Research And Implementation Of CoAP Protocol Security Mechanism

In order to enable low-power devices to access the Internet,the IETF has developed the CoAP protocol standard.Because the security threats to CoAP protocol are becoming increasingly diverse in the process of practical application,the IETF has also put forward that CoAP protocol needs to be protected by the DTLS protocol from the transport layer in the released CoAP protocol standard RFC7252.The article implements the function development work of the CoAP protocol GET、POST、PUT and DELETE,and designs three security modes to satisfy the security requirements of target defined in the CoAP protocol standard RFC7252.The main research contents are as follows:1.According to standard CoAP protocol standard RFC7252 and Pre-shared Key standard RFC4279,the CoAP protocol security mode under Pre Shared Key is designed by using the TLS_PSK_WITH_AES₁28_CCM_SHA algorithm defined by the IANA organization.From the security analysis,this model can resist effectively passive attacks and replay attacks.2.According to standard CoAP protocol standard RFC7252 and Raw Public Key standard RFC7250,the CoAP protocol security mode under Raw Public Key is designed,by using the TLS_ECDHE_ECDSA_WITH_AES₁28_CCM algorithm defined by the IANA organization.From the security analysis,this mode can provide forward security and unforgeability.3.According to standard CoAP protocol standard RFC7252 and Certificate Model standard RFC5280,the CoAP protocol security mode based on x.509 Certificate is designed,by using the TLS_PSK_WITH_AES₁28_CCM_SHA algorithm defined by the IANA organization.A third-party authentication center（CA） is introduced between the client and the server.From the security analysis,this mode can offer identity reliability and forward security.4.By using the 6LoWSN platform based on CC2530,mebdtls and libcoap tools,the network platform of CoAP protocol is established to achieve the function verification,performance testing and scenario analysis of the three modes.The functional verification result shows that the three security modes designed in this article can achieve the security and confidentiality of the end-to-end data of the CoAP protocol.The communication overhead and computational overhead of the three security modes designed in this paper are compared with the NoSec mode.The test result shows that the increased communication overhead of Pre Shared Key mode,Raw Public Key mode and Certificate mode is 182 Bytes,1230Bytes and 1395 Bytes,respectively,and the increased computational overhead of Pre Shared Key mode,Raw Public Key mode and Certificate mode is 0.34 s,4.1s and 8.1s,respectively.The scenario analysis results show that the communication overhead caused by the NoSec mode and the Pre Shared mode is low,which can be applied to resource-constrained devices such as sensor networks,instead,the Raw Public Key model and Certificate mode cause large communication overhead because of the use of ECC algorithm and the introduction of CA,which can be applied to resource-rich devices such as gateways.