Internet-Draft | SCHC for CoAP | December 2023 |
Tiloca, et al. | Expires 7 June 2024 | [Page] |
This document defines how to compress Constrained Application Protocol (CoAP) headers using the Static Context Header Compression and fragmentation (SCHC) framework. SCHC defines a header compression mechanism adapted for Constrained Devices. SCHC uses a static description of the header to reduce the header's redundancy and size. While RFC 8724 describes the SCHC compression and fragmentation framework, and its application for IPv6/UDP headers, this document applies SCHC to CoAP headers. The CoAP header structure differs from IPv6 and UDP, since CoAP uses a flexible header with a variable number of options, themselves of variable length. The CoAP message format is asymmetric: the request messages have a header format different from the format in the response messages. This specification gives guidance on applying SCHC to flexible headers and how to leverage the asymmetry for more efficient compression Rules. This document replaces and obsoletes RFC 8824.¶
This note is to be removed before publishing as an RFC.¶
Discussion of this document takes place on the Static Context Header Compression Working Group mailing list (schc@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/schc/.¶
Source for this draft and an issue tracker can be found at https://github.com/marco-tiloca-sics/draft-ietf-schc-8824-update.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 7 June 2024.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The Constrained Application Protocol (CoAP) [RFC7252] is a command/response protocol designed for microcontrollers with small RAM and ROM, and optimized for services based on REST (Representational State Transfer). Although the Constrained Devices are a leading factor in the design of CoAP, a CoAP header's size is still too large for LPWANs (Low-Power Wide-Area Networks). Static Context Header Compression and fragmentation (SCHC) over CoAP headers is required to increase performance or to use CoAP over LPWAN technologies.¶
[RFC8724] defines the SCHC framework, which includes a header compression mechanism for LPWANs that is based on a static context. Section 5 of [RFC8724] explains where compression and decompression occur in the architecture. The SCHC compression scheme assumes as a prerequisite that both endpoints know the static context before transmission. The way the context is configured, provisioned, or exchanged is out of this document's scope.¶
CoAP is an application protocol, so CoAP compression requires installing common Rules between the two SCHC instances. SCHC compression may apply at two different levels: at the IP and UDP level in the LPWAN, as well as at the application level for CoAP. These two compression techniques may be independent. Both follow the same principle as that described in [RFC8724]. As different entities manage the CoAP compression process at different levels, the SCHC Rules driving the compression/decompression are also different. [RFC8724] describes how to use SCHC for IP and UDP headers. This document specifies how to apply SCHC compression to CoAP headers.¶
SCHC compresses and decompresses headers based on common contexts between Devices. The SCHC context includes multiple Rules. Each Rule can match the header fields to specific values or ranges of values. If a Rule matches, the matched header fields are replaced by the RuleID and the Compression Residue that contains the residual bits of the compression. Thus, different Rules may correspond to different protocol headers in the packet that a Device expects to send or receive.¶
A Rule describes the packets' entire header with an ordered list of Field Descriptors (see Section 7 of [RFC8724]). Thereby, each description contains the Field ID (FID), Field Length (FL), and Field Position (FP), as well as a Direction Indicator (DI) (upstream, downstream, and bidirectional) and some associated Target Values (TVs). The DI is used for compression to give the best TV to the FID when these values differ in their transmission direction. Therefore, a field may be described several times in the same Rule.¶
A Matching Operator (MO) is associated with each header Field Descriptor. The Rule is selected if all the MOs fit the TVs for all the fields of the header. A Rule cannot be selected if the message contains a field that is unknown to the SCHC compressor.¶
In that case, a Compression/Decompression Action (CDA) associated with each field specifies the method to compress and decompress that field. Compression mainly results in one of four actions:¶
send the field value (value-sent),¶
send nothing (not-sent),¶
send some Least Significant Bits (LSBs) of the field, or¶
send an index (mapping-sent).¶
After applying the compression, there may be some bits to be sent. These values are called "Compression Residue".¶
SCHC is a general mechanism applied to different protocols, with the exact Rules to be used depending on the protocol and the application. Section 10 of [RFC8724] describes the compression scheme for IPv6 and UDP headers. This document targets CoAP header compression using SCHC.¶
The use of SCHC compression applied to CoAP headers was originally defined in [RFC8824]. While this document does not alter the core approach, design choices, and features specified therein, this document clarifies, updates, and extends the SCHC compression of CoAP headers defined in [RFC8824].¶
In particular, this documents replaces and obsoletes [RFC8824] as follows.¶
It provides clarifications and amendments to the original specification text, based on collected feedback and reported errata.¶
It clarifies the SCHC compression for the CoAP options Size1, Size2, Proxy-Uri, and Proxy-Scheme (see Section 5.4).¶
It defines the SCHC compression for the CoAP option Hop-Limit (see Section 5.6).¶
It defines the SCHC compression for the recently defined CoAP options Echo (see Section 5.7), Request-Tag (see Section 5.8), EDHOC (see Section 5.9), as well as Q-Block1 and Q-Block2 (see Section 6.1).¶
It updates the SCHC compression processing for the CoAP option OSCORE (see Section 6.4), in the light of recent developments related to the security protocol OSCORE as defined in [I-D.ietf-core-oscore-key-update] and [I-D.ietf-core-oscore-groupcomm].¶
It clarifies how the SCHC compression handles the CoAP payload marker (see Section 7).¶
It defines the SCHC compression of CoAP headers in the presence of CoAP proxies (see Section 9), for which examples are provided (see Section 10).¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
Readers are expected to be familiar with the terms and concepts related to the SCHC framework [RFC8724], the web-transfer protocol CoAP [RFC7252], and the security protocols OSCORE [RFC8613] and Group OSCORE [I-D.ietf-core-oscore-groupcomm].¶
SCHC compression for CoAP headers MAY be done in conjunction with the lower layers (IPv6/UDP) or independently. The SCHC adaptation layers, described in Section 5 of [RFC8724], may be used as shown in Figure 1, Figure 2, and Figure 3.¶
In the first example depicted in Figure 1, a Rule compresses the complete header stack from IPv6 to CoAP. In this case, the Device and the Network Gateway (NGW) perform SCHC C/D (SCHC Compression/Decompression, see [RFC8724]). The application communicating with the Device does not implement SCHC C/D.¶
Figure 1 shows the use of SCHC header compression above Layer 2 in the Device and the NGW. The SCHC layer receives non-encrypted packets and can apply compression Rules to all the headers in the stack. On the other end, the NGW receives the SCHC packet and reconstructs the headers using the Rule and the Compression Residue. After the decompression, the NGW forwards the IPv6 packet toward the destination. The same process applies in the other direction when a non-encrypted packet arrives at the NGW. Thanks to the IP forwarding based on the IPv6 prefix, the NGW identifies the Device and compresses headers using the Device's Rules.¶
In the second example depicted in Figure 2, SCHC compression is applied in the CoAP layer, compressing the CoAP header independently of the other layers. The RuleID, Compression Residue, and CoAP payload are encrypted using a mechanism such as DTLS [RFC9147]. Only the other end (App) can decipher the information. If needed, layers below use SCHC to compress the header as defined in [RFC8724] (represented by dotted lines in the figure).¶
This use case needs an end-to-end context initialization between the Device and the application. The context initialization is out of scope for this document.¶
The third example depicted in Figure 3 shows the use of Object Security for Constrained RESTful Environments (OSCORE) [RFC8613]. In this case, SCHC needs two Rules to compress the CoAP header. A first Rule focuses on the Inner header. The result of this first compression is encrypted using the OSCORE mechanism. Then, a second Rule compresses the Outer header, including the CoAP Option OSCORE.¶
In the case of several SCHC instances, as shown in Figure 2 and Figure 3, the Rules may come from different provisioning domains.¶
This document focuses on CoAP compression, as represented by the dashed boxes in the previous figures.¶
The use of SCHC over the CoAP header applies the same description and compression/decompression techniques as the technique used for IP and UDP, as explained in [RFC8724]. For CoAP, the SCHC Rules description uses the direction information to optimize the compression by reducing the number of Rules needed to compress headers. The Field Descriptor MAY define both request/response headers and TVs in the same Rule, using the DI to indicate the header type.¶
As for other header compression protocols, when the compressor does not find a correct Rule to compress the header, the packet MUST be sent uncompressed using the RuleID dedicated to this purpose, and where the Compression Residue is the complete header of the packet. See Section 6 of [RFC8724].¶
CoAP compression differs from IPv6 and UDP compression in the following aspects:¶
The CoAP message format is asymmetric, i.e., the headers are different for a request or a response. For example, the Uri-Path Option can be used in a request, while it is not used in a response. A request might contain an Accept Option, and a response might include a Content-Format Option. In comparison, the IPv6 and UDP returning path swaps the value of some fields in the header. However, all the directions have the same fields (e.g., source and destination address fields).¶
[RFC8724] defines the use of a DI in the Field Descriptor, which allows a single Rule to process a message header differently, depending on the direction.¶
Even when a field is "symmetric" (i.e., found in both directions), the values carried in each direction are different. The compression may use a "match-mapping" MO to limit the range of expected values in a particular direction and reduce the Compression Residue's size. Through the DI, a Field Descriptor in the Rules splits the possible field value into two parts, one for each direction. For instance, if a client sends only Confirmable (CON) requests [RFC7252], the Type can be elided by compression, and the reply from the server may use one single bit to carry either the Acknowledgement (ACK) or Reset (RST) type. The field Code has the same behavior: the 0.0X code format value in a request and the Y.ZZ code format in a response.¶
In SCHC, the Rule defines the different header fields' length, so SCHC does not need to send it. In IPv6 and UDP headers, the fields have a fixed size, known by definition. On the other hand, some CoAP header fields have variable lengths, and the Rule description specifies it. For example, the size of the Token field may vary from 0 to 8 bytes, and the CoAP options rely on the Type-Length-Value encoding format to specify the size of the actual option value in bytes.¶
When doing SCHC compression of a variable-length field, Section 7.4.2 of [RFC8724] makes it possible to define a function for the Field Length in the Field Descriptor, in order to determine the length before compression. If the Field Length is unknown, the Rule will set it as a variable, and SCHC will send the compressed field's length in the Compression Residue.¶
A field can appear several times in the CoAP headers. This is typically the case for elements of a URI (path or queries). The SCHC specification [RFC8724] allows a FID to appear several times in the Rule and uses the Field Position (FP) to identify the correct instance, thereby removing the MO's ambiguity.¶
Field Lengths defined in CoAP can be too large when it comes to LPWAN traffic constraints. For instance, this is particularly true for the Message ID field and the Token field. SCHC uses different MOs to perform the compression (see Section 7.4 of [RFC8724]). In this case, SCHC can apply the Most Significant Bits (MSBs) MO to reduce the information carried on LPWANs.¶
This section discusses the SCHC compression of the CoAP header fields, building on what is specified in Section 7.1 of [RFC8724].¶
The CoAP version is bidirectional and MUST be elided during SCHC compression, since it always contains the same value. In the future, or if a new version of CoAP is defined, new Rules will be needed to avoid ambiguities between versions.¶
CoAP [RFC7252] has four types of messages: Confirmable (CON), Non-confirmable (NON), Acknowledgement (ACK), and Reset (RST).¶
The SCHC compression scheme SHOULD elide this field if, for instance, a client is sending only NON messages or only CON messages. For RST messages, SCHC may use a dedicated Rule. For other usages, SCHC can use a "match-mapping" MO.¶
The Code field takes value from the "Code" column of the "CoAP Codes" IANA registry, encoded as specified in Section 3 of [RFC7252]. This field indicates the Method Code of a CoAP request or the Response Code of a CoAP Response, while the value 0.00 indicates an Empty message. The compression of the CoAP Code field follows the same principle as that of the CoAP Type field.¶
If the Device plays a specific role, SCHC may split the code values into two Field Descriptors: (1) the Method Codes with the 0 class and (2) the Response Codes. SCHC will use the DI to identify the correct value in the packet. If the Device only implements a CoAP client, SCHC compression may focus only on the Method Codes that the client uses in its outgoing requests.¶
For known values, SCHC can use a "match-mapping" MO. If SCHC cannot compress the Code field, it will send the values in the Compression Residue.¶
SCHC can compress the Message ID field with the MSB MO and the LSB CDA (see Section 7.4 of [RFC8724]).¶
CoAP defines the Token using two CoAP fields: Token Length in the mandatory header and Token Value directly following the mandatory CoAP header.¶
SCHC processes the Token Length as it would process any header field. If the value does not change, the size can be stored in the TV and elided during the transmission. Otherwise, SCHC will send the Token Length in the Compression Residue.¶
For the Token Value, SCHC MUST NOT send it as variable-size data in the Compression Residue, to avoid ambiguity with the Token Length. Therefore, SCHC MUST use the Token Length value to define the size of the Compression Residue. SCHC designates a specific function, "tkl", that the Rule MUST use to complete the Field Descriptor. During the decompression, this function returns the value contained in the Token Length field.¶
CoAP defines options placed after the mandatory header and the Token field, ordered by option number (see Section 3 of [RFC7252]). Each option instance in a message uses the format Delta-Type (D-T), Length (L), Value (V). The SCHC Rule builds the description of each option as follows:¶
in the FID: an identifier of the option with option number built from the D-T;¶
in the FL: the option length, consistent with what is specified in Sections 7.4.1 and 7.4.2 of [RFC8724]; and¶
in the TV: the option value.¶
When the Option Length has a well-known size, the Rule may keep the length value. Therefore, SCHC compression does not send it. Otherwise, SCHC compression carries the length of the Compression Residue, in addition to the Compression Residue value. Note that the length coding differs between CoAP options and SCHC variable size Compression Residue.¶
CoAP requests and responses do not include the same options. Compression Rules may reflect this asymmetry by using the DI.¶
The following sections present how SCHC compresses some specific CoAP options.¶
If the use of an additional CoAP option is later introduced, the SCHC Rules MAY be updated, in which case a new FID description MUST be assigned to perform the compression of the CoAP option. Otherwise, if no Rule describes that CoAP option, SCHC compression is not achieved, and SCHC sends the CoAP header without compression.¶
If the client expects a single specific value, SCHC can elide these fields, by specifying the value in the TV of a Rule description with an "equal" MO and a "not-sent" CDA. Otherwise, if the client expects several possible values, a "match-mapping" MO SHOULD be used to limit the Compression Residue's size. If not, SCHC has to send the option value in the Compression Residue (with fixed or variable length).¶
SCHC compresses these three fields in the same way. When the values of these options are known, SCHC can elide these fields. If the option uses well-known values, SCHC can use a "match-mapping" MO. Otherwise, these options' values will be sent in the Compression Residue, i.e., the SCHC Rule description does not set the TV, while setting the MO to "ignore" and the CDA to "value-sent".¶
The Uri-Path and Uri-Query fields are repeatable options, i.e., the CoAP header may include them several times and with different values. The SCHC Rule description uses the FP to distinguish the different instances of such options.¶
To compress these repeatable field values, SCHC can use a "match-mapping" MO to reduce the size of variable paths or queries. When doing so, several elements can be regrouped into a single entry in order to optimize the compression. The numbering of elements does not change, and the first matching element sets the MO comparison.¶
For example, as per the Rule descriptions shown in Table 1, SCHC can use a single bit in the Compression Residue to code the path segments "/a/b" or the path segments "/c/d". If regrouping were not allowed, then 2 bits in the Compression Residue would be needed. At the same time, SCHC sends the third path element following "/a/b" or "/c/d" as a variable-size field in the Compression Residue.¶
Field | FL | FP | DI | TV | MO | CDA |
---|---|---|---|---|---|---|
Uri-Path | 1 | Up |
["/a/b", "/c/d"]
|
match- mapping
|
mapping-sent | |
Uri-Path | var | 3 | Up | ignore | value-sent |
The length of the Uri-Path and Uri-Query Options may be known when the Rule is defined. In any other case, SCHC MUST set the Field Length (FL) to a variable value. The unit of the variable length is bytes, hence the Compression Residue size is expressed in bytes, encoded as defined in Section 7.4.2 of [RFC8724].¶
SCHC compression can use the MSB MO for a Uri-Path or Uri-Query element. In such a case, care must be taken when specifying the MSB parameter value in bits, which MUST be a multiple of 8. The length sent at the beginning of the variable-size field Compression Residue indicates the LSB's size in bytes, consistent with the unit of the variable length in the Rule description.¶
For instance, for a CORECONF path /c/X6?k=eth0, the Rule description can be as shown in Table 2. That is, SCHC compresses the first part of the Uri-Path with a "not-sent" CDA. Also, SCHC will send the second element of the Uri-Path with the length (i.e., 0x2 "X6") followed by the query option with the length (i.e., 0x4 "eth0").¶
Field | FL | FP | DI | TV | MO | CDA |
---|---|---|---|---|---|---|
Uri-Path | 1 | Up | "c" | equal | not-sent | |
Uri-Path | var | 2 | Up | ignore | value-sent | |
Uri-Query | var | 1 | Up | "k=" | MSB(16) | LSB |
SCHC fixes the number of Uri-Path or Uri-Query elements in a Rule at Rule creation time. If the number of such elements varies, SCHC SHOULD either:¶
create several Rules to cover all possibilities; or¶
create a Rule that defines several entries for Uri-Path to cover the longest path, and send a Compression Residue with a length of 0 to indicate that a Uri-Path entry is empty.¶
However, this adds 4 bits to the variable Compression Residue size (see Section 7.4.2 of [RFC8724]).¶
The SCHC Rule description MAY define sending some field values by not setting the TV, while setting the MO to "ignore" and the CDA to "value-sent". A Rule MAY also use a "match-mapping" MO when there are different options for the same FID. Otherwise, the Rule sets the TV to a specific value, the MO to "equal", and the CDA to "not-sent".¶
A Rule entry cannot store these fields' values. Therefore, SCHC compression MUST always send these values in the Compression Residue. That is, in the SCHC Rule, the TV is not set, while the MO is set to "ignore" and the CDA is set to "value-sent".¶
The Hop-Limit field is an option defined in [RFC8768] that can be used to detect forwarding loops through a chain of CoAP proxies. The first proxy in the chain that understands the option includes it in a received request with a proper value set, before forwarding the request. Any following proxy that understands the option decrements the option value and forwards the request if the new value is different than zero, or returns a 5.08 (Hop Limit Reached) error response otherwise.¶
When a packet uses the Hop-Limit Option, SCHC compression SHOULD send its content in the Compression Residue. That is, in the SCHC Rule, the TV is not set, while the MO is set to "ignore" and the CDA is set to "value-sent". As an exception, and consistently with the default value 16 defined for the Hop-Limit Option in Section 3 of [RFC8768], a Rule MAY describe a TV with value 16, with the MO set to "equal" and the CDA set to "not-sent".¶
The Echo field is an option defined in [RFC9175] that a server can include in a CoAP response as a challenge to the client, and that the client echoes back to the server in one or more CoAP requests. This enables the server to verify the freshness of a request and to cryptographically verify the aliveness of the client. Also, it forces the client to demonstrate reachability at its claimed network address.¶
When a packet uses the Echo Option, SCHC compression SHOULD send its content in the Compression Residue. That is, in the SCHC Rule, the TV is not set, while the MO is set to "ignore" and the CDA is set to "value-sent". An exception applies in case the server generates the values to use for the Echo Option by means of a persistent counter (see Appendix A of [RFC9175]). In such a case, a Rule MAY use the MSB MO and the LSB CDA. This would be effectively applicable until the persistent counter at the server becomes greater than the maximum threshold value that produces an MSB-matching.¶
The Request-Tag field is an option defined in [RFC9175] that the client can set in CoAP requests throughout block-wise operations, with value an ephemeral short-lived identifier of the specific block-wise operation in question. This allows the server to match message fragments belonging to the same request operation and, if the server supports it, to reliably process simultaneous block-wise request operations on a single resource. If requests are integrity protected, this also protects against interchange of fragments between different block-wise request operations.¶
When a packet uses the Request-Tag Option, SCHC compression MAY send its content in the Compression Residue. That is, in the SCHC Rule, the TV is not set, while the MO is set to "ignore" and the CDA is set to "value-sent". Alternatively, if a pre-defined set of Request-Tag values used by the client is known, a Rule MAY use a "match-mapping" MO when there are different options for the same FID.¶
The EDHOC field is an option defined in [I-D.ietf-core-oscore-edhoc] that a client can include in a CoAP request, in order to perform an optimized, shortened execution of the authenticated key establishment protocol EDHOC [I-D.ietf-lake-edhoc]. Such a request conveys both the final EDHOC message and actual application data, where the latter is protected with OSCORE [RFC8613] using a Security Context derived from the result of the current EDHOC execution.¶
The EDHOC Option occurs at most once and is always empty. The SCHC Rule MUST describe an empty TV, with the MO set to "equal" and the CDA set to "not-sent".¶
When a packet uses a Block1 or Block2 Option [RFC7959] or a Q-Block1 or Q-Block2 Option [RFC9177], SCHC compression MUST send its content in the Compression Residue. In the SCHC Rule, the TV is not set, while the MO is set to "ignore" and the CDA is set to "value-sent". The Block1, Block2, Q-Block1, and Q-Block2 options allow fragmentation at the CoAP level that is compatible with SCHC fragmentation. Both fragmentation mechanisms are complementary, and the node may use them for the same packet as needed.¶
[RFC7641] defines the Observe Option. The SCHC Rule description does not set the TV, while setting the MO to "ignore" and the CDA to "value-sent". SCHC does not limit the maximum size for this option (3 bytes). To reduce the transmission size, either the Device implementation MAY limit the delta between two consecutive values or a proxy can modify the increment.¶
Since the client MAY use a RST message to inform a server that the Observe response is not required, a specific SCHC Rule SHOULD exist to allow the compression of a RST message.¶
[RFC7967] defines a No-Response Option limiting the CoAP responses made by a server to a CoAP request. Different behaviors exist while using this option to limit the responses made by a server to a request. If both ends know the specific value, then the SCHC Rule describes the TV set to that value, the MO set to "equal", and the CDA set to "not-sent".¶
Otherwise, if the value changes over time, the SCHC Rule does not set the TV, while setting the MO to "ignore" and the CDA to "value-sent". The Rule may also use a "match-mapping" MO to compress the value.¶
The security protocol OSCORE [RFC8613] provides end-to-end protection for CoAP messages. Group OSCORE [I-D.ietf-core-oscore-groupcomm] builds on OSCORE and defines end-to-end protection of CoAP messages in group communication [I-D.ietf-core-groupcomm-bis]. This section describes how SCHC Rules can be applied to compress messages protected with OSCORE or Group OSCORE.¶
Figure 4 shows the OSCORE Option value encoding, as it was originally defined in Section 6.1 of [RFC8613]. As explained later in this section, this has been extended in [I-D.ietf-core-oscore-key-update] and [I-D.ietf-core-oscore-groupcomm]. The first byte of the OSCORE Option value specifies information to parse the rest of the value by using flags, as described below.¶
As defined in Section 4.1 of [I-D.ietf-core-oscore-key-update], the eight least significant bit, when set, indicates that the OSCORE Option includes a second byte of flags. The seventh least significant bit is currently unassigned.¶
As defined in Section 5 of [I-D.ietf-core-oscore-groupcomm], the sixth least significant bit, when set, indicates that the message including the OSCORE option is protected with the group mode of Group OSCORE (see Section 8 of [I-D.ietf-core-oscore-groupcomm]). When not set, the bit indicates that the message is protected either with OSCORE, or with the pairwise mode of Group OSCORE (see Section 9 of [I-D.ietf-core-oscore-groupcomm]), while the specific OSCORE Security Context used to protect the message determines which of the two cases applies.¶
As defined in Section 6.1 of [RFC8613], bit h, when set, indicates the presence of the kid context field in the option. Also, bit k, when set, indicates the presence of the kid field. Finally, the three least significant bits form the n field, which indicates the length of the piv (Partial Initialization Vector) field in bytes. When n = 0, no piv is present.¶
Assuming the presence of a single flag byte, this is followed by the piv field. After that, if the h bit is set, the kid context field is present, preceded by one byte "s" indicating its length in bytes. After that, if the k bit is set, the kid field is present, and it ends where the OSCORE Option value ends.¶
Figure 5 shows the extended OSCORE Option value encoding, with the second byte of flags also present. As defined in Section 4.1 of [I-D.ietf-core-oscore-key-update], the least significant bit d of this byte, when set, indicates that two additional fields are included in the option, following the kid context field (if any).¶
These two fields, namely x and nonce, are used when running the key update protocol KUDOS defined in [I-D.ietf-core-oscore-key-update], with x specifying the length of the nonce field in bytes as well as the specific behavior to adopt during the KUDOS execution.¶
If the seventh least significant bit z of the x field is set, it indicates that two additional fields are included in the option, following the x and nonce fields. These two fields, namely y and old_nonce, are also used when running the key update protocol KUDOS, with y specifying the length of the old_nonce field in bytes.¶
Figure 5 provides the breakdown of the x field, where its four least significant bits form the sub-field m, which specifies the size of nonce in bytes, minus 1. Also, the figure provides the breakdown of the y field, where its four least significant bits form the sub-field w, which specifies the size of old_nonce in bytes, minus 1.¶
To better perform OSCORE SCHC compression, the Rule description needs to identify the OSCORE Option and the fields it contains.¶
Conceptually, it discerns up to eight distinct pieces of information within the OSCORE Option: the flag bits, the piv, the kid context prepended by its size, the x byte, the nonce, the y byte, the old_nonce, and the kid. The SCHC Rule splits the OSCORE Option into eight corresponding Field Descriptors in order to compress those pieces of information:¶
CoAP OSCORE_flags¶
CoAP OSCORE_piv¶
CoAP OSCORE_kidctx¶
CoAP OSCORE_x¶
CoAP OSCORE_nonce¶
CoAP OSCORE_y¶
CoAP OSCORE_oldnonce¶
CoAP OSCORE_kid¶
Figure 4 shows the original format of the OSCORE Option with the four fields OSCORE_flags, OSCORE_piv, OSCORE_kidctx, and OSCORE_kid superimposed on it. Also, Figure 5 shows the extended format of the OSCORE option with all the eight fields superimposed on it.¶
If a field is not present, then the corresponding Field Descriptor in the SCHC Rule describes the TV set to b'', with the MO set to "equal" and the CDA set to "not-sent". Note that, if the field kid context is present, it directly includes the size octet, s.¶
In addition, the following applies.¶
For the x field, if both endpoints know the value, then the corresponding Field Descriptor in the SCHC Rule describes the TV set to that value, with the MO set to "equal" and the CDA set to "not-sent". This models: the case where the x field is not present, and thus TV is set to b''; and the case where the two endpoints run KUDOS with a pre-agreed size of the nonce field as per the m sub-field of the x field, as well as with a pre-agreed combination of its modes of operation, as per the bits b and p of the x field.¶
Otherwise, if the value changes over time, then the corresponding Field Descriptor in the SCHC Rule does not set the TV, while it sets the MO to "ignore" and the CDA to "value-sent". The Rule may also use a "match-mapping" MO to compress this field, in case the two endpoints pre-agree on a set of alternative ways to run KUDOS, with respect to the size of the nonce field and the combination of the KUDOS modes of operation to use.¶
For the y field, if both endpoints know the value, then the corresponding Field Descriptor in the SCHC Rule describes the TV set to that value, with the MO set to "equal" and the CDA set to "not-sent". This models: the case where the y field is not present, and thus TV is set to b''; and the case where the two endpoints run KUDOS with a pre-agreed size of the old_nonce field as per the w sub-field of the y field.¶
Otherwise, if the value changes over time, then the corresponding Field Descriptor in the SCHC Rule does not set the TV, while it sets the MO to "ignore" and the CDA to "value-sent". The Rule may also use a "match-mapping" MO to compress this field, in case the two endpoints pre-agree on a set of sizes of the old_nonce field.¶
For the nonce field, if it is not present (i.e., the x field is not present in the first place), then the corresponding Field Descriptor in the SCHC Rule describes the TV set to b'', with the MO set to "equal" and the CDA set to "not-sent".¶
Otherwise, if the nonce field is present, then the corresponding Field Descriptor in the SCHC Rule has the TV not set, while the MO is set to "ignore" and the CDA is set to "value-sent". In such a case, for the value of the nonce field, SCHC MUST NOT send it as variable-length data in the Compression Residue, to avoid ambiguity with the length of the nonce field encoded in the x field. Therefore, SCHC MUST use the m sub-field of the x field to define the size of the Compression Residue. SCHC designates a specific function, "osc.x.m", that the Rule MUST use to complete the Field Descriptor. During the decompression, this function returns the length of the nonce field in bytes, as the value of the m sub-field of the x field, plus 1.¶
For the old_nonce field, if it is not present (i.e., the y field is not present in the first place), then the corresponding Field Descriptor in the SCHC Rule describes the TV set to b'', with the MO set to "equal" and the CDA set to "not-sent".¶
Otherwise, if the old_nonce field is present, then the corresponding Field Descriptor in the SCHC Rule has the TV not set, while the MO is set to "ignore" and the CDA is set to "value-sent". In such a case, for the value of the old_nonce field, SCHC MUST NOT send it as variable-length data in the Compression Residue, to avoid ambiguity with the length of the old_nonce field encoded in the y field. Therefore, SCHC MUST use the w sub-field of the y field to define the size of the Compression Residue. SCHC designates a specific function, "osc.y.w", that the Rule MUST use to complete the Field Descriptor. During the decompression, this function returns the length of the old_nonce field in bytes, as the value of the w sub-field of the y field, plus 1.¶
The following applies with respect to the 0xFF payload marker. A SCHC compression Rule for CoAP includes all the expected CoAP options, therefore the payload marker does not have to be specified in a SCHC Rule description.¶
If the CoAP message to compress with SCHC is not going to be protected with OSCORE [RFC8613] and includes a payload, then the 0xFF payload marker MUST NOT be included in the compressed message, which is composed of the Compression RuleID, the Compression Residue (if any), and the CoAP payload.¶
After having decompressed an incoming message, the recipient endpoint MUST prepend the 0xFF payload marker to the CoAP payload, if any was present after the consumed Compression Residue.¶
If the CoAP message to compress with SCHC is going to be protected with OSCORE, the 0xFF payload marker is compressed as specified later in Section 8.2.¶
In this first scenario, the SCHC compressor on the NGW side receives a POST message from an Internet client, which is immediately acknowledged by the Device. Table 3 describes the SCHC Rule descriptions for this scenario.¶
+----------+ | RuleID 1 | +----------+¶
Field | FL | FP | DI | TV | MO | CDA | Sent [bits] |
---|---|---|---|---|---|---|---|
CoAP Version
|
2 | 1 | Bi | 01 | equal | not-sent | |
CoAP Type | 2 | 1 | Dw | CON | equal | not-sent | |
CoAP Type | 2 | 1 | Up |
[ACK, RST]
|
match- mapping
|
mapping- sent
|
T |
CoAP TKL
|
4 | 1 | Bi | 0 | equal | not-sent | |
CoAP Code | 8 | 1 | Bi |
[0.00, ... 5.05]
|
match- mapping
|
mapping- sent
|
CC CCC |
CoAP MID
|
16 | 1 | Bi | 0000 | MSB(7) | LSB | MID |
CoAP Uri-Path
|
var | 1 | Dw | path | equal | not-sent |
In this example, SCHC compression elides the version and Token Length fields. The 25 Method and Response Codes defined in [RFC7252] have been shrunk to 5 bits using a "match-mapping" MO. The Uri-Path contains a single element indicated in the TV and elided with the CDA "not-sent".¶
SCHC compression reduces the header, sending only a mapped Type (and only for uplink messages), a mapped code, and the least significant bits of the Message ID (9 bits in the example above).¶
Note that, if a client is located in an Application Server and sends a request to a server located in the Device, then the request may not be compressed through this Rule, since the MID might not start with 7 bits equal to 0. A CoAP proxy placed before SCHC C/D can rewrite the Message ID to fit the value and match the Rule.¶
OSCORE aims to solve the problem of end-to-end protection for CoAP messages. Therefore, the goal is to hide as much as possible of the CoAP message, while still enabling proxy operations.¶
Conceptually, this is achieved by splitting the CoAP message into an Inner Plaintext and an Outer OSCORE message. The Inner Plaintext contains (sensitive) information that is not necessary for performing proxy operations. Therefore, that information can be encrypted end-to-end, until it reaches the other origin endpoint as its final destination. The Outer Message acts as a shell matching the regular CoAP message format, and includes all the CoAP options and information needed for performing proxy operations and caching. This is summarized in Figure 6.¶
In particular, the CoAP options are arranged into three classes, each of which is granted a specific type of protection by the OSCORE protocol:¶
Class E: Encrypted options moved to the Inner Plaintext.¶
Class I: Integrity-protected options, included in the Additional Authenticated Data (AAD) when protecting the Plaintext, but otherwise left untouched in the Outer Message.¶
Class U: Unprotected options, left untouched in the Outer Message.¶
As per these classes, the Outer options comprise the OSCORE Option, which indicates that the message is protected with OSCORE and carries the information necessary for the recipient endpoint to retrieve the Security Context for decrypting the message.¶
Figure 6 shows the packet format for the OSCORE Outer header and Plaintext.¶
In the Outer header, the original header code is hidden and replaced by a well-known value. As specified in Sections 4.1.3.5 and 4.2 of [RFC8613], the original header code is replaced with POST for requests and Changed for responses, when the message does not include the Observe Option. Otherwise, the original header code is replaced with FETCH for requests and Content for responses.¶
The first byte of the Plaintext contains the original header code, the class E options, and, if present, the original message payload preceded by the payload marker.¶
After that, an Authenticated Encryption with Associated Data (AEAD) algorithm encrypts the Plaintext. This also integrity-protects the Security Context parameters and, if present, any class I options from the Outer header. The resulting ciphertext becomes the new payload of the OSCORE message, as illustrated in Figure 7.¶
As defined in [RFC5116], this ciphertext is the encrypted Plaintext's concatenation with the Authentication Tag. Note that Inner Compression only affects the Plaintext before encryption. The Authentication Tag, fixed in length and uncompressed, is considered part of the cost of protection.¶
The SCHC compression scheme consists of compressing both the Plaintext before encryption and the resulting OSCORE message after encryption, as shown in Figure 8. Note that, since the recipient endpoint can only decrypt the Inner part of the message, that endpoint will also have to implement Inner SCHC Compression/Decompression.¶
The OSCORE message translates into a segmented process where SCHC compression is applied independently in two stages, each with its corresponding set of Rules, i.e., the Inner SCHC Rules and the Outer SCHC Rules. By doing so, compression is applied to all the fields of the original CoAP message.¶
As to the compression of the 0xFF payload marker, the same rationale described in Section 7 applies to both the Inner SCHC Compression and the Outer SCHC Compression. That is:¶
After the Inner SCHC Compression of a CoAP message including a payload, the payload marker MUST NOT be included in the input to the AEAD Encryption, which is composed of the Inner Compression RuleID, the Inner Compression Residue (if any), and the CoAP payload.¶
The Outer SCHC Compression takes as input the OSCORE-protected message, which always includes a payload (i.e., the OSCORE Ciphertext) preceded by the payload marker.¶
After the Outer SCHC Compression, the payload marker MUST NOT be included in the final compressed message, which is composed of the Outer Compression RuleID, the Outer Compression Residue (if any), and the OSCORE Ciphertext.¶
After having completed the Outer SCHC Decompression of an incoming message, the recipient endpoint MUST prepend the 0xFF payload marker to the OSCORE Ciphertext.¶
After having completed the Inner SCHC Decompression of an incoming message, the recipient endpoint MUST prepend the 0xFF payload marker to the CoAP payload, if any was present after the consumed Compression Residue.¶
This section provides an example with a GET request and a corresponding Content response, exchanged between a Device-based CoAP client and a cloud-based CoAP server. The example also describes a possible set of Rules for Inner SCHC Compression and Outer SCHC Compression. A dump of the results and a contrast between SCHC + OSCORE performance and SCHC + CoAP performance are also listed. This example shows an estimate of the cost of security with SCHC-OSCORE.¶
Our first CoAP message is the GET request in Figure 9.¶
Its corresponding response is the Content response in Figure 10.¶
The SCHC Rules for the Inner Compression include all the fields present in a regular CoAP message. The methods described in Section 4 apply to these fields. Table 4 provides an example.¶
+----------+ | RuleID 0 | +----------+¶
Field | FL | FP | DI | TV | MO | CDA | Sent [bits] |
---|---|---|---|---|---|---|---|
CoAP Code | 8 | 1 | Up | 1 | equal | not-sent | |
CoAP Code | 8 | 1 | Dw | [69,132] |
match- mapping
|
mapping- sent
|
C |
CoAP Uri-Path
|
1 | Up | "temperature" | equal | not-sent |
Figure 11 shows the Plaintext obtained for the example GET request. The packet follows the process of Inner Compression and encryption until the payload. The Outer OSCORE message adds the result of the Inner process.¶
In this case, the original message has no payload, and its resulting Plaintext is compressed up to only 1 byte (the size of the RuleID). The AEAD algorithm preserves this length in its first output and yields a fixed-size tag. SCHC cannot compress the tag, and the OSCORE message must include it without compression. The use of integrity protection translates into an overhead on the total message length, thus limiting the amount of compression that can be achieved and contributing to the cost of adding security to the exchange.¶
Figure 12 shows the process for the example Content response. The Compression Residue is 1 bit long. Note that since SCHC adds padding after the payload, this misalignment causes the hexadecimal code from the payload to differ from the original, even if SCHC cannot compress the tag. The overhead for the tag bytes limits SCHC's performance but adds security to the exchange.¶
The Outer SCHC Rule shown in Table 5 is used, also to process the OSCORE Option fields. Figure 13 and Figure 14 show a dump of the OSCORE messages generated from the example messages, also including the Inner Compressed ciphertext in the payload. These are the messages that have to be compressed via the Outer SCHC Compression scheme.¶
Table 5 shows a possible set of Outer Rule items to compress the Outer header.¶
+----------+ | RuleID 1 | +----------+¶
Field | FL | FP | DI | TV | MO | CDA | Sent [bits] |
---|---|---|---|---|---|---|---|
CoAP Version
|
2 | 1 | Bi | 01 | equal |
not- sent
|
|
CoAP Type
|
2 | 1 | Up | 0 | equal |
not- sent
|
|
CoAP Type
|
2 | 1 | Dw | 2 | equal |
not- sent
|
|
CoAP TKL
|
4 | 1 | Bi | 1 | equal |
not- sent
|
|
CoAP Code
|
8 | 1 | Up | 2 | equal |
not- sent
|
|
CoAP Code
|
8 | 1 | Dw | 68 | equal |
not- sent
|
|
CoAP MID
|
16 | 1 | Bi | 0000 | MSB(12) | LSB | MMMM |
CoAP Token
|
tkl | 1 | Bi | 0x80 | MSB(5) | LSB | TTT |
CoAP OSCORE_flags
|
var | 1 | Up | 0x09 | equal |
not- sent
|
|
CoAP OSCORE_piv
|
var | 1 | Up | 0x00 | MSB(4) | LSB | PPPP |
CoAP OSCORE_kid
|
var | 1 | Up | 0x636c69656e70 | MSB(44) | LSB | KKKK |
CoAP OSCORE_kidctx
|
var | 1 | Bi | b'' | equal |
not- sent
|
|
CoAP OSCORE_x
|
8 | 1 | Bi | b'' | equal |
not- sent
|
|
CoAP OSCORE_nonce
|
osc.x.m | 1 | Bi | b'' | equal |
not- sent
|
|
CoAP OSCORE_y
|
8 | 1 | Bi | b'' | equal |
not- sent
|
|
CoAP OSCORE_oldnonce
|
osc.y.w | 1 | Bi | b'' | equal |
not- sent
|
|
CoAP OSCORE_flags
|
var | 1 | Dw | b'' | equal |
not- sent
|
|
CoAP OSCORE_piv
|
var | 1 | Dw | b'' | equal |
not- sent
|
|
CoAP OSCORE_kid
|
var | 1 | Dw | b'' | equal |
not- sent
|
For the flag bits, some SCHC compression methods are useful, depending on the application. The most straightforward alternative is to provide a fixed value for the flags, combining an "equal" MO and a "not-sent" CDA. This SCHC description saves most bits but could prevent flexibility. Otherwise, SCHC could use a "match-mapping" MO to choose from several configurations for the exchange. If not, the SCHC description may use an MSB MO to mask off the three hard-coded most significant bits.¶
Note that fixing a flag bit will limit the possible OSCORE options that can be used in the exchange, since the value of the flag bits plays a role in determining a specific OSCORE option.¶
The piv field lends itself to having some bits masked off with an MSB MO and an LSB CDA. This SCHC description could be useful in applications where the message transmission frequency is low, such as with LPWAN technologies. Note that compressing the piv field may reduce the maximum number of sequence numbers that can be used in an exchange. Once the sequence number exceeds the maximum value, the OSCORE keys need to be re-established.¶
The size, s, that is included in the OSCORE_kidctx field MAY be masked off with an LSB CDA. The rest of the OSCORE_kidctx field could have additional bits masked off, or the whole field could be fixed in accordance with an "equal" MO and a "not-sent" CDA. The same holds for the OSCORE_kid field.¶
The Outer Rule of Table 5 is applied to the example GET request and Content response. Figure 15 and Figure 16 show the resulting messages.¶
In contrast, the following compares these results with what would be obtained by SCHC compressing the original CoAP messages without protecting them with OSCORE, according to the SCHC Rule in Table 6.¶
+----------+ | RuleID 2 | +----------+¶
Field | FL | FP | DI | TV | MO | CDA | Sent [bits] |
---|---|---|---|---|---|---|---|
CoAP Version
|
2 | 1 | Bi | 01 | equal |
not-sent
|
|
CoAP Type | 2 | 1 | Up | 0 | equal |
not-sent
|
|
CoAP Type | 2 | 1 | Dw | 2 | equal |
not-sent
|
|
CoAP TKL
|
4 | 1 | Bi | 1 | equal |
not-sent
|
|
CoAP Code | 8 | 1 | Up | 2 | equal |
not-sent
|
|
CoAP Code | 8 | 1 | Dw | [69,132] |
match- mapping
|
mapping- sent
|
C |
CoAP MID
|
16 | 1 | Bi | 0000 | MSB(12) | LSB | MMMM |
CoAP Token | tkl | 1 | Bi | 0x80 | MSB(5) | LSB | TTT |
CoAP Uri-Path
|
1 | Up | "temperature" | equal |
not-sent
|
The Rule in Table 6 yields the SCHC compression results shown in Figure 17 for the request and in Figure 18 for the response.¶
As can be seen, the difference between applying SCHC + OSCORE as compared to regular SCHC + CoAP is about 10 bytes.¶
This section defines how SCHC Compression/Decompression is performed when CoAP proxies are deployed. The following refers to the origin client and origin server as application endpoints.¶
Note that SCHC Compression/Decompression of CoAP headers is not necessarily used between each pair of hops in the communication chain. For example, if a proxy is deployed between an origin client and an origin server, SCHC might be used on the communication leg between the origin client and the proxy, but not on the communication leg between the proxy and the origin server.¶
In case OSCORE is not used end-to-end between client and server, the SCHC processing occurs hop-by-hop, by relying on SCHC Rules that are consistently shared between two adjacent hops.¶
In particular, SCHC is used as defined below.¶
The sender application endpoint compresses the CoAP message, by using the SCHC Rules that it shares with the next hop towards the recipient application endpoint. The resulting, compressed message is sent to the next hop towards the recipient application endpoint.¶
Each proxy decompresses the incoming compressed message, by using the SCHC Rules that it shares with the (previous hop towards the) sender application endpoint.¶
Then, the proxy compresses the CoAP message to be forwarded, by using the SCHC Rules that it shares with the (next hop towards the) recipient application endpoint.¶
The resulting, compressed message is sent to the (next hop towards the) recipient application endpoint.¶
The recipient application endpoint decompresses the incoming compressed message, by using the SCHC Rules that it shares with the previous hop towards the sender application endpoint.¶
In case OSCORE is used end-to-end between client and server (see Section 8.2), the following applies.¶
The SCHC processing occurs end-to-end as to the Inner SCHC Compression/Decompression, by relying on Inner SCHC Rules that are consistently shared between the two application endpoints acting as OSCORE endpoints and sharing the used OSCORE Security Context.¶
Instead, the SCHC processing occurs hop-by-hop as to the Outer SCHC Compression/Decompression, by relying on Outer SCHC Rules that are consistently shared between two adjacent hops.¶
In particular, SCHC is used as defined below.¶
The sender application endpoint performs the Inner SCHC Compression on the original CoAP message, by using the Inner SCHC Rules that it shares with the recipient application endpoint.¶
Following the AEAD Encryption of the compressed input obtained from the previous step, the sender application endpoint performs the Outer SCHC Compression on the resulting OSCORE-protected message, by using the Outer SCHC Rules that it shares with the next hop towards the recipient application endpoint.¶
The resulting, compressed message is sent to the next hop towards the recipient application endpoint.¶
Each proxy performs the Outer SCHC Decompression on the incoming compressed message, by using the SCHC Rules that it shares with the (previous hop towards the) sender application endpoint.¶
Then, the proxy performs the Outer SCHC Compression of the OSCORE-protected message to be forwarded, by using the SCHC Rules that it shares with the (next hop towards the) recipient application endpoint.¶
The resulting, compressed message is sent to the (next hop towards the) recipient application endpoint.¶
The recipient application endpoint performs the Outer SCHC Decompression on the incoming compressed message, by using the Outer SCHC Rules that it shares with the previous hop towards the sender application endpoint.¶
Then, the recipient application endpoint performs the AEAD Decryption of the OSCORE-protected message obtained from the previous step.¶
Finally, the recipient application endpoint performs the Inner SCHC Decompression on the compressed input obtained from the previous step, by using the Inner SCHC Rules that it shares with the sender application endpoint. The result is the original CoAP message produced by the sender application endpoint.¶
This section provides examples of SCHC Compression/Decompression in the presence of a CoAP proxy.¶
The presented examples refer to the same deployment considered in Section 2, including a Device communicating over LPWAN with a Network Gateway (NGW), which in turn communicates with an Application Server over the Internet. The Application Server and the Device exchange CoAP messages through the NGW.¶
The following also applies in the presented examples.¶
CoAP request messages are sent only by the Device as targeting the Application Server (uplink traffic), which replies to the Device with corresponding CoAP response messages (downlink traffic). That is, the Device acts as CoAP client, while the Application Server acts as CoAP server.¶
A CoAP proxy is co-located on the Network Gateway (NGW) deployed between the Application Server and the Device.¶
SCHC is used also on the communication leg between the Application Server and the proxy.¶
Like in Section 2, the presented examples focus on SCHC Compression/Decompression of CoAP headers, i.e., irrespective of possible SCHC Compression/Decompression applied to further protocol headers.¶
The example in Section 10.1 considers an exchange of two unprotected messages, while the example in Section 10.2 considers an exchange of two messages protected end-to-end with OSCORE. In the examples, the character | denotes bit concatenation.¶
Figure 19 and Figure 20 show the two CoAP messages exchanged between the Device and the Application Server, via the proxy. The figures show the two messages as originally generated by the application at the two origin endpoints, i.e., before they are possibly protected end-to-end with OSCORE as considered by the example in Section 10.2.¶
In particular, note that:¶
On the communication leg between the Device and the proxy, the CoAP Message ID has value 0x0001 and the CoAP Token has value 0x82.¶
On the communication leg between the proxy and the Application Server, the CoAP Message ID has value 0x0004 and the CoAP Token has value 0x75.¶
In case OSCORE is not used end-to-end between the Device and the Application Server, the following SCHC Rules are shared between the different entities. Based on those Rules, the SCHC Compression/Decompression is performed as per Section 9.1.¶
The Device and the proxy share the SCHC Rule shown in Table 7, with RuleID 0.¶
+----------+ | RuleID 0 | +----------+¶
Field | FL | FP | DI | TV | MO | CDA | Sent [bits] |
---|---|---|---|---|---|---|---|
CoAP Version
|
2 | 1 | Bi | 01 | equal | not-sent | |
CoAP Type
|
2 | 1 | Up | 0 | equal | not-sent | |
CoAP Type
|
2 | 1 | Dw | [0,2] |
match- mapping
|
mapping- sent
|
T |
CoAP TKL
|
4 | 1 | Bi | 1 | equal | not-sent | |
CoAP Code
|
8 | 1 | Up |
[1, 2, 3, 4]
|
match- mapping
|
mapping- sent
|
CC |
CoAP Code
|
8 | 1 | Dw |
[65, 68, 69, 132]
|
match- mapping
|
mapping- sent
|
CC |
CoAP MID
|
16 | 1 | Bi | 0x00 | MSB(12) | LSB | MMMM |
CoAP Token
|
tkl | 1 | Bi | 0x80 | MSB(5) | LSB | TTT |
CoAP Uri-Host
|
var (B)
|
1 | Up | ignore |
value- sent
|
||
CoAP Uri-Path
|
var | 1 | Up | "temperature" | equal | not-sent | |
CoAP Proxy-Scheme
|
var | 1 | Up | "coap" | equal | not-sent |
Instead, the proxy and the Application Server share the SCHC Rule shown in Table 8, with RuleID 1.¶
+----------+ | RuleID 1 | +----------+¶
Field | FL | FP | DI | TV | MO | CDA | Sent [bits] |
---|---|---|---|---|---|---|---|
CoAP Version
|
2 | 1 | Bi | 01 | equal | not-sent | |
CoAP Type
|
2 | 1 | Up | 0 | equal | not-sent | |
CoAP Type
|
2 | 1 | Dw | [0,2] |
match- mapping
|
mapping- sent
|
T |
CoAP TKL
|
4 | 1 | Bi | 1 | equal | not-sent | |
CoAP Code
|
8 | 1 | Up |
[1, 2, 3, 4]
|
match- mapping
|
mapping- sent
|
CC |
CoAP Code
|
8 | 1 | Dw |
[65, 68, 69, 132]
|
match- mapping
|
mapping- sent
|
CC |
CoAP MID
|
16 | 1 | Bi | 0x00 | MSB(12) | LSB | MMMM |
CoAP Token
|
tkl | 1 | Bi | 0x70 | MSB(5) | LSB | TTT |
CoAP Uri-Host
|
var (B)
|
1 | Up | ignore |
value- sent
|
||
CoAP Uri-Path
|
var | 1 | Up | "temperature" | equal | not-sent |
First, the Device applies the Rule in Table 7 shared with the proxy to the CoAP request in Figure 19. The result is the compressed CoAP request in Figure 21, which the Device sends to the proxy.¶
Upon receiving the message in Figure 21, the proxy decompresses it with the Rule in Table 7 shared with the Device, and obtains the same CoAP request in Figure 19.¶
After that, the proxy removes the Proxy-Scheme Option from the decompressed CoAP request. Also, the proxy replaces the values of the CoAP Message ID and of the CoAP Token to 0x0004 and 0x75, respectively. The result is the CoAP request shown in Figure 22.¶
Then, the proxy applies the Rule in Table 8 shared with the Application Server to the CoAP request in Figure 22.¶
The result is the compressed CoAP request in Figure 23, which the proxy forwards to the Application Server.¶
Upon receiving the message in Figure 23, the Application Server decompresses it using the Rule in Table 8 shared with the proxy. The result is the same CoAP request in Figure 22, which the Application Server delivers to the application.¶
After that, the Application Server produces the CoAP response in Figure 20, and compresses it using the Rule in Table 8 shared with the proxy. The result is the compressed CoAP response shown in Figure 24, which the Application Server sends to the proxy.¶
Upon receiving the message in Figure 24, the proxy decompresses it using the Rule in Table 8 shared with the Application Server. The result is the same CoAP response in Figure 20.¶
Then, the proxy replaces the values of the CoAP Message ID and of the CoAP Token to 0x0001 and 0x82, respectively. The result is the CoAP response shown in Figure 25.¶
Then, the proxy compresses the CoAP response in Figure 25 with the Rule in Table 7 shared with the Device. The result is the compressed CoAP response shown in Figure 26, which the proxy forwards to the Device.¶
Upon receiving the message in Figure 26, the Device decompresses it using the Rule in Table 7 shared with the proxy. The result is the same CoAP request in Figure 25, which the Device delivers to the application.¶
In case OSCORE is used end-to-end between the Device and the Application Server, the following SCHC Rules are shared between the different entities. Based on those Rules, the SCHC Compression/Decompression is performed as per Section 9.2.¶
The Device and the Application Server share the SCHC Rule shown in Table 9, with RuleID 2. The Device and the Application Server use this Rule to perform the Inner SCHC Compression/Decompression end-to-end.¶
+----------+ | RuleID 2 | +----------+¶
Field | FL | FP | DI | TV | MO | CDA | Sent [bits] |
---|---|---|---|---|---|---|---|
CoAP Code
|
8 | 1 | Up |
[1, 2, 3, 4]
|
match- mapping
|
mapping- sent
|
CC |
CoAP Code
|
8 | 1 | Dw |
[65, 68, 69, 132]
|
match- mapping
|
mapping- sent
|
CC |
CoAP Uri-Path
|
var | 1 | Up | "temperature" | equal | not-sent |
The Device and the proxy share the SCHC Rule shown in Table 10, with RuleID 3. The Device and the proxy use this Rule to perform the Outer SCHC Compression/Decompression hop-by-hop on their communication leg.¶
+----------+ | RuleID 3 | +----------+¶
Field | FL | FP | DI | TV | MO | CDA | Sent [bits] |
---|---|---|---|---|---|---|---|
CoAP Version
|
2 | 1 | Bi | 01 | equal | not-sent | |
CoAP Type
|
2 | 1 | Up | 0 | equal | not-sent | |
CoAP Type
|
2 | 1 | Dw | [0,2] |
match- mapping
|
mapping- sent
|
T |
CoAP TKL
|
4 | 1 | Bi | 1 | equal | not-sent | |
CoAP Code
|
8 | 1 | Up | 2 | equal | not-sent | |
CoAP Code
|
8 | 1 | Dw | 68 | equal | not-sent | |
CoAP MID
|
16 | 1 | Bi | 0x00 | MSB(12) | LSB | MMMM |
CoAP Token
|
tkl | 1 | Bi | 0x80 | MSB(5) | LSB | TTT |
CoAP Uri-Host
|
var (B)
|
1 | Up | ignore |
value- sent
|
||
CoAP OSCORE_flags
|
var | 1 | Up | 0x09 | equal | not-sent | |
CoAP OSCORE_piv
|
var | 1 | Up | 0x00 | MSB(4) | LSB | PPPP |
CoAP OSCORE_kid
|
var | 1 | Up | 0x0000 | MSB(12) | LSB | KKKK |
CoAP OSCORE_kidctx
|
var | 1 | Bi | b'' | equal | not-sent | |
CoAP OSCORE_x
|
8 | 1 | Bi | b'' | equal |
not-sent
|
|
CoAP OSCORE_nonce
|
osc.x.m | 1 | Bi | b'' | equal |
not-sent
|
|
CoAP OSCORE_y
|
8 | 1 | Bi | b'' | equal |
not-sent
|
|
CoAP OSCORE_oldnonce
|
osc.y.w | 1 | Bi | b'' | equal |
not-sent
|
|
CoAP OSCORE_flags
|
var | 1 | Dw | b'' | equal | not-sent | |
CoAP OSCORE_piv
|
var | 1 | Dw | b'' | equal | not-sent | |
CoAP OSCORE_kid
|
var | 1 | Dw | b'' | equal | not-sent | |
CoAP Proxy-Scheme
|
var | 1 | Up | "coap" | equal | not-sent |
The proxy and the Application Server share the SCHC Rule shown in Table 11, with RuleID 4. The proxy and the Application Server use this Rule to perform the Outer SCHC Compression/Decompression hop-by-hop on their communication leg.¶
+----------+ | RuleID 4 | +----------+¶
Field | FL | FP | DI | TV | MO | CDA | Sent [bits] |
---|---|---|---|---|---|---|---|
CoAP Version
|
2 | 1 | Bi | 01 | equal | not-sent | |
CoAP Type
|
2 | 1 | Up | 0 | equal | not-sent | |
CoAP Type
|
2 | 1 | Dw | [0,2] |
match- mapping
|
mapping- sent
|
T |
CoAP TKL
|
4 | 1 | Bi | 1 | equal | not-sent | |
CoAP Code
|
8 | 1 | Up | 2 | equal | not-sent | |
CoAP Code
|
8 | 1 | Dw | 68 | equal | not-sent | |
CoAP MID
|
16 | 1 | Bi | 0x00 | MSB(12) | LSB | MMMM |
CoAP Token
|
tkl | 1 | Bi | 0x70 | MSB(5) | LSB | TTT |
CoAP Uri-Host
|
var (B)
|
1 | Up | ignore |
value- sent
|
||
CoAP OSCORE_flags
|
var | 1 | Up | 0x09 | equal | not-sent | |
CoAP OSCORE_piv
|
var | 1 | Up | 0x00 | MSB(4) | LSB | PPPP |
CoAP OSCORE_kid
|
var | 1 | Up | 0x0000 | MSB(12) | LSB | KKKK |
CoAP OSCORE_kidctx
|
var | 1 | Bi | b'' | equal | not-sent | |
CoAP OSCORE_x
|
8 | 1 | Bi | b'' | equal |
not-sent
|
|
CoAP OSCORE_nonce
|
osc.x.m | 1 | Bi | b'' | equal |
not-sent
|
|
CoAP OSCORE_y
|
8 | 1 | Bi | b'' | equal |
not-sent
|
|
CoAP OSCORE_oldnonce
|
osc.y.w | 1 | Bi | b'' | equal |
not-sent
|
|
CoAP OSCORE_flags
|
var | 1 | Dw | b'' | equal | not-sent | |
CoAP OSCORE_piv
|
var | 1 | Dw | b'' | equal | not-sent | |
CoAP OSCORE_kid
|
var | 1 | Dw | b'' | equal | not-sent |
When the Device applies the Rule in Table 9 shared with the Application Server to the CoAP request in Figure 19, this results in the Compressed Plaintext shown in Figure 27.¶
As per Section 8.2, the message follows the process of SCHC Inner Compression and encryption until the payload (if any). The ciphertext resulting from the overall Inner process is used as payload of the Outer OSCORE message.¶
When the Application Server applies the Rule in Table 9 shared with the Device to the CoAP response in Figure 20, this results in the Compressed Plaintext shown in Figure 28.¶
As per Section 8.2, the message follows the process of SCHC Inner Compression and encryption until the payload (if any). The ciphertext resulting from the overall Inner process is used as payload of the Outer OSCORE message.¶
After having performed the SCHC Inner Compression of the CoAP request in Figure 19, the Device protects it with OSCORE by considering the Compressed Plaintext in Figure 27. The result is the OSCORE-protected CoAP request shown in Figure 29.¶
Then, the Device applies the Rule in Table 10 shared with the proxy to the OSCORE-protected CoAP request in Figure 29, thus performing the SCHC Outer Compression of such request. The result is the OSCORE-protected and Outer Compressed CoAP request shown in Figure 30, which the Device sends to the proxy.¶
Upon receiving the message in Figure 30, the proxy decompresses it with the Rule in Table 10 shared with the Device, thus performing the SCHC Outer Decompression. The result is the same OSCORE-protected CoAP request in Figure 29.¶
After that, the proxy removes the Proxy-Scheme Option from the decompressed OSCORE-protected CoAP request. Also, the proxy replaces the values of the CoAP Message ID and of the CoAP Token to 0x0004 and 0x75, respectively. The result is the OSCORE-protected CoAP request shown in Figure 31.¶
Then, the proxy applies the Rule in Table 11 shared with the Application Server to the OSCORE-protected CoAP request in Figure 31, thus performing the SCHC Outer Compression of such request. The result is the OSCORE-protected and Outer Compressed CoAP request shown in Figure 32, which the proxy forwards to the Application Server.¶
Upon receiving the message in Figure 32, the Application Server decompresses it using the Rule in Table 11 shared with the proxy, thus performing the SCHC Outer Decompression. The result is the same OSCORE-protected CoAP request in Figure 31.¶
The Application Server decrypts and verifies such a request, which results in the same Compressed Plaintext in Figure 27. Then, the Application Server applies the Rule in Table 9 shared with the Device to such a Compressed Plaintext, thus performing the SCHC Inner Decompression. The result is used to rebuild the same CoAP request in Figure 19, which the Application Server delivers to the application.¶
After having performed the SCHC Inner Compression of the CoAP response in Figure 20, the Application Server protects it with OSCORE by considering the Compressed Plaintext in Figure 28. The result is the OSCORE-protected CoAP response shown in Figure 33.¶
Then, the Application Server applies the Rule in Table 11 shared with the proxy to the OSCORE-protected CoAP response in Figure 33, thus performing the SCHC Outer Compression of such response. The result is the OSCORE-protected and Outer Compressed CoAP response shown in Figure 34, which the Application Server sends to the proxy.¶
Upon receiving the message in Figure 34, the proxy decompresses it with the Rule in Table 11 shared with the Application Server, thus performing the SCHC Outer Decompression. The result is the same OSCORE-protected CoAP response in Figure 33.¶
After that, the proxy replaces the values of the CoAP Message ID and of the CoAP Token to 0x0001 and 0x82, respectively. The result is the OSCORE-protected CoAP response shown in Figure 35.¶
Then, the proxy applies the Rule in Table 10 shared with the Device to the OSCORE-protected CoAP response in Figure 35, thus performing the SCHC Outer Compression of such response. The result is the OSCORE-protected and Outer Compressed CoAP response shown in Figure 36, which the proxy forwards to the Device.¶
Upon receiving the message in Figure 36, the Device decompresses it using the Rule in Table 10 shared with the proxy, thus performing the SCHC Outer Decompression. The result is the same OSCORE-protected CoAP response in Figure 35.¶
The Device decrypts and verifies such a response, which results in the same Compressed Plaintext in Figure 28. Then, the Device applies the Rule in Table 9 shared with the Application Server to such a Compressed Plaintext, thus performing the SCHC Inner Decompression. The result is used to rebuild the same CoAP response in Figure 20, which the Device delivers to the application.¶
The use of SCHC header compression for CoAP header fields only affects the representation of the header information. SCHC header compression itself does not increase or decrease the overall level of security of the communication. When the connection does not use a security protocol (OSCORE, DTLS, etc.), it is necessary to use a Layer 2 security mechanism to protect the SCHC messages.¶
If an LPWAN is the Layer 2 technology being used, the SCHC security considerations discussed in [RFC8724] continue to apply. When using another Layer 2 protocol, the use of a cryptographic integrity-protection mechanism to protect the SCHC headers is REQUIRED. Such cryptographic integrity protection is necessary in order to continue to provide the properties that [RFC8724] relies upon.¶
When SCHC is used with OSCORE, the security considerations discussed in [RFC8613] continue to apply. When SCHC is used with Group OSCORE, the security considerations discussed in [I-D.ietf-core-oscore-groupcomm] apply. When SCHC is used in the presence of CoAP proxies, the security considerations discussed in Section 11.2 of [RFC7252] continue to apply.¶
When SCHC is used with the OSCORE Outer headers, the Initialization Vector (IV) size in the Compression Residue must be carefully selected. There is a trade-off between compression efficiency (with a longer MSB MO prefix) and the frequency at which the Device must renew its key material (in order to prevent the IV from expanding to an uncompressible value). The key-renewal operation itself may require several message exchanges and result in energy-intensive computation, but the optimal trade-off will depend on the specifics of the Device and expected usage patterns. In order to renew its key material with another OSCORE endpoint, the Device can rely on the lightweight key update protocol KUDOS defined in [I-D.ietf-core-oscore-key-update].¶
If an attacker can introduce a corrupted SCHC-compressed packet onto a link, DoS attacks can be mounted by causing excessive resource consumption at the decompressor. However, an attacker able to inject packets at the link layer is also capable of other, potentially more damaging, attacks.¶
SCHC compression emits variable-length Compression Residues for some CoAP fields. In the representation of the compressed header, the length field that is sent is not the length of the original header field but rather the length of the Compression Residue that is being transmitted. If a corrupted packet arrives at the decompressor with a longer or shorter length than that of the original compressed representation, the SCHC decompression procedures will detect an error and drop the packet.¶
SCHC header compression Rules MUST remain tightly coupled between the compressor and the decompressor. If the compression Rules get out of sync, a Compression Residue might be decompressed differently at the receiver, thus yielding a result different than the initial message submitted to compression procedures. Accordingly, any time the context Rules are updated on an OSCORE endpoint, that endpoint MUST trigger OSCORE key re-establishment, e.g., by running the lightweight key update protocol KUDOS [I-D.ietf-core-oscore-key-update]. Similar procedures may be appropriate to signal Rule updates when other message-protection mechanisms are in use.¶
This document has no actions for IANA.¶
The authors sincerely thank Christian Amsüss, Quentin Lampin, John Preuß Mattsson, Carles Gomez Montenegro, Göran Selander, Pascal Thubert, and Éric Vyncke for their comments and feedback.¶
The work on this document has been partly supported by the H2020 projects SIFIS-Home (Grant agreement 952652) and ARCADIAN-IoT (Grant agreement 101020259).¶