LWAPP over DTLSW

1. LWAPP over DTLSW

2. Securing LWAPP with DTLS 1. Insert DTLS session establishment between the DISCOVER and JOIN phases 2. Remove the existing LWAPP security scheme This amounts to employing DTLS as a "secure wrapper", with LWAPP treating the resultant channel as a connectionless transport. This works as follows: o WTP sends DISCOVER message(s) o AC(s) respond o Upon selecting an AC to bind with, WTP sends DTLS ClientHello to AC o AC responds with DTLS ServerHello o (AC and WTP negotiate algorithms) o Once DTLS session is established, WTP sends JOIN request, and LWAPP state machine proceeds as before, sans internal security mechanisms

3. LWAPP with DTLS /-------------\ | v | +------------+ | C| Idle |<-----------------------------------\ | +------------+<-----------------------\ | | ^ |a ^ | | | | | \----\ | | | | | | +------------+ | | | | | -------| Key Confirm| | | | | | w/ +------------+ | | | | | | ^ | | | | |t V |5 | | | | +-----------+ +------------+ | | / | C| Run | | Key Update | | | / | r+-----------+------>+------------+ | | / | ^ |s u x| | | | v | | | | | | +--------------+ | | v |y | | C| Discovery | q| \--------------->+-------+ | | b+--------------+ +-------------+ | Reset | | | |d f| ^ | Configure |------->+-------+ | | | | | +-------------+p ^ | |e v | | ^ | | +---------+ v |i 2| | | C| Sulking | +------------+ +--------------+ | | +---------+ C| Join |--->| Join-Confirm | | | g+------------+z +--------------+ | | |h m| 3| |4 | | | | | v |o |\ | | | +------------+ \\-----------------/ \--------+---->| Image Data |C \------------------------------------/ +------------+n Figure 2: LWAPP State Machine D D D Need to add up/down of DTLS connection to all states O O D O U U