datagram transport layer security in constrained
play

Datagram Transport Layer Security in Constrained Environments - PowerPoint PPT Presentation

Apr 08, 2024 •265 likes •452 views

Datagram Transport Layer Security in Constrained Environments draft-hartke-core-codtls-01 Klaus Hartke Olaf Bergmann Datagram Transport Layer Security in Constrained Environments Smart Objects: want the security that DTLS provides

  1. Datagram Transport Layer Security in Constrained Environments draft-hartke-core-codtls-01 Klaus Hartke • Olaf Bergmann

  2. Datagram Transport Layer Security in Constrained Environments • Smart Objects: want the security that DTLS provides • DTLS has not been designed with constrained devices and low-power, lossy networks in mind • This is actually not a problem for many constrained devices, but there are some challenges when it comes to implement DTLS for at least Class 1 devices • draft-hartke-core-codtls: Class 0: too small to securely run – trying to fjgure out challenges and on the Internet problems Class 1: ~10 KiB data, ~100 KiB code “quite constrained” – collect ideas for possible solutions Class 2: ~50 KiB data, ~250 KiB code and implementation guidance “not so constrained” Classes of Devices I-D.hartke-core-codtls 1

  3. CoAP without DTLS Client Server Request Response 1 roundtrip I-D.hartke-core-codtls 2

  4. Client Server CoAP with DTLS Flight Client Hello 1 Flight Hello Verify Request 2 Flight Client Hello 3 Server Hello Certifjcate Flight Server Key Exchange 4 Certifjcate Request Server Hello Done Certifjcate Client Key Exchange Flight Certifjcate Verify 5 Change Cipher Spec Finished Change Cipher Spec Flight 6 Finished Request Response 4 roundtrips I-D.hartke-core-codtls 3

  5. Client Server CoAP with DTLS Flight Client Hello 1 Flight Hello Verify Request 2 DTLS handshake over 6LoWPAN: Flight Client Hello 3 max ~ 30-60 bytes per fragment Server Hello Certifjcate Flight Server Key Exchange 4 Certifjcate Request ECDSA P-256: 91 bytes Server Hello Done ECDSA P-384: 120 bytes ECDSA P-521: 156 bytes Certifjcate Client Key Exchange Flight Certifjcate Verify 5 Raw Public Key: Certifjcate sizes Change Cipher Spec Finished Change Cipher Spec Flight 6 Finished Request Response 4 roundtrips I-D.hartke-core-codtls 4

  6. Client Server CoAP with DTLS Flight Client Hello 1 Flight Hello Verify Request 2 DTLS handshake over 6LoWPAN: Flight Client Hello 3 max ~ 30-60 bytes per fragment Server Hello Certifjcate Flight Server Key Exchange 4 Certifjcate Request ECDSA P-256: 91 bytes Server Hello Done ECDSA P-384: 120 bytes ECDSA P-521: 156 bytes Certifjcate Client Key Exchange Flight Certifjcate Verify 5 Raw Public Key: Certifjcate sizes Change Cipher Spec Finished Change Cipher Spec Flight 6 Finished Request Response 4 roundtrips I-D.hartke-core-codtls 5

  7. Client Server CoAP with DTLS Flight Client Hello 1 Flight Hello Verify Request 2 DTLS handshake over 6LoWPAN: Flight Client Hello 3 max ~ 30-60 bytes per fragment Server Hello Certifjcate Flight Server Key Exchange 4 Certifjcate Request ECDSA P-256: 91 bytes Server Hello Done ECDSA P-384: 120 bytes ECDSA P-521: 156 bytes Certifjcate Client Key Exchange Flight Certifjcate Verify 5 Raw Public Key: Certifjcate sizes Change Cipher Spec Finished Change Cipher Spec Flight 6 Finished Request Response 4 roundtrips I-D.hartke-core-codtls 6

  8. Client Server CoAP with DTLS Flight Client Hello 1 Flight Hello Verify Request 2 DTLS handshake over 6LoWPAN: Flight Client Hello 3 max ~ 30-60 bytes per fragment Server Hello Certifjcate Flight Server Key Exchange 4 Certifjcate Request ECDSA P-256: 91 bytes Server Hello Done ECDSA P-384: 120 bytes reassemble ECDSA P-521: 156 bytes Certifjcate Client Key Exchange Flight Certifjcate Verify 5 Raw Public Key: Certifjcate sizes Change Cipher Spec Finished reassemble Change Cipher Spec Flight 6 Finished Request Response I-D.hartke-core-codtls 7

  9. Client Server CoAP with DTLS Flight Client Hello 1 Server Client Flight Hello Verify Request 2 Flight Client Hello 3 Server Hello Flight Retransmit Certifjcate 4 fmight Flight Server Key Exchange 4 Certifjcate Request Server Hello Done reassemble Message Certifjcate Flight lost Client Key Exchange 5 Flight Certifjcate Verify 5 Change Cipher Spec reassemble Finished reassemble CSS Flight 6 Finished Request Response 5 roundtrips I-D.hartke-core-codtls 8

  10. Handshake protocol – Content type Record header Potential problems Version Epoch • Handshake messages are big We need many frames to transport keys Sequence number In principle: DTLS fragmentation is better than adaptation layer fragmentation Length • DTLS has 25 bytes overhead per packet Message type that carries a fragment Message length Handshake message header • Fills ~ 1/3 of usable frame Message sequence number • More fragments increase likelihood Fragment offset that messages get reordered or lost Fragment length • Every new packet uses energy = 25 bytes I-D.hartke-core-codtls 9

  11. Handshake protocol – Possible solutions • (not to be decided here) • Compress headers so more data can be transmitted per fragment – Can 6LoWPAN GHC handle this? Literal copies are replaced by references Zero sequences can be compressed – Or should this better be done end-to-end? • Is reordering is unlikely enough that a recipient can simply ignore reordered messages and wait for retransmission? I-D.hartke-core-codtls 10

  12. Application data protocol – Content type Potential problems Record header Version Epoch • DTLS has 21 bytes overhead per packet Sequence number DTLS version is always the same (2 bytes) Epoch is mostly 0 or 1 (2 bytes) Length Sequence number is 6 bytes Length is redundant in last record in datagram Epoch CCM doubles sequence number and epoch CCM explicit nonce • Fills ~ 1/3 of usable frame Sequence number • Every new packet uses energy = 21 bytes I-D.hartke-core-codtls 11

  13. Application data protocol – Possible solutions • (not to be decided here) • Compress headers so more data can be transmitted per fragment – Can 6LoWPAN GHC handle this? Literal copies are replaced by references Zero sequences can be compressed – Or should this better be done end-to-end? I-D.hartke-core-codtls 12

  14. State – Potential problems • Reassembling fragmented handshake messages • Queuing reordered handshake messages • Create connection state – can often be done per-fragment • Create verifjcation hash for Finished message – computed from sequence of messages – reordering requires queuing I-D.hartke-core-codtls 13

  15. State – Possible solutions • (not to be decided here) • Possibly compute the hash in the Finished message from the negotiated session parameters? I-D.hartke-core-codtls 14

  16. ECC and RSA on Arduino Library ROM AvrCryptolib 3.6 KB Wiselib 16.0 KB TinyECC 18.0 KB Relic 29.0 KB Other guidance Algorithm Library RAM Time RSA-512 AvrCryptolib 320 B 25.0 s RSA-1024 AvrCryptolib 640 B 199.0 s ECC 128r1 TinyECC 776 B 1.8 s • Adjust the timers... ECC 192k1 TinyECC 1008 B 3.4 s NIST K163 Relic 2804 B 0.3 s ~ RSA 1024! ~ RSA 2048! NIST K233 Relic 3675 B 1.8 s Time to sign (Arduino) [Mohit Sethi] Implementations SHOULD use an initial timer value of 1 second (the minimum defjned in RFC 6298 [RFC6298]) and double the value at each retransmission, up to no less than the RFC 6298 maximum of 60 seconds. Note that we recommend a 1-second timer rather than the 3-second RFC 6298 default in order to improve latency for time-sensitive applications. Because DTLS only uses re- transmission for handshake and not datafmow, the effect on con- gestion should be minimal. DTLS Timer Values I-D.hartke-core-codtls 15

  17. ECC and RSA on Arduino Library ROM AvrCryptolib 3.6 KB Wiselib 16.0 KB TinyECC 18.0 KB Relic 29.0 KB Other guidance Algorithm Library RAM Time RSA-512 AvrCryptolib 320 B 25.0 s RSA-1024 AvrCryptolib 640 B 199.0 s ECC 128r1 TinyECC 776 B 1.8 s • Data size... ECC 192k1 TinyECC 1008 B 3.4 s • Code size... NIST K163 Relic 2804 B 0.3 s ~ RSA 1024! ~ RSA 2048! NIST K233 Relic 3675 B 1.8 s RAM usage (Arduino) [Mohit Sethi] Class 0: too small to securely run on the Internet Class 1: ~10 KiB data, ~100 KiB code “quite constrained” Code Size Description Class 2: ~50 KiB data, ~250 KiB code 1429 Bytes SHA-256 “not so constrained” 992 Bytes CCM Classes of Devices 9812 Bytes DTLS state machine Code footprint of minimal DTLS implementation [Olaf Bergmann] I-D.hartke-core-codtls 16

  18. Possible actions Implementation guidance prefer Implementation techniques for light-weight implementations without affecting conformance → I-D.bormann-lwig-guidance Stateless header compression Compress record and handshake headers without explicitly building any compression context state Protocol profjle for constrained environments Use of DTLS in a particular way, e.g. • require or preclude certain extensions or cipher suites • change MAYs into MUSTs or MUST NOTs → CoRE WG (?) avoid Breaking changes → TLS WG I-D.hartke-core-codtls 17

Recommend

1 Transport Layer Transport Layer Outline Message, Segment, Datagram Transport-layer

1 Transport Layer Transport Layer Outline Message, Segment, Datagram Transport-layer

Transport Layer Transport Layer Chapter 3: Transport Layer Mobile network Our goals: Global ISP understand principles learn about transport Chapter 3 behind transport layer protocols in the Transport Layer Internet: layer

678 views • 5 slides
Datagram Transport Layer Security (DTLS) Extension to Establish Keys for Secure Real-time

Datagram Transport Layer Security (DTLS) Extension to Establish Keys for Secure Real-time

Datagram Transport Layer Security (DTLS) Extension to Establish Keys for Secure Real-time Transport Protocol (SRTP) (Phew!) Eric Rescorla David McGrew Eric Rescorla IETF 67 1 Overview SDP signals Im willing to do DTLS (and

93 views • 8 slides
THE TRANSPORT LAYER Outline Transport layer in the Internet Multiplexing and

THE TRANSPORT LAYER Outline Transport layer in the Internet Multiplexing and

THE TRANSPORT LAYER Outline Transport layer in the Internet Multiplexing and demultiplexing UDP: User Datagram Protocol TCP: Transport Control Protocol General features TRANSPORT LAYER IN THE INTERNET In the

563 views • 29 slides
Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals:

Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals:

IN3210 Network Security Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals: Authentication Integrity Confidentiality Transparent security protocol between TCP and application

1k views • 66 slides
User Datagram Protocol (UDP) Standard connectionless protocol for the transport layer of the

User Datagram Protocol (UDP) Standard connectionless protocol for the transport layer of the

User Datagram Protocol (UDP) Standard connectionless protocol for the transport layer of the Internet architecture Only adds demultiplexing capability to basic best-effort delivery provided by IP Needs to identify target process

834 views • 36 slides
1 Transport Layer Transport Layer RTT Estimation RTT Estimation Basic Idea SampleRTT :

1 Transport Layer Transport Layer RTT Estimation RTT Estimation Basic Idea SampleRTT :

Transport Layer Transport Layer Outline Mobile network Transport-layer Connection-oriented Global ISP services transport: TCP Transport Layer Multiplexing and segment structure Home network demultiplexing reliable data

264 views • 5 slides
CS 457 Lecture 10 Internetworking and IP Fall 2011 The Network layer Transport layer:

CS 457 Lecture 10 Internetworking and IP Fall 2011 The Network layer Transport layer:

CS 457 Lecture 10 Internetworking and IP Fall 2011 The Network layer Transport layer: TCP, UDP IP protocol Routing protocols addressing conventions path selection datagram format RIP, OSPF, BGP Network

320 views • 18 slides
Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce supported by almost all transactions browsers, web

570 views • 21 slides
Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce transactions supported by almost all browsers,

609 views • 21 slides
Network Layer network layer services virtual circuit and datagram Goals: networks

Network Layer network layer services virtual circuit and datagram Goals: networks

Overview: Network Layer network layer services virtual circuit and datagram Goals: networks whats inside a router? understand principles behind network layer IP: Internet Protocol services: IPv4 datagram format

396 views • 23 slides
Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Recall Transport layer provides end-to-end connectivity across

1.91k views • 168 slides
Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Recall Transport layer provides end-to-end connectivity across

528 views • 31 slides
Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Recall Transport layer provides end-to-end connectivity across

1.96k views • 165 slides
1 Link Layer: setting the context two physically connected devices: host-router,

1 Link Layer: setting the context two physically connected devices: host-router,

Network Layer Overview: network layer services virtual circuit and datagram Goals: networks whats inside a router? understand principles behind network layer IP: Internet Protocol services: IPv4 datagram format

344 views • 16 slides
Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Three-Way Handshake (3) Suppose delayed, duplicate Active

709 views • 50 slides
Transport Layer How TCP, UDP, and Ports fit into IP Layer 4: the Transport Layer Responsibilities

Transport Layer How TCP, UDP, and Ports fit into IP Layer 4: the Transport Layer Responsibilities

Transport Layer How TCP, UDP, and Ports fit into IP Layer 4: the Transport Layer Responsibilities and Services Overall: message delivery End-to-end" communications between processes ( i.e. running programs) Communicating

467 views • 17 slides
SSL and TLS SSL Secure Socket Layer TLS Transport Layer Security The common

SSL and TLS SSL Secure Socket Layer TLS Transport Layer Security The common

SSL and TLS SSL Secure Socket Layer TLS Transport Layer Security The common standards for securing network applications in Internet E.g., web browsing Essentially, standards to negotiate, set up, and apply crypto

2.93k views • 13 slides
Network layer (IP) Netw etwor ork k layer er Send datagram from one host to another

Network layer (IP) Netw etwor ork k layer er Send datagram from one host to another

Network layer (IP) Netw etwor ork k layer er Send datagram from one host to another Network layer protocols in every host, router Portland State University CS 430P/530 Internet, Web & Cloud Systems Netw etwor ork k layer er

2.36k views • 89 slides
Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics TCP Layer Responsible for reliable end-to-end transfer of application data.

632 views • 32 slides
Datagram Packetization Layer Path MTU Discovery draft-ietf-tsvwg-datagram-plpmtud-03 Gorry

Datagram Packetization Layer Path MTU Discovery draft-ietf-tsvwg-datagram-plpmtud-03 Gorry

Datagram Packetization Layer Path MTU Discovery draft-ietf-tsvwg-datagram-plpmtud-03 Gorry Fairhurst, Tom Jones , Michael Txen, Irene Rngeler tom@erg.abdn.ac.uk IETF 102 - Montreal Changes since draft-ietf-tsvwg-datagram-plpmtud-01

133 views • 10 slides
Secure Sockets Layer Transport Layer Security BEAST Attack Dan Luedtke <mail@danrl.de>

Secure Sockets Layer Transport Layer Security BEAST Attack Dan Luedtke <mail@danrl.de>

Secure Sockets Layer Transport Layer Security BEAST Attack Dan Luedtke <mail@danrl.de> Wed Apr 18, 2012 University of the German Federal Armed Forces, Munich Slide 1 Outline History Design Goals SSL/TLS Stack

439 views • 15 slides
Introduction to the Transport Layer CSC 249 Feb 13, 2018 1 Transport Layer Overview q Tasks

Introduction to the Transport Layer CSC 249 Feb 13, 2018 1 Transport Layer Overview q Tasks

Introduction to the Transport Layer CSC 249 Feb 13, 2018 1 Transport Layer Overview q Tasks performed by the transport layer v Services provided to the application layer v Services expected from the network layer q Multiplexing and

437 views • 8 slides
1 Chapter 3 outline Multiplexing/demultiplexing Multiplexing at send host: Demultiplexing at

1 Chapter 3 outline Multiplexing/demultiplexing Multiplexing at send host: Demultiplexing at

Chapter 3: Transport Layer Our goals: Transport Layer understand learn about transport principles behind layer protocols in the transport layer Internet: services: UDP: connectionless multiplexing/ transport

479 views • 10 slides
Lecture 10: Transport Layer Protocols CSE 123: Computer Networks Chris Kanich Project 2 out;

Lecture 10: Transport Layer Protocols CSE 123: Computer Networks Chris Kanich Project 2 out;

Lecture 10: Transport Layer Protocols CSE 123: Computer Networks Chris Kanich Project 2 out; Midterm Monday Lecture 10 Overview Process naming/demultiplexing User Datagram Protocol (UDP) Transport Control Protocol (TCP) Three-way

246 views • 11 slides

More recommend