180 likes | 419 Views
Datagram Transport Layer Security (DTLS). Eric Rescorla IETF 60 Apps Open Area Meeting. Overview. One liner: Secure communication layer for unreliable datagram transport TLS only works over reliable transport Broken by packet loss and reordering Our approach:
E N D
Datagram Transport Layer Security (DTLS) Eric Rescorla IETF 60 Apps Open Area Meeting
Overview • One liner: • Secure communication layer for unreliable datagram transport • TLS only works over reliable transport • Broken by packet loss and reordering • Our approach: • DTLS, derived from TLS: works over Datagram transport (UDP, SCTP unreliable mode)
Motivation (1) • Datagram protocols are in wide use • Internet Telephony Signaling (SIP) • Video streaming/conferencing • Online gaming • Network management (SNMP) • None of these can use TLS or IPsec • Lots of ad-hoc security/key-exchange protocols (SIP/S-MIME, SNMPv3, … ) • Why not IPsec?
Motivation (2) • Why not use IPsec? • Better suited for host-host security, than application-application security • Runs in the kernel • Non-uniform IPsec API’s • Complicated, inter-operability issues • Key exchange complicated (IKE, JFK, IKEv2) • Neither TLS nor IPsec are suitable, so design something new...
Why begin with TLS? • TLS is popular (and it works) • Inherit desirable properties from TLS • Familiar model • Simple API • In-band key exchange • Easy to implement per connection policies • Availability of stable open-source code • No kernel changes • Runs in user-land • Can be packaged with applications • Relatively easy to patch
Basic principle: bang for the buck • Start with TLS • Make only the most minimal required changes • To deal with loss and reordering • Avoid making any “improvements” • Be as similar to TLS as possible
DTLS Protocol Overview • Protocol flow same as TLS • Initial handshake (2-3 round trips) • Data sent in DTLS records • Provide reliability for handshake phase • Using standard timeout and retransmits • Stateless processing of application data records • TLS 1.1 already supports this for block ciphers • No support for stream ciphers
Status • Currently an individual submission • draft-rescorla-dtls-00.txt • Looking for input • Paper in ISOC NDSS 2004 • http://crypto.stanford.edu/~nagendra/dtls.pdf • Reference implementation in progress • Based on OpenSSL • API looks just like sockets... • Plan to make this publicly available