Fine-grained Support of Security Services for Constrained Devices using DTLS
draft-choi-dice-finegrained-dtls-security-01

Document Type Expired Internet-Draft (individual)
Last updated 2015-09-25 (latest revision 2015-03-24)
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-choi-dice-finegrained-dtls-security-01.txt

Abstract

This document proposes a method that can selectively apply application data encryption to the DTLS record layer. The CoAP used for resource-constrained devices defines the use of DTLS as a basic security mechanism, and CoAP standard specifies the use of AES_CCM that provides data integrity and confidentiality as a cipher suite for DTLS. However, not all CoAP messages require both data integrity and confidentiality. For example, in case of CoAP messages that include information for turning a light off at home or in a building, or simple ACK information, encryption might not be necessary because such information might not be useful to attackers. Furthermore, from the perspective of effective resource use of resource-constrained devices, reducing the computation load required to perform data encryption every time is necessary. This document describes the methods for CoAP nodes to establish DTLS security channels using the AES_CCM cipher suite, and to selectively apply the encryption function in the DTLS record layer by considering sensitivity to application data leakage.

Authors

Jaeduck Choi (cjduck@ensec.re.kr)
Gunhee Lee (icezzoco@ensec.re.kr)
Namhi Kang (kang@duksung.ac.kr)
Seung Jung (seungwookj@ssu.ac.kr)
Souhwan Jung (souhwanj@ssu.ac.kr)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)