Datagram Transport Layer Security

Last updated

Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed [1] [2] [3] to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses User Datagram Protocol (UDP) or Stream Control Transmission Protocol (SCTP), the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet. Because DTLS uses UDP or SCTP rather than TCP it avoids the TCP meltdown problem [4] [5] when being used to create a VPN tunnel.

Contents

Definition

The following documents define DTLS:

DTLS 1.0 is based on TLS 1.1, DTLS 1.2 is based on TLS 1.2, and DTLS 1.3 is based on TLS 1.3. There is no DTLS 1.1 because this version-number was skipped in order to harmonize version numbers with TLS. [2] Like previous DTLS versions, DTLS 1.3 is intended to provide "equivalent security guarantees [to TLS 1.3] with the exception of order protection/non-replayability". [11]

Implementations

Libraries

Library support for DTLS
ImplementationDTLS 1.0 [1] DTLS 1.2 [2] DTLS 1.3 [3]
Botan YesYes
cryptlib NoNo
GnuTLS YesYes
Java Secure Socket Extension YesYes
LibreSSL YesYes [12]
libsystools [13] YesNo
MatrixSSL YesYes
mbed TLS (previously PolarSSL)Yes [14] Yes [14]
Network Security Services Yes [15] Yes [16]
OpenSSL YesYes [17]
PyDTLS [18] [19] YesYes
Python3-dtls [20] [21] YesYes
RSA BSAFE NoNo
s2n NoNo
Schannel XP/2003, Vista/2008 NoNo
Schannel 7/2008R2, 8/2012, 8.1/2012R2, 10 Yes [22] No [22]
Schannel 10 (1607), 2016 YesYes [23]
Secure Transport OS X 10.2–10.7 / iOS 1–4NoNo
Secure Transport OS X 10.8–10.10 / iOS 5–8Yes [24] No
SharkSSLNoNo
tinydtls [25] NoYes
Waher.Security.DTLS [26] NoYes
wolfSSL (previously CyaSSL) [27] YesYesYes
@nodertc/dtls [28] [29] NoYes
java-dtls [30] YesYes
pion/dtls [31] (Go)NoYes
californium/scandium [32] (Java)NoYes
SNF4J [33] (Java)YesYes
ImplementationDTLS 1.0DTLS 1.2DTLS 1.3

Applications

Vulnerabilities

In February 2013 two researchers from Royal Holloway, University of London discovered a timing attack [46] which allowed them to recover (parts of the) plaintext from a DTLS connection using the OpenSSL or GnuTLS implementation of DTLS when Cipher Block Chaining mode encryption was used.

See also

Related Research Articles

In computer network engineering, an Internet Standard is a normative specification of a technology or methodology applicable to the Internet. Internet Standards are created and published by the Internet Engineering Task Force (IETF). They allow interoperation of hardware and software from different sources which allows internets to function. As the Internet became global, Internet Standards became the lingua franca of worldwide communications.

The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suite are the Transmission Control Protocol (TCP), the User Datagram Protocol (UDP), and the Internet Protocol (IP). Early versions of this networking model were known as the Department of Defense (DoD) model because the research and development were funded by the United States Department of Defense through DARPA.

The Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating communication sessions that include voice, video and messaging applications. SIP is used in Internet telephony, in private IP telephone systems, as well as mobile phone calling over LTE (VoLTE).

In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages to other hosts on an Internet Protocol (IP) network. Within an IP network, UDP does not require prior communication to set up communication channels or data paths.

Virtual private network (VPN) is a network architecture for virtually extending a private network across one or multiple other networks which are either untrusted or need to be isolated.

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It uses encryption ('hiding') only for its own control messages, and does not provide any encryption or confidentiality of content by itself. Rather, it provides a tunnel for Layer 2, and the tunnel itself may be passed over a Layer 3 encryption protocol such as IPsec.

In computer networking, the Datagram Congestion Control Protocol (DCCP) is a message-oriented transport layer protocol. DCCP implements reliable connection setup, teardown, Explicit Congestion Notification (ECN), congestion control, and feature negotiation. The IETF published DCCP as RFC 4340, a proposed standard, in March 2006. RFC 4336 provides an introduction.

FTPS is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer cryptographic protocols.

A keepalive (KA) is a message sent by one device to another to check that the link between the two is operating, or to prevent the link from being broken.

This article lists communication protocols that are designed for file transfer over a telecommunications network.

In computing, syslog is a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the type of system generating the message, and is assigned a severity level.

<span class="mw-page-title-main">Network Security Services</span> Collection of cryptographic computer libraries

Network Security Services (NSS) is a collection of cryptographic computer libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the server side and hardware smart cards on the client side. NSS provides a complete open-source implementation of cryptographic libraries supporting Transport Layer Security (TLS) / Secure Sockets Layer (SSL) and S/MIME. NSS releases prior to version 3.14 are tri-licensed under the Mozilla Public License 1.1, the GNU General Public License, and the GNU Lesser General Public License. Since release 3.14, NSS releases are licensed under GPL-compatible Mozilla Public License 2.0.

Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. The extension allows a server to present one of multiple possible certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. This also allows a proxy to forward client traffic to the right server during TLS/SSL handshake. The desired hostname is not encrypted in the original SNI extension, so an eavesdropper can see which site is being requested. The SNI extension was specified in 2003 in RFC 3546

A cipher suite is a set of algorithms that help secure a network connection. Suites typically use Transport Layer Security (TLS) or its deprecated predecessor Secure Socket Layer (SSL). The set of algorithms that cipher suites usually contain include: a key exchange algorithm, a bulk encryption algorithm, and a message authentication code (MAC) algorithm.

The Transport Layer Security (TLS) protocol provides the ability to secure communications across or inside networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free software and open source.

The Stream Control Transmission Protocol (SCTP) is a computer networking communications protocol in the transport layer of the Internet protocol suite. Originally intended for Signaling System 7 (SS7) message transport in telecommunication, the protocol provides the message-oriented feature of the User Datagram Protocol (UDP), while ensuring reliable, in-sequence transport of messages with congestion control like the Transmission Control Protocol (TCP). Unlike UDP and TCP, the protocol supports multihoming and redundant paths to increase resilience and reliability.

Constrained Application Protocol (CoAP) is a specialized UDP-based Internet application protocol for constrained devices, as defined in RFC 7252. It enables those constrained devices called "nodes" to communicate with the wider Internet using similar protocols. CoAP is designed for use between devices on the same constrained network, between devices and general nodes on the Internet, and between devices on different constrained networks both joined by an internet. CoAP is also being used via other mechanisms, such as SMS on mobile communication networks.

QUIC is a general-purpose transport layer network protocol initially designed by Jim Roskind at Google. It was first implemented and deployed in 2012 and was publicly announced in 2013 as experimentation broadened. It was also described at an IETF meeting. The Chrome web browser, Microsoft Edge, Firefox, and Safari all support it. In Chrome, QUIC is used by more than half of all connections to Google's servers.

References

  1. 1 2 E. Rescorla; N. Modadugu (April 2006). Datagram Transport Layer Security. Network Working Group. doi: 10.17487/RFC4347 . RFC 4347.Obsolete. Obsoleted by RFC  6347. Updated by RFC  5746 and 7507.
  2. 1 2 3 E. Rescorla; N. Modadugu (January 2012). Datagram Transport Layer Security Version 1.2. Internet Engineering Task Force (IETF). doi: 10.17487/RFC6347 . ISSN   2070-1721. RFC 6347.Obsolete. Obsoleted by RFC  9147. Updated by RFC  7507, 7905, 8996 and 9146. Obsoletes RFC  4347.
  3. 1 2 3 E. Rescorla; H. Tschofenig; N. Modadugu (April 2022). The Datagram Transport Layer Security (DTLS) Protocol Version 1.3. IETF TLS workgroup. doi: 10.17487/RFC9147 . RFC 9147.Proposed Standard. Obsoletes RFC  6347
  4. Titz, Olaf (2001-04-23). "Why TCP Over TCP Is A Bad Idea". Archived from the original on 2023-03-10. Retrieved 2015-10-17.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
  5. Honda, Osamu; Ohsaki, Hiroyuki; Imase, Makoto; Ishizuka, Mika; Murayama, Junichi (October 2005). "Understanding TCP over TCP: effects of TCP tunneling on end-to-end throughput and latency". In Atiquzzaman, Mohammed; Balandin, Sergey I (eds.). Performance, Quality of Service, and Control of Next-Generation Communication and Sensor Networks III. Vol. 6011. Bibcode:2005SPIE.6011..138H. CiteSeerX   10.1.1.78.5815 . doi:10.1117/12.630496. S2CID   8945952.
  6. T. Phelan (May 2008). Datagram Transport Layer Security (DTLS) over the Datagram Congestion Control Protocol (DCCP). Network Working Group. doi: 10.17487/RFC5238 . RFC 5238.Informational. Updated by RFC  8996.
  7. P. Calhoun; M. Montemurro; D. Stanley, eds. (March 2009). Control And Provisioning of Wireless Access Points (CAPWAP) Protocol Specification. Network Working Group. doi: 10.17487/RFC5415 . RFC 5415.Proposed Standard. Updated by RFC  8553 and 8996.
  8. D. McGrew; E. Rescorla (May 2010). Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP). Internet Engineering Task Force. doi: 10.17487/RFC5764 . ISSN   2070-1721. RFC 5764.Proposed Standard. Updated by RFC  7983 and 9443.
  9. Peck, M.; Igoe, K. (2012-09-25). "Suite B Profile for Datagram Transport Layer Security / Secure Real-time Transport Protocol (DTLS-SRTP)". IETF.
  10. M. Tuexen; R. Seggelmann; E. Rescorla (January 2011). Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP). Internet Engineering Task Force (IETF). doi: 10.17487/RFC6083 . ISSN   2070-1721. RFC 6083.Proposed Standard. Updated by RFC  8996.
  11. "The Datagram Transport Layer Security (DTLS) Protocol Version 1.3".
  12. "LibreSSL 3.3.2 Release Notes". The OpenBSD Project. 2021-05-01. Retrieved 2021-06-13.
  13. Julien Kauffmann. "libsystools: A TLS/DTLS open source library for Windows/Linux using OpenSSL". SourceForge.
  14. 1 2 "mbed TLS 2.0.0 released". ARM. 2015-07-13. Retrieved 2015-08-25.
  15. "NSS 3.14 release notes". Mozilla Developer Network. Mozilla. Archived from the original on 2013-01-17. Retrieved 2012-10-27.
  16. "NSS 3.16.2 release notes". Mozilla Developer Network. Mozilla. 2014-06-30. Archived from the original on 2021-12-07. Retrieved 2014-06-30.
  17. "As of version 1.0.2". The OpenSSL Project. The OpenSSL Project. 2015-01-22. Archived from the original on 2014-09-04. Retrieved 2015-01-26.
  18. Ray Brown. "pydtls - Datagram Transport Layer Security for Python". GitHub.
  19. Ray Brown. "DTLS for Python". Python Software Foundation.
  20. Ray Brown/Mobius Software LTD. "pydtls - Datagram Transport Layer Security for Python". GitHub.
  21. Ray Brown/Mobius Software LTD. "DTLS for Python3 Based on PyDTLS". Python Software Foundation.
  22. 1 2 "An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1". Microsoft. Retrieved 13 November 2012.
  23. Justinha. "TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016". docs.microsoft.com. Retrieved 2017-09-01.
  24. "Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues". iOS Developer Library. Apple Inc. Retrieved 2012-05-03.
  25. Olaf Bergmann. "tinydtls". Eclipse Foundation.
  26. Peter Waher. "Waher.Security.DTLS". Waher Data AB.
  27. "wolfSSL Embedded SSL/TLS Library".
  28. Dmitriy Tsvettsikh. "Secure UDP communications using DTLS in pure js". GitHub.
  29. Dmitriy Tsvettsikh. "DTLS in pure js". npm.
  30. Mobius Software LTD. "Non blocking Java DTLS Implementation based on BouncyCastle and Netty". Mobius Software LTD.
  31. Sean DuBois. "pion/dtls: DTLS 1.2 Server/Client implementation for Go". GitHub.
  32. "californium/scandium: DTLS 1.2 Server/Client implementation for java and coap. Includes connection id extension". Eclipse Foundation.
  33. SNF4J.ORG. "Simple Network Framework for Java (SNF4J)". GitHub.{{cite web}}: CS1 maint: numeric names: authors list (link)
  34. "AnyConnect FAQ: tunnels, reconnect behavior, and the inactivity timer". Cisco . Retrieved 26 February 2017.
  35. "OpenConnect". OpenConnect . Retrieved 26 February 2017.
  36. "Cisco InterCloud Architectural Overview" (PDF). Cisco Systems.
  37. "Cato Networks Cipher Suites Used by the Cato Socket and SDP Client".{{cite web}}: CS1 maint: url-status (link)
  38. "Cato Networks Routing Traffic to an Off-Cloud Link".{{cite web}}: CS1 maint: url-status (link)
  39. "ZScaler ZTNA 2.0 Tunnel". ZScaler.
  40. "f5 Datagram Transport Layer Security (DTLS)". f5 Networks.
  41. "Using DTLS to improve SSL VPN performance". Fortinet. 25 February 2016.
  42. "array.c from OpenConnect". 23 May 2022.
  43. "Configuring a DTLS Virtual Server". Citrix Systems.
  44. "WebRTC Interop Notes". Archived from the original on 2013-05-11.
  45. "Firefox 86.0, See All New Features, Updates and Fixes". Mozilla. 2021-02-23. Archived from the original on 2021-02-22. Retrieved 2021-02-23. From Firefox 86 onward, DTLS 1.0 is no longer supported for establishing WebRTC's PeerConnections. All WebRTC services need to support DTLS 1.2 from now on as the minimum version.
  46. "Plaintext-Recovery Attacks Against Datagram TLS" (PDF).
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.