Print[PRINT] English[FLAG]
.  Home  .  Projekte  .  Embedded MSec Lab

The Embedded Multicast Security Lab

Embedded Multicast Security

Securing group communication in constrained networks requires new solutions to be found, implemented and evaluated. This is especially true when group communication is desired, which turns out to be much more difficult to secure than point-to-point communications, as the sharing of keys along the group potentially lowers the security of the solutions. There is a variety of work on security in constrained networks, but most of them only pick one particular security property (e.g. μTesla) or are simply designed for a very specific use case (e.g. Group-DTLS for the lightening industry). This is especially true for group communication, which is a niche, but turns out to be very attractive for constrained networks.


With multicasting being an interesting option for many use cases, we are currently developing a testbed, allowing flexible deployment of group communication scenarios and implementations of different solution for secure group communication. The testbed contains devices with different constraints, such as different microprocessor architectures - namely ARM Cortex M0 and ATmega328P, but also single board computers with the ARMv7 and ARMv8 architectures. They all communicate wired (Ethernet) or wireless (Bluetooth or WiFi). The testbed is able to simulate different kinds of communication groups:

a group of devices connected to one and the same access point. Each AP is managed by an Area Server (AS) separated with VLAN.
a group of devices sharing information using IP multicasting and being managed by the Group Management Server (GMS).
a group of devices sharing secure information using IPsec, being managed by the GMS, implemented on constrained devices.


Computing Hardware:

Device Architecture Clock Speed
Flash Memory
Arduino Uno
ATmega328 16MHz 32KB 2KB
Arduino M0+
ARM Cortex-M0+ 48MHz 256KB 32KB
Arduino Due
ARM Cortex-M3 84MHz 512KB 96KB
Raspbery Pi v1
ARM1176JZF-S 700MHz

Beaglebone Black
Cortex-A8 + Dual PRU 1000MHz 4GB

Networking Hardware

  • Netgear Prosafe GS748T Switch
  • Colubris MAP-625 Access Point
  • Current activities

    • Design, Implementation and Evaluation of a Identity Based Signature (IBS) Scheme for group communication in constrained environments
    • Implementation and Evaluation of G-IKEv2 for Strongswan
    • Implementation and Evaluation of Walnut DSA for RIOT, FreeRTOS and Linux
    • Implementation and Evaluation of Diet-ESP for RIOT and Linux


      gentschen Felde, N., Guggemos, T., Heider, T., Kranzlmüller, D., Secure Group Key Distribution in Constrained Environments with IKEv2, Proceedings of 2017th IEEE Conference on Dependable and Secure Computing, IEEE, Taipei , Taiwan , , 2017.

      gentschen Felde, N., Guggemos, T., Kranzlmüller, D., Secure Group Communication in Constrained Networks — A Gap Analysis, In Proceedings of the 1st IEEE GLOBAL IoT SUMMIT, 2017, IEEE Xplore, IEEE, Geneva, Switzerland, , 2017.

      Guggemos, T., Migault, D., Killian, S., Laurent, M., Diet–ESP: IP Layer Security for IoT, Journal of Computer Security, 2017(25:2), IOS Press, Amsterdam, Netherlands, , 2017.

      Migault, D., Palomares, D., Guggemos, T., Efficient Security for Homenet IoT and M2M Communications, In Proceedings of the 11th ACM Symposium on QoS and Security for Wireless and Mobile Networks, 2015(15), Q2SWinet 15, 9–17, ACM New York, ACM, Cancun Mexico, , 2015.


    For further information or access to the testbed, please contact


    Dr. N. gentschen Felde

    T. Guggemos, MSc

    J. Schmidt, MSc