Scribd
Upload
68 views12 pages

IoT Security Lecture 4 Notes

Uploaded by

Shivend Menon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
68 views12 pages

IoT Security Lecture 4 Notes

Uploaded by

Shivend Menon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 12

APPLICATION LAYER IN TCP/IP

— Acts as interface between the applications and the underlying network


— Application layer protocols provide rules and formats that determine how data is
treated in the application layer
— The TCP/IP application layer performs the functions of the upper three layers of the
OSI model (Application, Presentation, Session)
— Common application layer protocols include: HTTP, FPT, TFPT, DNS

— Application layer protocols are used by both the source and destination devices
during a communication session
— The application layer protocols implemented on the source and destination host must
match

HYPERTEXT TRANSFER PROTOCOL (HTTP)


HTTP VS HTTPS
— HTTP + SSL (Secure Socket Layer) = HTTPS

APPLICATION LAYERS IN IoT NETWORKS


— Application layer usually employs HTTP to provide web service, but HTTP has high
computation complexity, low data rate, and high energy consumption
— Therefore, several lightweight protocols have been developed for the application layer
of IoT networks
LAYERS IN IoT NETWORK ARCHITECTURE
IoT APPLICATION LAYER PROTOCOLS
— CoAP: Constrained Application Protocol
— MQTT: Messages Queuing Telemetry Transport
— XMPP: Extensible Messaging and Presence Protocol
— RESTful: Representational State Transfer
— AMQP: Advanced Message Queuing Protocol
— WebSocket: Computer Communications Protocol
— DDS: Data Distribution Service
— SMQTT: Secure MQTT
TCP VS UDP

IoT APPLICATION LAYER PROTCOLS


REQUEST/RESPONSE

PUBLISH / SUBSCRIBE

IoT APPLICATION LAYER PROTOCOLS


TLS / SSL
— SSL: Secure Sockets Layer originally developed by Netscape in the mid 1990s
— TLS: Transport Layer Security evolved from SSL 3.0, is a cryptographic protocol that
provides communications security over a computer network

TLS
— TLS is a protocol for establishing secure (Transport Layer) communications between
two parties, usually denoted as a Client and a Server

DTLS
— The Datagram Transport Layer Security (DTLS) is the UDP-based version of TLS,
designed to provide end-to-end security association between two nodes
DISCUSSIONS
— What is the best choice for IoT application layer protocols?
Application Layer Protocols
CONSTRAINED APPLICATION PROTOCOL (CoAP)
— CoAP is an application layer protocol that is intended for use in resource-constrained
devices
— Basically, a CoAP is a Restful web transfer protocol for use with constrained network
— CoAP uses client/server model of approach same as HTTP
— It is designed especially for constrained networks with low overhead and energy
CoAP vs HTTP
— Unlike HTTP based protocols, CoAP operates over UDP instead of using complex
congestion control as in TCP.
— CoAP is based on REST architecture, which is a general design for accessing Internet
resources.
— In order to overcome disadvantage in constrained resource, CoAP need to optimize the
length of datagram and provide reliable communication.
— On one side, CoAP provides REST methods such as GET, POST, PUT, and
DELETE.
— On the other side, based on lightweight UDP protocol, CoAP allows IP multicast,
which satisfies group communication for IoT.
CoAP
— To compensate for the unreliability of UDP protocol, CoAP defines a retransmission
mechanism and provides resource discovery mechanism with resource description.

— CoAP is not just a simply compression of HTTP protocol.


— Considering low processing capability and low power consuming demand of restrained
resource, CoAP redesigned some features of HTTP to accommodate these limitations.
CoAP vs HTTP

FEATURES OF CoAP
— Designed especially for constrained networks
— CoAP operates over UDP
— Asynchronous message exchange
— Low header and parsing complexity
— URI and content-type support
— Simple proxy and caching capacities
— Optional resource discovery
— UPD transport with optional reliability supporting unicast/multicast requests
— Stateless HTTP-CoAP mapping, allowing proxy to provide access to CoAP resources
via HTTP and vice versa
— Security using Datagram Transport Layer Security (DTLS)

CoAP COMMUNICATION METHOD


— CoAP supports the basic methods of GET, POST, PUT, DELETE, which are easily
mapped to HTTP
o GET: The GET method retrieves the information of the resource identified by
the request URI.
o POST: The POST method is used to request the server to create a new
subordinate resource under the requested parent URI.
o PUT: The PUT method requests that the resource identified by the request URI
be updated or created with the enclosed message body.
o DELETE: The DELETE method requests that the resource identified by the
request URI be deleted.
EXAMPLE

MESSAGE LAYER MODEL


— Message Layer supports 4 types message:
o CON (Confirmable)
o NON (Non-confirmable)
o ACK (Acknowledgement)
o RST (Reset)

RELIABLE MESSAGE TRANSPORT


— Keep retransmission until get ACK with the same message ID (like 0x8c56)
— Using default time out and decreasing counting time exponentially when transmitting
CON
— If recipient fail to process message, it responses by replacing ACK with RST

UNRELIABLE MESSAGE TRANSPORT


— Transporting with NON type message
— It does not need to be ACKed, but has to contain message ID for supervising in case of
retransmission
— If recipient fail to process message, server replies RST
MESSAGE FORMAT
— CoAP is based on the exchange of compact messages that, by default, are transmitted
over UDP (i.e., each CoAP message occupies the data section of one UDP datagram)
— Message of CoAP uses simple binary format
— Message= fixed-size 4-byte header plus a variable-length Token plus a sequence of
CoAP options plus payload

— Ver: Version
— T: Message type (CON, NON, ACK, and RES)
— TKL: Token length
— Code: Request method (1-10) or Response Code (40-255)
— Message ID: 16-bit identifier for matching responses
— Token: Optional response matching token
CoAP SECURITY ANALYSIS
— CoAP is now becoming the standard protocol for IoT applications.
— Security is important to protect the communication between devices.
— DTLS is security method used in CoAP.
— There are three main elements when considering security, namely integrity,
authentication, and confidentiality.
— DTLS can achieve all of them.
— Unlike network layer security protocols, DTLS in application layer protect end-to-end
communication
— No end-to-end communication protection will make it easy for attackers to access to all
text data that passes through a compromised node
— DTLS also avoids cryptographic overhead problems that occur in lower layer security
protocols
SECURITY CHALLENGES IN CoAP
— In terms of security, CoAP is still under considerations and development due to several
challenges and debates.
— The biggest challenge is to keep the high performance while maintaining the security
standards and providing protection.
SUMMARY
— Application Layer in TPC/IP
— Application Layer in IoT Networks
— IoT Application Layer Protocols
— Constrained Application Protocol (CoAP)
— CoAP Security Analysis

You might also like