Links to CoAP or DTLS 1.2 research information - eclipse-californium/californium GitHub Wiki

Links to research information about CoAP or DTLS 1.2

General

IETF / core-wg

mail archive

github

wiki

iana (Internet Assigned Numbers Authority)

Constrained Application Protocol (CoAP): Corrections and Clarifications

IETF / tls-wg

mail archive

github

wiki

iana (Internet Assigned Numbers Authority)

Overviews Of Implementations

coap.technology

opensourcelibs.com

Performance analysis

Analysis of CoAP Implementations for Industrial Internet of Things: A Survey

It compares single request processing. The benefits from using californium comes with many clients at a moderate request rate each. Californium is able to process about 30.000 request per second (in sum) from several thousand clients using encryption on a J5005 (4x1.5 GHz CPU, 16 GB Ram).

Impact of CoAP and MQTT on NB-IoT System Performance

In my experience, using DTLS 1.2 with CID enables a CAT-NB (NB-IoT) modem to send data encrypted (package < 280 bytes) from sleep-mode (PSM) into the cloud and back in about 4s. That's hard to beat.

Content Object Security in the Internet of Things: Challenges, Prospects, and Emerging Solutions

Focus on the usage of protocol-translating gateways and hops (coap2coap-proxies).

Security - DTLS / CoAP

NIST database of known CoAP vulnerabilities

NIST database of known DTLS vulnerabilities

NIST database of known Californium vulnerabilities

NIST database of known tinyDtls vulnerabilities

CISA UDP-Based Amplification Attacks

"the coap protocol is the next big thing for ddos attacks"

The Fragility of Industrial IoT’s Data Backbone

Carsten Bormann, core-email-list, about the above links

Using coap without encryption in the public internet is hopefully something very temporary. The statements about using RFC 7959 - Blockwise seems to be wrong, because a peer can not request larger blocks than the other peer offers. Only a smaller blocksize could be negotiated.

Core - CoAP - Attacks

Core - CoAP - Attacks, related github project

John Mattsson, core-email-list, Core - CoAP - Attacks, announcement with additional reference links

The references seems to refer to the same threat. FMPOV a good one is NETSCOUT, CoAP Attacks In The Wild. In sum, this is the same information as the "the coap protocol is the next big thing for ddos attacks" above.

NETSCOUT, Datagram Transport Layer Security (D/TLS) Reflection/Amplification DDoS Attack Mitigation Recommendations

NETSCOUT, DDoS Attack Vectors Live or Die

RFC 7457 - Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)

Lucky 13, 2013 - Slides

Lucky 13, 2013 - Details and Mitigation

Lucky 13, 2018 - Pseudo Constant Time Implementations of TLS Are Only Pseudo Secure

Plaintext-Recovery Attacks Against Datagram TLS

Lucky 13 affects both TLS and DTLS.

Generally, such a timing side-channel attack requires the processing time of crypto functions. Using java makes it much harder to get such timing signals with a useful quality. Especially, if executed in a multi-core/multi-processor platform as common for servers the times vary from run to run a lot. If the server is used for communication with other peers, also common for CoAP, useful timing signals will be even harder. Using resilient cipher suites helps also to overcome that threat.

For lucky 13, that means use CCM or GCM variants instead of the CBC.

This POODLE Bites: Exploiting The SSL 3.0 Fallback

Security - General

Netscout - DDoS

Robustness

Robustness Testing of CoAP Server-side Implementations

I'm not sure, what "californium-pt" is. The test seems to use californium 1.0.x. Running californium's plugtest server (2.0.x) now for more than a year in a public sandbox, I'm not aware, that it crashes.

Exploring the Possibilities of Robustness Testing CoAP Implementations Using Evolutionary Fuzzing

That test didn't cover californium.

DTLS Fuzzer

Use it, and report your findings.

Research Sites - Current Scans

Shodan

Very popular IoT search engine. Free and advanced plans. Offers APIs for automated usage.

Shadowserver - CoAP Report

Shadowserver - CoAP Scan.

Own basic research

The tests are done by sending a GET request to all public IPv4 addresses at port 5683 to check for CoAP servers. If a response is received back the server is counted and the size of the response is accumulated in a statistic. Additionally a ClientHello is sent to all public IPv4 addresses at port 5684 to check for DTLS servers. If a HelloVerifyRequest or ServerHello is received back, then the server is counted.

(End of December 2021)

dtls: 1330
coap: 317509

avg.: 338.17, 5%: 7, 10%: 7, 50%: 143, 75%: 519, 90%: 983, 95%: 991, max.: 2029

The average response size is 338 bytes, the median is 143 bytes. The ratio of 1330 to 317509 is about 4%%

(End of January 2022)

dtls: 1443
coap: 344121

avg.: 341.01, 5%: 7, 10%: 7, 50%: 143, 75%: 519, 90%: 767, 95%: 991, max.: 2029

(End of February 2022)

dtls: 1436
coap: 351413

avg.: 345.15, 5%: 7, 10%: 7, 50%: 143, 75%: 519, 90%: 983, 95%: 991, max.: 2029

(End of March 2022)

dtls: 1521
coap: 352920

avg.: 347.99, 5%: 7, 10%: 7, 50%: 143, 75%: 519, 90%: 983, 95%: 991, max.: 2029

(End of April 2022)

dtls: 1496
coap: 325196

avg.: 350.38, 5%: 7, 10%: 7, 50%: 143, 75%: 519, 90%: 991, 95%: 991, max.: 2029

(End of May 2022)

dtls: 1536
coap: 320223

avg.: 338.66, 5%: 7, 10%: 7, 50%: 143, 75%: 519, 90%: 983, 95%: 991, max.: 2029

(End of June 2022)

dtls: 1518
coap: 311156

avg.: 332.93, 5%: 7, 10%: 7, 50%: 143, 75%: 519, 90%: 575, 95%: 991, max.: 2029