Netinfo Security ›› 2023, Vol. 23 ›› Issue (8): 17-31.doi: 10.3969/j.issn.1671-1122.2023.08.002

Previous Articles     Next Articles

SDP-CoAP: Design of Security Enhanced CoAP Communication Framework Based on Software Defined Perimeter

ZHANG Wei1(), LI Zixuan1, XU Xiaoyu2, HUANG Haiping1   

  1. 1. School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China
    2. Jiangsu Lianchuang Software Research Institute, Nanjing 210003, China
  • Received:2023-06-25 Online:2023-08-10 Published:2023-08-08
  • Contact: ZHANG Wei E-mail:zhangw@njupt.edu.cn

Abstract:

Constrained Application Protocol(CoAP), as a new Internet of Things(IoT) protocol, can not meet the new security requirements despite considering its security design. This paper proposed a security enhanced CoAP communication framework (SDP-CoAP) based on Software Defined Perimeter(SDP-CoAP). SDP-CoAP used Single Packet Authentication(SPA) technology. The client added authentication information, the tunnel encryption method of the Datagram Transport Layer Security(DTLS) and the CoAP request method to the first packet in the handshake process and send it to the SDP controller to achieve authentication before communication. For authenticated access requests, the credibility of the access was evaluated in real time from multiple dimensions such as environment and behavior, and multi-dimensional dynamic access authorization was realized by combining different request methods of the client. This paper also analyzed the specific deployment mode of SDP-CoAP architecture, and designed a deployment mode that integrated security performance, energy consumption and processing delay. Experiments verify that the client gateway deployment mode of SDP-CoAP can effectively enhance the security of CoAP network without introducing significant energy consumption and network delay.

Key words: Internet of Things, zero trust, software-defined perimeter, single packet authentication

CLC Number: