Security Analysis of COAP and DTLS Protocols for Internet of Things Applications

Ali Tunca Gürkan

Security Analysis of COAP and DTLS Protocols for Internet of Things Applications

Tezin Türü: Yüksek Lisans

Tezin Yürütüldüğü Kurum: Işık Üniversitesi, Fen Bilimleri Enstitüsü, Bilgisayar Mühendisliği, Türkiye

Tezin Onay Tarihi: 2019

Tezin Dili: İngilizce

Öğrenci: Ali Tunca Gürkan

Danışman: Ayşegül Tüysüz Erman

Özet:

Internet of Things is a very fast growing area. Its requirements and related technologies are changing from day to day. In Internet of Things, devices can communicate with each other with different messaging protocols. The latest messaging protocols are well developed, but they are too heavy to be run on devices developed with old technology. Therefore, these devices have to be operated with old-fashioned protocols. This makes devices vulnerable to security risks. CoAP is a newly developed messaging protocol for constrained devices used in Internet of Things applications. The protocol is a variant of HTTP, so it has similar speci cations. CoAP does not have an embedded security mechanism. Therefore, another protocol called DTLS is used on top of it to provide security. DTLS has powerful functions like handshaking and session processes; however, it is weak against DoS attacks. In this study, we develop a security extension for Internet of Things devices using CoAP with DTLS for secure messaging. DTLS applies handshaking process for every received request. The handshaking process is the most time and resource consuming part of the communication. We propose a security extension to prevent unnecessary messaging during handshaking process of an attacker device that sends a lot of unauthenticated requests. When a client sends requests to a server that has the proposed security extension, the server counts unsuccessful handshaking processes for each client. If the count passes a limit of suspicious requests, the security extension on server adds the client's IP address into a banned IPs list. Until the expiration time, the server does not accept any request from the banned IP address. Our proposed security extension is tested in different scenarios to examine the effects on the network. The results of the experiments show that the enhanced security extension decreases delays on the network and it is helpful for communication between authenticated devices.