nRF51 IoT SDK
 All Data Structures Functions Variables Typedefs Enumerations Enumerator Groups Pages
DTLS
Warning
The DTLS examples are only available through the zip release of the IoT SDK. These examples are not distributed with nRF51 IoT SDK Packs..

The Datagram Transport Layer Security (DTLS) defines transport layer security for datagram protocols thereby providing communications privacy for datagram protocols. The DTLS protocol is based on the Transport Layer Security (TLS) protocol and provides equivalent security guarantees. TLS assumes a reliable transport and breaks when re-hosted on an unreliable transport. DTLS aims at fixing this problem by proposing changes to allow reordering of packets and implement retransmission timers to handle packet loss.

CoAP defines DTLS bindings for secure communication. Just as HTTP is secured using Transport Layer Security (TLS) over TCP, CoAP is secured using Datagram TLS (DTLS) [RFC6347] over UDP (see Figure 1).

                         +----------------------+
                         |      Application     |
                         +----------------------+
                         +----------------------+
                         |         CoAP         |
                         +----------------------+
                         +----------------------+
                         |         DTLS         |
                         +----------------------+
                         +----------------------+
                         |          UDP         |
                         +----------------------+

                        Figure 1: DTLS-Secured CoAP

nRF51 IoT SDK uses tinyDTLS implementation 0.8.0 for DTLS. tinyDTLS provides a light-weight implementation of the DTLS protocol that can be used in devices with tight memory constraints. The cipher suites supported by tinydtls are limited to TLS_PSK_WITH_AES_128_CCM_8 and TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 that are mandatory-to-implement for CoAP. For more details, see http://tinydtls.sourceforge.net/

Note
tinyDTLS version 0.8.1 is ported to nRF51 platform. Changes have been made to the source of tinyDTLS in order to allow nRF51 as an embedded platform that does not run Contiki. Other changes include changes to remove code that result is malloc or high memory requirements on the stack.

nRF51 IoT SDK includes examples enabling DTLS for both CoAP Server and Client Examples.

Warning
When TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 cipher is selected, signature creation, certificate generation and verification take perceivable time, in order of minutes as users/developers are expected to wait and ensure CoAP time-outs are configured accordingly. Server usually takes longer time than the client. This delay is observed only for the handshake. Subsequent encrypted messages should be exchanged without any delays.


CoAP_Overall.svg
Figure 1: Setup of CoAP examples.


CoAP Server and Client Example applications detailed below:

Server

Client