CoAP-protokollan tietoturva

CoAP-protokollan tietoturva

Tutkielman tarkoituksena on selvittää, onko CoAP-protokolla tietoturvallinen. Tutkielmassa tarkastellaan CoAP-protokollan toimintaa, tietoturvaominaisuuksia, protokollaan kohdistuvia tietoturvauhkia, sekä CoAP:n suojauksen toteuttavaa DTLS-protokollaa. Lisäksi rakennetaan testausasetelma CoAP-protok...

Full description

Bibliographic Details
Main Author: Ihalainen, Ville
Other Authors: Faculty of Information Technology, Informaatioteknologian tiedekunta, Information Technology, Informaatioteknologia, University of Jyväskylä, Jyväskylän yliopisto
Format: Master's thesis
Language:fin
Published: 2024
Subjects:
CoAP
DTLS
IoT
tietoturvallisuus
spoofing
vahvistushyökkäys
sovellusprotokolla
Mathematical Information Technology
Tietotekniikka
602
esineiden internet
tietoturva
protokollat (tietoliikenne)
Online Access: https://jyx.jyu.fi/handle/123456789/92866
_version_ 1826225753718521856
author Ihalainen, Ville
author2 Faculty of Information Technology Informaatioteknologian tiedekunta Information Technology Informaatioteknologia University of Jyväskylä Jyväskylän yliopisto
author_facet Ihalainen, Ville Faculty of Information Technology Informaatioteknologian tiedekunta Information Technology Informaatioteknologia University of Jyväskylä Jyväskylän yliopisto Ihalainen, Ville Faculty of Information Technology Informaatioteknologian tiedekunta Information Technology Informaatioteknologia University of Jyväskylä Jyväskylän yliopisto
author_sort Ihalainen, Ville
datasource_str_mv jyx
description Tutkielman tarkoituksena on selvittää, onko CoAP-protokolla tietoturvallinen. Tutkielmassa tarkastellaan CoAP-protokollan toimintaa, tietoturvaominaisuuksia, protokollaan kohdistuvia tietoturvauhkia, sekä CoAP:n suojauksen toteuttavaa DTLS-protokollaa. Lisäksi rakennetaan testausasetelma CoAP-protokollan tietoturvaominaisuuksien ja siihen kohdistuvien uhkien testaamiseksi. Testausasetelmassa CoAP-protokollaan kohdistetaan IP-osoitteen spoofing ja yksinkertainen vahvistushyökkäys, sekä kaapataan ja tarkastellaan DTLS-suojattua liikennettä. Tutkimusaiheen taustoittamiseksi tarkastellaan CoAP:n lisäksi lyhyesti IoT:ia, sen protokollapinoa ja siihen eri kerroksilla kohdistuvia tietoturvauhkia, sekä CoAP:n kuljetuskerroksella käyttämää UDP-protokollaa. Tutkimusmenetelminä tutkielmassa sovelletaan kirjallisuuskatsausta ja konstruktiivista tutkimusmenetelmää. Kirjallisuuskatsauksen menetelmin tarkastellaan aiemman tutkimuksen pohjalta CoAP-protokollan ominaisuuksia, tietoturvaominaisuuksia sekä tietoturvauhkia. Testausosiossa käytettävän CoAP-protokollan tietoturvallisuuden testausasetelman luomisessa sovelletaan konstruktiivista tutkimusmenetelmää. Tutkimuskysymykseen vastataan kirjallisuuskatsauksen ja testauksen tulokset yhdistävän analyysin perusteella. Analyysin perusteella CoAP-protokolla on tietoturvallinen silloin, kun sen turvallisuustiloja sekä DTLS-suojausta käytetään oikein uhkatasoon nähden ja ohjelmistot sekä kirjastot ovat päivitettyjä siten, etteivät ne sisällä tunnettuja haavoittuvuuksia. Lisäksi salauksessa käytettävien avainten generointi ja jakelu sekä bootstrapping-prosessi laitteiden tai järjestelmien käyttöönottojen yhteydessä tulee toteuttaa turvallisesti. Jos DTLS-suojausta ei käytetä, on CoAP-protokolla altis useille eri hyökkäyksille, kuten spoofing, vahvistushyökkäys ja protokollien väliset hyökkäykset. Thesis aims to find out whether the CoAP protocol is secure in terms of information security. The thesis examines the operation and information security features of the CoAP protocol, information security threats to the protocol and the DTLS protocol which implements CoAP protocol's protection. In addition, a testing setup will be built for testing the security features of the CoAP protocol and potential threats against it. In the testing setup, IP-spoofing and simple amplification attack are tested against the CoAP protocol, as well as capturing and examination of DTLS-protected traffic. For background, in addition to CoAP, IoT and its protocol stack and the threats against it at different layers are briefly reviewed, as well as the UDP protocol used by CoAP in the transport layer. Research methods used in the thesis are literature review and constructive research method. Based on previous research, characteristics, information security features and security threats of the CoAP protocol are examined using the methods of the literature review. A constructive research method is applied in creating the security testing setup for the CoAP protocol used in the testing section. The research question is answered based on an analysis that combines the results of the literature review and testing. Based on the analysis, the CoAP protocol is secure when security modes and DTLS protection are used correctly in relation to the threat level. Used CoAP implementations and libraries must also be updated so that they do not contain known vulnerabilities. In addition, the generation and distribution of the keys used in encryption, as well as the bootstrapping process in connection with the commissioning of the devices or the system, must be carried out securely. If DTLS protection is not used, the CoAP protocol is vulnerable to several different attacks, such as spoofing, amplification attacks and cross-protocol attacks.
first_indexed 2024-01-18T21:01:09Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Honkanen, Risto", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Ihalainen, Ville", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2024-01-18T06:28:44Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2024-01-18T06:28:44Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2024", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/92866", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Tutkielman tarkoituksena on selvitt\u00e4\u00e4, onko CoAP-protokolla tietoturvallinen. Tutkielmassa tarkastellaan CoAP-protokollan toimintaa, tietoturvaominaisuuksia, protokollaan kohdistuvia tietoturvauhkia, sek\u00e4 CoAP:n suojauksen toteuttavaa DTLS-protokollaa. Lis\u00e4ksi rakennetaan testausasetelma CoAP-protokollan tietoturvaominaisuuksien ja siihen kohdistuvien uhkien testaamiseksi. Testausasetelmassa CoAP-protokollaan kohdistetaan IP-osoitteen spoofing ja yksinkertainen vahvistushy\u00f6kk\u00e4ys, sek\u00e4 kaapataan ja tarkastellaan DTLS-suojattua liikennett\u00e4. Tutkimusaiheen taustoittamiseksi tarkastellaan CoAP:n lis\u00e4ksi lyhyesti IoT:ia, sen protokollapinoa ja siihen eri kerroksilla kohdistuvia tietoturvauhkia, sek\u00e4 CoAP:n kuljetuskerroksella k\u00e4ytt\u00e4m\u00e4\u00e4 UDP-protokollaa.\n\nTutkimusmenetelmin\u00e4 tutkielmassa sovelletaan kirjallisuuskatsausta ja konstruktiivista tutkimusmenetelm\u00e4\u00e4. Kirjallisuuskatsauksen menetelmin tarkastellaan aiemman tutkimuksen pohjalta CoAP-protokollan ominaisuuksia, tietoturvaominaisuuksia sek\u00e4 tietoturvauhkia. Testausosiossa k\u00e4ytett\u00e4v\u00e4n CoAP-protokollan tietoturvallisuuden testausasetelman luomisessa sovelletaan konstruktiivista tutkimusmenetelm\u00e4\u00e4. Tutkimuskysymykseen vastataan kirjallisuuskatsauksen ja testauksen tulokset yhdist\u00e4v\u00e4n analyysin perusteella.\n\nAnalyysin perusteella CoAP-protokolla on tietoturvallinen silloin, kun sen turvallisuustiloja sek\u00e4 DTLS-suojausta k\u00e4ytet\u00e4\u00e4n oikein uhkatasoon n\u00e4hden ja ohjelmistot sek\u00e4 kirjastot ovat p\u00e4ivitettyj\u00e4 siten, etteiv\u00e4t ne sis\u00e4ll\u00e4 tunnettuja haavoittuvuuksia. Lis\u00e4ksi salauksessa k\u00e4ytett\u00e4vien avainten generointi ja jakelu sek\u00e4 bootstrapping-prosessi laitteiden tai j\u00e4rjestelmien k\u00e4ytt\u00f6\u00f6nottojen yhteydess\u00e4 tulee toteuttaa turvallisesti. Jos DTLS-suojausta ei k\u00e4ytet\u00e4, on CoAP-protokolla altis useille eri hy\u00f6kk\u00e4yksille, kuten spoofing, vahvistushy\u00f6kk\u00e4ys ja protokollien v\u00e4liset hy\u00f6kk\u00e4ykset.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Thesis aims to find out whether the CoAP protocol is secure in terms of information security. The thesis examines the operation and information security features of the CoAP protocol, information security threats to the protocol and the DTLS protocol which implements CoAP protocol's protection. In addition, a testing setup will be built for testing the security features of the CoAP protocol and potential threats against it. In the testing setup, IP-spoofing and simple amplification attack are tested against the CoAP protocol, as well as capturing and examination of DTLS-protected traffic. For background, in addition to CoAP, IoT and its protocol stack and the threats against it at different layers are briefly reviewed, as well as the UDP protocol used by CoAP in the transport layer.\n\nResearch methods used in the thesis are literature review and constructive research method. Based on previous research, characteristics, information security features and security threats of the CoAP protocol are examined using the methods of the literature review. A constructive research method is applied in creating the security testing setup for the CoAP protocol used in the testing section. The research question is answered based on an analysis that combines the results of the literature review and testing.\n\nBased on the analysis, the CoAP protocol is secure when security modes and DTLS protection are used correctly in relation to the threat level. Used CoAP implementations and libraries must also be updated so that they do not contain known vulnerabilities. In addition, the generation and distribution of the keys used in encryption, as well as the bootstrapping process in connection with the commissioning of the devices or the system, must be carried out securely. If DTLS protection is not used, the CoAP protocol is vulnerable to several different attacks, such as spoofing, amplification attacks and cross-protocol attacks.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Miia Hakanen (mihakane@jyu.fi) on 2024-01-18T06:28:44Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2024-01-18T06:28:44Z (GMT). No. of bitstreams: 0\n Previous issue date: 2024", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "86", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "CoAP", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "DTLS", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "IoT", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "tietoturvallisuus", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "spoofing", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "vahvistushy\u00f6kk\u00e4ys", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "sovellusprotokolla", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "CoAP-protokollan tietoturva", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202401181362", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Mathematical Information Technology", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietotekniikka", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "602", "language": null, "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "esineiden internet", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "protokollat (tietoliikenne)", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
id jyx.123456789_92866
language fin
last_indexed 2025-02-18T10:54:41Z
main_date 2024-01-01T00:00:00Z
main_date_str 2024
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/33fe78e2-6e74-42a7-9957-161bf23be46d\/download","text":"URN:NBN:fi:jyu-202401181362.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2024
record_format qdc
source_str_mv jyx
spellingShingle Ihalainen, Ville CoAP-protokollan tietoturva CoAP DTLS IoT tietoturvallisuus spoofing vahvistushyökkäys sovellusprotokolla Mathematical Information Technology Tietotekniikka 602 esineiden internet tietoturva protokollat (tietoliikenne)
title CoAP-protokollan tietoturva
title_full CoAP-protokollan tietoturva
title_fullStr CoAP-protokollan tietoturva CoAP-protokollan tietoturva
title_full_unstemmed CoAP-protokollan tietoturva CoAP-protokollan tietoturva
title_short CoAP-protokollan tietoturva
title_sort coap protokollan tietoturva
title_txtP CoAP-protokollan tietoturva
topic CoAP DTLS IoT tietoturvallisuus spoofing vahvistushyökkäys sovellusprotokolla Mathematical Information Technology Tietotekniikka 602 esineiden internet tietoturva protokollat (tietoliikenne)
topic_facet 602 CoAP DTLS IoT Mathematical Information Technology Tietotekniikka esineiden internet protokollat (tietoliikenne) sovellusprotokolla spoofing tietoturva tietoturvallisuus vahvistushyökkäys
url https://jyx.jyu.fi/handle/123456789/92866 http://www.urn.fi/URN:NBN:fi:jyu-202401181362
work_keys_str_mv AT ihalainenville coapprotokollantietoturva

Similar Items