Reputation: 1962
What is the best practice to deploy CoAP-DTLS server that can support multiple PSK identity/secret sets?
We're estimating the practicability to replace our conventional HTTPS/RESTful over cellular network (4G-LTE) with CoAP/DTLS over NB-IoT, to prolong the battery life of remote devices. The IoT application we've deployed only takes a tiny proportion of 4G-LTE data bandwidth and UDP over NB-IoT is good enough; so transmission performance is not our main concern.
But the problem is, we're now using mutual authentication in SSL/TLS layer and we assign different client certificates to different sub-groups. And I'm not sure how to do that in CoAP/DTLS.
I've learned that the default credential model of CoAP/DTLS is Pre-Shared Key (PSK) and I also learned from RFC4279 that I may use the PSK identity / shared-key pair as an easy alternative to username, which could just fit my needs. But when I'm trying to figure out how to implement this, I found the internet resource is very limited. So far I've surveyed node-coap.js and libcoap but I can't find any hints in the documents. Both seemed to support only one credential at the same time.
What is the best practice to deploy CoAP-DTLS server that can support multiple PSK identity/shared-key sets ? Or do I need to implement the whole authentication mechanism in application layer ?
Upvotes: 1
Views: 989
Answers (1)
Reputation: 861
One option for server/cloud side CoAP is Eclipse Californium. I am involved in that project and may thus be biased. That said, we have actually built Californium for exactly this purpose.
Upvotes: 4
Related Questions
- DTLS using Schannel
- CoAP (DTLS) connection to Amazon Web Services (AWS) for IoT
- CoAP pub/sub transmision reliability
- WebRTC mutual authentication using certificates
- IoT Protocol Stack
- CoAP and DTLS integration
- C# DTLS implementation (server / client)
- Where I should placed the "coap+tcp" uri?
- COAP as a Streaming Source
- What is difference between TinyDTLS and DTLS