Skip to main content

Fine-grained Support of Security Services for Constrained Devices using DTLS

Document Type Expired Internet-Draft (individual)
Authors Jaeduck Choi , Gunhee Lee , Namhi Kang , Seung Wook Jung , Souhwan Jung
Last updated 2015-09-25 (Latest revision 2015-03-24)
Stream (None)
Intended RFC status (None)
Expired & archived
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document proposes a method that can selectively apply application data encryption to the DTLS record layer. The CoAP used for resource-constrained devices defines the use of DTLS as a basic security mechanism, and CoAP standard specifies the use of AES_CCM that provides data integrity and confidentiality as a cipher suite for DTLS. However, not all CoAP messages require both data integrity and confidentiality. For example, in case of CoAP messages that include information for turning a light off at home or in a building, or simple ACK information, encryption might not be necessary because such information might not be useful to attackers. Furthermore, from the perspective of effective resource use of resource-constrained devices, reducing the computation load required to perform data encryption every time is necessary. This document describes the methods for CoAP nodes to establish DTLS security channels using the AES_CCM cipher suite, and to selectively apply the encryption function in the DTLS record layer by considering sensitivity to application data leakage.


Jaeduck Choi
Gunhee Lee
Namhi Kang
Seung Wook Jung
Souhwan Jung

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)