Dear all, We have submitted a new Internet draft to the LWIG WG to share our implementation experience on using DTLS for various security functionalities, i.e., network access, key management, and secure multicast communication in order to facilitate Internet of Things (IoT).
Comments and feedback are very much appreciated. Many thanks Sye Loong -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: maandag 25 februari 2013 17:12 To: Keoh, Sye Loong Cc: Kumar, Sandeep; Garcia Morchon, Oscar Subject: New Version Notification for draft-keoh-lwig-dtls-iot-01.txt A new version of I-D, draft-keoh-lwig-dtls-iot-01.txt has been successfully submitted by Sye Loong Keoh and posted to the IETF repository. Filename: draft-keoh-lwig-dtls-iot Revision: 01 Title: Securing the IP-based Internet of Things with DTLS Creation date: 2013-02-25 Group: Individual Submission Number of pages: 20 URL: http://www.ietf.org/internet-drafts/draft-keoh-lwig-dtls-iot-01.txt Status: http://datatracker.ietf.org/doc/draft-keoh-lwig-dtls-iot Htmlized: http://tools.ietf.org/html/draft-keoh-lwig-dtls-iot-01 Diff: http://www.ietf.org/rfcdiff?url2=draft-keoh-lwig-dtls-iot-01 Abstract: The IP-based Internet of Things (IoT) refers to the pervasive interaction of smart devices and people enabling new applications by means of IP protocols. Traditional IP protocols will be further complemented by 6LoWPAN and CoAP to make the IoT feasible on small devices. Security and privacy are a must for such an environment. Due to mobility, limited bandwidth, resource constraints, and new communication topologies, existing security solutions need to be adapted. We propose a security architecture for the IoT in order to provide network access control to smart devices, the management of keys and securing unicast/multicast communication. Devices are authenticated and granted network access by means of a pre-shared key (PSK) based security handshake protocol. The solution is based on Datagram Transport Layer Security (DTLS). Through the established secure channels, keying materials, operational and security parameters are distributed, enabling devices to derive session keys and group keys. The solution relies on the DTLS Record Layer for the protection of unicast and multicast data flows. We have prototyped and evaluated the security architecture. The DTLS architecture allows for easier interaction and interoperability with the Internet due to the extensive use of TLS. However, it exhibits performance issues constraining its deployment in some network topologies and hence would require further optimizations. The IETF Secretariat ________________________________ The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. _______________________________________________ Lwip mailing list [email protected] https://www.ietf.org/mailman/listinfo/lwip
