datagram transport layer security in constrained
play

Datagram Transport Layer Security in Constrained Environments - PowerPoint PPT Presentation

Apr 08, 2024 •265 likes •452 views

Datagram Transport Layer Security in Constrained Environments draft-hartke-core-codtls-01 Klaus Hartke Olaf Bergmann Datagram Transport Layer Security in Constrained Environments Smart Objects: want the security that DTLS provides

  1. Datagram Transport Layer Security in Constrained Environments draft-hartke-core-codtls-01 Klaus Hartke • Olaf Bergmann

  2. Datagram Transport Layer Security in Constrained Environments • Smart Objects: want the security that DTLS provides • DTLS has not been designed with constrained devices and low-power, lossy networks in mind • This is actually not a problem for many constrained devices, but there are some challenges when it comes to implement DTLS for at least Class 1 devices • draft-hartke-core-codtls: Class 0: too small to securely run – trying to fjgure out challenges and on the Internet problems Class 1: ~10 KiB data, ~100 KiB code “quite constrained” – collect ideas for possible solutions Class 2: ~50 KiB data, ~250 KiB code and implementation guidance “not so constrained” Classes of Devices I-D.hartke-core-codtls 1

  3. CoAP without DTLS Client Server Request Response 1 roundtrip I-D.hartke-core-codtls 2

  4. Client Server CoAP with DTLS Flight Client Hello 1 Flight Hello Verify Request 2 Flight Client Hello 3 Server Hello Certifjcate Flight Server Key Exchange 4 Certifjcate Request Server Hello Done Certifjcate Client Key Exchange Flight Certifjcate Verify 5 Change Cipher Spec Finished Change Cipher Spec Flight 6 Finished Request Response 4 roundtrips I-D.hartke-core-codtls 3

  5. Client Server CoAP with DTLS Flight Client Hello 1 Flight Hello Verify Request 2 DTLS handshake over 6LoWPAN: Flight Client Hello 3 max ~ 30-60 bytes per fragment Server Hello Certifjcate Flight Server Key Exchange 4 Certifjcate Request ECDSA P-256: 91 bytes Server Hello Done ECDSA P-384: 120 bytes ECDSA P-521: 156 bytes Certifjcate Client Key Exchange Flight Certifjcate Verify 5 Raw Public Key: Certifjcate sizes Change Cipher Spec Finished Change Cipher Spec Flight 6 Finished Request Response 4 roundtrips I-D.hartke-core-codtls 4

  6. Client Server CoAP with DTLS Flight Client Hello 1 Flight Hello Verify Request 2 DTLS handshake over 6LoWPAN: Flight Client Hello 3 max ~ 30-60 bytes per fragment Server Hello Certifjcate Flight Server Key Exchange 4 Certifjcate Request ECDSA P-256: 91 bytes Server Hello Done ECDSA P-384: 120 bytes ECDSA P-521: 156 bytes Certifjcate Client Key Exchange Flight Certifjcate Verify 5 Raw Public Key: Certifjcate sizes Change Cipher Spec Finished Change Cipher Spec Flight 6 Finished Request Response 4 roundtrips I-D.hartke-core-codtls 5

  7. Client Server CoAP with DTLS Flight Client Hello 1 Flight Hello Verify Request 2 DTLS handshake over 6LoWPAN: Flight Client Hello 3 max ~ 30-60 bytes per fragment Server Hello Certifjcate Flight Server Key Exchange 4 Certifjcate Request ECDSA P-256: 91 bytes Server Hello Done ECDSA P-384: 120 bytes ECDSA P-521: 156 bytes Certifjcate Client Key Exchange Flight Certifjcate Verify 5 Raw Public Key: Certifjcate sizes Change Cipher Spec Finished Change Cipher Spec Flight 6 Finished Request Response 4 roundtrips I-D.hartke-core-codtls 6

  8. Client Server CoAP with DTLS Flight Client Hello 1 Flight Hello Verify Request 2 DTLS handshake over 6LoWPAN: Flight Client Hello 3 max ~ 30-60 bytes per fragment Server Hello Certifjcate Flight Server Key Exchange 4 Certifjcate Request ECDSA P-256: 91 bytes Server Hello Done ECDSA P-384: 120 bytes reassemble ECDSA P-521: 156 bytes Certifjcate Client Key Exchange Flight Certifjcate Verify 5 Raw Public Key: Certifjcate sizes Change Cipher Spec Finished reassemble Change Cipher Spec Flight 6 Finished Request Response I-D.hartke-core-codtls 7

  9. Client Server CoAP with DTLS Flight Client Hello 1 Server Client Flight Hello Verify Request 2 Flight Client Hello 3 Server Hello Flight Retransmit Certifjcate 4 fmight Flight Server Key Exchange 4 Certifjcate Request Server Hello Done reassemble Message Certifjcate Flight lost Client Key Exchange 5 Flight Certifjcate Verify 5 Change Cipher Spec reassemble Finished reassemble CSS Flight 6 Finished Request Response 5 roundtrips I-D.hartke-core-codtls 8

  10. Handshake protocol – Content type Record header Potential problems Version Epoch • Handshake messages are big We need many frames to transport keys Sequence number In principle: DTLS fragmentation is better than adaptation layer fragmentation Length • DTLS has 25 bytes overhead per packet Message type that carries a fragment Message length Handshake message header • Fills ~ 1/3 of usable frame Message sequence number • More fragments increase likelihood Fragment offset that messages get reordered or lost Fragment length • Every new packet uses energy = 25 bytes I-D.hartke-core-codtls 9

  11. Handshake protocol – Possible solutions • (not to be decided here) • Compress headers so more data can be transmitted per fragment – Can 6LoWPAN GHC handle this? Literal copies are replaced by references Zero sequences can be compressed – Or should this better be done end-to-end? • Is reordering is unlikely enough that a recipient can simply ignore reordered messages and wait for retransmission? I-D.hartke-core-codtls 10

  12. Application data protocol – Content type Potential problems Record header Version Epoch • DTLS has 21 bytes overhead per packet Sequence number DTLS version is always the same (2 bytes) Epoch is mostly 0 or 1 (2 bytes) Length Sequence number is 6 bytes Length is redundant in last record in datagram Epoch CCM doubles sequence number and epoch CCM explicit nonce • Fills ~ 1/3 of usable frame Sequence number • Every new packet uses energy = 21 bytes I-D.hartke-core-codtls 11

  13. Application data protocol – Possible solutions • (not to be decided here) • Compress headers so more data can be transmitted per fragment – Can 6LoWPAN GHC handle this? Literal copies are replaced by references Zero sequences can be compressed – Or should this better be done end-to-end? I-D.hartke-core-codtls 12

  14. State – Potential problems • Reassembling fragmented handshake messages • Queuing reordered handshake messages • Create connection state – can often be done per-fragment • Create verifjcation hash for Finished message – computed from sequence of messages – reordering requires queuing I-D.hartke-core-codtls 13

  15. State – Possible solutions • (not to be decided here) • Possibly compute the hash in the Finished message from the negotiated session parameters? I-D.hartke-core-codtls 14

  16. ECC and RSA on Arduino Library ROM AvrCryptolib 3.6 KB Wiselib 16.0 KB TinyECC 18.0 KB Relic 29.0 KB Other guidance Algorithm Library RAM Time RSA-512 AvrCryptolib 320 B 25.0 s RSA-1024 AvrCryptolib 640 B 199.0 s ECC 128r1 TinyECC 776 B 1.8 s • Adjust the timers... ECC 192k1 TinyECC 1008 B 3.4 s NIST K163 Relic 2804 B 0.3 s ~ RSA 1024! ~ RSA 2048! NIST K233 Relic 3675 B 1.8 s Time to sign (Arduino) [Mohit Sethi] Implementations SHOULD use an initial timer value of 1 second (the minimum defjned in RFC 6298 [RFC6298]) and double the value at each retransmission, up to no less than the RFC 6298 maximum of 60 seconds. Note that we recommend a 1-second timer rather than the 3-second RFC 6298 default in order to improve latency for time-sensitive applications. Because DTLS only uses re- transmission for handshake and not datafmow, the effect on con- gestion should be minimal. DTLS Timer Values I-D.hartke-core-codtls 15

  17. ECC and RSA on Arduino Library ROM AvrCryptolib 3.6 KB Wiselib 16.0 KB TinyECC 18.0 KB Relic 29.0 KB Other guidance Algorithm Library RAM Time RSA-512 AvrCryptolib 320 B 25.0 s RSA-1024 AvrCryptolib 640 B 199.0 s ECC 128r1 TinyECC 776 B 1.8 s • Data size... ECC 192k1 TinyECC 1008 B 3.4 s • Code size... NIST K163 Relic 2804 B 0.3 s ~ RSA 1024! ~ RSA 2048! NIST K233 Relic 3675 B 1.8 s RAM usage (Arduino) [Mohit Sethi] Class 0: too small to securely run on the Internet Class 1: ~10 KiB data, ~100 KiB code “quite constrained” Code Size Description Class 2: ~50 KiB data, ~250 KiB code 1429 Bytes SHA-256 “not so constrained” 992 Bytes CCM Classes of Devices 9812 Bytes DTLS state machine Code footprint of minimal DTLS implementation [Olaf Bergmann] I-D.hartke-core-codtls 16

  18. Possible actions Implementation guidance prefer Implementation techniques for light-weight implementations without affecting conformance → I-D.bormann-lwig-guidance Stateless header compression Compress record and handshake headers without explicitly building any compression context state Protocol profjle for constrained environments Use of DTLS in a particular way, e.g. • require or preclude certain extensions or cipher suites • change MAYs into MUSTs or MUST NOTs → CoRE WG (?) avoid Breaking changes → TLS WG I-D.hartke-core-codtls 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 Transport Layer Transport Layer Outline Message, Segment, Datagram Transport-layer

1 Transport Layer Transport Layer Outline Message, Segment, Datagram Transport-layer

Transport Layer Transport Layer Chapter 3: Transport Layer Mobile network Our goals: Global ISP understand principles learn about transport Chapter 3 behind transport layer protocols in the Transport Layer Internet: layer

678 views • 5 slides
Datagram Transport Layer Security (DTLS) Extension to Establish Keys for Secure Real-time

Datagram Transport Layer Security (DTLS) Extension to Establish Keys for Secure Real-time

Datagram Transport Layer Security (DTLS) Extension to Establish Keys for Secure Real-time Transport Protocol (SRTP) (Phew!) Eric Rescorla David McGrew Eric Rescorla IETF 67 1 Overview SDP signals Im willing to do DTLS (and

93 views • 8 slides
THE TRANSPORT LAYER Outline Transport layer in the Internet Multiplexing and

THE TRANSPORT LAYER Outline Transport layer in the Internet Multiplexing and

THE TRANSPORT LAYER Outline Transport layer in the Internet Multiplexing and demultiplexing UDP: User Datagram Protocol TCP: Transport Control Protocol General features TRANSPORT LAYER IN THE INTERNET In the

563 views • 29 slides
Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals:

Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals:

IN3210 Network Security Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals: Authentication Integrity Confidentiality Transparent security protocol between TCP and application

1k views • 66 slides
User Datagram Protocol (UDP) Standard connectionless protocol for the transport layer of the

User Datagram Protocol (UDP) Standard connectionless protocol for the transport layer of the

User Datagram Protocol (UDP) Standard connectionless protocol for the transport layer of the Internet architecture Only adds demultiplexing capability to basic best-effort delivery provided by IP Needs to identify target process

834 views • 36 slides
1 Transport Layer Transport Layer RTT Estimation RTT Estimation Basic Idea SampleRTT :

1 Transport Layer Transport Layer RTT Estimation RTT Estimation Basic Idea SampleRTT :

Transport Layer Transport Layer Outline Mobile network Transport-layer Connection-oriented Global ISP services transport: TCP Transport Layer Multiplexing and segment structure Home network demultiplexing reliable data

264 views • 5 slides
CS 457 Lecture 10 Internetworking and IP Fall 2011 The Network layer Transport layer:

CS 457 Lecture 10 Internetworking and IP Fall 2011 The Network layer Transport layer:

CS 457 Lecture 10 Internetworking and IP Fall 2011 The Network layer Transport layer: TCP, UDP IP protocol Routing protocols addressing conventions path selection datagram format RIP, OSPF, BGP Network

320 views • 18 slides
Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce supported by almost all transactions browsers, web

570 views • 21 slides
Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce transactions supported by almost all browsers,

609 views • 21 slides
Network Layer network layer services virtual circuit and datagram Goals: networks

Network Layer network layer services virtual circuit and datagram Goals: networks

Overview: Network Layer network layer services virtual circuit and datagram Goals: networks whats inside a router? understand principles behind network layer IP: Internet Protocol services: IPv4 datagram format

396 views • 23 slides
Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Recall Transport layer provides end-to-end connectivity across

1.91k views • 168 slides
Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Recall Transport layer provides end-to-end connectivity across

528 views • 31 slides
Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Recall Transport layer provides end-to-end connectivity across

1.96k views • 165 slides
1 Link Layer: setting the context two physically connected devices: host-router,

1 Link Layer: setting the context two physically connected devices: host-router,

Network Layer Overview: network layer services virtual circuit and datagram Goals: networks whats inside a router? understand principles behind network layer IP: Internet Protocol services: IPv4 datagram format

344 views • 16 slides
Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Three-Way Handshake (3) Suppose delayed, duplicate Active

709 views • 50 slides
Transport Layer How TCP, UDP, and Ports fit into IP Layer 4: the Transport Layer Responsibilities

Transport Layer How TCP, UDP, and Ports fit into IP Layer 4: the Transport Layer Responsibilities

Transport Layer How TCP, UDP, and Ports fit into IP Layer 4: the Transport Layer Responsibilities and Services Overall: message delivery End-to-end" communications between processes ( i.e. running programs) Communicating

467 views • 17 slides
CAPTCHAs: The Good, the Bad, and the Ugly ISSE-GI SICHERHEIT 2010 Paul Baecher*, Marc Fischlin*,

CAPTCHAs: The Good, the Bad, and the Ugly ISSE-GI SICHERHEIT 2010 Paul Baecher*, Marc Fischlin*,

CAPTCHAs: The Good, the Bad, and the Ugly ISSE-GI SICHERHEIT 2010 Paul Baecher*, Marc Fischlin*, Lior Gordon, Robert Langenberg, Michael Ltzow, Dominique Schrder* * TU Darmstadt, supported by DFG Emmy Noether Program October 7, 2010 | 1

573 views • 21 slides
Web Authentication using Third-parties in Untrusted Environments Anna Vapen PhD Thesis

Web Authentication using Third-parties in Untrusted Environments Anna Vapen PhD Thesis

Web Authentication using Third-parties in Untrusted Environments Anna Vapen PhD Thesis Presentation 2016-09-30 Supervisors: Nahid Shahmehri, Niklas Carlsson ***** 3 Agenda 1. Background 2. Research problems 3. Analysis Web

607 views • 33 slides
Yubikey Discovery and fjrst use of Yubico's Yubikey Presented by : Maxime de Roucy

Yubikey Discovery and fjrst use of Yubico's Yubikey Presented by : Maxime de Roucy

Yubikey Discovery and fjrst use of Yubico's Yubikey Presented by : Maxime de Roucy mderoucy@linagora.com http:// dokuwiki. craoc.fr/ About myself (really quick I promise) Job Technical Account Manager OSSA Open Source

279 views • 17 slides
Wireless Network Security Vedavyas Duggirala CS 6204, Spring 2005 1 Wireless Devices - Benefits

Wireless Network Security Vedavyas Duggirala CS 6204, Spring 2005 1 Wireless Devices - Benefits

Wireless Network Security Vedavyas Duggirala CS 6204, Spring 2005 1 Wireless Devices - Benefits and Risks Benefits Risks Allow Mobility Suffers from all the risks of wired networks Greater flexibility, efficiency and

623 views • 27 slides
The Design and Implementation of Protocol- Based Hidden Key Recovery Eu-Jin Goh, S tanford Dan

The Design and Implementation of Protocol- Based Hidden Key Recovery Eu-Jin Goh, S tanford Dan

The Design and Implementation of Protocol- Based Hidden Key Recovery Eu-Jin Goh, S tanford Dan Boneh, S tanford Philippe Golle, PARC Benny Pinkas, HP Labs Our contribution A key recovery syst em which is Hidden Unfilterable

594 views • 22 slides
Yasser F. O. Mohammad REMIDER 1: IPSec Uses REMINDER 2: IPSec Services Access control

Yasser F. O. Mohammad REMIDER 1: IPSec Uses REMINDER 2: IPSec Services Access control

Yasser F. O. Mohammad REMIDER 1: IPSec Uses REMINDER 2: IPSec Services Access control Connectionless integrity Data origin authentication Rejection of replayed packets a form of partial sequence integrity Confidentiality

818 views • 37 slides
ilab Lab 8 - SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one

ilab Lab 8 - SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one

Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen ilab Lab 8 - SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one specific port SSL (Secure Socket Layer) /

812 views • 25 slides
SSL Research with Bro Johanna Amann International Computer Science Institute johanna@icir.org

SSL Research with Bro Johanna Amann International Computer Science Institute johanna@icir.org

SSL Research with Bro Johanna Amann International Computer Science Institute johanna@icir.org http://www.icir.org/johanna SSL Client Server Client hello Server hello Certificate (Server Key Exchg) Client Key Exchange Change Cipher Spec

848 views • 66 slides

More recommend