REST-ful CoAP Message Authentication

One core technology for implementing and integrating the architectural principles of REST into the Internet of Things (IoT) is CoAP, a REST-ful application protocol for constrained networks and devices. Since CoAP defaults to UDP as transport protocol, the protection of CoAP-based systems is realised by the adoption of DTLS, a transport-oriented security protocol for datagrams. This is, however, in many cases not a sufficient safeguard, since messages in distributed systems -- as obtained, e.g., by the adoption of REST -- are commonly transported via multiple intermediate components. This induces the need for message-oriented protection means supplementing transport security for IoT scenarios with high security demands.This paper approaches an important part of this requirement by introducing a REST-ful CoAP message authentication scheme. The overarching goal of this work is, though, to establish a message-oriented security layer for CoAP. Here, specific challenges are stemming from the architectural style REST and the resource-restrictiveness of IoT networks and devices. The present contribution reaches this goal for authentication by proposing a REST-ful CoAP message signature generation and verification scheme.

[1]  Douglas Crockford,et al.  The application/json Media Type for JavaScript Object Notation (JSON) , 2006, RFC.

[2]  Ludwig Seitz,et al.  Object Security of CoAP (OSCOAP) , 2016 .

[3]  Dieter Hayn,et al.  The Internet of Things for Ambient Assisted Living , 2010, 2010 Seventh International Conference on Information Technology: New Generations.

[4]  Luigi Lo Iacono,et al.  Service Security Revisited , 2014, 2014 IEEE International Conference on Services Computing.

[5]  Kepeng Li,et al.  CoAP Payload-Length Option Extension , 2014 .

[6]  M. Darianian,et al.  Smart Home Mobile RFID-Based Internet-of-Things Systems and Services , 2008, 2008 International Conference on Advanced Computer Theory and Engineering.

[7]  Luigi Lo Iacono,et al.  Towards Conformance Testing of REST-based Web Services , 2015, WEBIST.

[8]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[9]  Jon Postel,et al.  User Datagram Protocol , 1980, RFC.

[10]  Roy Fielding,et al.  Architectural Styles and the Design of Network-based Software Architectures"; Doctoral dissertation , 2000 .

[11]  Jim Schaad CBOR Encoded Message Syntax , 2015 .

[12]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[13]  Kenneth G. Paterson,et al.  Lucky Thirteen: Breaking the TLS and DTLS Record Protocols , 2013, 2013 IEEE Symposium on Security and Privacy.

[14]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[15]  Luigi Lo Iacono,et al.  Authentication Scheme for REST , 2015, FNSS.

[16]  Kenneth G. Paterson,et al.  Plaintext-Recovery Attacks Against Datagram TLS , 2012, NDSS.

[17]  Jorge Sá Silva,et al.  Application-Layer Security for the WoT: Extending CoAP to Support End-to-End Message Security for Internet-Integrated Sensing Applications , 2013, WWIC.

[18]  Roy T. Fielding,et al.  Hypertext Transfer Protocol - HTTP/1.1 , 1997, RFC.

[19]  Hans Schaffers,et al.  Smart Cities and the Future Internet: Towards Cooperation Frameworks for Open Innovation , 2011, Future Internet Assembly.

[20]  Luigi Lo Iacono,et al.  SOA-Readiness of REST , 2014, ESOCC.

[21]  Carsten Bormann Constrained Object Signing and Encryption (COSE) , 2014 .

[22]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[23]  Rodrigo Roman,et al.  Securing the Internet of Things , 2017, Smart Cards, Tokens, Security and Applications, 2nd Ed..

[24]  Paul E. Hoffman,et al.  Concise Binary Object Representation (CBOR) , 2020, RFC.