Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

TLoRa: Implementing TLS Over LoRa for Secure HTTP Communication in IoT

Atonu Ghosh, Akhilesh Mohanasundaram, Srishivanth R F, Sudip Misra

TL;DR

TLoRa addresses the challenge of secure, end-to-end HTTPS access over the bandwidth-constrained LoRa by architecting a proxy-based TCP tunnel that carries a full TLS 1.3 handshake over LoRa. The End Hub and Net Relay collaboratively manage DNS, TCP, TLS, and TLS data fragments, with cross-layer packet manipulation including TCP timestamp correction to preserve handshake fidelity. The authors implement a hardware-enabled prototype and demonstrate end-to-end TLS over LoRa, achieving a TLS handshake in about 9.9 seconds and total API access in around 14 seconds, with 100% packet delivery under their testing. This work fills a critical gap by enabling direct web API access from constrained IoT devices over LoRa, potentially enabling secure WoT deployments without modifying end devices, though multimedia content support and large-scale scalability remain for future work.

Abstract

We present TLoRa, an end-to-end architecture for HTTPS communication over LoRa by integrating TCP tunneling and a complete TLS 1.3 handshake. It enables a seamless and secure communication channel between WiFi-enabled end devices and the Internet over LoRa using an End Hub (EH) and a Net Relay (NR). The EH tethers a WiFi hotspot and a captive portal for user devices to connect and request URLs. The EH forwards the requested URLs to the NR using a secure tunnel over LoRa. The NR, which acts as a server-side proxy, receives and resolves the request from the Internet-based server. It then relays back the encrypted response from the server over the same secure tunnel. TLoRa operates in three phases -session setup, secure tunneling, and rendering. In the first phase, it manages the TCP socket and initiates the TLS handshake. In the second, it creates a secure tunnel and transfers encrypted TLS data over LoRa. Finally, it delivers the URL content to the user. TLoRa also implements a lightweight TLS record reassembly layer and a queuing mechanism for session multiplexing. We evaluate TLoRa on real hardware using multiple accesses to a web API. Results indicate that it provides a practical solution by successfully establishing a TLS session over LoRa in 9.9 seconds and takes 3.58 seconds to fulfill API requests. To the best of our knowledge, this is the first work to comprehensively design, implement, and evaluate the performance of HTTPS access over LoRa using full TLS.

TLoRa: Implementing TLS Over LoRa for Secure HTTP Communication in IoT

TL;DR

TLoRa addresses the challenge of secure, end-to-end HTTPS access over the bandwidth-constrained LoRa by architecting a proxy-based TCP tunnel that carries a full TLS 1.3 handshake over LoRa. The End Hub and Net Relay collaboratively manage DNS, TCP, TLS, and TLS data fragments, with cross-layer packet manipulation including TCP timestamp correction to preserve handshake fidelity. The authors implement a hardware-enabled prototype and demonstrate end-to-end TLS over LoRa, achieving a TLS handshake in about 9.9 seconds and total API access in around 14 seconds, with 100% packet delivery under their testing. This work fills a critical gap by enabling direct web API access from constrained IoT devices over LoRa, potentially enabling secure WoT deployments without modifying end devices, though multimedia content support and large-scale scalability remain for future work.

Abstract

We present TLoRa, an end-to-end architecture for HTTPS communication over LoRa by integrating TCP tunneling and a complete TLS 1.3 handshake. It enables a seamless and secure communication channel between WiFi-enabled end devices and the Internet over LoRa using an End Hub (EH) and a Net Relay (NR). The EH tethers a WiFi hotspot and a captive portal for user devices to connect and request URLs. The EH forwards the requested URLs to the NR using a secure tunnel over LoRa. The NR, which acts as a server-side proxy, receives and resolves the request from the Internet-based server. It then relays back the encrypted response from the server over the same secure tunnel. TLoRa operates in three phases -session setup, secure tunneling, and rendering. In the first phase, it manages the TCP socket and initiates the TLS handshake. In the second, it creates a secure tunnel and transfers encrypted TLS data over LoRa. Finally, it delivers the URL content to the user. TLoRa also implements a lightweight TLS record reassembly layer and a queuing mechanism for session multiplexing. We evaluate TLoRa on real hardware using multiple accesses to a web API. Results indicate that it provides a practical solution by successfully establishing a TLS session over LoRa in 9.9 seconds and takes 3.58 seconds to fulfill API requests. To the best of our knowledge, this is the first work to comprehensively design, implement, and evaluate the performance of HTTPS access over LoRa using full TLS.

Paper Structure

This paper contains 29 sections, 14 equations, 12 figures, 4 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Motivation
  3. Contribution
  4. Related Work
  5. Security in LoRaWAN
  6. Lightweight Security Mechanisms for IoT
  7. IP-based Communication in LPWANs
  8. Synthesis
  9. System Model
  10. System Architecture
  11. Network Architecture
  12. Communication Model
  13. TLoRa State Machine
  14. End Hub State Machine ($\mathcal{M}_{\Psi_c}$)
  15. Net Relay State Machine ($\mathcal{M}_{\Psi_s}$)
  16. ...and 14 more sections

Figures (12)

  • Figure 1: An end-to-end overview of the proposed architecture showing different components of the system and their interconnections.
  • Figure 2: Internal architecture of End Hub (EH) and Net Relay (NR) in the proposed TLoRa system.
  • Figure 3: End-to-end packet journey with per-hop header changes and LoRa framing in TLoRa.
  • Figure 4: End Hub State Machine
  • Figure 5: Net Relay State Machine
  • ...and 7 more figures