Hi, dear!
In this article, I want to share with you about TLS, DTLS, DTLS+.
TLS
TLS is a protocol designed by the IETF on the basis of SSL3.0. SSL was designed by Netscape in 1994, and SSL 3.0 was released in 1995. TLS is actually a successor to SSL. So, if you want to understand TLS, you need to understand SSL first.
SSL is a protocol-independent of platforms and applications. It is located between TCP/IP and application layer protocols to provide secure and reliable support for data communication.
SSL has the characteristics of confidentiality, authentication, and integrity.
Confidentiality: The session key is defined in the handshake protocol, and all messages are encrypted.
Authentication: Optional client authentication and mandatory server authentication.
Integrity: An integrity check is performed during message transmission.
As an upgraded version of SSL, TLS is more secure, standard, and complete than SSL.
DTLS
As mentioned above, the TLS is located on the TCP, and can ensure data transmission security on the TCP. Datagram TLS (DTLS) is an extension of TLS to ensure data transmission security over UDP.
Each time a piece of data is transmitted in DTLS, a six-way handshake is performed to establish a connection between the client and server. Therefore, DTLS is secure but consumes a lot of bandwidth.
DTLS+
Datagram Transport Layer Security+(DTLS+) is a protocol used by the Huawei OceanConnect IoT platform. Compared with DTLS, DTLS+ reduce the number of handshake times between the terminal and the IoT platform during communication, thereby prolonging the battery life of the terminal.
How it works
The DTLS protocol is used between NB-IoT devices and the IoT platform to protect applications and data. The handshake between the client and server is established for the DTLS connection. After the handshake is established, the two parties use five parameters. (source address, destination address, source port, destination port, protocol type) to identify a connection.
Comparison between TLS and DTLS
Field | TLS | DTLS |
RFC | RFC 4346(V1.1), RFC 5246 (V1.2), RFC 8446(V1.3) | RFC 6347(V1.2) |
Function | It must run over a reliable transport channel based on TCP. It cannot be used to secure unreliable datagram traffic. | It is used to construct "TCL over datagram". |
Runs above which protocol | TLS covers both securities for TCP and UDP transport types. | DTLS is implied if the transport type is UDP. |
Message type | 1 | 1 |
Message Type | 3 | 3 |
Message Sequence Number | Does not exist | 2 |
Fragment Offset | Does not exist | 3 |
Fragment Length | Does not exist | 3 |
Role | Client only | Server and Client |
Comparison between DTLS and DTLS+
DTLS | DTLS+ | |
Communications |
|
|
Translation | Seven messages (six handshake messages and one data message) are required for each data transmission. | Seven messages (six handshake messages and one data message) are required for the first data transmission. After that, no handshake is required. Only one data message needs to be transmitted. |
Thanks!
