DTLS
Generated by GPT-5-miniExpansion Funnel Raw 64 → Dedup 0 → NER 0 → Enqueued 0
| DTLS | |
|---|---|
| Name | DTLS |
| Status | Active |
| Developer | Internet Engineering Task Force |
| First published | 2004 |
| Latest release | 1.3 (as of 2024) |
| Layer | Transport Layer |
| License | IPR policy of IETF |
DTLS Datagram Transport Layer Security is a protocol that provides communications privacy for datagram-based applications by adapting concepts from Transport Layer Security to unreliable transports. It aims to offer equivalent security properties to those of Transport Layer Security while preserving the semantics of datagram-oriented protocols such as User Datagram Protocol, enabling secure sessions for applications developed by organizations like Cisco Systems and Mozilla Corporation. The protocol is specified and evolved within the Internet Engineering Task Force and referenced in deployments by companies such as Google and institutions like European Organization for Nuclear Research.
Overview
DTLS was created to bring confidentiality, integrity, and authentication to datagram transports used by projects from Apple Inc. to Microsoft. Originating from work in the IETF Transport Area, DTLS maps the state machine and record protections of Transport Layer Security onto the semantics of User Datagram Protocol and similar stacks employed by vendors including Intel and ARM Holdings. Its development involved contributors from research organizations such as Carnegie Mellon University and Rensselaer Polytechnic Institute, and it has been cited in standards discussions involving entities like World Wide Web Consortium and Internet Society. DTLS is commonly used alongside signaling systems designed by companies like Cisco Systems and frameworks originating at Google.
Protocol Design and Features
DTLS adapts the handshake, record, and alert mechanisms familiar from Transport Layer Security to tolerate packet loss and reordering inherent in User Datagram Protocol networks. The handshake supports cipher suites originally defined by groups including RSA Security and maintained by the IETF TLS Working Group, enabling algorithms from projects like OpenSSL and BoringSSL. DTLS introduces sequence numbers, explicit epoch counters, and retransmission timers influenced by research from Stanford University and Massachusetts Institute of Technology to avoid replay attacks and ensure state synchronization. The record layer allows fragmentation and reassembly compatible with implementations by Mozilla Corporation and Google while supporting extensions specified by contributors associated with Amazon Web Services and Cloudflare.
Versions and Extensions
DTLS has evolved through versions driven by the IETF and authored by engineers affiliated with organizations such as Amazon, Facebook, and Cisco Systems. Early work produced versions aligning with Transport Layer Security 1.0 and 1.2, while later efforts sought parity with Transport Layer Security 1.3 through drafts and experimental extensions proposed by researchers at ETH Zurich and University of Cambridge. Extensions include support for PSK modes promoted by companies like Qualcomm, datagram-specific cookie exchanges influenced by Nokia, and profiles for real-time media used by projects at Vidyo and Skype Technologies. Experimental proposals from institutions such as UC Berkeley address integration with QUIC and adaptation for constrained environments championed by Eclipse Foundation projects.
Implementation and Deployment
Several open-source and commercial implementations exist, including libraries like OpenSSL, GnuTLS, BoringSSL, and projects maintained by organizations such as Mozilla Corporation and Amazon Web Services. Embedded implementations have been produced by vendors including Texas Instruments and STMicroelectronics for use in devices by Siemens and Schneider Electric. DTLS is integrated into real-time communication stacks used by services from Google and Microsoft, and in virtual private network products offered by Cisco Systems and Juniper Networks. Deployment scenarios often involve servers hosted by companies like Amazon Web Services, content delivery networks operated by Cloudflare, and teleconferencing platforms developed by Zoom Video Communications.
Security Considerations
Security analyses of DTLS have been conducted by researchers from ETH Zurich, University of Oxford, and Princeton University, revealing subtleties in handshake retransmission and cookie mechanisms. Threat models considered in IETF discussions reference adversaries studied in work at RAND Corporation and SRI International. Best practices in implementations, advocated by groups such as OpenBSD and The Linux Foundation, emphasize robust random number generation from sources like Intel hardware RNGs and proper certificate validation using chains issued by authorities including Let's Encrypt and DigiCert. Cryptographic algorithm choices align with recommendations by organizations such as National Institute of Standards and Technology and researchers at IBM Research. Mitigations for known attacks draw on techniques used in Transport Layer Security deployments by Facebook and Google.
Applications and Use Cases
DTLS secures real-time media and telephony systems standardized by entities like 3GPP and implemented by vendors including Ericsson and Nokia. It is used in Internet of Things products developed by Bosch and Honeywell and in industrial control systems developed by Schneider Electric and Siemens. Messaging platforms by Signal Messenger and VPN products from Palo Alto Networks leverage DTLS or related datagram security designs. Research prototypes at MIT Media Lab and Carnegie Mellon University explore DTLS in sensor networks and robotics projects associated with Boston Dynamics and iRobot. Constrained implementations target standards driven by IETF] ]working groups and the Open Mobile Alliance for mobile and embedded deployments.
Category:Internet protocols