Malkus, M.-M. (2019):
Implementing IPsec ESP in RIOT OS
Despite high security demands in distributed embedded hardware, IPsec is not often deployed in IoT. One reason for this is the packet overhead taking its toll, especially with wireless communication. To significantly reduce this overhead EHC and Diet-ESP are in development and are already in the process of standardization. Many other additions to IPsec, improving its IoT suitability and versatility, are also in the making. After Diet-ESP was successfully brought to the Contiki operating system, the plan was minted to also bring it to the modern, IoT focussed RIOT OS operating system. To enable EHC and other advanced extensions to the IPsec suit, a versatile but minimal IPsec implementation was needed. In this thesis I am designing, implementing and evaluating a realization of the basic IPsec features, considering the demands of the related works, especially in the realm of my department. The goal is an agile implementation that fits a broad set of scenarios, is easy to comprehend and modify, while following the coding standards of the RIOT OS Open Source project, so that it can eventually be deployed into the official kernel code.