International Journal of Information Security

, Volume 16, Issue 2, pp 173–193 | Cite as

On improving resistance to Denial of Service and key provisioning scalability of the DTLS handshake

  • Marco Tiloca
  • Christian Gehrmann
  • Ludwig Seitz
Regular Contribution


DTLS is a transport layer security protocol designed to provide secure communication over unreliable datagram protocols. Before starting to communicate, a DTLS client and server perform a specific handshake in order to establish a secure session and agree on a common security context. However, the DTLS handshake is affected by two relevant issues. First, the DTLS server is vulnerable to a specific Denial of Service (DoS) attack aimed at forcing the establishment of several half-open sessions. This may exhaust memory and network resources on the server, so making it less responsive or even unavailable to legitimate clients. Second, although it is one of the most efficient key provisioning approaches adopted in DTLS, the pre-shared key provisioning mode does not scale well with the number of clients, it may result in scalability issues on the server side, and it complicates key re-provisioning in dynamic scenarios. This paper presents a single and efficient security architecture which addresses both issues, by substantially limiting the impact of DoS, and reducing the number of keys stored on the server side to one unit only. Our approach does not break the existing standard and does not require any additional message exchange between DTLS client and server. Our experimental results show that our approach requires a shorter amount of time to complete a handshake execution and consistently reduces the time a DTLS server is exposed to a DoS instance. We also show that it considerably improves a DTLS server in terms of service availability and robustness against DoS attack.


Security DTLS Denial of Service  Key provisioning 



The authors sincerely thank the anonymous referees and the associate editor for their insightful comments and suggestions that helped to considerably improve the technical quality of the paper. This work has been partially supported by the EU FP7 Project SEGRID (Grant Agreement No. FP7-607109) as well as by the EIT DIGITAL High Impact Initiative “Advanced connectivity platform for vertical segments”.

Compliance with ethical standards


This project has received funding from the European Union’s Seventh Framework Programme for research, technological development and demonstration under grant agreement no. 607109. This work was also supported by the EIT DIGITAL High Impact Initiative “Advanced Connectivity Platform for vertical segments”. Ericsson holds a patent related to the Derived Key Mode scheme described in Section 6.1 (International Application Number PCT/SE2013/050846).


  1. 1.
    Dierks, T., Rescorla E.: RFC 5246, The Transport Layer Security (TLS) Protocol Version 1.2. Internet Engineering Task Force (2008)Google Scholar
  2. 2.
    DARPA: RFC 793, Transmission Control Protocol (TCP) DARPA Internet Program Protocol Specification. Internet Engineering Task Force (1981)Google Scholar
  3. 3.
    Rescorla, E., Modadugu, N.: RFC 6347, Datagram Transport Layer Security Version 1.2. Internet Engineering Task Force (2012)Google Scholar
  4. 4.
    Postel, J.: RFC 768. User Datagram Protocol. Internet Engineering Task Force (1980)Google Scholar
  5. 5.
    Eronen, P., Tschofenig, H.: RFC 4279, Pre-shared Key Ciphersuites for Transport Layer Security (TLS). Internet Engineering Task Force (2005)Google Scholar
  6. 6.
    Scandium (Sc) Security for Californium, version 0.1.4 (2014). Last accessed January 2016
  7. 7.
    Californium (Cf) CoAP framework—Java CoAP Implementation, version 0.18-2 (2014). Last accessed: January 2016
  8. 8.
    Shelby, Z., Hartke, K., Bormann, C.: RFC 7252. Internet Engineering Task Force, Constrained Application Protocol (CoAP) (2014)Google Scholar
  9. 9.
    Constrained RESTful Environments (CoRE). Last accessed: January 2016
  10. 10.
    Mirkovic, J., Dietrich, S., Dittrich, D., Reiher, P.: Internet Denial of Service: Attack and Defense Mechanisms. Prentice Hall, Pearson Education, New Jersey (2004)Google Scholar
  11. 11.
    Wang, H., Jin, C., Shin, K.G.: Defense against spoofed IP traffic using hop-count filtering. IEEE/ACM Trans. Netw. 15(1), 40–53 (2007)CrossRefGoogle Scholar
  12. 12.
    Li, J., Sung, M., Xu, J., Li, L.: Large-scale IP traceback in high-speed Internet: practical techniques and theoretical foundation, In: Proceedings of the 2004 IEEE Symposium on Security and Privacy, pp. 115–129. IEEE Computer Society (2004)Google Scholar
  13. 13.
    Savage, S., Wetherall, D., Karlin, A.R., Anderson, T.E.: Practical network support for IP traceback. ACM SIGCOMM Comput. Commun. Rev. 30(4), 295–306 (2000)CrossRefGoogle Scholar
  14. 14.
    Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Kent, S.T., Strayer W.T.: Hash-based IP Traceback, In: Proceedings of the 2001 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM’01, pp. 3–14. ACM (2001)Google Scholar
  15. 15.
    Song, D.X., Perrig, A.: Advanced and authenticated marking schemes for IP traceback, In: Proceedings of the IEEE Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2001), vol. 2, pp. 878–886. IEEE Computer Society (2001)Google Scholar
  16. 16.
    Ferguson, P., Senie, D.: RFC 2267, Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing. Internet Engineering Task Force (1998)Google Scholar
  17. 17.
    Li, J., Mirkovic, J., Wang, M., Reiher, P., Zhang, L.: SAVE: source address validity enforcement protocol. In: Proceedings of the IEEE Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2002), pp. 1557–1566. IEEE Computer Society (2002)Google Scholar
  18. 18.
    Mahajan, R., Bellovin, S.M., Floyd, S., Ioannidis, J., Paxson, V., Shenker, S.: Controlling high bandwidth aggregates in the network. ACM SIGCOMM Comput. Commun. Rev. 32(3), 62–73 (2002)CrossRefGoogle Scholar
  19. 19.
    Yau, D.K.Y., Lui, J., Liang, F., Yam, Y.: Defending against distributed denial-of-service attacks with max–min fair server-centric router throttles. IEEE/ACM Trans. Netw. 13(1), 29–42 (2005)CrossRefGoogle Scholar
  20. 20.
    Patil, R.Y., Ragha, L.: A rate limiting mechanism for defending against flooding based distributed denial of service attack. In: 2011 World Congress on Information and Communication Technologies (WICT), pp. 182–186 (2011)Google Scholar
  21. 21.
    Beitollahi, H., Deconinck, G.: A cooperative mechanism to defense against distributed denial of service attacks. In: Proceedings of the IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2011), pp. 11–20 (2011)Google Scholar
  22. 22.
    Dean, D., Franklin, M., Stubblefield, A.: An algebraic approach to IP traceback. ACM Trans. Inform. Syst. Secur. 5(2), 119–137 (2002)CrossRefGoogle Scholar
  23. 23.
    Goodrich, M.T.: Efficient packet marking for large-scale IP traceback. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS’02, pp. 117–126. ACM (2002)Google Scholar
  24. 24.
    Bhatti, N., Friedrich, R.: Web server support for tiered services. IEEE Netw. 13(5), 64–71 (1999)CrossRefGoogle Scholar
  25. 25.
    Qie, X., Pang, R., Peterson, L.: Defensive programming: using an annotation toolkit to build DoS-resistant software. In: ACM SIGOPS Operating Systems Review—OSDI’02, 36(SI), pp. 45–60 (2002)Google Scholar
  26. 26.
    Juels, A., Brainard, J.: Client puzzles: a cryptographic defense against connection depletion attacks. In: Proceedings of NDSS Symposium, pp. 1–15 (1999)Google Scholar
  27. 27.
    Wang, X., Reiter, M.K.: Defending against Denial-of-Service attacks with puzzle auctions. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy, SP’03, pp. 78–92. IEEE Computer Society (2003)Google Scholar
  28. 28.
    Bernstein, D.J.: SYN cookies (1996). Last accessed: January 2016
  29. 29.
    Ranjan, S., Swaminathan, R., Uysal, M., Knightly, E.: DDoS-resilient scheduling to counter application layer attacks under imperfect detection. In: Proceedings of the 25th IEEE International Conference on Computer Communications (INFOCOM 2006), pp. 1–13, IEEE Computer Society (2006)Google Scholar
  30. 30.
    CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks (1996)Google Scholar
  31. 31.
    Mirkovic, J., Reiher, P.: D-WARD: a source-end defense against flooding Denial-of-Service attacks. IEEE Trans. Dependable Secure Comput. 2(3), 216–232 (2005)CrossRefGoogle Scholar
  32. 32.
    Gil, T.M., Poletto, M.: MULTOPS: a data-structure for bandwidth attack detection. In: Proceedings of the 10th Conference on USENIX Security Symposium—vol. 10, SSYM’01, pp. 23–38, USENIX Association (2001)Google Scholar
  33. 33.
    Wang H., Zhang D., Shin K.G.: Detecting SYN flooding attacks. In: Proceedings of the IEEE Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2002), vol. 3, pp. 1530–1539 (2002)Google Scholar
  34. 34.
    Ohsita, Y., Ata, S., Murata, M.: Detecting distributed Denial-of-Service attacks by analyzing TCP SYN packets statistically. In: IEEE 2004 Global Telecommunications Conference (GLOBECOM’04), vol. 4 (2004), pp. 2043–2049 (2004)Google Scholar
  35. 35.
    Darmohray, T., Oliver, R.: Hot spares for DoS attacks. Mag. USENIX SAGE 25(4), 3 (2000)Google Scholar
  36. 36.
    Lemon, J.: Resisting SYN flood DoS attacks with a SYN Cache. In: Proceedings of the BSD Conference 2002 on BSD Conference, BSDC’02, pp. 1–9. USENIX Association (2002)Google Scholar
  37. 37.
    Zuquete, A.: Improving the functionality of SYN cookies. In: Proceedings of the IFIP TC6/TC11 Sixth Joint Working Conference on Communications and Multimedia Security: Advanced Communications and Multimedia Security, pp. 57–77. Kluwer, B.V. (2002)Google Scholar
  38. 38.
    Aura, T., Nikander, P., Leiwo, J.: DOS-resistant authentication with client puzzles. In: Revised Papers from the 8th International Workshop on Security Protocols, pp. 170–177. Springer, Berlin (2001)Google Scholar
  39. 39.
    Dean, D., Stubblefield, A.: Using client puzzles to protect TLS. In: Proceedings of the 10th Conference on USENIX Security Symposium, SSYM’01—vol. 10, pp. 1–8. USENIX Association (2001)Google Scholar
  40. 40.
    Schneier, B.: Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd edn. Wiley, New York (1996)MATHGoogle Scholar
  41. 41.
    Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: RFC 5280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Internet Engineering Task Force (2008)Google Scholar
  42. 42.
    Wouters, P., Tschofenig, H., Gilmore, J., Weiler, S., Kivinen, T.: RFC 7250, Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). Internet Engineering Task Force (2014)Google Scholar
  43. 43.
    Neuman, C., Yu, T., Hartman, S., Raeburn, K.: RFC 4120, The Kerberos Network Authentication Service (V5). Internet Engineering Task Force (2005)Google Scholar
  44. 44.
    Arkko, J., Carrara, E., Lindholm, F., Naslund, M., Norrman, K.: RFC 3830, MIKEY: Multimedia Internet KEYing. Internet Engineering Task Force (2004)Google Scholar
  45. 45.
    Mattsson, J., Tian, T.: RFC 6043, MIKEY-TICKET: Ticket-Based Modes of Key Distribution in Multimedia Internet KEYing (MIKEY). Internet Engineering Task Force (2011)Google Scholar
  46. 46.
    Selander, G., Seitz, L.: Access Control Framework for Constrained Environments, draft-selander-core-access-control-02 (Work in progress). Internet Engineering Task Force (2014)Google Scholar
  47. 47.
    Seitz, L., Selander, G., Gehrmann, C.: Authorization framework for the internet-of-things. In: D-SPAN workshop of the IEEE 14th International Symposium and Workshops on a World of Wireless, Mobile and Multimedia Networks (WoWMoM), pp. 1–6. IEEE Computer Society (2013)Google Scholar
  48. 48.
    Cole, E.: Network Security Bible, 2nd edn. Wiley, New York (2009)Google Scholar
  49. 49.
    Birman, K.: Guide to Reliable Distributed Systems. Building High-Assurance Applications and Cloud-Hosted Services. Springer, London (2012)CrossRefGoogle Scholar
  50. 50.
    Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley, New York (2008)Google Scholar
  51. 51.
    Shelby, Z., Koster, M., Bormann, C., van der Stok, P.: CoRE Resource Directory draft-ietf-core-resource-directory-05 (Work in progress). Internet Engineering Task Force (2015)Google Scholar
  52. 52.
    Krawczyk, H., Bellare, M., Canetti, R.: RFC 2104, HMAC: Keyed-Hashing for Message Authentication. Internet Engineering Task Force (1997)Google Scholar
  53. 53.
    Stajano, F., Anderson, R.J.: The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks. In: Proceedings of the 7th International Workshop on Security Protocols, pp. 172–194. Springer, Berlin (1999)Google Scholar
  54. 54.
    McElice, R.J.: Finite Fields for Computer Scientists and Engineers. Kluwer, Boston (1987)CrossRefGoogle Scholar
  55. 55.
    Dworkin, M.: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. National Institute of Standards and Technology (2007)Google Scholar
  56. 56.
    Gehrmann, C.: Topics in Authentication Theory. Ph.D. thesis, Lund University, Lund (1997)Google Scholar
  57. 57.
    McGrew, D., Bailey, D.: RFC 6655, AES-CCM Cipher Suites for Transport Layer Security (TLS). Internet Engineering Task Force (2012)Google Scholar
  58. 58.
    Federal Information Processing Standards Publication 180-2, Secure Hash Standard (2002)Google Scholar
  59. 59.
    RSA Laboratories, PKCS #1 v2.2: RSA Cryptographic Standard. EMC Corporation Public-Key Cryptographic Standards (PKCS) (2012)Google Scholar
  60. 60.
    National Institute of Standards and Technology, Federal Information Processing Standards, Specification for the Advanced Encryption Standard (AES). National Institute of Standards and Technology (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  • Marco Tiloca
    • 1
  • Christian Gehrmann
    • 2
  • Ludwig Seitz
    • 2
  1. 1.SICS Swedish ICT AB, Security LabKistaSweden
  2. 2.SICS Swedish ICT AB, Security LabLundSweden

Personalised recommendations