products and it will be measured through metrics like response time and throughput. The
VPN servers will be hosted in the cloud, Microsoft Azure, while we locally run the clients
using Murdoch University’s resources.
Problem Statement
The number of IoT devices and security requirements, when it comes to network connections
is increasing. A large number of end users are willingly using VPN connections on a daily
basis, not only for business but also for private use. The need for securing these connections
grows side to side with the concern for privacy. These IoT devices need to enhance their
security in order to make them more attractive to the end user.
The actual VPN services have powerful tools and protocols to protect the security of the
connections. But on the other hand, the software to provide these levels of security are
resource intensive and require hardware that many of the IoT devices cannot provide, at this
moment, in order to run a VPN service smoothly.
Literature Review
IoT devices are more present than ever. All these devices are designed to be connected not
only to our home or office network but also, to public hotspots. The mobility that some of
them provide makes them really handy when it comes to access internet from anywhere in the
world, but, what about the security and the privacy of those connections?
It has been stated that these technologies are vulnerable to replay, man-in-the-middle and
denial-of-service attacks. To prevent man-in-the-middle attacks all communication between
the client and gateway should be over an encrypted VPN/IPsec tunnel. This solution is only
suitable for those IoT devices that have the necessary computational and storage capabilities
to gather the required data and run the necessary software, including VPN. Additionally
highly sensitive data should be encrypted within the tunnel, though this can take a
computational and speed hit on both the gateway and client device. Also, control system
gateways with sufficient compute power can also be used with modern IoT client devices to
help manage the security challenges of the remote access control (Michael W. Condry,
Catherine Blackadar Nelson, 2016).
Resource constraint in IOT devices are an important drawbacks for securing these network.
Hence, the challenge is to device such a solution that does not require huge computing
resources and computing power, but still delivers an efficient solution for device security.
Nowadays, the amount of IoT devices capable of running VPN software without having their
performance affected is still low. It is in this situation where lighter VPN protocols like
Wireguard can make a huge difference. WireGuard weights in at around 4,000 lines of code.
3
The objective of this project is to state if the new VPN protocols are suitable to be used on
resource-constraint hardware from IoT devices. It will be compared against other VPN
products and it will be measured through metrics like response time and throughput. The
VPN servers will be hosted in the cloud, Microsoft Azure, while we locally run the clients
using Murdoch University’s resources.
Problem Statement
The number of IoT devices and security requirements, when it comes to network connections
is increasing. A large number of end users are willingly using VPN connections on a daily
basis, not only for business but also for private use. The need for securing these connections
grows side to side with the concern for privacy. These IoT devices need to enhance their
security in order to make them more attractive to the end user.
The actual VPN services have powerful tools and protocols to protect the security of the
connections. But on the other hand, the software to provide these levels of security are
resource intensive and require hardware that many of the IoT devices cannot provide, at this
moment, in order to run a VPN service smoothly.
Literature Review
IoT devices are more present than ever. All these devices are designed to be connected not
only to our home or office network but also, to public hotspots. The mobility that some of
them provide makes them really handy when it comes to access internet from anywhere in the
world, but, what about the security and the privacy of those connections?
It has been stated that these technologies are vulnerable to replay, man-in-the-middle and
denial-of-service attacks. To prevent man-in-the-middle attacks all communication between
the client and gateway should be over an encrypted VPN/IPsec tunnel. This solution is only
suitable for those IoT devices that have the necessary computational and storage capabilities
to gather the required data and run the necessary software, including VPN. Additionally
highly sensitive data should be encrypted within the tunnel, though this can take a
computational and speed hit on both the gateway and client device. Also, control system
gateways with sufficient compute power can also be used with modern IoT client devices to
help manage the security challenges of the remote access control (Michael W. Condry,
Catherine Blackadar Nelson, 2016).
Resource constraint in IOT devices are an important drawbacks for securing these network.
Hence, the challenge is to device such a solution that does not require huge computing
resources and computing power, but still delivers an efficient solution for device security.
Nowadays, the amount of IoT devices capable of running VPN software without having their
performance affected is still low. It is in this situation where lighter VPN protocols like
Wireguard can make a huge difference. WireGuard weights in at around 4,000 lines of code.
3
Compared to the 600,000 lines of code of OpenVPN + OpenSSL or the 400,000 lines of code
for XFRM+StrongSwan for an IPSEC VPN (Jim Salter, 2018).
So far, this new protocol (Wireguard) has been released for Linux, Android and iOS based
devices, although the developers warn anyone willing to install it, that this protocol is still
under development. Versions for Windows clients have not been released yet.
This is a significant challenge for making these services available for everyone as windows is
still the dominant and most preferred OS that is considered by most of the enterprises
(Schurgot, Shinberg and Greenwald 2015). However, in terms of flexibility and security,
developers and security experts often prefer Linux. Hence, the authors also suggest
considering Linux for better software options and customization, which is required when
designing security solutions for IOT devices, where resource constraint is an important issue.
Other protocols like IPsec or SSL also use to have some disadvantages. For IPsec, it was
noted that existing implementations were hardly compatible with each other and often
required some manual configuration. It was also stated that most IPsec solutions for setting up a
VPN required third-party hardware and/or software and on top of that, in order to access an IPsec
VPN, a given endpoint must had an IPsec client application installed (Chang et al. 2015).
In regards to SSL, almost every device in the world was equipped with the necessary software to
connect to a SSL VPN. This protocol would allow more precise access control (Shif et al. 2018).
In fact, operation at the transport layer would allow VPN tunnels to be allocated to specific
applications rather to an specific machine (or often to an entire LAN). This way, users on SSL
VPN connections can only access the applications that they are configured to access rather than
an entire network.
In an IoT environment, devices are often targeted due to the ease of exploiting these devices.
Hence, securing devices in an IoT environment is an important criterion. IoT devices often do not
integrate standard security protocols, which makes these vulnerable. Distributed denial of
services or DDoS is an important security threat for IoT network. As IoT devices do not have
standard protection of antivirus software due to the limitation in device architecture (Bonetto et
al. 2012). Hence, protection at the network level is required and this is where VPN has an
important role in securing IoT devices as it provides encryption of data that is communicated over
a network through these devices. As data is encrypted, it enhances the security of the system at
this makes it difficult for others to access this data without proper authorization.
When data is sent from particular IoT devices, it does not instantly send to the destination
devices. During this season, it is possible to interpret this data if it is not secured with proper
security measures. One recommended process that is suggested by this article is to ensure data
encryption throughout this entire season of data transfer. When an IoT device is connected with a
VPN network, each traffic that comes in and goes out of this device is secured and encrypted.
Hence, according to the authors, even if someone makes a try to interpret traffic of network, it is
not virtually possible for them.
Although IoT devices are secured when the network is connected with a VPN, it requires
effective configuration. Without the proper configuration of the IoT network with VPN, it is not
possible to ensure proper security that it offers. Hence, proper configuration according to the
authors is an important requirement when considering VPN for securing IoT devices with this
technology (Kuusijärvi et al. 2016). The authors have suggested a desktop client for managing
this configuration. The reason as suggested in the article is that it is easy to use and effective as
well.
For connecting the IoT network with VPN, the authors have suggested for VPN router. I fact the
authors have not recommended desktop client for this purpose as according to the authors desktop
clients have own set limitation and it often oversimplifies the configuration that affects the
4
for XFRM+StrongSwan for an IPSEC VPN (Jim Salter, 2018).
So far, this new protocol (Wireguard) has been released for Linux, Android and iOS based
devices, although the developers warn anyone willing to install it, that this protocol is still
under development. Versions for Windows clients have not been released yet.
This is a significant challenge for making these services available for everyone as windows is
still the dominant and most preferred OS that is considered by most of the enterprises
(Schurgot, Shinberg and Greenwald 2015). However, in terms of flexibility and security,
developers and security experts often prefer Linux. Hence, the authors also suggest
considering Linux for better software options and customization, which is required when
designing security solutions for IOT devices, where resource constraint is an important issue.
Other protocols like IPsec or SSL also use to have some disadvantages. For IPsec, it was
noted that existing implementations were hardly compatible with each other and often
required some manual configuration. It was also stated that most IPsec solutions for setting up a
VPN required third-party hardware and/or software and on top of that, in order to access an IPsec
VPN, a given endpoint must had an IPsec client application installed (Chang et al. 2015).
In regards to SSL, almost every device in the world was equipped with the necessary software to
connect to a SSL VPN. This protocol would allow more precise access control (Shif et al. 2018).
In fact, operation at the transport layer would allow VPN tunnels to be allocated to specific
applications rather to an specific machine (or often to an entire LAN). This way, users on SSL
VPN connections can only access the applications that they are configured to access rather than
an entire network.
In an IoT environment, devices are often targeted due to the ease of exploiting these devices.
Hence, securing devices in an IoT environment is an important criterion. IoT devices often do not
integrate standard security protocols, which makes these vulnerable. Distributed denial of
services or DDoS is an important security threat for IoT network. As IoT devices do not have
standard protection of antivirus software due to the limitation in device architecture (Bonetto et
al. 2012). Hence, protection at the network level is required and this is where VPN has an
important role in securing IoT devices as it provides encryption of data that is communicated over
a network through these devices. As data is encrypted, it enhances the security of the system at
this makes it difficult for others to access this data without proper authorization.
When data is sent from particular IoT devices, it does not instantly send to the destination
devices. During this season, it is possible to interpret this data if it is not secured with proper
security measures. One recommended process that is suggested by this article is to ensure data
encryption throughout this entire season of data transfer. When an IoT device is connected with a
VPN network, each traffic that comes in and goes out of this device is secured and encrypted.
Hence, according to the authors, even if someone makes a try to interpret traffic of network, it is
not virtually possible for them.
Although IoT devices are secured when the network is connected with a VPN, it requires
effective configuration. Without the proper configuration of the IoT network with VPN, it is not
possible to ensure proper security that it offers. Hence, proper configuration according to the
authors is an important requirement when considering VPN for securing IoT devices with this
technology (Kuusijärvi et al. 2016). The authors have suggested a desktop client for managing
this configuration. The reason as suggested in the article is that it is easy to use and effective as
well.
For connecting the IoT network with VPN, the authors have suggested for VPN router. I fact the
authors have not recommended desktop client for this purpose as according to the authors desktop
clients have own set limitation and it often oversimplifies the configuration that affects the
4
security of VPN. One of the main benefits of connecting the IoT network through the VPN router
is that only configuration of the router with VPN is required. Every devices that are connected to
the network through this router is secured and protection of VPN id ensured for each device.
Hence this effective and cost-effective solution.
Although VPN router provides a way and cost-effective solution for IoT device configuration
with the network, the security of the devices is still dependent on the VPN service provider. Now
the organisation might find it difficult to select the appropriate vendor for VPN service, but the
organisation should always choose a VPN service provider based on their popularity in the
market and expertise in this field.
Some VPN service provider tracks the IP address of their client, which includes destination IP
address too. This means that such vendors have complete knowledge of client activity and this
information might be shared to third parties without the permission of the client. This will
definitely affect the security of the IoT devices. Hence, the authors suggest checking if VPN
providers have a strict measure regarding no-logs policy (Xu et al. 2014). If the vendor does not
ensure this, who is providing VPN services, it is better to avoid that vendor. Otherwise, there will
be an issue in securing these devices because when service provider compromise in security it is
extremely difficult to ensure security for these devices.
As IoT devices are still not standardized, security for these devices lacks proper infrastructure,
which makes the security of these devices a complex process to manage properly. As IoT devices
are being implemented into the various application from smart cart to smart city, challenges of
security are even significant and innovation is the only way to develop a robust and secured
infrastructure to deploy IoT devices properly for implementing various smart applications that
increased productivity and efficiency various activities in which these applications are considered
(Kharchenko et al. 2016). VPN might be considered as an effective solution as of now, but as
sophisticated procedures are being applied for cybercrime, it is also required to increase the
security of VPN devices.
There are various advantages of VPN. It helps to restrict illegal access to the network, which is
the first process to hack a network and illegally access network data (Jha and Sunil 2014).
Another advantage of VPN is that it is cost effective which is a major requirement, especially
when considering security applications in an organizational context.However, while selecting a
VPN for IoT security, it is important to analyze various drawbacks that are associated with this
technology. Although encryption of VPN provides security to IoT devices, it slows the rate of
data transfer over the network, which is a significant drawback of this technology. When there is
high traffic on the network, service is affected and the reliability of the system becomes an issue.
However, SSL technology only works for Web-based applications so they do not always provide
native access to all network resources (Ricardo Bonetto, Nicola Bui, Vishwas Lakkundi, Alexis
Olivereau, Alexandru Serbanati, Michele Rossi, 2012).These two protocols are widely used
nowadays on VPN services, but the amount of configuration and resources that both of them
require, may make them not suitable for resource-constrained devices.
In conclusion, IoT devices are being integrated into our lives as technology progresses. The
need for data protection on these devices is becoming a larger concern as the devices are
handling increasing amounts of sensitive data which could conflict with user privacy (Ali
and Ali 2018). Because of the low computational and storage power that these devices have,
WireGuard could be considered as the best available option for the near future. The protocol
follows the philosophy ‘the simpler, the better: simple public keys, simple network interface,
simple configuration, etc’. The contrast between WireGuard, OpenVPN/IPsec and Tinc is
really noticeable when it comes to high-resource hardware tests. Further testing needs to be
done to conclude how they might perform under low-resource hardware devices. However
the literature available about VPN services used in IoT devices is somewhat limited due to
the fact that the technology evolves quicker than the publishing of papers.
5
is that only configuration of the router with VPN is required. Every devices that are connected to
the network through this router is secured and protection of VPN id ensured for each device.
Hence this effective and cost-effective solution.
Although VPN router provides a way and cost-effective solution for IoT device configuration
with the network, the security of the devices is still dependent on the VPN service provider. Now
the organisation might find it difficult to select the appropriate vendor for VPN service, but the
organisation should always choose a VPN service provider based on their popularity in the
market and expertise in this field.
Some VPN service provider tracks the IP address of their client, which includes destination IP
address too. This means that such vendors have complete knowledge of client activity and this
information might be shared to third parties without the permission of the client. This will
definitely affect the security of the IoT devices. Hence, the authors suggest checking if VPN
providers have a strict measure regarding no-logs policy (Xu et al. 2014). If the vendor does not
ensure this, who is providing VPN services, it is better to avoid that vendor. Otherwise, there will
be an issue in securing these devices because when service provider compromise in security it is
extremely difficult to ensure security for these devices.
As IoT devices are still not standardized, security for these devices lacks proper infrastructure,
which makes the security of these devices a complex process to manage properly. As IoT devices
are being implemented into the various application from smart cart to smart city, challenges of
security are even significant and innovation is the only way to develop a robust and secured
infrastructure to deploy IoT devices properly for implementing various smart applications that
increased productivity and efficiency various activities in which these applications are considered
(Kharchenko et al. 2016). VPN might be considered as an effective solution as of now, but as
sophisticated procedures are being applied for cybercrime, it is also required to increase the
security of VPN devices.
There are various advantages of VPN. It helps to restrict illegal access to the network, which is
the first process to hack a network and illegally access network data (Jha and Sunil 2014).
Another advantage of VPN is that it is cost effective which is a major requirement, especially
when considering security applications in an organizational context.However, while selecting a
VPN for IoT security, it is important to analyze various drawbacks that are associated with this
technology. Although encryption of VPN provides security to IoT devices, it slows the rate of
data transfer over the network, which is a significant drawback of this technology. When there is
high traffic on the network, service is affected and the reliability of the system becomes an issue.
However, SSL technology only works for Web-based applications so they do not always provide
native access to all network resources (Ricardo Bonetto, Nicola Bui, Vishwas Lakkundi, Alexis
Olivereau, Alexandru Serbanati, Michele Rossi, 2012).These two protocols are widely used
nowadays on VPN services, but the amount of configuration and resources that both of them
require, may make them not suitable for resource-constrained devices.
In conclusion, IoT devices are being integrated into our lives as technology progresses. The
need for data protection on these devices is becoming a larger concern as the devices are
handling increasing amounts of sensitive data which could conflict with user privacy (Ali
and Ali 2018). Because of the low computational and storage power that these devices have,
WireGuard could be considered as the best available option for the near future. The protocol
follows the philosophy ‘the simpler, the better: simple public keys, simple network interface,
simple configuration, etc’. The contrast between WireGuard, OpenVPN/IPsec and Tinc is
really noticeable when it comes to high-resource hardware tests. Further testing needs to be
done to conclude how they might perform under low-resource hardware devices. However
the literature available about VPN services used in IoT devices is somewhat limited due to
the fact that the technology evolves quicker than the publishing of papers.
5
6
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Network Infrastructure Component 2022 Reportlg...
|10
|2182
|17
The Internet of Thin Films: Research Limitation, Future Scope and Conclusionlg...
|42
|10071
|480
Internet of things - Assignmentlg...
|13
|4549
|42
IoT Devices: Types, Attacks, and Countermeasureslg...
|9
|2509
|92
Alternative Technologies To Replace VPN | Paperlg...
|11
|4211
|151
Establishing Network Report Assignmentlg...
|9
|2116
|288