To read this content please select one of the options below:

Lightweight security scheme for IoT applications using CoAP

Arijit Ukil (Innovation Lab, Tata Consultancy Services, Kolkata, India)
Soma Bandyopadhyay (Innovation Lab, Tata Consultancy Services, Kolkata, India)
Abhijan Bhattacharyya (Innovation Lab, Tata Consultancy Services, Kolkata, India)
Arpan Pal (Innovation Lab, Tata Consultancy Services, Kolkata, India)
Tulika Bose (Innovation Lab, Tata Consultancy Services, Kolkata, India)

International Journal of Pervasive Computing and Communications

ISSN: 1742-7371

Article publication date: 28 October 2014




The purpose of this paper is to study lightweight security scheme for Internet of Things (IoT) applications using Constrained Application Protocol (CoAP). Resource-constrained characteristics of IoT systems have ushered in compelling requirements for lightweight application protocol and security suites. CoAP has already been established as the candidate protocol for IoT systems. However, low overhead security scheme for CoAP is still an open problem. Existing security solutions like Datagram Transport Layer Security (DTLS) is not suitable, particularly due to its expensive handshaking, public key infrastructure (PKI)-based authentication and lengthy ciphersuite agreement process.


This paper proposes a lightweight security scheme in CoAP using Advanced Encryption Standard (AES) 128 symmetric key algorithm. The paper presents an object security (payload embedded)-based robust authentication mechanism with integrated key management. The paper introduces few unique modifications to CoAP header to optimize security operation and minimize communication cost.


It is resilient to number of security attacks like replay attack, meet-in-the-middle attack and secure under chosen plaintext attack. This scheme is generic in nature, applicable for gamut of IoT applications. The paper proves efficacy of our proposed scheme for vehicle tracking application in emulated laboratory setup. Specifically, it compares with DTLS-enabled CoAP to establish the lightweight feature of our proposed solution.

Research limitations/implications

This paper mainly focuses on implementing in-vehicle tracking systems as an IoT application and used CoAP as the application protocol.

Practical implications

Such a lightweight security scheme would provide immense benefit in IoT systems so that resource constraint-sensing devices and nodes can be made secure. This would impact IoT eco systems to a large extent.


Such kind of security suite that provides both robustness and lightweight feature is hitherto not known to the authors, particularly in CoAP for IoT applications.



The authors thank Sitaram Venkata Chamarty and Praveen Gauravaram of Tata Consultancy Services (TCS) Innovation Lab, Hyderabad, India, for their valuable comments and suggestions.


Ukil, A., Bandyopadhyay, S., Bhattacharyya, A., Pal, A. and Bose, T. (2014), "Lightweight security scheme for IoT applications using CoAP", International Journal of Pervasive Computing and Communications, Vol. 10 No. 4, pp. 372-392.



Emerald Group Publishing Limited

Copyright © 2014, Emerald Group Publishing Limited

Related articles