Abstract
The Transport Layer Security (TLS) 1.3 protocol supports a fast zero round-trip time (0-RTT) session resumption mechanism, enabling clients to send data in their first flight of messages. This protocol has been designed with Web infrastructure in mind, and requires these first messages to not change any state on the server side, as it is susceptible to replay attacks. This is disastrous for common IoT scenarios, where sensors often transmit state-changing data to servers. As bandwidth is a huge concern in the IoT, the field stands to benefit significantly from an efficient session resumption protocol that does not suffer from these limitations. Building on the observation that in IoT scenarios the set of clients is often bounded and fairly static, we propose rTLS (ratchet TLS), an efficient 0-RTT session resumption protocol that dramatically decreases bandwidth overhead, while adding forward secrecy and break-in resilience, and is not susceptible against replay attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Authentication protocols for internet of things: A comprehensive survey. Security and Communication Networks
AT&T: LTE-M and NB-IoT. https://www.business.att.com/products/lpwa.html
Bergmann, O., Gerdes, S., Bormann, C.: Simple keys for simple smart objects. In: Workshop on Smart Object Security (2012)
Bormann, C., Ersue, M., Keränen, A.: Terminology for Constrained-Node Networks. RFC 7228, May 2014. https://doi.org/10.17487/RFC7228. https://rfc-editor.org/rfc/rfc7228.txt
Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. In: 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 451–466, April 2017. https://doi.org/10.1109/EuroSP.2017.27
Rescorla, E., Barnes, R., Tschofenig, H.: Compact TLS 1.3 (IETF draft). https://datatracker.ietf.org/doc/draft-rescorla-tls-ctls/
Gupta, V., et al.: Sizzle: a standards-based end-to-end security architecture for the embedded internet. Technical report, USA (2005)
Hall-Andersen, M., Wong, D., Sullivan, N., Chator, A.: NQUIC: noise-based QUIC packet protection. In: Proceedings of the Workshop on the Evolution, Performance, and Interoperability of QUIC, EPIQ 2018, pp. 22–28. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3284850.3284854
Hologram: Hologram pricing. https://hologram.io/pricing/
Salowey, J., Zhou, H., Eronen, P., Tschofenig, H.: Transport Layer Security (TLS) Session Resumption without Server-Side State. RFC 5077, January 2008. https://doi.org/10.17487/RFC5077, https://rfc-editor.org/rfc/rfc8446.txt
Kothmayr, T., Schmitt, C., Hu, W., Brünig, M., Carle, G.: A DTLS based end-to-end security architecture for the internet of things with two-way authentication. In: 37th Annual IEEE Conference on Local Computer Networks - Workshops, pp. 956–963, October 2012. https://doi.org/10.1109/LCNW.2012.6424088
NIST: Lightweight Cryptography. https://csrc.nist.gov/projects/lightweight-cryptography
OpenSSL Software Foundation: OpenSSL. https://www.openssl.org
Perrin, T., Marlinspike, M.: The double ratchet algorithm (2016). https://www.signal.org/docs/specifications/doubleratchet/doubleratchet.pdf
Raza, S., Trabalza, D., Voigt, T.: 6LoWPAN compressed DTLS for CoAP. In: 2012 IEEE 8th International Conference on Distributed Computing in Sensor Systems, pp. 287–289, May 2012. https://doi.org/10.1109/DCOSS.2012.55
Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446, August 2018. https://doi.org/10.17487/RFC8446, https://rfc-editor.org/rfc/rfc8446.txt
Rescorla, E., Dierks, T.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246, August 2008. https://doi.org/10.17487/RFC5246, https://rfc-editor.org/rfc/rfc5246.txt
Rescorla, E., Modadugu, N.: Datagram Transport Layer Security. RFC 4347, April 2006. https://doi.org/10.17487/RFC4347, https://rfc-editor.org/rfc/rfc4347.txt
Santesson, S., Tschofenig, H.: Transport Layer Security (TLS) Cached Information Extension. RFC 7924, July 2016. https://doi.org/10.17487/RFC7924, https://rfc-editor.org/rfc/rfc7924.txt
Systems, O.: Signal. https://www.signal.org
Verizon: Verizon thingspace. https://thingspace.verizon.com/service/connectivity/
WhatsApp: Whatsapp encryption overview. https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf
WolfSSL: TLS 1.3 Protocol Support. https://www.wolfssl.com/docs/tls13/
Wouters, P., Tschofenig, H., Gilmore, J., Weiler, S., Kivinen, T.: Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). RFC 7250, June 2014. https://doi.org/10.17487/RFC7250, https://rfc-editor.org/rfc/rfc7250.txt
Acknowledgement
The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under the Marie Skło-dowska-Curie grant agreement No. 764785, FORA – Fog computing for Robotics and Industrial Automation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Tange, K., Howard, D., Shanahan, T., Pepe, S., Fafoutis, X., Dragoni, N. (2020). rTLS: Lightweight TLS Session Resumption for Constrained IoT Devices. In: Meng, W., Gollmann, D., Jensen, C.D., Zhou, J. (eds) Information and Communications Security. ICICS 2020. Lecture Notes in Computer Science(), vol 12282. Springer, Cham. https://doi.org/10.1007/978-3-030-61078-4_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-61078-4_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-61077-7
Online ISBN: 978-3-030-61078-4
eBook Packages: Computer ScienceComputer Science (R0)