Re: [cf-dev] Request/Response Layer with DTLS Usage on CoAP Server Side

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [cf-dev] Request/Response Layer with DTLS Usage on CoAP Server Side

From: "Hudalla Kai (INST/ESY1)" <Kai.Hudalla@xxxxxxxxxxxx>
Date: Thu, 6 Oct 2016 08:21:12 +0000
Accept-language: en-US, de-DE
Delivered-to: cf-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/cf-dev>
List-help: <mailto:cf-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/cf-dev>, <mailto:cf-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/cf-dev>, <mailto:cf-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AdIe/jD1INKzFW4CRy6hAQjFGiakOQAm5R6A
Thread-topic: [cf-dev] Request/Response Layer with DTLS Usage on CoAP Server Side

I think you're right, Daniel. The example you give could happen in that way
running Californium.

Can you open an issue on GitHub?

On Mi, 2016-10-05 at 13:15 +0000, Maier Daniel (INST/ECS4) wrote:
> Hi all,
>  
> Californium implements in UdpMatcher.receiveResponse() discard of responses
> that do not belong to the same DTLS session as the request on CoAP-Client side.
> This implements the requirement of CoAP specification:
>  
> “The following rules are added for matching a response to a request: The DTLS
> session MUST be the same, and the epoch MUST be the same.”
>  
> But there seems to be no such mechanism for this requirement on server side,
> i.e. a CoAP Server may send a response to a newly established DTLS session that
> comes from the same IP:Port as the request. I think to accomplish the RFC it is
> also mandatory to ensure that no response gets sent to a DTLS session that is
> not the same as the one of the request.
>  
> Example:
> -          There is a CoAP-Server using DTLS with server certificate but
> without required Client authentication.
> -          There is a CoAP-Client client1 with an established DTLS session that
> observes a resources of this server.
> -          A second CoAP-Client client2 initiates a DTLS session using the same
> IP:Port as client1, e.g. they are behind the same NAT and the NAT devices
> reuses port mappings after inactivity.
> -          Now client2 receives notifies (responses) that were intended for
> client1. Client2 can decrypt theses notifies because the CoAP-Server encrypts
> them for the newly created DTLS session. These responses might leak sensitive
> information.  
>  
> What do you think? Is this a problem of Californium implementation or did I get
> something wrong here?
>  
> Best Regards,
> Daniel
> _______________________________________________
> cf-dev mailing list
> cf-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit
> https://dev.eclipse.org/mailman/listinfo/cf-dev

Follow-Ups:
- Re: [cf-dev] Request/Response Layer with DTLS Usage on CoAP Server Side
  - From: Maier Daniel (INST/ECS4)

References:
- [cf-dev] Request/Response Layer with DTLS Usage on CoAP Server Side
  - From: Maier Daniel (INST/ECS4)

Prev by Date: [cf-dev] [Hudson] Hudson build is back to normal : 2.0.x #22
Next by Date: [cf-dev] [Hudson] Build failed in Hudson: master #98
Previous by thread: [cf-dev] Request/Response Layer with DTLS Usage on CoAP Server Side
Next by thread: Re: [cf-dev] Request/Response Layer with DTLS Usage on CoAP Server Side
Index(es):
- Date
- Thread

Breadcrumbs