An Overview of Security in CoAP: Attack and Analysis

Over the last decade, a technology called Internet of Things (IoT) has been evolving at a rapid pace. It enables the development of endless applications in view of availability of affordable components which provide smart ecosystems. The IoT devices are constrained devices which are connected to the internet and perform sensing tasks. Each device is identified by their unique address and also makes use of the Constrained Application Protocol (CoAP) as one of the main web transfer protocols. It is an application layer protocol which does not maintain secure channels to transfer information. For authentication and end-to-end security, Datagram Transport Layer Security (DTLS) is one of the possible approaches to boost the security aspect of CoAP, in addition to which there are many suggested ways to protect the transmission of sensitive information. CoAP uses DTLS as a secure protocol and UDP as a transfer protocol. Therefore, the attacks on UDP or DTLS could be assigned as a CoAP attack. An attack on DTLS could possibly be launched in a single session and a strong authentication mechanism is needed. Man-In-The-Middle attack is one the peak security issues in CoAP as cited by Request For Comments(RFC) 7252, which encompasses attacks like Sniffing, Spoofing, Denial of Service (DoS), Hijacking, Cross-Protocol attacks and other attacks including Replay attacks and Relay attacks.In this work, a client-server architecture is setup, whose end devices communicate using CoAP. Also, a proxy system was installed across the client side to launch an active interception between the client and the server. The work will further be enhanced to provide solutions to mitigate these attacks.

[1]  M. Zulfiker Ali,et al.  Architecture for IoT Domain With CoAP Observe Feature , 2018, IEEE Internet of Things Journal.

[2]  Kanchana P. Naik,et al.  Performance analysis of constrained application protocol using Cooja simulator in Contiki OS , 2017, 2017 International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT).

[3]  Anna Calveras Augé,et al.  A Proxy Design to Leverage the Interconnection of CoAP Wireless Sensor Networks with Web Applications , 2015, Sensors.

[4]  Babar Shah,et al.  Security analysis of IoT protocols: A focus in CoAP , 2016, 2016 3rd MEC International Conference on Big Data and Smart City (ICBDSC).

[5]  P. Bagavathi Sivakumar,et al.  Design of IoT Systems and Analytics in the Context of Smart City Initiatives in India , 2016 .

[6]  Thiemo Voigt,et al.  Lithe: Lightweight Secure CoAP for the Internet of Things , 2013, IEEE Sensors Journal.

[7]  Laisa Caroline de Paula Costa,et al.  Enabling CoAP into the swarm: A transparent interception CoAP-HTTP proxy for the Internet of Things , 2017, 2017 Global Internet of Things Summit (GIoTS).

[8]  Deepak Arora,et al.  Analyzing and evaluating the performance of 6L0WPAN and RPL using CONTIKI , 2017, 2017 International Conference on Intelligent Sustainable Systems (ICISS).

[9]  Aiman Majid Nassar,et al.  The Internet of Things - A Survey , 2018, مؤتمرات الآداب والعلوم الانسانية والطبيعية.

[10]  François Carrez,et al.  Designing IoT architecture(s): A European perspective , 2014, 2014 IEEE World Forum on Internet of Things (WF-IoT).

[11]  Shiju Satyadevan,et al.  Security, Trust and Implementation Limitations of Prominent IoT Platforms , 2014, FICTA.

[12]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.