Security is an important issue for 6lowpan, although different applications will differ in their SecurityObjectives.
During the preliminary stages of the 6lowpan WG it was realized that a mandatory requirement of IPsec for a IEEE 802.15.4 environment is not feasible. It is also unclear how the security requirements for 6lowpan networks may be different and thus this WG should identify what the relevant requirements are and possibly a security approach for 6lowpan.
There are two basic approaches to security:
limit the security to the Lowpan. Generally called L2 security, this is what WEP/WPA/WPA2 are to WiFi. The security ends at the subnetwork boundary, so e.g. Ethernet links that are part of the application-to-application paths are unsecured, and routers are trusted devices. The actual encryption/authentication are part of 802.15.4, so this is relatively simple to integrate in 6lowpan. The unsolved issue is how to obtain keying material for the link layer AES-CCM-64 (or whatever variant is employed).
- implement end-to-end security, e.g., by using IPsec, (D)TLS, application specific security protocols.
Whatever protocol is used for encryption/authentication, the part that will be expensive in code size and RAM use is the KeyManagement. There is no fundamental difference in KeyManagement between the two approaches listed above.