基于标识密码的数据报传输层安全协议

TLS作为目前应用最为广泛的安全传输协议，只能保证可靠传输TCP上数据的安全性.DTLS（datagram TLS）在TLS协议架构上进行了修改，能够为UDP提供安全保护.但DTLS在会话建立过程中仍然需要依赖第三方认证中心和证书完成通信双方的认证，连接建立过程时间长，安全开销大，不能满足物联网等资源受限的网络通信环境.将标识密码引入DTLS中，避免了握手协议中处理证书所带来的各种开销，在计算会话密钥的同时完成通信双方的认证；并使用新的密钥协商协议重新设计DTLS的握手协议，减少交互次数和消息数量，缩短连接建立时间.实验结果表明，基于标识密码的DTLS在不降低安全性的同时，将通信建立时间缩短了近50%.

Datagram Transport Layer Security Protocol with Identity-Based Cryptography

TLS is the most widely deployed security protocol, however, it can only secure the applications that are based on reliable transport. Datagram TLS (DTLS) is a modified version of the TLS protocol which provides security protection in datagram environments. In DTLS, however, the communication parties need complete authentication though the certification authority when they establish connection. Consequently, the connection establishment process takes long time with a high security overhead, which cannot meet the requirement for resource-constrained network communication environment such as Internet of Things. This paper introduces identify-based cryptography to DTLS. It provides authentication while calculating the session key, and avoids the overhead associated with handling certificates in the handshake protocol. The paper designs a new DTLS handshake protocol, which reduces the number of interactions and messages, and shortens the connection establishment time. Experimental results show that the DTLS with identity-based cryptography reduces the communication setup time by nearly 50% without compromising the security.