Secure Two-Way DTLS-Based Group Communication in the IoT

CoAP has emerged as the de-facto IoT standard for communication involving resource-constrained devices composing Low-power and Lossy Networks (LLNs). CoAP mandates the adoption of the DTLS protocol to secure unicast communication. However, in several IoT application scenarios involving a group of multiple devices, the adoption of CoAP multicast communication through IPv6 results in a number of advantages, especially in terms of performance and scalability. Yet, CoAP does not specify how to secure multicast group communication in an interoperable way. This draft presents a method to secure communication in a multicast group, through an adaptation of the DTLS record layer. In particular, group members rely on the same group keying material in order to secure both request messages sent via multicast and possible unicast messages sent as response. Since the group keying material is provided upon joining the group, all group members are not required to perform any DTLS handshake with each other. The proposed method makes it possible to provide either group authentication or source authentication of secured messages.

[1]  Scott O. Bradner,et al.  Key words for use in RFCs to Indicate Requirement Levels , 1997, RFC.

[2]  Akbar Rahman,et al.  DTLS-based Multicast Security in Constrained Environments , 2014 .

[3]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[4]  David A. McGrew,et al.  An Interface and Algorithms for Authenticated Encryption , 2008, RFC.

[5]  David E. Culler,et al.  Transmission of IPv6 Packets over IEEE 802.15.4 Networks , 2007, RFC.

[6]  John Foley,et al.  Authenticated Encryption with Replay prOtection (AERO) , 2014 .

[7]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[8]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[9]  Stuart Cheshire,et al.  DNS-Based Service Discovery , 2013, RFC.

[10]  Abhijit Choudhury,et al.  AES Galois Counter Mode (GCM) Cipher Suites for TLS , 2008, RFC.

[11]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[12]  Pascal Thubert,et al.  Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks , 2011, RFC.

[13]  Ran Canetti,et al.  Multicast Security (MSEC) Group Key Management Architecture , 2005, RFC.

[14]  Kerry Lynn,et al.  CoRE Discovery, Naming, and Addressing , 2012 .

[15]  Akbar Rahman,et al.  Group Communication for the Constrained Application Protocol (CoAP) , 2014, RFC.

[16]  Bob Briscoe,et al.  Tunnelling of Explicit Congestion Notification , 2010, RFC.

[17]  Philip Levis,et al.  RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks , 2012, RFC.

[18]  George M. Gross,et al.  GSAKMP: Group Secure Association Key Management Protocol , 2006, RFC.

[19]  David A. McGrew,et al.  AES-CCM Cipher Suites for Transport Layer Security (TLS) , 2012, RFC.

[20]  Robert W. Shirey,et al.  Internet Security Glossary, Version 2 , 2007, RFC.

[21]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[22]  Brian Weis,et al.  Multicast Extensions to the Security Architecture for the Internet Protocol , 2008, RFC.