Transport Layer Security (TLS) Cached Information Extension

Santesson, Stefan; Tschofenig, Hannes

doi:10.17487/rfc7924

Cited by 19 publications

(15 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To reduce the number of octets of the DTLS handshake, especially the size of the certificate in the ServerHello (which can be several kilobytes), DNS clients and servers can use raw public keys [RFC7250] or Cached Information Extension [RFC7924]. Cached Information Extension avoids transmitting the server's certificate and certificate chain if the client has cached that information from a previous TLS handshake.…”

Section: Performance Considerationsmentioning

confidence: 99%

DNS over Datagram Transport Layer Security (DTLS)

Reddy¹,

Patil²,

Wing³

2017

View full text Add to dashboard Cite

DNS over Datagram Transport Layer Security (DTLS)Abstract DNS queries and responses are visible to network elements on the path between the DNS client and its server. These queries and responses can contain privacy-sensitive information, which is valuable to protect.This document proposes the use of Datagram Transport Layer Security (DTLS) for DNS, to protect against passive listeners and certain active attacks. As latency is critical for DNS, this proposal also discusses mechanisms to reduce DTLS round trips and reduce the DTLS handshake size. The proposed mechanism runs over port 853.

show abstract

Section: Performance Considerationsmentioning

confidence: 99%

DNS over Datagram Transport Layer Security (DTLS)

Reddy¹,

Patil²,

Wing³

2017

View full text Add to dashboard Cite

show abstract

“…It has been shown that implicit certificates decrease the transmission and verification overheads of traditional public-key certificates [14], although they will not replace traditional certificates. Another way to decrease the handshake transmission is to use the proposed Cached Information Extension for TLS [15], that allows client to cache server information and therefore that information is not needed in future handshakes. Moreover, a comprehensive session resumption, denialof-service protection and retransmission mechanisms for DTLS for constrained networks have been introduced in recent paper [16].…”

Section: Cloud Connected Iotmentioning

confidence: 99%

SecureSense: End-to-end secure communication architecture for the cloud-connected Internet of Things

Raza

Helgason

Papadimitratos

et al. 2017

Future Generation Computer Systems

View full text Add to dashboard Cite

Constrained Application Protocol (CoAP) has become the de-facto web standard for the IoT. Unlike traditional wireless sensor networks, Internet-connected smart thing deployments require security. CoAP mandates the use of the Datagram TLS (DTLS) protocol as the underlying secure communication protocol. In this paper we implement DTLS-protected secure CoAP for both resource-constrained IoT devices and a cloud backend and evaluate all three security modes (pre-shared key, raw-public key, and certificate-based) of CoAP in a real cloud-connected IoT setup. We extend Sics th Sense-a cloud platform for the IoT-with secure CoAP capabilities, and compliment a DTLS implementation for resource-constrained IoT devices with raw-public key and certificate-based asymmetric cryptography. To the best of our knowledge, this is the first effort toward providing end-to-end secure communication between resource-constrained smart things and cloud back-ends which supports all three security modes of CoAP both on the client side and the server side. SecureSense-our End-to-End (E2E) secure communication architecture for the IoT-consists of all standardbased protocols, and implementation of these protocols are open source and BSD-licensed. The SecureSense evaluation benchmarks and open source and open license implementation make it possible for future IoT product and service providers to account for security overhead while using all standardized protocols and while ensuring interoperability among different vendors. The core contributions of this paper are: (i) a complete implementation for CoAP security modes for E2E IoT security, (ii) IoT security and communication protocols for a cloud platform for the IoT, and (iii) detailed experimental evaluation and benchmarking of E2E security between a network of smart things and a cloud platform.

show abstract

“…The use of mutual certificate-based authentication is shown in Figure 10, which makes use of the "cached_info" extension [RFC7924]. Support of the "cached_info" extension is REQUIRED.…”

Section: Raw Public Keymentioning

confidence: 99%

Transport Layer Security (TLS) / Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things

Tschofenig¹,

Fossati²

2016

View full text Add to dashboard Cite

Transport Layer Security (TLS) Cached Information Extension

Cited by 19 publications

References 2 publications

DNS over Datagram Transport Layer Security (DTLS)

DNS over Datagram Transport Layer Security (DTLS)

SecureSense: End-to-end secure communication architecture for the cloud-connected Internet of Things

Transport Layer Security (TLS) / Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things

Contact Info

Product

Resources

About