Mitigating delay attacks on Constrained Application Protocol
draft-liu-core-coap-delay-attacks-00

Document Type Active Internet-Draft (individual)
Last updated 2017-07-03
Stream (None)
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
CORE Working Group                                                Y. Liu
Internet-Draft                                                    J. Zhu
Intended status: Standards Track                                  Huawei
Expires: January 4, 2018                                    July 3, 2017

      Mitigating delay attacks on Constrained Application Protocol
                  draft-liu-core-coap-delay-attacks-00

Abstract

   Various attacks including delay attacks have become a topic in the
   security of Internet of Things (IoT) especially for the constrained
   nodes utilizing sensors and actuators which connect and interact with
   the physical world.  [I-D.mattsson-core-coap-actuators] describes
   several serious delay attacks, discusses tougher requirements and
   then recommends mechanisms to mitigate the attacks.  It also
   specifies some disadvantages with the mechanisms.  This document
   proposes alternative mechanisms that address some of the
   disadvantages

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 4, 2018.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect

Liu & Zhu                Expires January 4, 2018                [Page 1]
Internet-Draft           CORE CoAP Delay attack                July 2017

   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . .   3
   4.  Solutions . . . . . . . . . . . . . . . . . . . . . . . . . .   3
     4.1.  The Repeat Option . . . . . . . . . . . . . . . . . . . .   3
     4.2.  The Enhanced Options  . . . . . . . . . . . . . . . . . .   5
       4.2.1.  Simple Single Action Actuators  . . . . . . . . . . .   6
       4.2.2.  Multi-interrelated Actions  . . . . . . . . . . . . .   8
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   9
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   9
     6.1.  Tables  . . . . . . . . . . . . . . . . . . . . . . . . .  10
   7.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  10
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  10
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  10
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  11
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  11

1.  Introduction

   Various attacks including delay attacks have become a topic in the
   security of Internet of Things (IoT) especially for the resource-
   constrained nodes [RFC7252] utilizing sensors and actuators which
   connect and interact with the physical world.  It is recommended to
   use the Constrained Application Protocol (CoAP) [RFC7252], which is
   designed for resource-constrained nodes, and exchange messages
   between them.  Also, it is required to use security protocols such as
   TLS [RFC5246], DTLS [RFC6347], TLS/DTLS profiles for the IoT
   [RFC7925], or OSCOAP [I-D.ietf-core-object-security] to protect CoAP
   messages due to security and privacy.  The security protocols can
   provide confidentiality, authentication and integrity protection of
   CoAP messages at both the application layer and the network layer.

   There are still issues related to delay attacks as descirbed in
   [I-D.mattsson-core-coap-actuators].  For example,
   [I-D.mattsson-core-coap-actuators] describes several serious attacks,
   discusses tougher requirements and then recommends solution to
Show full document text