@techreport{bhattacharyya-dice-less-on-coap-01,
    number =    {draft-bhattacharyya-dice-less-on-coap-01},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-bhattacharyya-dice-less-on-coap/01/},
    author =    {Abhijan Bhattacharyya and Tulika Bose and Arijit Ukil and Soma Bandyopadhyay and Arpan Pal},
    title =     {{Lightweight Establishment of Secure Session (LESS) on CoAP}},
    pagetotal = 19,
    year =      2018,
    month =     mar,
    day =       4,
    abstract =  {Secure yet lightweight protocol for communication over the Internet for constrained node networks (CNN) is a pertinent problem. Constrained Application Layer Protocol (CoAP) mandates the use of Datagram Transport Layer Security (DTLS) for a secure transaction over CoAP. But DTLS is not a candidate technology for CNNs by design. The DTLS handshake overhead to establish the credentials for a session between two end-points in a CNN may not be resource efficient. There are ongoing efforts to secure one-time exchanges by ensuring object security at the application layer. But a composite standardized mechanism for resource-efficient end-to-end security credential establishment is much needed to cater both one-time exchanges as well as exchanges over a session. DTLS is essentially a combination of two operations: (1) the session protocol to establish the credentials (and this is the resource heavy part), (2) the record protocol to protect the information (this is the cryptographic part). This draft proposes to distribute the security responsibilities such that the session establishment happens in the application layer, leveraging the lightweight semantics of CoAP, and the record layer encryption happens by reusing the existing DTLS record-layer protocol. This way the proposed mechanism enables a resource-efficient session establishment mechanism besides reusing the existing DTLS encryption. Assuming a Pre-Shared Key (PSK) environment, this draft proposes an embedding of handshake for resource efficient end-to-end session establishment into CoAP. The session establishment procedure produces the necessary and sufficient inputs for seamless operation of the DTLS record-layer to secure the channel. Also, this mechanism ensures a direct security association between the end-applications for systems using middleboxes like proxies and/or gateways which may not be always trusted. The proposed approach provides a mechanism to securely traverse through such middleboxes through an end-to-end trusted channel.},
}