Rahul Sharma (Editor)

Datagram Transport Layer Security

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit

Datagram Transport Layer Security (DTLS) is a communications protocol that provides security for datagram-based applications by allowing them to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport — the application does not suffer from the delays associated with stream protocols, but has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet.

Contents

Definition

The following documents define DTLS:

  • RFC 6347 for use with User Datagram Protocol (UDP),
  • RFC 5238 for use with Datagram Congestion Control Protocol (DCCP),
  • RFC 5415 for use with Control And Provisioning of Wireless Access Points (CAPWAP),
  • RFC 6083 for use with Stream Control Transmission Protocol (SCTP) encapsulation,
  • RFC 5764 for use with Secure Real-time Transport Protocol (SRTP) subsequently called DTLS-SRTP in a draft with Secure Real-Time Transport Control Protocol (SRTCP).

    • DTLS 1.0 is based on TLS 1.1, and DTLS 1.2 is based on TLS 1.2.

    Applications

  • Cisco AnyConnect VPN Client uses TLS and DTLS, as does the AnyConnect-compatible open-source OpenConnect client
  • Cisco InterCloud Fabric uses DTLS to form a tunnel between private and public/provider compute environments
  • F5 Networks Edge VPN Client uses TLS and DTLS
  • Citrix Systems NetScaler uses DTLS to secure UDP
  • Web browsers: Google Chrome, Opera and Firefox support DTLS-SRTP for WebRTC

    • Vulnerabilities

    In February 2013 two researchers from Royal Holloway, University of London discovered an attack which allowed them to recover plaintext from a DTLS connection using the OpenSSL implementation of DTLS when Cipher Block Chaining mode encryption was used.

    References

    Datagram Transport Layer Security Wikipedia
    (Text) CC BY-SA