+ The DTLS protocol provides communications + privacy for datagram protocols. The protocol allows client/server + applications to communicate in a way that is designed to prevent + eavesdropping, tampering, or message forgery.
+Datagram Transport Layer Security Version 1.2
++ The DTLS 1.2 protocol is + based on the Transport Layer Security (TLS) version 1.2 protocol and provides + equivalent security guarantees. +
++ It has been published as RFC 6347 in January 2012. +
++ View details » +
++ Datagram Transport Layer Security Version 1.3 +
++ The DTLS 1.3 protocol is intentionally based on the Transport Layer + Security (TLS) 1.3 protocol and provides equivalent security + guarantees with the exception of order protection/non-replayability. + Datagram semantics of the underlying transport are preserved by the + DTLS protocol. +
++ The document is a work-in-progress in the IETF TLS working group. +
++ View details » +
++ DTLS profile of the Authentication and Authorization for Constrained Environments Framework +
++ This specification defines a profile of the ACE framework that allows + constrained servers to delegate client authentication and + authorization. The protocol relies on DTLS version 1.2 for + communication security between entities in a constrained network + using either raw public keys or pre-shared keys. +
++ View details » +
+To enable CoAP's security on a tiny device, a tiny implementation of DTLS + for + Class 1 + devices
+ ++ Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. +
+ ++ OSCORE provides end-to-end protection + between endpoints communicating using CoAP or CoAP-mappable HTTP. + OSCORE is designed for constrained nodes and networks supporting a + range of proxy operations, including translation between different + transport protocols. +
++ A method for application-layer protection of + CoAP, using CBOR Object + Signing and Encryption (COSE). +
++ OSCORE has been published as RFC 8613 in July 2019. +
++ View details » +
++ Secure Group Communication for CoAP +
++ Employing the basic multicast functionality defined in RFC 7252, + RFC 7390 + provides end-to-end security of CoAP + messages exchanged between members of a group, e.g. using IP + multicast. In particular, it provides source + authentication for CoAP group requests, sent by a client to multiple + servers, and the corresponding CoAP responses. +
++ The document is a work-in-progress in the IETF CoRE working group. +
++ View details » +
++ OSCORE profile of the Authentication and Authorization for Constrained Environments Framework +
++ It utilizes Object Security for Constrained RESTful Environments + (OSCORE) to provide communication security, server authentication, + and proof-of-possession for a key owned by the client and bound to an + OAuth 2.0 access token. +
++ The document is a work-in-progress in the IETF ACE working group. +
++ View details » +
+ ++ A portable C implementation of OSCORE usable for embedded devices. Usable on various platforms, especially embedded ones, + it describes its requirements towards the used platform's CoAP implementation + with a small generic API that can then be implemented by different CoAP libraries, + for example RIOT-OS's gcoap. +
+ + +A C implementation of OSCORE usable with Contiki-NG.
+ + ++ OpenWSN supports OSCORE. +
+ + +libcoap C implementation supports OSCORE.
+ + ++ Partial OSCORE (draft version 14) Proof of Concept Server implementation on top of Zephyr OS + for the 96Boards Nitrogen. + The ipsp and coap_server samples of zephyr are combined to set up CoAP over 6lowpan over Bluetooth. +
+ + ++ An experimental OSCORE implementation using Rust. A demo of this implementation can be found here. +
+ + +OSCORE submodule within Californium, it runs on the CoAP Californium library. +
+ +aiocoap supports full OSCORE support client-side; protected servers can be implemented based on it but are not automatic yet.
+ + +CoAP.NET implementation in C# providing CoAP-based services to .NET applications supports OSCORE
+ + ++ A protocol dissector for OSCORE is part of + Wireshark. + The final OSCORE dissector, updated to reflect the RFC, is supported by Wireshark 3.2.3, the + stable version + of Wireshark. +
+ ++ A number of interoperability tests have been defined and run for OSCORE, and are work in progress for OSCORE group communication. +
++ EricssonResearch.github.io/OSCOAP + contains test specifications and interop reports for OSCORE. + The recorded pcap for some of these sessions can be found here +
+ ++ EricssonResearch.github.io/Multicast-OSCOAP + contains test specifications for OSCORE group communication. +
+ ++ The Internet of Things cannot spread as long as it can be exploited by hackers willy-nilly. + CoAP does not just pay lip service to security, it actually provides strong security. + The IETF is working on several security mechanisms. +
++ The DTLS protocol provides communications + privacy for datagram protocols. The protocol allows client/server + applications to communicate in a way that is designed to prevent + eavesdropping, tampering, or message forgery. The DTLS protocol is + based on the Transport Layer Security (TLS) protocol. +
++ The IETF ACE working group is developing a standard that allows + constrained servers to delegate client authentication and + authorization, and set up a DTLS 1.2 channel between the entities. + DTLS profile of Ace +
++ OSCORE provides end-to-end protection + between endpoints communicating using CoAP or CoAP-mappable HTTP. + OSCORE is designed for constrained nodes and networks supporting a + range of proxy operations, including translation between different + transport protocols. +
++ OSCORE is extended with a mechanism to protect group communication using CoAP, called Group OSCORE. +
++ The IETF ACE working group is developing a standard that allows + constrained servers to delegate client authentication and + authorization, and set up OSCORE between the entities. + OSCORE profile of Ace +
++ Several other specifications work together to support security in CoAP. Enhancements to CoAP that mitigate security issues in particular use + cases are been developed. +
++ The Echo option enables a CoAP server to verify the freshness + of a request or to force a client to demonstrate reachability at its + claimed network address; it is now the recommeded way to mitigate + amplification attacks. +
++ The Request-Tag option allows the CoAP server + to match block-wise message fragments belonging to the same request. +
++ The update to the client Token processing requirements of CoAP + forbids non-secure reuse of Tokens to ensure binding of responses to + requests when CoAP is used with security. +
++ View details » +
+