Hi,
when a request to a
LWM2M client, e.g. read request, gets triggered, Leshan
looks up the client with the desired endpoint name from the
client registry and sends the request to the IP:Port saved
there. When this IP:Port gets used by another client in the
meantime, e.g. port re-usage of NAT device, the request gets
sent to the wrong client. I think without usage of DTLS this
behavior is just fine.
However, the same
applies also with DTLS. Example:
-
client1
registers with Leshan using PSK1
-
client2
creates new DTLS session with Leshan/Scandium from same
IP:Port but with PSK2 (client does not need to register at
LWM2M level)
-
server
sends read request to client1, however request arrives at
client2 (as client2 has IP:Port of client1) and client2 can
even decrypt it
Isn’t this a serious
security issue? I can’t find anything related to this in the
LWM2M Specification.
One way to solve this
would be to handover recipient principal somehow to scandium
and scandium only sends the message when this is the same as
the active DTLS session. Or even more strict handover the
DTLS sessionId etc. of the last message received from the
according client to scandium (like Scandium
CorrelationContext but only the other way around).
