CODEWITHSUNDEEP
securitycryptographyembeddedcoap
cache
cache

Reputation: 123

Security for Coap messages

Is there any way in which the messages that are send by COAP over UDP packets can be secured ? Any open source projects that I can implement. This message exchange is with a server and the client would be an embedded device. So the cryptographic algorithm must be able to run on it too. Also I came across cyassl. But the problem is that it uses TCP protocol rather than UDP ? Any ideas ?

Thanks

Upvotes: 3

Views: 2877

Answers (3)

Linglin Zhang
Linglin Zhang

Reputation: 41

DTLS can be used to secure CoAP unicast messages, however, CoAP multicast messages are not protected by the existence DTLS protocol. Because efficient key distribution problem has not been solved yet. This means the header of multicast messages might be exposed to the sniffer tool, including the URI path.

Nowadays, there is a protocol called OSCoAP might help with this. It is still in implementation.

This is the latest draft IDTF document of OSCoAP: https://datatracker.ietf.org/doc/html/draft-ietf-core-object-security-02

However, there are doubts about it. It mentions the OSCoAP will encrypt the URI path in section 4. Then key distribution still might be a problem in multicast. But it didn't mention any difficulties there. But someone who has interests in the security of CoAP messages can have a look at OSCoAP.

Upvotes: 4

Julien Vermillard
Julien Vermillard

Reputation: 3033

The way to secure CoAP is DTLS (TLS for Datagram)

The RFC is pretty clear on the subject: https://datatracker.ietf.org/doc/rfc7252/?include_text=1

See section 9 for the details.

DTLS is simply the well-known TLS/SSL but adapted to run on UDP transport.

A nice and simple implementation for embedded device is tinydtls (http://trinydtls.sf.net)

For the server side you can use Californium and Scandium (http://eclipse.org/californium)

Upvotes: 2

Eugene Mayevski 'Callback
Eugene Mayevski 'Callback

Reputation: 46050

Encryption of data before sending lets you not bother about the transfer protocol (i.e. is it UDP, TCP etc). Of course you will need to decrypt the data on the server.

If you want transport-layer security, you should look for DTLS implementations. DTLS is a flavor of SSL/TLS designed to be run over UDP and similar transports. I am not sure if DTLS implementations exist for constrained devices, though.

Upvotes: 0

Related Questions