4,904 research outputs found
Low-Power IoT Communication Security: On the Performance of DTLS and TLS 1.3
International audienceSimilarly to elsewhere on the Internet, practical security in the Internet of Things (IoT) is achieved by combining an array of mechanisms, at work at all layers of the protocol stack, in system software, and in hardware. Standard protocols such as Datagram Transport Layer Security (DTLS 1.2) and Transport Layer Security (TLS 1.2) are often recommended to secure communications to/from IoT devices. Recently, the TLS 1.3 standard was released and DTLS 1.3 is in the final stages of standardization. In this paper, we give an overview of version 1.3 of these protocols, and we provide the first experimental comparative performance analysis of different implementations and various configurations of these protocols, on real IoT devices based on low-power microcontrollers. We show how different implementations lead to different compromises. We measure and compare bytes-over-the-air, memory footprint, and energy consumption. We show that, when DTLS/TLS 1.3 requires more resources than DTLS/TLS 1.2, this additional overhead is quite reasonable. We also observe that, in some configurations, DTLS/TLS 1.3 actually decreases overhead and resource consumption. All in all, our study indicates that there is still room to optimize the existing implementations of these protocols
DTLS Performance in Duty-Cycled Networks
The Datagram Transport Layer Security (DTLS) protocol is the IETF standard
for securing the Internet of Things. The Constrained Application Protocol,
ZigBee IP, and Lightweight Machine-to-Machine (LWM2M) mandate its use for
securing application traffic. There has been much debate in both the
standardization and research communities on the applicability of DTLS to
constrained environments. The main concerns are the communication overhead and
latency of the DTLS handshake, and the memory footprint of a DTLS
implementation. This paper provides a thorough performance evaluation of DTLS
in different duty-cycled networks through real-world experimentation, emulation
and analysis. In particular, we measure the duration of the DTLS handshake when
using three duty cycling link-layer protocols: preamble-sampling, the IEEE
802.15.4 beacon-enabled mode and the IEEE 802.15.4e Time Slotted Channel
Hopping mode. The reported results demonstrate surprisingly poor performance of
DTLS in radio duty-cycled networks. Because a DTLS client and a server exchange
more than 10 signaling packets, the DTLS handshake takes between a handful of
seconds and several tens of seconds, with similar results for different duty
cycling protocols. Moreover, because of their limited memory, typical
constrained nodes can only maintain 3-5 simultaneous DTLS sessions, which
highlights the need for using DTLS parsimoniously.Comment: International Symposium on Personal, Indoor and Mobile Radio
Communications (PIMRC - 2015), IEEE, IEEE, 2015,
http://pimrc2015.eee.hku.hk/index.htm
Reflections on security options for the real-time transport protocol framework
The Real-time Transport Protocol (RTP) supports a range of video conferencing, telephony, and streaming video ap- plications, but offers few native security features. We discuss the problem of securing RTP, considering the range of applications. We outline why this makes RTP a difficult protocol to secure, and describe the approach we have recently proposed in the IETF to provide security for RTP applications. This approach treats RTP as a framework with a set of extensible security building blocks, and prescribes mandatory-to-implement security at the level of different application classes, rather than at the level of the media transport protocol
Options for Securing RTP Sessions
The Real-time Transport Protocol (RTP) is used in a large number of
different application domains and environments. This heterogeneity
implies that different security mechanisms are needed to provide
services such as confidentiality, integrity, and source
authentication of RTP and RTP Control Protocol (RTCP) packets
suitable for the various environments. The range of solutions makes
it difficult for RTP-based application developers to pick the most
suitable mechanism. This document provides an overview of a number
of security solutions for RTP and gives guidance for developers on
how to choose the appropriate security mechanism
- …