Datagram Transport Layer Security
   HOME

TheInfoList



Click Here for Items Related To - Datagram Transport Layer Security
OR:
Datagram Transport Layer Security on:   [Wikipedia]   [Google]   [Amazon]

Datagram Transport Layer Security (DTLS) is a
communications protocol A communication protocol is a system of rules that allows two or more entities of a communications system to transmit information via any kind of variation of a physical quantity. The protocol defines the rules, syntax, semantics and synchr ...
providing
security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
to
datagram A datagram is a basic transfer unit associated with a packet-switched network. Datagrams are typically structured in header and payload sections. Datagrams provide a connectionless communication service across a packet-switched network. The del ...
-based applications by allowing them to communicate in a way designed to prevent
eavesdropping Eavesdropping is the act of secretly or stealthily listening to the private conversation or communications of others without their consent in order to gather information. Etymology The verb ''eavesdrop'' is a back-formation from the noun ''eaves ...
, tampering, or
message forgery In cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the p ...
. The DTLS protocol is based on the stream-oriented
Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...
(TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses UDP or
SCTP The Stream Control Transmission Protocol (SCTP) is a computer networking communications protocol in the transport layer of the Internet protocol suite. Originally intended for Signaling System 7 (SS7) message transport in telecommunication, the p ...
, the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram
network packet In telecommunications and computer networking, a network packet is a formatted unit of data carried by a packet-switched network. A packet consists of control information and user data; the latter is also known as the ''payload''. Control inform ...
. Because DTLS uses UDP or SCTP rather than TCP, it avoids the "TCP meltdown problem", when being used to create a VPN tunnel.


Definition

The following documents define DTLS: * for use with
User Datagram Protocol In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages (transported as datagrams in packets) to other hosts on an Internet Protocol (IP) network ...
(UDP), * for use with Datagram Congestion Control Protocol (DCCP), * for use with Control And Provisioning of Wireless Access Points (CAPWAP), * for use with Stream Control Transmission Protocol (SCTP) encapsulation, * for use with
Secure Real-time Transport Protocol The Secure Real-time Transport Protocol (SRTP) is a profile for Real-time Transport Protocol (RTP) intended to provide encryption, message authentication and integrity, and replay attack protection to the RTP data in both unicast and multicas ...
(SRTP) subsequently called DTLS-SRTP in a draft with Secure Real-Time Transport Control Protocol (SRTCP). DTLS 1.0 is based on TLS 1.1, DTLS 1.2 is based on TLS 1.2, and DTLS 1.3 is based on TLS 1.3. There is no DTLS 1.1 because this version-number was skipped in order to harmonize version numbers with TLS. Like previous DTLS versions, DTLS 1.3 is intended to provide "equivalent security guarantees o TLS 1.3with the exception of order protection/non-replayability".


Implementations


Libraries


Applications

*
Cisco Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational digital communications technology conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, ...
AnyConnect Cisco Systems' products and services focus upon three market segments—enterprise and service provider, small business and the home. Corporate market "Corporate market" refers to enterprise networking and service providers. ;Enterprise network ...
VPN Client uses TLS and invented DTLS based VPN. *
OpenConnect OpenConnect is an open-source software application for connecting to virtual private networks (VPN), which implement secure point-to-point connections. It was originally written as an open-source replacement for Cisco's proprietary AnyConnect ...
is an open source AnyConnect-compatible client and ocserv server that supports (D)TLS. * Cisco InterCloud Fabric uses DTLS to form a tunnel between private and public/provider compute environments *
ZScaler Zscaler () is a cloud security company, with headquarters in San Jose, California. The company offers cloud migration services. History Zscaler was founded in 2007 by Jay Chaudhry and K. Kailash. In August 2012, Zscaler secured $38 million in f ...
tunnel 2.0 uses DTLS for tunneling * F5 Networks Edge VPN Client uses TLS and DTLS * Citrix Systems NetScaler uses DTLS to secure UDP * Web browsers: Google Chrome,
Opera Opera is a form of theatre in which music is a fundamental component and dramatic roles are taken by singers. Such a "work" (the literal translation of the Italian word "opera") is typically a collaboration between a composer and a libr ...
and
Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current ...
support DTLS-SRTP for
WebRTC WebRTC (Web Real-Time Communication) is a free and open-source project providing web browsers and mobile applications with real-time communication (RTC) via application programming interfaces (APIs). It allows audio and video communication to wor ...
. Firefox 86 and onward does not support DTLS 1.0.


Vulnerabilities

In February 2013 two researchers from Royal Holloway, University of London discovered a timing attackPlaintext-Recovery Attacks Against Datagram TLS
/ref> which allowed them to recover (parts of the) plaintext from a DTLS connection using the OpenSSL or GnuTLS implementation of DTLS when
Cipher Block Chaining In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transform ...
mode encryption was used.


See also

*
ZRTP ZRTP (composed of Z and Real-time Transport Protocol) is a cryptographic key-agreement protocol to negotiate the keys for encryption between two end points in a Voice over IP (VoIP) phone telephony call based on the Real-time Transport Protocol. ...
* Reliable User Datagram Protocol *
QUIC QUIC (pronounced "quick") is a general-purpose transport layer network protocol initially designed by Jim Roskind at Google, implemented, and deployed in 2012, announced publicly in 2013 as experimentation broadened, and described at an IETF meet ...
* WireGuard


References


External links

* * * * Skip to 1:07:14. * Robin Seggelmann'
Sample Code
echo, character generator, and discard client/servers.
The Illustrated DTLS Connection
{{VPN Cryptographic protocols Session layer protocols Transport Layer Security Virtual private networks