Efficient Protection of Response Messages in DTLS-Based Secure Multicast Communication

DTLS is a standardized security protocol designed to provide end-to-end secure communication among two peers, and particularly considered for the emerging Internet of Things. In order to protect group communication, the IETF is currently working on a method to secure multicast messages through the same DTLS security services. However, such an approach relies on traditional DTLS sessions to protect unicast responses to multicast messages. This increases the amount of security material stored by group members and can have a relevant impact on network performance. In this paper we propose an extension to the IETF approach which allows to efficiently protect group responses by reusing the same group key material. Our proposal does not require to establish additional DTLS sessions, thus preserving high communication performance within the group and limiting storage overhead on group members. Furthermore, we discuss a suitable key management policy to provision and renew group key material.

[1]  Abhijit Choudhury,et al.  AES Galois Counter Mode (GCM) Cipher Suites for TLS , 2008, RFC.

[2]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 2000, TNET.

[3]  Akbar Rahman,et al.  Group Communication for CoAP , 2011 .

[4]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[5]  Ran Canetti,et al.  Multicast Security (MSEC) Group Key Management Architecture , 2005, RFC.

[6]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[7]  George M. Gross,et al.  GSAKMP: Group Secure Association Key Management Protocol , 2006, RFC.

[8]  Esko Dijk,et al.  DTLS-based Multicast Security for Low-Power and Lossy Networks (LLNs) , 2012 .

[9]  Brian Weis,et al.  The Multicast Group Security Architecture , 2004, RFC.

[10]  Stuart Cheshire,et al.  DNS-Based Service Discovery , 2013, RFC.

[11]  Gianluca Dini,et al.  HISS: A HIghly Scalable Scheme for Group Rekeying , 2013, Comput. J..

[12]  Óscar García-Morchón,et al.  Securing the IP-based internet of things with HIP and DTLS , 2013, WiSec '13.

[13]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[14]  Hanno Wirtz,et al.  Tailoring end-to-end IP security protocols to the Internet of Things , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[15]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[16]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[17]  Georg Carle,et al.  DTLS based security and two-way authentication for the Internet of Things , 2013, Ad Hoc Networks.