Compact DTLS 1.2 implementation and a suggestion for improved DTLS-secured multicast topology
Author
Kodzhastoyanov, Ivan
Term
4. term
Education
Publication year
2016
Submitted on
2016-06-06
Pages
58
Abstract
This thesis addresses the need for lightweight, standards-based communication security in smart home and other IoT settings where datagram transports are common. It presents a compact implementation of DTLS 1.2 tailored to constrained devices, guided by current recommendations and standards. The motivation is illustrated by an attack scenario showing how a compromised gateway can undermine protection without end-to-end security. The work details key design and efficiency choices, including suitable cipher suite selection, memory usage, random number generation, PMTU discovery, message sizes and fragmentation, and the required DTLS handshake and state logic. In addition, it analyzes existing proposals for DTLS-secured multicast and proposes an alternative, more scalable topology that aims to lower memory requirements and complexity for group communication in constrained environments. The thesis also outlines a testing and evaluation framework covering handshake generation and verification, fragmentation, encryption and decryption, timeouts and retransmissions, performance, and interoperability.
Dette speciale adresserer behovet for letvægts, standardsbaseret kommunikationssikkerhed i smarte hjem og andre IoT-miljøer, hvor datagrambaserede protokoller er udbredte. Arbejdet præsenterer en kompakt implementering af DTLS 1.2 målrettet ressourcebegrænsede enheder og er forankret i de nyeste anbefalinger og standarder. Motivationen underbygges af et angrebseksempel, der viser, hvordan kompromitterede gateways kan undergrave netværkets beskyttelse uden ende-til-ende sikkerhed. Specialet gennemgår centrale designvalg og effektivitetshensyn, herunder valg af egnede ciphersuites, hukommelsesforbrug, tilfældighedsgenerering, PMTU-opdagelse, meddelelsesstørrelser og fragmentering samt den nødvendige håndtryks- og tilstandslogik for DTLS. Derudover analyserer arbejdet eksisterende forslag til DTLS-sikret multicast og foreslår en alternativ, mere skalerbar topologi, som sigter mod at reducere hukommelseskrav og kompleksitet i gruppesammenhænge for begrænsede miljøer. Afhandlingen skitserer også en test- og evalueringsramme med fokus på bl.a. håndtryksgenerering og -verificering, fragmentering, kryptering/dekryptering, timeouts og retransmissioner, performance og kompatibilitet med andre implementeringer.
[This apstract has been generated with the help of AI directly from the project full text]