1. Technical Field
Embodiments of the present invention relate to a method of selectively applying a data encryption function and, more particularly, to a method that is capable of selectively applying application data encryption in a datagram transport layer security (DTLS) record layer.
2. Description of the Related Art
The IETF standard organization has standardized the Constrained Application Protocol (CoAP) that can be used in the Internet of Things (IoT). The CoAP replaces the Transmission Control Protocol (TCP)-based Hypertext Transfer Protocol (HTTP), and is a protocol that operates based on the user datagram protocol (UDP).
The CoAP standard document stipulates the use of DTLS in order to protect a CoAP message, and prescribes that the encryption algorithm standard “TLS_PSK_WITH_AES_128_CCM_8” providing both data integrity and confidentiality must be used when DTLS is used.
In an IoT environment, all the CoAP messages are provided with data integrity (authentication) and confidentiality (encryption) through the DLTS encryption algorithm standard AES_CCM after a DTLS security channel is set up.
In an IoT environment, devices have many limitations on using resources, such as memory capacity and the operation capability of a CPU. Accordingly, the IETF has standardized the UDP-based CoAP in order to apply a TCP-based HTTP protocol to IoT devices. Messages, such as a message indicating the turning on/off of a light at customer premises or in a building, can be transferred using the CoAP.
DTLS is a standardized TCP-based TLS security protocol, and provides authentication, data integrity and confidentiality. DTLS is a security protocol standardized by reinforcing procedures, such as the retransmission of a TLS message, in order to ensure reliability in an unreliable UDP environment.
The DTLS encryption algorithm standard is defined in the form of TLS_PSK_WITH_AES_128_CCM_8, and accommodates most of the encryption algorithm standards of TLS. A pre-shared key (PSK) refers to performing authentication using a previously defined secret key. AES_128_CCM_8 refers to providing data integrity and confidentiality in accordance with the AES_CCM method using a 128-bit symmetric key. The number “8” of TLS_PSK_WITH_AES_128_CCM_8 means that 8 bytes are used as an authentication value. For reference, TLS_RSA_WITH_AES_128_CBC_SHA256 means that authentication is performed using an RSA public key encryption algorithm, data encryption is provided in AES_CBC mode using a 128-bit symmetric key, and data integrity is provided using SHA256.
In DTLS, processes, such as the negotiation of a DTLS encryption algorithm standard, the exchange of authentication certificates and the exchange of symmetric keys, are performed via a DTLS handshake protocol process between two nodes. Once the DTLS handshake protocol process has been terminated, the two nodes provide data integrity and confidentiality functions in accordance with an encryption algorithm standard negotiated via the DTLS record layer protocol. For example, if two CoAP nodes have negotiated TLS_PSK_WITH_AES_128_CCM_8 as an encryption algorithm standard in a DTLS handshake protocol process, they provide data integrity and confidentiality in accordance with AES_128_CCM_8 in a DTLS record layer protocol.
FIG. 1 is a diagram illustrating the structure of TLS to help understanding of DTLS.
The structure of TLS is the same as that of DTLS except some pieces of header information. A DTLS handshake process includes a handshake protocol and a change cipher spec protocol, as illustrated in FIG. 1.
Once security negotiations have been terminated in the DTLS handshake process, actual application data is generated in an application layer and is delivered to a record layer protocol, so that data integrity and confidentiality are provided. Furthermore, DTLS data is finally included in a UDP payload and is then delivered.
FIG. 2 is a diagram illustrating a DTLS handshake process to help understanding of DTLS. A DTLS handshake process is started by starting the transmission of a ClientHello message. The DLTS handshake process is terminated by sending a Finished message to a server side.
In FIG. 2, the integrity and confidentiality of application data are provided to Application Data. That is, the part of which the record layer protocol of FIG. 1 takes charge is the Application Data part of FIG. 2.
However, both data integrity and confidentiality do not need to be provided to all the CoAP messages. For example, if all the lights of a building or a home are simultaneously turned on or off, a clue to determining whether a resident is present in the building or home may be provided to a malicious attacker who tries to intrude into the building or home. However, the eavesdropping of a CoAP message indicative of the turning on or off of some lights may be meaningless for a malicious attacker. Furthermore, in a CoAP group communication environment, even simple ACK messages received from a plurality of devices may not be useful for an attacker. It is also necessary to reduce resources consumed by continuously performing an encryption process on resource-restricted IoT devices.
Furthermore, the load of memory attributable to the installation of the DLTS encryption algorithm standard on IoT devices needs to be taken into consideration. The DTLS encryption algorithm standard also includes the standard “TLS_PSK_WITH_NULL_SHA256” that provides only data integrity. If the standard providing only data integrity is installed on an IoT device, however, there is the burden of additionally installing an SHA256 encryption module on the IoT device. That is, CoAP-based IoT devices have the burden of installing both the encryption algorithm standard “TLS_PSK_WITH_AES_128_CCM_8” and the standard “TLS_PSK_WITH_NULL_SHA256.”
In the selective application of confidentiality to a CoAP message, there is also a resource waste problem attributable to the frequent re-establishment of DTLS sessions. For example, in order to deliver a CoAP message that needs to be encrypted, CoAP nodes may set a DTLS session to “TLS-PSK-WITH-AES-128-CCM-8.” Furthermore, a CoAP client may generate the authentication tag value of the CoAP message in the DTLS record layer, may encrypt plaintext and the authentication tag value, and may deliver the encrypted plaintext and authentication tag value to a CoAP server. If a CoAP node has to deliver a CoAP message that does not need to be encrypted, CoAP nodes may release a current DTLS session, and may set the DTLS session to “TLS-PSK-WITH-NULL-SHA256” again. In other words, due to an unpredicted IoT service scenario characteristic (e.g., the characteristic in which the level of sensitivity of data leakage differs), CoAP nodes may have to frequently set up DTLS sessions again in accordance with the encryption algorithm standard that provides both data integrity and confidentiality and the encryption algorithm standard that provides only data integrity. This becomes a primary cause of the waste of resources in the application of DTLS to the CoAP nodes.
Conventional arts provide only a method of providing both data integrity and confidentiality, such as TLS-PSK-WITH-AES-128-CCM-8, in the application of DTLS to the CoAP. Accordingly, the resources of IoT devices are not efficiently used because an encryption process needs to be performed on even a CoAP message that does not need to be encrypted.
An art related to the present invention includes a technology disclosed in Korean Patent Application Publication No. 2010-0074463 entitled “Method for Securing Media Independent Handover Message Transportation.”