DTLS
   HOME

TheInfoList



Click Here for Items Related To - DTLS
OR:
DTLS on:   [Wikipedia]   [Google]   [Amazon]

Datagram Transport Layer Security (DTLS) is a
communications protocol A communication protocol is a system of rules that allows two or more entities of a communications system to transmit information via any kind of variation of a physical quantity. The protocol defines the rules, syntax, semantics and synch ...
providing
security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
to
datagram A datagram is a basic transfer unit associated with a packet-switched network. Datagrams are typically structured in header and payload sections. Datagrams provide a connectionless communication service across a packet-switched network. The deliv ...
-based applications by allowing them to communicate in a way designed to prevent
eavesdropping Eavesdropping is the act of secretly or stealthily listening to the private conversation or communications of others without their consent in order to gather information. Etymology The verb ''eavesdrop'' is a back-formation from the noun ''eaves ...
, tampering, or
message forgery In cryptography, message forgery is sending a message so to deceive the recipient about the actual sender's identity. A common example is sending a spam Spam may refer to: * Spam (food), a canned pork meat product * Spamming, unsolicited or unde ...
. The DTLS protocol is based on the
stream A stream is a continuous body of surface water flowing within the bed and banks of a channel. Depending on its location or certain characteristics, a stream may be referred to by a variety of local or regional names. Long large streams ...
-oriented
Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...
(TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses UDP or SCTP, the application has to deal with
packet reordering In computer networking, out-of-order delivery is the delivery of data packets in a different order from which they were sent. Out-of-order delivery can be caused by packets following multiple paths through a network, by lower-layer retransmissi ...
, loss of datagram and data larger than the size of a datagram
network packet In telecommunications and computer networking, a network packet is a formatted unit of data carried by a packet-switched network. A packet consists of control information and user data; the latter is also known as the ''payload''. Control inform ...
. Because DTLS uses UDP or SCTP rather than TCP, it avoids the "TCP meltdown problem", when being used to create a VPN tunnel.


Definition

The following documents define DTLS: * for use with
User Datagram Protocol In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages (transported as datagrams in packets) to other hosts on an Internet Protocol (IP) netwo ...
(UDP), * for use with Datagram Congestion Control Protocol (DCCP), * for use with Control And Provisioning of Wireless Access Points (CAPWAP), * for use with
Stream Control Transmission Protocol The Stream Control Transmission Protocol (SCTP) is a computer networking communications protocol in the transport layer of the Internet protocol suite. Originally intended for Signaling System 7 (SS7) message transport in telecommunication, the p ...
(SCTP) encapsulation, * for use with Secure Real-time Transport Protocol (SRTP) subsequently called DTLS-SRTP in a draft with Secure Real-Time Transport Control Protocol (SRTCP). DTLS 1.0 is based on TLS 1.1, DTLS 1.2 is based on TLS 1.2, and DTLS 1.3 is based on TLS 1.3. There is no DTLS 1.1 because this version-number was skipped in order to harmonize version numbers with TLS. Like previous DTLS versions, DTLS 1.3 is intended to provide "equivalent security guarantees o TLS 1.3with the exception of order protection/non-replayability".


Implementations


Libraries


Applications

*
Cisco Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational digital communications technology conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, ...
AnyConnect Cisco Systems' products and services focus upon three market segments—enterprise and service provider, small business and the home. Corporate market "Corporate market" refers to enterprise networking and service providers. ;Enterprise network ...
VPN Client uses TLS and invented DTLS based VPN. * OpenConnect is an open source AnyConnect-compatible client and ocserv server that supports (D)TLS. * Cisco InterCloud Fabric uses DTLS to form a tunnel between private and public/provider compute environments *
ZScaler Zscaler () is a cloud security company, with headquarters in San Jose, California. The company offers cloud migration services. History Zscaler was founded in 2007 by Jay Chaudhry and K. Kailash. In August 2012, Zscaler secured $38 million in ...
tunnel 2.0 uses DTLS for tunneling * F5 Networks Edge VPN Client uses TLS and DTLS * Citrix Systems NetScaler uses DTLS to secure UDP * Web browsers:
Google Chrome Google Chrome is a cross-platform web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, ...
,
Opera Opera is a form of theatre in which music is a fundamental component and dramatic roles are taken by singers. Such a "work" (the literal translation of the Italian word "opera") is typically a collaboration between a composer and a libr ...
and
Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current ...
support DTLS-SRTP for
WebRTC WebRTC (Web Real-Time Communication) is a free and open-source project providing web browsers and mobile applications with real-time communication (RTC) via application programming interfaces (APIs). It allows audio and video communication to wor ...
. Firefox 86 and onward does not support DTLS 1.0.


Vulnerabilities

In February 2013 two researchers from Royal Holloway, University of London discovered a timing attackPlaintext-Recovery Attacks Against Datagram TLS
/ref> which allowed them to recover (parts of the) plaintext from a DTLS connection using the OpenSSL or GnuTLS implementation of DTLS when Cipher Block Chaining mode encryption was used.


See also

*
ZRTP ZRTP (composed of Z and Real-time Transport Protocol) is a cryptographic key-agreement protocol to negotiate the keys for encryption between two end points in a Voice over IP (VoIP) phone telephony call based on the Real-time Transport Protocol. ...
* Reliable User Datagram Protocol * QUIC * WireGuard


References


External links

* * * * Skip to 1:07:14. * Robin Seggelmann'
Sample Code
echo, character generator, and discard client/servers.
The Illustrated DTLS Connection
{{VPN Cryptographic protocols Session layer protocols Transport Layer Security Virtual private networks