資料包傳輸層安全

資料包傳輸層安全(英語:Datagram Transport Layer Security,縮寫為 DTLS),又譯封包傳輸層安全,是一種通訊協定,它向基於數據報的應用提供傳送安全性,使應用能以一種防止竊聽、篡改、偽造的方式[1][2]通訊。DTLS協定基於面向字串流TLS協定,意在提供類似的安全保護。DTLS常用於串流媒體。由於DTLS採用UDP或SCTP而不是TCP,它能在用於建立VPN通道時避免「TCP熔斷問題」。[3][4]

定義

編輯

下列文件定義DTLS:

DTLS 1.0的底層為TLS 1.1,DTLS 1.2的底層為TLS 1.2,DTLS 1.3的底層為TLS 1.3。DTLS 1.1並不存在,為了與TLS版本編號相協調,這個版本編號略過了。[2]就像前期的DTLS版本一樣,DTLS 1.3意在提供「[與TLS 1.3]等價的安全性保證,除順序保護/不可重放性」。[6]

實現

編輯

函式庫

編輯
DTLS的函式庫支援
實現 DTLS 1.0[1] DTLS 1.2[2]
Botan
cryptlib
GnuTLS
Java安全通訊端擴充
LibreSSL [7]
libsystools[8]
MatrixSSL
mbed TLS(舊稱 PolarSSL) [9] [9]
網絡安全服務 [10] [11]
OpenSSL [12]
PyDTLS[13][14]
Python3-dtls[15][16]
RSA BSAFE
s2n
Schannel XP/2003, Vista/2008
Schannel 7/2008R2, 8/2012, 8.1/2012R2, 10 [17] [17]
Schannel 10 (1607), 2016 [18]
Secure Transport OS X 10.2–10.7 / iOS 1–4
Secure Transport OS X 10.8–10.10 / iOS 5–8 [19]
SharkSSL
tinydtls [20]
Waher.Security.DTLS [21]
wolfSSL(舊稱 CyaSSL)
@nodertc/dtls [22][23]
java-dtls[24]
pion/dtls[25] (Go)
californium/scandium[26] (Java)
SNF4J[27] (Java)
實現 DTLS 1.0 DTLS 1.2

參考資料

編輯
  1. ^ 1.0 1.1 Rescorla, Eric; Modadugu, Nagendra. Datagram Transport Layer Security. April 2006. RFC 4347. 
  2. ^ 2.0 2.1 2.2 Rescorla, Eric; Modadugu, Nagendra. Datagram Transport Layer Security Version 1.2. January 2012. RFC 6347. 
  3. ^ Titz, Olaf. Why TCP Over TCP Is A Bad Idea. 2001-04-23 [2015-10-17]. (原始內容存檔於2015-09-01). 
  4. ^ Honda, Osamu; Ohsaki, Hiroyuki; Imase, Makoto; Ishizuka, Mika; Murayama, Junichi. Understanding TCP over TCP: effects of TCP tunneling on end-to-end throughput and latency. Atiquzzaman, Mohammed; Balandin, Sergey I (編). Performance, Quality of Service, and Control of Next-Generation Communication and Sensor Networks III 6011. October 2005. Bibcode:2005SPIE.6011..138H. CiteSeerX 10.1.1.78.5815 . S2CID 8945952. doi:10.1117/12.630496. 
  5. ^ Peck, M.; Igoe, K. Suite B Profile for Datagram Transport Layer Security / Secure Real-time Transport Protocol (DTLS-SRTP). IETF. 2012-09-25 [2022-09-08]. (原始內容存檔於2021-02-25). 
  6. ^ The Datagram Transport Layer Security (DTLS) Protocol Version 1.3. [2022-09-08]. (原始內容存檔於2022-04-01). 
  7. ^ LibreSSL 3.3.2 Release Notes. The OpenBSD Project. 2021-05-01 [2021-06-13]. (原始內容存檔於2022-12-05). 
  8. ^ Julien Kauffmann. libsystools: A TLS/DTLS open source library for Windows/Linux using OpenSSL. SourceForge. [2022-09-08]. (原始內容存檔於2022-09-09). 
  9. ^ 9.0 9.1 mbed TLS 2.0.0 released. ARM. 2015-07-13 [2015-08-25]. (原始內容存檔於2015-09-25). 
  10. ^ NSS 3.14 release notes. Mozilla Developer Network. Mozilla. [2012-10-27]. (原始內容存檔於2013-01-17). 
  11. ^ NSS 3.16.2 release notes. Mozilla Developer Network. Mozilla. 2014-06-30 [2014-06-30]. (原始內容存檔於2021-12-07). 
  12. ^ As of version 1.0.2. The OpenSSL Project. The OpenSSL Project. 2015-01-22 [2015-01-26]. (原始內容存檔於2014-09-04). 
  13. ^ Ray Brown. pydtls - Datagram Transport Layer Security for Python. GitHub. [2022-09-08]. (原始內容存檔於2018-06-11). 
  14. ^ Ray Brown. DTLS for Python. Python Software Foundation. [2022-09-08]. (原始內容存檔於2016-03-03). 
  15. ^ Ray Brown/Mobius Software LTD. pydtls - Datagram Transport Layer Security for Python. GitHub. [2022-09-08]. (原始內容存檔於2022-09-08). 
  16. ^ Ray Brown/Mobius Software LTD. DTLS for Python3 Based on PyDTLS. Python Software Foundation. 
  17. ^ 17.0 17.1 An update is available that adds support for DTLS in Windows 7 SP1 and Windows Server 2008 R2 SP1. Microsoft. [13 November 2012]. (原始內容存檔於2014-02-03). 
  18. ^ Justinha. TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016. docs.microsoft.com. [2017-09-01]. (原始內容存檔於2018-02-28) (美國英語). 
  19. ^ Technical Note TN2287: iOS 5 and TLS 1.2 Interoperability Issues. iOS Developer Library. Apple Inc. [2012-05-03]. (原始內容存檔於2015-04-03). 
  20. ^ Olaf Bergmann. tinydtls. Eclipse基金會. [2022-09-08]. (原始內容存檔於2022-09-01). 
  21. ^ Peter Waher. Waher.Security.DTLS. Waher Data AB. [2022-09-08]. (原始內容存檔於2022-09-08). 
  22. ^ Dmitriy Tsvettsikh. Secure UDP communications using DTLS in pure js. GitHub. [2022-09-08]. (原始內容存檔於2019-03-23). 
  23. ^ Dmitriy Tsvettsikh. DTLS in pure js. npm. [2022-09-08]. (原始內容存檔於2019-08-14). 
  24. ^ Mobius Software LTD. Non blocking Java DTLS 实现 based on BouncyCastle and Netty. Mobius Software LTD. [2022-09-08]. (原始內容存檔於2019-03-23). 
  25. ^ Sean DuBois. pion/dtls: DTLS 1.2 Server/Client 实现 for Go. GitHub. [2022-09-08]. (原始內容存檔於2019-12-26). 
  26. ^ californium/scandium: DTLS 1.2 Server/Client 实现 for java and coap. Includes connection id extension.. Eclipse基金會. [2022-09-08]. (原始內容存檔於2020-07-17). 
  27. ^ SNF4J.ORG. Simple Network Framework for Java (SNF4J).. GitHub. [2022-09-08]. (原始內容存檔於2022-09-09).