| < draft-mattsson-lwig-security-protocol-comparison-00.txt | draft-mattsson-lwig-security-protocol-comparison-01.txt > | |||
|---|---|---|---|---|
| Network Working Group J. Mattsson | Network Working Group J. Mattsson | |||
| Internet-Draft F. Palombini | Internet-Draft F. Palombini | |||
| Intended status: Informational Ericsson AB | Intended status: Informational Ericsson AB | |||
| Expires: August 26, 2018 February 22, 2018 | Expires: September 20, 2018 March 19, 2018 | |||
| Comparison of CoAP Security Protocols | Comparison of CoAP Security Protocols | |||
| draft-mattsson-lwig-security-protocol-comparison-00 | draft-mattsson-lwig-security-protocol-comparison-01 | |||
| Abstract | Abstract | |||
| This document analyzes and compares per-packet message size overheads | This document analyzes and compares per-packet message size overheads | |||
| when using different security protocols to secure CoAP. The analyzed | when using different security protocols to secure CoAP. The analyzed | |||
| security protocols are DTLS 1.2, DTLS 1.3, TLS 1.2, TLS 1.3, and | security protocols are DTLS 1.2, DTLS 1.3, TLS 1.2, TLS 1.3, and | |||
| OSCORE. DTLS and TLS are analyzed with and without 6LoWPAN-GHC | OSCORE. DTLS and TLS are analyzed with and without 6LoWPAN-GHC | |||
| compression. DTLS is anlyzed with and without Connection ID. | compression. DTLS is analyzed with and without Connection ID. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on August 26, 2018. | This Internet-Draft will expire on September 20, 2018. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 8 ¶ | skipping to change at page 3, line 8 ¶ | |||
| [I-D.ietf-core-object-security]. The DTLS and TLS record layers are | [I-D.ietf-core-object-security]. The DTLS and TLS record layers are | |||
| analyzed with and without compression. DTLS is anlyzed with and | analyzed with and without compression. DTLS is anlyzed with and | |||
| without Connection ID [I-D.ietf-tls-dtls-connection-id] and DTLS 1.3 | without Connection ID [I-D.ietf-tls-dtls-connection-id] and DTLS 1.3 | |||
| is analyzed with and without the use of the short header. Readers | is analyzed with and without the use of the short header. Readers | |||
| are expected to be familiar with some of the terms described in RFC | are expected to be familiar with some of the terms described in RFC | |||
| 7925 [RFC7925], such as ICV. | 7925 [RFC7925], such as ICV. | |||
| 2. Overhead of Security Protocols | 2. Overhead of Security Protocols | |||
| To enable comparison, all the overhead calculations in this section | To enable comparison, all the overhead calculations in this section | |||
| use AES-CCM with a tag length of 8 bytes (AES_128_CCM_8), a plaintext | use AES-CCM with a tag length of 8 bytes (i.e. AES_128_CCM_8, AES- | |||
| of 6 bytes, and the sequence number '05'. This follows the example | CCM-16-64, or AES-CCM-64-64), a plaintext of 6 bytes, and the | |||
| in [RFC7400], Figure 16. | sequence number '05'. This follows the example in [RFC7400], | |||
| Figure 16. | ||||
| Note that the compressed overhead calculations for DLTS 1.2, DTLS | Note that the compressed overhead calculations for DLTS 1.2, DTLS | |||
| 1.3, TLS 1.2 and TLS 1.3 are dependent on the parameters epoch, | 1.3, TLS 1.2 and TLS 1.3 are dependent on the parameters epoch, | |||
| sequence number, and length, and all the overhead calculations are | sequence number, and length, and all the overhead calculations are | |||
| dependent on the parameter Connection ID when used. Note that the | dependent on the parameter Connection ID when used. Note that the | |||
| OSCORE overhead calculations are dependent on the CoAP option | OSCORE overhead calculations are dependent on the CoAP option | |||
| numbers, as well as the length of the OSCORE parameters Sender ID and | numbers, as well as the length of the OSCORE parameters Sender ID and | |||
| Sequence Number. The following are only examples. | Sequence Number. The following are only examples. | |||
| 2.1. DTLS 1.2 | 2.1. DTLS 1.2 | |||
| skipping to change at page 14, line 25 ¶ | skipping to change at page 14, line 25 ¶ | |||
| OSCORE Response 3 | OSCORE Response 3 | |||
| Figure 3: Overhead (excluding ICV) in bytes (Connection/Sender | Figure 3: Overhead (excluding ICV) in bytes (Connection/Sender | |||
| ID = '', Sequence Number = '05') | ID = '', Sequence Number = '05') | |||
| 4. Summary | 4. Summary | |||
| DTLS 1.2 has quite a large overhead as it uses an explicit sequence | DTLS 1.2 has quite a large overhead as it uses an explicit sequence | |||
| number and an explicit nonce. TLS 1.2 has significantly less (but | number and an explicit nonce. TLS 1.2 has significantly less (but | |||
| not small) overhead. TLS 1.3 and DTLS 1.3 have quite small overhead. | not small) overhead. TLS 1.3 and DTLS 1.3 have quite small overhead. | |||
| DTLS 1.3 with short header format has very small overhead. | OSCORE and DTLS 1.3 with short header format has very small overhead. | |||
| The Generic Header Compression (6LoWPAN-GHC) can in addition to DTLS | The Generic Header Compression (6LoWPAN-GHC) can in addition to DTLS | |||
| 1.2 handle TLS 1.2, and DTLS 1.2 with Connection ID. The Generic | 1.2 handle TLS 1.2, and DTLS 1.2 with Connection ID. The Generic | |||
| Header Compression (6LoWPAN-GHC) works very well for Connection ID | Header Compression (6LoWPAN-GHC) works very well for Connection ID | |||
| and the overhead seems to increase exactly with the length of the | and the overhead seems to increase exactly with the length of the | |||
| Connection ID (which is optimal). The compression of TLS 1.2 is not | Connection ID (which is optimal). The compression of TLS 1.2 is not | |||
| as good as the compression of DTLS 1.2 (as the static dictionary only | as good as the compression of DTLS 1.2 (as the static dictionary only | |||
| contains the DTLS 1.2 version number). Similar compression levels as | contains the DTLS 1.2 version number). Similar compression levels as | |||
| for DTLS could be achieved also for TLS 1.2, but this would require | for DTLS could be achieved also for TLS 1.2, but this would require | |||
| different static dictionaries. For TLS 1.3 and DTLS 1.3, GHC | different static dictionaries. For TLS 1.3 and DTLS 1.3, GHC | |||
| increases the overhead. Note that GHC in some cases might be able to | increases the overhead. The 6LoWPAN-GHC header compression is not | |||
| compress the payload and therefore reduce total overhead. | available when (D)TLS is exchanged over transports that do not use | |||
| 6LoWPAN together with 6LoWPAN-GHC. | ||||
| The 6LoWPAN-GHC header compression is not available when (D)TLS is | ||||
| exchanged over transports that do not use 6LoWPAN together with | ||||
| 6LoWPAN-GHC. | ||||
| The short header format for DTLS 1.3 reduces the header of 5 bytes, | The short header format for DTLS 1.3 reduces the header of 5 bytes, | |||
| by omitting the length value and sending 1 lower bit of epoch value | by omitting the length value and sending 1 lower bit of epoch value | |||
| instead of 2, and 12 lower bits of sequence number instead of 30. | instead of 2, and 12 lower bits of sequence number instead of 30. | |||
| This may create problems reconstructing the full sequence number, if | This may create problems reconstructing the full sequence number, if | |||
| ~2000 datagrams in sequence are lost. | ~2000 datagrams in sequence are lost. | |||
| OSCORE has much lower overhead than DTLS (with no short header | OSCORE has much lower overhead than DTLS 1.2 and TLS 1.2. The | |||
| format) and TLS. The overhead of OSCORE is smaller than DTLS over | overhead of OSCORE is smaller than DTLS 1.2 and TLS 1.2 over 6LoWPAN | |||
| 6LoWPAN with compression, and this small overhead is achieved even on | with compression, and this small overhead is achieved even on | |||
| deployments without 6LoWPAN or 6LoWPAN without DTLS compression. | deployments without 6LoWPAN or 6LoWPAN without DTLS compression. | |||
| OSCORE is lightweight because it makes use of some excellent features | OSCORE is lightweight because it makes use of some excellent features | |||
| in CoAP, CBOR, and COSE. | in CoAP, CBOR, and COSE. | |||
| 5. Security Considerations | 5. Security Considerations | |||
| This document is purely informational. | This document is purely informational. | |||
| 6. IANA Considerations | 6. IANA Considerations | |||
| This document has no actions for IANA. | This document has no actions for IANA. | |||
| 7. Informative References | 7. Informative References | |||
| [I-D.ietf-core-object-security] | [I-D.ietf-core-object-security] | |||
| Selander, G., Mattsson, J., Palombini, F., and L. Seitz, | Selander, G., Mattsson, J., Palombini, F., and L. Seitz, | |||
| "Object Security for Constrained RESTful Environments | "Object Security for Constrained RESTful Environments | |||
| (OSCORE)", draft-ietf-core-object-security-08 (work in | (OSCORE)", draft-ietf-core-object-security-11 (work in | |||
| progress), January 2018. | progress), March 2018. | |||
| [I-D.ietf-tls-dtls-connection-id] | [I-D.ietf-tls-dtls-connection-id] | |||
| Rescorla, E., Tschofenig, H., Fossati, T., and T. Gondrom, | Rescorla, E., Tschofenig, H., Fossati, T., and T. Gondrom, | |||
| "The Datagram Transport Layer Security (DTLS) Connection | "The Datagram Transport Layer Security (DTLS) Connection | |||
| Identifier", draft-ietf-tls-dtls-connection-id-00 (work in | Identifier", draft-ietf-tls-dtls-connection-id-00 (work in | |||
| progress), December 2017. | progress), December 2017. | |||
| [I-D.ietf-tls-dtls13] | [I-D.ietf-tls-dtls13] | |||
| Rescorla, E., Tschofenig, H., and N. Modadugu, "The | Rescorla, E., Tschofenig, H., and N. Modadugu, "The | |||
| Datagram Transport Layer Security (DTLS) Protocol Version | Datagram Transport Layer Security (DTLS) Protocol Version | |||
| 1.3", draft-ietf-tls-dtls13-22 (work in progress), | 1.3", draft-ietf-tls-dtls13-26 (work in progress), March | |||
| November 2017. | 2018. | |||
| [I-D.ietf-tls-tls13] | [I-D.ietf-tls-tls13] | |||
| Rescorla, E., "The Transport Layer Security (TLS) Protocol | Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
| Version 1.3", draft-ietf-tls-tls13-23 (work in progress), | Version 1.3", draft-ietf-tls-tls13-27 (work in progress), | |||
| January 2018. | March 2018. | |||
| [OlegHahm-ghc] | [OlegHahm-ghc] | |||
| Hahm, O., "Generic Header Compression", July 2016, | Hahm, O., "Generic Header Compression", July 2016, | |||
| <https://github.com/OlegHahm/ghc>. | <https://github.com/OlegHahm/ghc>. | |||
| [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | |||
| (TLS) Protocol Version 1.2", RFC 5246, | (TLS) Protocol Version 1.2", RFC 5246, | |||
| DOI 10.17487/RFC5246, August 2008, | DOI 10.17487/RFC5246, August 2008, | |||
| <https://www.rfc-editor.org/info/rfc5246>. | <https://www.rfc-editor.org/info/rfc5246>. | |||
| End of changes. 12 change blocks. | ||||
| 24 lines changed or deleted | 21 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||