Skip to main content

Attacks on the Constrained Application Protocol (CoAP)
draft-mattsson-core-coap-attacks-03

Document Type Replaced Internet-Draft (core WG)
Expired & archived
Authors John Preuß Mattsson , John Fornehed , Göran Selander , Francesca Palombini , Christian Amsüss
Last updated 2022-03-11 (Latest revision 2022-02-04)
Replaces draft-mattsson-core-coap-actuators
Replaced by draft-ietf-core-attacks-on-coap
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Formats
Additional resources Mailing list discussion
Stream WG state Adopted by a WG
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-core-attacks-on-coap
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

Being able to securely read information from sensors, to securely control actuators, and to not enable distributed denial-of-service attacks are essential in a world of connected and networking things interacting with the physical world. This document summarizes a number of known attacks on CoAP and show that just using CoAP with a security protocol like DTLS, TLS, or OSCORE is not enough for secure operation. Several of the discussed attacks can be mitigated with the solutions in draft-ietf-core-echo-request-tag.

Authors

John Preuß Mattsson
John Fornehed
Göran Selander
Francesca Palombini
Christian Amsüss

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)