Secure Two-Way DTLS-Based Group Communication in the IoT

Document Type Expired Internet-Draft (individual)
Authors Marco Tiloca  , Shahid Raza  , Kirill Nikitin  , Sandeep Kumar 
Last updated 2016-04-16 (latest revision 2015-10-14)
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf ps htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


CoAP has emerged as the de-facto IoT standard for communication involving resource-constrained devices composing Low-power and Lossy Networks (LLNs). CoAP mandates the adoption of the DTLS protocol to secure unicast communication. However, in several IoT application scenarios involving a group of multiple devices, the adoption of CoAP multicast communication through IPv6 results in a number of advantages, especially in terms of performance and scalability. Yet, CoAP does not specify how to secure multicast group communication in an interoperable way. This draft presents a method to secure communication in a multicast group, through an adaptation of the DTLS record layer. In particular, group members rely on the same group keying material in order to secure both request messages sent via multicast and possible unicast messages sent as response. Since the group keying material is provided upon joining the group, all group members are not required to perform any DTLS handshake with each other. The proposed method makes it possible to provide either group authentication or source authentication of secured messages.


Marco Tiloca (
Shahid Raza (
Kirill Nikitin (
Sandeep Kumar (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)