2

Is there any way in which the messages that are send by COAP over UDP packets can be secured ? Any open source projects that I can implement. This message exchange is with a server and the client would be an embedded device. So the cryptographic algorithm must be able to run on it too. Also I came across cyassl. But the problem is that it uses TCP protocol rather than UDP ? Any ideas ?

Thanks

cache
  • 113
  • 1
  • 11

3 Answers3

4

DTLS can be used to secure CoAP unicast messages, however, CoAP multicast messages are not protected by the existence DTLS protocol. Because efficient key distribution problem has not been solved yet. This means the header of multicast messages might be exposed to the sniffer tool, including the URI path.

Nowadays, there is a protocol called OSCoAP might help with this. It is still in implementation.

This is the latest draft IDTF document of OSCoAP: https://datatracker.ietf.org/doc/html/draft-ietf-core-object-security-02

However, there are doubts about it. It mentions the OSCoAP will encrypt the URI path in section 4. Then key distribution still might be a problem in multicast. But it didn't mention any difficulties there. But someone who has interests in the security of CoAP messages can have a look at OSCoAP.

Community
  • 1
  • 1
Linglin Zhang
  • 41
  • 2
2

The way to secure CoAP is DTLS (TLS for Datagram)

The RFC is pretty clear on the subject: https://datatracker.ietf.org/doc/rfc7252/?include_text=1

See section 9 for the details.

DTLS is simply the well-known TLS/SSL but adapted to run on UDP transport.

A nice and simple implementation for embedded device is tinydtls (http://trinydtls.sf.net)

For the server side you can use Californium and Scandium (http://eclipse.org/californium)

Julien Vermillard
  • 2,945
  • 1
  • 18
  • 18
0

Encryption of data before sending lets you not bother about the transfer protocol (i.e. is it UDP, TCP etc). Of course you will need to decrypt the data on the server.

If you want transport-layer security, you should look for DTLS implementations. DTLS is a flavor of SSL/TLS designed to be run over UDP and similar transports. I am not sure if DTLS implementations exist for constrained devices, though.

Eugene Mayevski 'Callback
  • 45,135
  • 8
  • 71
  • 121
  • There are many cryptograhic algorithms for constrained devices and one such i came across was called cyassl. But the problem is that it was over TCP rather than UDP ! – cache Jun 06 '14 at 11:16
  • @cache cyassl is not an algorithm! That's a library that implements some algorithms and protocols. You need to read about encryption before going further, so that you understand what to do and *then* you'll know which route to take. – Eugene Mayevski 'Callback Jun 06 '14 at 15:53
  • My apoligies.What i meant was that I was looking for a library that implemented a security feature over UDP packets for an embedded device. – cache Jun 09 '14 at 05:57
  • @cache I am trying to explain that encryption and UDP are two independent technologies. Depending on whether you need data security or transport security, you will be looking for two different approaches and different libraries. – Eugene Mayevski 'Callback Jun 09 '14 at 07:17
  • I think i am looking at transport securtiy. Basically I have some COAP packets over the UDP channel. So i want to secure it. I was looking at the library Cyassl which implements cryptographic algorithms securing the channel using TLS 1.2 . But the problem is that it uses TCP protocol. So I am on a lookout to find ana equivalent for UDP. So does this make sense ?! – cache Jun 09 '14 at 08:20
  • @cache As said, search for DTLS implementations but it can be that you won't find any - DTLS is not that popular. – Eugene Mayevski 'Callback Jun 09 '14 at 12:41