ETH Zurich :
Computer Science :
Pervasive Computing :
Distributed Systems :
Education :
Student Projects :
Abstract
Securing the Constrained Application Protocol (M)Status: Abgeschlossen
Abstract—The IETF is standardizing the Constrained Application Protocol (CoAP), a Web protocol for resource-constrained platforms, fulfilling machine-to-machine and requirements using UDP. The IETF draft specifies security through Datagram Transport Layer Security (DTLS) to be mandatory. Its implementation for sensor nodes is, however, still a challenge. Thus, this thesis will provide a state-of-the-art survey and a roadmap specifying the necessary steps to realize the security suite for different CoAP implementations. First steps will be realized for Californium (Cf), a CoAP framework written in Java for unconstrained environments.
Background
The Constrained Application Protocol (CoAP), currently standardized by the Internet Engineering Task Force (IETF), is a light-weight RESTful protocol that can easily and transparently be mapped to HTTP This allows for seamless integration into the Web. By using UDP, it enables one-to-many communication, relaxes many-to-one, and provides efficient push notifications. The CoAP specification identifies DTLS and IPSec as two methods that can be used for providing data origin authentication, integrity and replay protection, and encryption for CoAP messages. These security features become an essential requirement for open infrastructures that are not shielded by firewalls, for instance in a smart city. But despite the importance of providing security, the realization is still a challenge, as no common libraries or comprehensive implementation guidance is available. Hence, a survey is necessary to assess the solutions drafted across different IETF working groups. Based on that, a roadmap can be compiled that helps to implement and evaluate the different proposed mechanisms to satisfy the security requirements. A good approach to apply these findings to the embedded operating systems running on resource-constrained platforms is to provide a reference implementation in the unconstrained environment. This allows for preliminary results for mechanism without the issues only related to resource constraints and eases the realization and testing for constrained implementations in future work. For these steps, the Californium (Cf) CoAP framework written in Java can offer the required infrastructure, as it is modular and provides an implementation of the latest CoAP draft.
Objectives
The student will assess the drafts in the Constrained RESTful Environments (CoRE) working group as well as available implementations of the underlying security mechanisms and discuss possible threats to the protocol and its limitations.
Based on these results, a roadmap will be created listing the steps that need to be taken to realize the security suite for the CoAP implementations of the Distributed Systems Group: Californium (Cf), Erbium (Er), and Copper (Cu).
The theoretical results will be applied to Californium (Cf) by implementing all mandatory security options of the latest CoAP Internet-Draft.
In a final step, the student shall evaluate the realized security suite qualitatively through threat modeling and quantitatively through performance measurements.
Bibliography
- I-D: Constrained Application Protocol (CoAP) (in particular Section 10)
- RFC 4347: Datagram Transport Layer Security
- I-D: Security Considerations in the IP-based Internet of Things
- I-D: CoAP Security Options
- I-D: Security Bootstrapping of Resource-Constrained Devices
- Thomas Kothmayr, Wen Hu, Corinna Schmitt, Michael Bruenig, and Georg Carle.
Poster: Securing the Internet of Things with DTLS. In: Proceedings of the 9th ACM Conference on Embedded Networked Sensor Systems (SenSys '11), Seattle, WA, USA
- Shahid Raza, Simon Duquennoy, Tony Chung, Dogan Yazar, Thiemo Voigt, and Utz Roedig.
Securing Communication in 6LoWPAN with Compressed IPsec. In: Proceedings of the 7th IEEE International Conference on Distributed Computing in Sensor Systems (DCOSS '11), Barcelona, Spain
Student/Bearbeitet von: Stefan Jucker Contact/Ansprechpartner: Matthias Kovatsch
|