Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
On Improving Resistance to Denial of Service and Key Provisioning Scalability of the DTLS Handshake
RISE, Swedish ICT, SICS, Security Lab.ORCID iD: 0000-0001-8842-9810
RISE, Swedish ICT, SICS, Security Lab.ORCID iD: 0000-0001-8003-200x
RISE, Swedish ICT, SICS.
2017 (English)In: International Journal of Information Security, ISSN 1615-5262, E-ISSN 1615-5270, Vol. 16, no 2, p. 173-193Article in journal (Refereed) Published
Abstract [en]

DTLS is a transport layer security protocol designed to provide secure communication over unreliable datagram protocols. Before starting to communicate, a DTLS client and server perform a specific handshake in order to establish a secure session and agree on a common security context. However, the DTLS handshake is affected by two relevant issues. First, the DTLS server is vulnerable to a specific Denial of Service (DoS) attack aimed at forcing the establishment of several half open sessions. This may exhaust memory and network resources on the server, so making it less responsive or even unavailable to legitimate clients. Second, although it is one of the most efficient key provisioning approaches adopted in DTLS, the pre-shared key provisioning mode does not scale well with the number of clients, it may result in scalability issues on the server side, and it complicates key re-provisioning in dynamic scenarios. This paper presents a single and efficient security architecture which addresses both issues, by substantially limiting the impact of DoS, and reducing the number of keys stored on the server side to one unit only. Our approach does not break the existing standard and does not require any additional message exchange between DTLS client and server. Our experimental results show that our approach requires a shorter amount of time to complete a handshake execution, and consistently reduces the time a DTLS server is exposed to a DoS instance. We also show that it considerably improves a DTLS server in terms of service availability and robustness against DoS attack.

Place, publisher, year, edition, pages
Springer , 2017, 8. Vol. 16, no 2, p. 173-193
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:ri:diva-24539DOI: 10.1007/s10207-016-0326-0Scopus ID: 2-s2.0-84961634159OAI: oai:DiVA.org:ri-24539DiVA, id: diva2:1043623
Projects
EU FP7 SEGRID (Grant Agreement no. FP7-607109)EIT DIGITAL High Impact Initiative "Advanced connectivity platform for vertical segments"Available from: 2016-10-31 Created: 2016-10-31 Last updated: 2023-05-25Bibliographically approved

Open Access in DiVA

fulltext(1025 kB)558 downloads
File information
File name FULLTEXT01.pdfFile size 1025 kBChecksum SHA-512
47b3a25ad82a4664eb3013f20cc5c3c6f31dd32ea8551b9f4306b21e9ac56745cd8c3e66c7d804afbbc5d9e38ce3762816c1f323f40daf3f8d7659d4916c5a66
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Tiloca, MarcoGehrmann, Christian

Search in DiVA

By author/editor
Tiloca, MarcoGehrmann, Christian
By organisation
Security LabSICS
In the same journal
International Journal of Information Security
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 558 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 234 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf