IPSEC is considered as an end to end security protocol. I think you could find some papers on how to apply Ipsec on 6LoWPAN networks.

can we use link layer security (with AES) to secure end-to-end communications?

I think that IPSEC uses AES as an encyption algorithm. i advice you to take a look to this paper: "Securing Communication in 6LoWPAN with Compressed IPSec" by "Shahid Raza et al."

I have already read this papaer and that what let me think about another question if IPsec (for network layer) and AES (for link layer) can use the same key management system, ie if i have a new X method for changing security keys, when its about an IP communication, IPsec use this method, and if it's about a one hop communication between nodes, Link layer use this method?

I have not well understood your idea. I think that your are putting IPSEC and AES at the same level. IPSEC is a set of protocols to ensure IP security while AES is an encryption algorithm used by IPSEC. i don't know if you got my point?

ok, but AES is used also for link level security by IEEE 802.15.4, while we don't have IPsec, so what protocol that use AES at this level (link layer) ?

s mentioned in the paper "Securing Communication in 6lowpan with compressed IPSEC", 802.15.4 security features (including AES encryption) could be disabled as security services are provided at the IP level (by IPSEC).

Shelby and Bormann [Shelby 2009] categorize the major security objectives for 6LoWPAN as:

1. Confidentiality: Ensuring that the data cannot be overheard by unintended listeners.

2. Integrity: Ensuring that the data cannot be altered by unauthorized parties.

3. Availability: Ensuring that the system is not subject to denial of service attacks.

They argue that not all these security objectives can be met purely on an end-to-end basis (using Layer 3 mechanisms and above). In particular, because of the wireless network and the low-cost of end nodes, individual nodes are particular vulnerable to compromise and the network is vulnerable to eavesdropping.

They recommend using Layer 2 (link layer security mechanisms) as a first line of defense. In particular, IEEE 802.15.4 uses the Advanced Encryption Standard (AES) in the counter with CBC-MAC (CCM) to provide both encryption and an integrity check mechanism. CAVEAT: This is only useful if fresh keys are used; motivating the need for key management schemes.

Having said that, the Layer 3 mechanism in place is IPsec. The IP authentication header (AH) can be used to provide integrity protection and authentication. The IP encapsulating security payload (ESP) can provide confidentiality.

ESP in combination with AES/CCM (with the above noted caveats on key management) can provide a cryptographic suite for end-to-end confidentiality and integrity/authentication.

Source: [Shelby2009]"6LoWPAN: The Wireless Embedded Internet", Zach Shelby and Carsten Bormann, Wiley Press, 2009.

"They recommend using Layer 2 (link layer security mechanisms) as a first line of defense. In particular, IEEE 802.15.4 uses the Advanced Encryption Standard (AES) in the counter with CBC-MAC (CCM)"

with this only, without using IPsec, can we ensure end-to-end security with this? like from a 6lowpan node and an IP host

because IPsec in 6lowpan networks is very greedy and consume a lot of energy

It depends on what your security objective is. If your objective is to use cryptography to provide message integrity and confidentiality on an end-to-end basis, then these can be implemented correctly only on the ends (Layer 3 or above), according to Clark, Saltzer and Reed's classic end-to-end argument. Layer 2 mechanisms can provide an optimization, but cannot by themselves provide end-to-end message integrity and confidentiality.

J. H. Saltzer, D. P. Reed, and D. D. Clark. 1984. End-to-end arguments in system design. ACM Trans. Comput. Syst. 2, 4 (November 1984), 277-288.

http://dl.acm.org/citation.cfm?id=357402

if two devices which are located far from each other, if we use Layer 2 symmetric encryption to encrypt their communication (AES for example), knowing that they share the same encryption security key, by this way, we can't secure an end-to-end communication only by using Layer 2 security mechanism?

Layer 2 security offers only a hop by hop protection, which means that at each point between the source and the destination data are decrypted and then reencrypted. An end to end protection is provided by protocols at higher levels such as IPSEC at the network layer and DTLS at the transport layer.