rTLS: Lightweight TLS Session Resumption for Constrained IoT Devices

Koen Pieter Tange, David Howard, Travis Shanahan, Stefano Pepe, Xenofon Fafoutis, Nicola Dragoni

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

397 Downloads (Pure)

Abstract

The Transport Layer Security (TLS) 1.3 protocol supports a fast zero round-trip time (0-RTT) session resumption mechanism, enabling clients to send data in their first flight of messages. This protocol has been designed with Web infrastructure in mind, and requires these first messages to not change any state on the server side, as it is susceptible to replay attacks. This is disastrous for common IoT scenarios, where sensors often transmit state-changing data to servers. As bandwidth is a huge concern in the IoT, the field stands to benefit significantly from an efficient session resumption protocol that does not suffer from these limitations. Building on the observation that in IoT scenarios the set of clients is often bounded and fairly static, we propose rTLS (ratchet TLS), an efficient 0-RTT session resumption protocol that dramatically decreases bandwidth overhead, while adding forward secrecy and breakin resilience, and is not susceptible against replay attacks.
Original languageEnglish
Title of host publicationProceedings of the 22nd International Conference on Information and Communications Security
Place of Publication9783030610777
PublisherSpringer
Publication date2020
Pages243-258
DOIs
Publication statusPublished - 2020
Event2020 International Conference on Information and Communications Security - Virtual event
Duration: 24 Aug 202027 Aug 2020

Conference

Conference2020 International Conference on Information and Communications Security
LocationVirtual event
Period24/08/202027/08/2020

Keywords

  • Network
  • Security
  • IoT
  • IIoT
  • TLS
  • Protocol

Fingerprint

Dive into the research topics of 'rTLS: Lightweight TLS Session Resumption for Constrained IoT Devices'. Together they form a unique fingerprint.

Cite this