Small logo of ETH main building ETH Zurich : Computer Science : Pervasive Computing : Distributed Systems : Education : Student Projects : Abstract

Securing the Constrained Application Protocol (M)

Status: Abgeschlossen

Abstract—The IETF is standardizing the Constrained Application Protocol (CoAP), a Web protocol for resource-constrained platforms, fulfilling machine-to-machine and requirements using UDP. The IETF draft specifies security through Datagram Transport Layer Security (DTLS) to be mandatory. Its implementation for sensor nodes is, however, still a challenge. Thus, this thesis will provide a state-of-the-art survey and a roadmap specifying the necessary steps to realize the security suite for different CoAP implementations. First steps will be realized for Californium (Cf), a CoAP framework written in Java for unconstrained environments.


The Constrained Application Protocol (CoAP), currently standardized by the Internet Engineering Task Force (IETF), is a light-weight RESTful protocol that can easily and transparently be mapped to HTTP This allows for seamless integration into the Web. By using UDP, it enables one-to-many communication, relaxes many-to-one, and provides efficient push notifications. The CoAP specification identifies DTLS and IPSec as two methods that can be used for providing data origin authentication, integrity and replay protection, and encryption for CoAP messages. These security features become an essential requirement for open infrastructures that are not shielded by firewalls, for instance in a smart city. But despite the importance of providing security, the realization is still a challenge, as no common libraries or comprehensive implementation guidance is available. Hence, a survey is necessary to assess the solutions drafted across different IETF working groups. Based on that, a roadmap can be compiled that helps to implement and evaluate the different proposed mechanisms to satisfy the security requirements. A good approach to apply these findings to the embedded operating systems running on resource-constrained platforms is to provide a reference implementation in the unconstrained environment. This allows for preliminary results for mechanism without the issues only related to resource constraints and eases the realization and testing for constrained implementations in future work. For these steps, the Californium (Cf) CoAP framework written in Java can offer the required infrastructure, as it is modular and provides an implementation of the latest CoAP draft.


The student will assess the drafts in the Constrained RESTful Environments (CoRE) working group as well as available implementations of the underlying security mechanisms and discuss possible threats to the protocol and its limitations.

Based on these results, a roadmap will be created listing the steps that need to be taken to realize the security suite for the CoAP implementations of the Distributed Systems Group: Californium (Cf), Erbium (Er), and Copper (Cu).

The theoretical results will be applied to Californium (Cf) by implementing all mandatory security options of the latest CoAP Internet-Draft.

In a final step, the student shall evaluate the realized security suite qualitatively through threat modeling and quantitatively through performance measurements.


Student/Bearbeitet von: Stefan Jucker
Contact/Ansprechpartner: Matthias Kovatsch

ETH ZurichDistributed Systems Group
Last updated March 30 2016 09:14:53 PM MET ko