| Title | An Overview of Security in CoAP: Attack and Analysis |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Arvind, S, Narayanan, V Anantha |
| Conference Name | 2019 5th International Conference on Advanced Computing Communication Systems (ICACCS) |
| Keywords | application layer protocol, authentication mechanism, browser security, Browsers, channel security, client-server architecture, CoAP security attack, composability, compositionality, Computer architecture, Constrained Application Protocol, Constrained Application Protocol (CoAP), Copper, cross-protocol attacks, datagram transport layer security, Datagram Transport Layer Security (DTLS), denial of service, Denial of Service (DoS) attacks, DoS, DTLS, Human Behavior, Internet of Things, Internet of Things (IoT), IoT devices, man-in-the-middle attack, Metrics, network servers, peak security issues, Protocols, proxy, pubcrawl, Relay Attacks, replay attacks, request for comments 7252, resilience, RFC 7252, secure protocol, security, Servers, smart ecosystems, telecommunication security, UDP, User Datagram Protocol (UDP), Web transfer protocols |
| Abstract | Over the last decade, a technology called Internet of Things (IoT) has been evolving at a rapid pace. It enables the development of endless applications in view of availability of affordable components which provide smart ecosystems. The IoT devices are constrained devices which are connected to the internet and perform sensing tasks. Each device is identified by their unique address and also makes use of the Constrained Application Protocol (CoAP) as one of the main web transfer protocols. It is an application layer protocol which does not maintain secure channels to transfer information. For authentication and end-to-end security, Datagram Transport Layer Security (DTLS) is one of the possible approaches to boost the security aspect of CoAP, in addition to which there are many suggested ways to protect the transmission of sensitive information. CoAP uses DTLS as a secure protocol and UDP as a transfer protocol. Therefore, the attacks on UDP or DTLS could be assigned as a CoAP attack. An attack on DTLS could possibly be launched in a single session and a strong authentication mechanism is needed. Man-In-The-Middle attack is one the peak security issues in CoAP as cited by Request For Comments(RFC) 7252, which encompasses attacks like Sniffing, Spoofing, Denial of Service (DoS), Hijacking, Cross-Protocol attacks and other attacks including Replay attacks and Relay attacks. In this work, a client-server architecture is setup, whose end devices communicate using CoAP. Also, a proxy system was installed across the client side to launch an active interception between the client and the server. The work will further be enhanced to provide solutions to mitigate these attacks. |
| DOI | 10.1109/ICACCS.2019.8728533 |
| Citation Key | arvind_overview_2019 |
An Overview of Security in CoAP: Attack and Analysis