Skip to main content

CoAP Attacks
draft-mattsson-core-coap-attacks-01

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft whose latest revision state is "Replaced".
Expired & archived
Authors John Preuß Mattsson , John Fornehed , Göran Selander , Francesca Palombini , Christian Amsüss
Last updated 2022-01-28 (Latest revision 2021-07-27)
Replaces draft-mattsson-core-coap-actuators
Replaced by draft-ietf-core-attacks-on-coap
RFC stream (None)
Formats
Additional resources
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

Being able to securely read information from sensors, to securely control actuators, and to not enable distributed denial-of-service attacks are essential in a world of connected and networking things interacting with the physical world. This document summarizes a number of known attacks on CoAP and show that just using CoAP with a security protocol like DTLS, TLS, or OSCORE is not enough for secure operation. The document also summarizes different denial-of-service attacks using CoAP. The goal with this document is motivating generic and protocol-specific recommendations on the usage of CoAP. Several of the discussed attacks can be mitigated with the solutions in draft-ietf-core-echo-request-tag.

Authors

John Preuß Mattsson
John Fornehed
Göran Selander
Francesca Palombini
Christian Amsüss

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)