Change search
ReferencesLink to record
Permanent link

Direct link
On Improving Resistance to Denial of Service and Key Provisioning Scalability of the DTLS Handshake
RISE, Swedish ICT, SICS. SEC.
RISE, Swedish ICT, SICS. SEC.
RISE, Swedish ICT, SICS. SEC.
Number of Authors: 3
2016 (English)In: International Journal of Information SecurityArticle in journal (Refereed) Published
Abstract [en]

DTLS is a transport layer security protocol designed to provide secure communication over unreliable datagram protocols. Before starting to communicate, a DTLS client and server perform a specific handshake in order to establish a secure session and agree on a common security context. However, the DTLS handshake is affected by two relevant issues. First, the DTLS server is vulnerable to a specific Denial of Service (DoS) attack aimed at forcing the establishment of several half open sessions. This may exhaust memory and network resources on the server, so making it less responsive or even unavailable to legitimate clients. Second, although it is one of the most efficient key provisioning approaches adopted in DTLS, the pre-shared key provisioning mode does not scale well with the number of clients, it may result in scalability issues on the server side, and it complicates key re-provisioning in dynamic scenarios. This paper presents a single and efficient security architecture which addresses both issues, by substantially limiting the impact of DoS, and reducing the number of keys stored on the server side to one unit only. Our approach does not break the existing standard and does not require any additional message exchange between DTLS client and server. Our experimental results show that our approach requires a shorter amount of time to complete a handshake execution, and consistently reduces the time a DTLS server is exposed to a DoS instance. We also show that it considerably improves a DTLS server in terms of service availability and robustness against DoS attack.

Place, publisher, year, edition, pages
Springer , 2016, 8.
National Category
Computer and Information Science
Identifiers
URN: urn:nbn:se:ri:diva-24539OAI: oai:DiVA.org:ri-24539DiVA: diva2:1043623
Projects
EU FP7 SEGRID (Grant Agreement no. FP7-607109)EIT DIGITAL High Impact Initiative "Advanced connectivity platform for vertical segments"
Available from: 2016-10-31 Created: 2016-10-31

Open Access in DiVA

fulltext(1025 kB)8 downloads
File information
File name FULLTEXT01.pdfFile size 1025 kBChecksum SHA-512
47b3a25ad82a4664eb3013f20cc5c3c6f31dd32ea8551b9f4306b21e9ac56745cd8c3e66c7d804afbbc5d9e38ce3762816c1f323f40daf3f8d7659d4916c5a66
Type fulltextMimetype application/pdf

By organisation
SICS
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 8 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 15 hits
ReferencesLink to record
Permanent link

Direct link