DICE Working Group K. Hartke
Internet-Draft Nokia
Intended status: Informational November 07, 2013
Expires: May 11, 2014
A DTLS Profile for the Internet of Things
draft-hartke-dice-profile-01
Abstract
This document defines a DTLS profile that is suitable for Internet of
Things applications and is reasonably implementable on many
constrained devices.
Disclaimer
This is a very early, very rough draft. At this stage, the draft is
not intended to make any specific proposal for a profile, but aims to
create a shared understanding of what a DTLS profile defines. No
security analysis has been performed.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 11, 2014.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
Hartke Expires May 11, 2014 [Page 1]
Internet-Draft A DTLS Profile for the Internet of Things November 2013
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Applicability . . . . . . . . . . . . . . . . . . . . . . 3
2.2. Cipher Suites . . . . . . . . . . . . . . . . . . . . . . 3
2.3. Extensions . . . . . . . . . . . . . . . . . . . . . . . 3
2.4. Other . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Implementation Considerations . . . . . . . . . . . . . . . . 4
4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 5
5. Security Considerations . . . . . . . . . . . . . . . . . . . 5
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
8.1. Normative References . . . . . . . . . . . . . . . . . . 5
8.2. Informative References . . . . . . . . . . . . . . . . . 6
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction
This document defines a DTLS 1.2 [RFC6347] profile that enables
secure and private exchange of information in Internet of Things
applications and is reasonably implementable on many constrained
devices.
o One-stop list of RFCs to be implemented.
o No changes to TLS or DTLS.
o No new extensions defined by the profile.
o No negotiation of the profile between client and server.
o Profile avoids doing things the TLS WG decided not to do.
o Profile aligns with the DTLS security modes of the Constrained
Application Protocol (CoAP) [I-D.ietf-core-coap].
o Profile takes advantage of existing hardware support where
possible.
o Document includes a brief discussion of extensions not included.
Hartke Expires May 11, 2014 [Page 2]
Internet-Draft A DTLS Profile for the Internet of Things November 2013
2. Profile
2.1. Applicability
o Communication Model
o Threat Model
o Security Requirements
o Classes of Devices [I-D.ietf-lwig-guidance]
o Trust Model
o ...
2.2. Cipher Suites
o Specific Cipher Suite(s) -vs- Cryptographic Agility
o Server Authentication -vs- Mutual Authentication
o X.509 Certificates -vs- Raw Public Keys -vs- Pre-Shared Keys
o Perfect Forward Secrecy
o Only AEAD Cipher Suites
o ...
2.3. Extensions
o Signature Algorithms [RFC5246]
o Server Name Indication [RFC6066]
o Maximum Fragment Length [RFC6066]
o Client Certificate URLs [RFC6066]
o Truncated HMAC [RFC6066]
o Certificate Status Request [RFC6066]
o Supported Elliptic Curves [RFC4492]
o Supported Point Formats [RFC4492]
Hartke Expires May 11, 2014 [Page 3]
Internet-Draft A DTLS Profile for the Internet of Things November 2013
o Application Layer Protocol [I-D.ietf-tls-applayerprotoneg]
o Cached Info [I-D.ietf-tls-cached-info]
o Session Resumption without Server-Side State [RFC5077]
o Renegotiation Indication [RFC5746]
o Heartbeat [RFC6520]
o ...
2.4. Other
o Timer Values
o Compression
o Renegotiation -vs- Reconnection
o Session Resumption (with Server-Side State)
o Extended Session Resumption
[I-D.hummen-dtls-extended-session-resumption]
o Replay Protection
o Certificate Revocation
o Encrypt-then-MAC [I-D.gutmann-tls-encrypt-then-mac]
o Hash Algorithm [I-D.campagna-suitee]
o ...
3. Implementation Considerations
o [I-D.sheffer-tls-bcp]
o [I-D.ietf-lwig-tls-minimal]
o Random Number Generation [RFC4086]
o Denial-of-Service Countermeasures [RFC6347]
o Version Negotiation [I-D.pettersen-tls-version-rollback-removal]
[I-D.bmoeller-tls-downgrade-scsv]
Hartke Expires May 11, 2014 [Page 4]
Internet-Draft A DTLS Profile for the Internet of Things November 2013
o Upgrade from Server-Authenticated to Mutually-Authenticated
o Common Implementation Pitfalls
o ...
4. Privacy Considerations
o [RFC6973]
o [I-D.cooper-ietf-privacy-requirements]
o Meta Data
o Traffic Patterns
o Fingerprinting
o ...
5. Security Considerations
o [RFC3552]
o ...
6. IANA Considerations
This document includes no request to IANA.
7. Acknowledgements
Thanks to Rene Hummen, Sye Loong Keoh, Sandeep Kumar, Eric Rescorla,
Zach Shelby, Hannes Tschofenig, and Sean Turner for helpful comments
and discussions that have shaped the document.
8. References
8.1. Normative References
[I-D.campagna-suitee]
Campagna, M., "A Cryptographic Suite for Embedded Systems
(SuiteE)", draft-campagna-suitee-04 (work in progress),
October 2012.
[I-D.ietf-tls-applayerprotoneg]
Friedl, S., Popov, A., Langley, A., and S. Emile,
"Transport Layer Security (TLS) Application Layer Protocol
Hartke Expires May 11, 2014 [Page 5]
Internet-Draft A DTLS Profile for the Internet of Things November 2013
Negotiation Extension", draft-ietf-tls-applayerprotoneg-03
(work in progress), October 2013.
[I-D.ietf-tls-cached-info]
Santesson, S. and H. Tschofenig, "Transport Layer Security
(TLS) Cached Information Extension", draft-ietf-tls-
cached-info-15 (work in progress), October 2013.
[I-D.ietf-tls-oob-pubkey]
Wouters, P., Tschofenig, H., Gilmore, J., Weiler, S., and
T. Kivinen, "Using Raw Public Keys in Transport Layer
Security (TLS) and Datagram Transport Layer Security
(DTLS)", draft-ietf-tls-oob-pubkey-10 (work in progress),
October 2013.
[RFC4492] Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., and B.
Moeller, "Elliptic Curve Cryptography (ECC) Cipher Suites
for Transport Layer Security (TLS)", RFC 4492, May 2006.
[RFC5077] Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig,
"Transport Layer Security (TLS) Session Resumption without
Server-Side State", RFC 5077, January 2008.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, August 2008.
[RFC5746] Rescorla, E., Ray, M., Dispensa, S., and N. Oskov,
"Transport Layer Security (TLS) Renegotiation Indication
Extension", RFC 5746, February 2010.
[RFC6066] Eastlake, D., "Transport Layer Security (TLS) Extensions:
Extension Definitions", RFC 6066, January 2011.
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, January 2012.
[RFC6520] Seggelmann, R., Tuexen, M., and M. Williams, "Transport
Layer Security (TLS) and Datagram Transport Layer Security
(DTLS) Heartbeat Extension", RFC 6520, February 2012.
8.2. Informative References
[I-D.bmoeller-tls-downgrade-scsv]
Moeller, B., "TLS Signaling Cipher Suite Value (SCSV) for
Preventing Protocol Downgrade Attacks", draft-bmoeller-
tls-downgrade-scsv-00 (work in progress), September 2013.
[I-D.cooper-ietf-privacy-requirements]
Hartke Expires May 11, 2014 [Page 6]
Internet-Draft A DTLS Profile for the Internet of Things November 2013
Cooper, A., Farrell, S., and S. Turner, "Privacy
Requirements for IETF Protocols", draft-cooper-ietf-
privacy-requirements-01 (work in progress), October 2013.
[I-D.greevenbosch-tls-ocsp-lite]
Greevenbosch, B., "OCSP-lite - Revocation of raw public
keys", draft-greevenbosch-tls-ocsp-lite-01 (work in
progress), June 2013.
[I-D.gutmann-tls-encrypt-then-mac]
Gutmann, P., "Encrypt-then-MAC for TLS and DTLS", draft-
gutmann-tls-encrypt-then-mac-04 (work in progress),
October 2013.
[I-D.hummen-dtls-extended-session-resumption]
Hummen, R., Gilger, J., and H. Shafagh, "Extended DTLS
Session Resumption for Constrained Network Environments",
draft-hummen-dtls-extended-session-resumption-01 (work in
progress), October 2013.
[I-D.ietf-core-coap]
Shelby, Z., Hartke, K., and C. Bormann, "Constrained
Application Protocol (CoAP)", draft-ietf-core-coap-18
(work in progress), June 2013.
[I-D.ietf-lwig-guidance]
Bormann, C., "Guidance for Light-Weight Implementations of
the Internet Protocol Suite", draft-ietf-lwig-guidance-03
(work in progress), February 2013.
[I-D.ietf-lwig-tls-minimal]
Kumar, S., Keoh, S., and H. Tschofenig, "A Hitchhiker's
Guide to the (Datagram) Transport Layer Security Protocol
for Smart Objects and Constrained Node Networks", draft-
ietf-lwig-tls-minimal-00 (work in progress), September
2013.
[I-D.pettersen-tls-version-rollback-removal]
Pettersen, Y., "Managing and removing automatic version
rollback in TLS Clients", draft-pettersen-tls-version-
rollback-removal-02 (work in progress), August 2013.
[I-D.sheffer-tls-bcp]
Sheffer, Y. and R. Holz, "Recommendations for Secure Use
of TLS and DTLS", draft-sheffer-tls-bcp-01 (work in
progress), September 2013.
Hartke Expires May 11, 2014 [Page 7]
Internet-Draft A DTLS Profile for the Internet of Things November 2013
[RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC
Text on Security Considerations", BCP 72, RFC 3552, July
2003.
[RFC4086] Eastlake, D., Schiller, J., and S. Crocker, "Randomness
Requirements for Security", BCP 106, RFC 4086, June 2005.
[RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J.,
Morris, J., Hansen, M., and R. Smith, "Privacy
Considerations for Internet Protocols", RFC 6973, July
2013.
Author's Address
Klaus Hartke
Nokia
Hermiankatu 12 D
Tampere FI-33720
Finland
Email: klaus.hartke@nokia.com
Hartke Expires May 11, 2014 [Page 8]