HOME

TheInfoList



Click Here for Items Related To - DTLS
OR:
DTLS on:   [Wikipedia]   [Google]   [Amazon]

Datagram Transport Layer Security (DTLS) is a
communications protocol A communication protocol is a system of rules that allows two or more entities of a communications system to transmit information via any kind of variation of a physical quantity. The protocol defines the rules, syntax, semantics and synchro ...
providing
security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
to
datagram A datagram is a basic transfer unit associated with a packet-switched network. Datagrams are typically structured in header and payload sections. Datagrams provide a connectionless communication service across a packet-switched network. The del ...
-based applications by allowing them to communicate in a way designed to prevent
eavesdropping Eavesdropping is the act of secretly or stealthily listening to the private conversation or communications of others without their consent in order to gather information. Etymology The verb ''eavesdrop'' is a back-formation from the noun ''eaves ...
, tampering, or message forgery. The DTLS protocol is based on the stream-oriented
Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in secu ...
(TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses UDP or
SCTP The Stream Control Transmission Protocol (SCTP) is a computer networking communications protocol in the transport layer of the Internet protocol suite. Originally intended for Signaling System 7 (SS7) message transport in telecommunication, the p ...
, the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram
network packet In telecommunications and computer networking, a network packet is a formatted unit of data carried by a packet-switched network. A packet consists of control information and user data; the latter is also known as the '' payload''. Control infor ...
. Because DTLS uses UDP or SCTP rather than TCP, it avoids the "TCP meltdown problem", when being used to create a VPN tunnel.


Definition

The following documents define DTLS: * for use with
User Datagram Protocol In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages (transported as datagrams in packets) to other hosts on an Internet Protocol (IP) networ ...
(UDP), * for use with
Datagram Congestion Control Protocol In computer networking, the Datagram Congestion Control Protocol (DCCP) is a message-oriented transport layer protocol. DCCP implements reliable connection setup, teardown, Explicit Congestion Notification (ECN), congestion control, and featu ...
(DCCP), * for use with Control And Provisioning of Wireless Access Points (CAPWAP), * for use with
Stream Control Transmission Protocol The Stream Control Transmission Protocol (SCTP) is a computer networking communications protocol in the transport layer of the Internet protocol suite. Originally intended for Signaling System 7 (SS7) message transport in telecommunication, the p ...
(SCTP) encapsulation, * for use with Secure Real-time Transport Protocol (SRTP) subsequently called DTLS-SRTP in a draft with Secure Real-Time Transport Control Protocol (SRTCP). DTLS 1.0 is based on TLS 1.1, DTLS 1.2 is based on TLS 1.2, and DTLS 1.3 is based on TLS 1.3. There is no DTLS 1.1 because this version-number was skipped in order to harmonize version numbers with TLS. Like previous DTLS versions, DTLS 1.3 is intended to provide "equivalent security guarantees
o TLS 1.3 O, or o, is the fifteenth letter and the fourth vowel letter in the Latin alphabet, used in the modern English alphabet, the alphabets of other western European languages and others worldwide. Its name in English is ''o'' (pronounced ), pl ...
with the exception of order protection/non-replayability".


Implementations


Libraries


Applications

*
Cisco Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational corporation, multinational digital communications technology conglomerate (company), conglomerate corporation headquartered in San Jose, California. Cisco develo ...
AnyConnect VPN Client uses TLS and invented DTLS based VPN. * OpenConnect is an open source AnyConnect-compatible client and ocserv server that supports (D)TLS. * Cisco InterCloud Fabric uses DTLS to form a tunnel between private and public/provider compute environments *
ZScaler Zscaler () is a cloud security company, with headquarters in San Jose, California. The company offers cloud migration services. History Zscaler was founded in 2007 by Jay Chaudhry and K. Kailash. In August 2012, Zscaler secured $38 million in f ...
tunnel 2.0 uses DTLS for tunneling * F5 Networks Edge VPN Client uses TLS and DTLS * Citrix Systems NetScaler uses DTLS to secure UDP * Web browsers:
Google Chrome Google Chrome is a cross-platform web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macO ...
,
Opera Opera is a form of theatre in which music is a fundamental component and dramatic roles are taken by singers. Such a "work" (the literal translation of the Italian word "opera") is typically a collaboration between a composer and a libre ...
and
Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and ...
support DTLS-SRTP for
WebRTC WebRTC (Web Real-Time Communication) is a free and open-source project providing web browsers and mobile applications with real-time communication (RTC) via application programming interfaces (APIs). It allows audio and video communication to ...
. Firefox 86 and onward does not support DTLS 1.0.


Vulnerabilities

In February 2013 two researchers from Royal Holloway, University of London discovered a timing attackPlaintext-Recovery Attacks Against Datagram TLS
/ref> which allowed them to recover (parts of the) plaintext from a DTLS connection using the OpenSSL or GnuTLS implementation of DTLS when
Cipher Block Chaining In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transform ...
mode encryption was used.


See also

* ZRTP *
Reliable User Datagram Protocol In computer networking, the Reliable User Datagram Protocol (RUDP) is a transport layer protocol designed at Bell Labs for the Plan 9 operating system. It aims to provide a solution where UDP is too primitive because guaranteed-order packet d ...
*
QUIC QUIC (pronounced "quick") is a general-purpose transport layer network protocol initially designed by Jim Roskind at Google, implemented, and deployed in 2012, announced publicly in 2013 as experimentation broadened, and described at an IETF meet ...
* WireGuard


References


External links

* * * * Skip to 1:07:14. * Robin Seggelmann'
Sample Code
echo, character generator, and discard client/servers.
The Illustrated DTLS Connection
{{VPN Cryptographic protocols Session layer protocols Transport Layer Security Virtual private networks