Show threadchrysnAug 14, 2025
… and #IETF is not far behind, with https://datatracker.ietf.org/doc/draft-ochkas-cose-ascon/ almost ready to assign algorithm identifiers so this can be used in #OSCORE for #CoAP.
Ascon-AEAD128 for COSE and JOSE

This document describes CBOR Object Signing and Encryption (COSE) and JSON Object Signing and Encryption (JOSE) serializations with Ascon which is a NIST standard for lightweight cryptography. In 2019, as a part of CAESAR competition, Ascon-128 and Ascon-128a were selected as the first choice for the lightweight authenticated encryption [asconv1.2-caesar]. After, in 2023, National Institute of Standards and Technology (NIST) selected Ascon family of cryptographic algorithms to be the standard for lightweight cryptography [asconv1.2-nist]. In August 2025, NIST Special Publication 800-232 was released, defining Ascon-based lightweight cryptography standards for constrained devices [NIST.SP.800-232]. This recognition makes it particularly interesting to use Ascon with COSE and JOSE structures. This document does not define any new cryptography, only serializations of existing cryptographic systems described in [NIST.SP.800-232].

IETF Datatracker
Show threadchrysnNov 3, 2023
@nik I sadly can't help right now, but will run into this again sooner or likely later (for implementing Group #OSCORE in Rust; did it with Python at <https://github.com/chrysn/aiocoap/blob/master/aiocoap/util/cryptography_additions.py>). But as that application puts me on the track to asking crypto lib authors to include it: Can you tell a bit about the application? It would help to have more well justified use cases than just Group OSCORE.
aiocoap/aiocoap/util/cryptography_additions.py at master · chrysn/aiocoap

The Python CoAP library. Contribute to chrysn/aiocoap development by creating an account on GitHub.

GitHub
Show threadMartine (she/they)Sep 29, 2023
Our paper "Securing Name Resolution in the IoT: DNS over CoAP" is officially published now: https://dl.acm.org/doi/10.1145/3609423 #iot #dns #oscore #coap
Securing Name Resolution in the IoT: DNS over CoAP | Proceedings of the ACM on Networking

In this paper, we present the design, implementation, and analysis of DNS over CoAP~(DoC), a new proposal for secure and privacy-friendly name resolution of constrained IoT devices. We implement different design choices of DoC in RIOT, an open-source ...

Proceedings of the ACM on Networking
Martine (she/they)Aug 2, 2023
I am happy to announce that our paper “Securing Name Resolution in the IoT: DNS over CoAP” will be published in PACMNET in September and presented at the CoNEXT 23 in December. If you are interested, a pre-print of the camera-ready version of the paper is available on arXiv: https://arxiv.org/abs/2207.07486. A preliminary version of the artifacts can be found on Zenodo: https://doi.org/10.5281/zenodo.8190924. These artifacts are yet to be reviewed under https://www.acm.org/publications/policies/artifact-review-and-badging-current #iot #dns #oscore #coap
Securing name resolution in the IoT: DNS over CoAP

In this paper, we present the design, implementation, and analysis of DNS over CoAP (DoC), a new proposal for secure and privacy-friendly name resolution of constrained IoT devices. We implement different design choices of DoC in RIOT, an open-source operating system for the IoT, evaluate performance measures in a testbed, compare with DNS over UDP and DNS over DTLS, and validate our protocol design based on empirical DNS IoT data. Our findings indicate that plain DoC is on par with common DNS solutions for the constrained IoT but significantly outperforms when additional standard features of CoAP are used such as caching. With OSCORE, we can save more than 10 kBytes of code memory compared to DTLS, when a CoAP application is already present, and retain the end-to-end trust chain with intermediate proxies, while leveraging features such as group communication or encrypted en-route caching. We also discuss a compression scheme for very restricted links that reduces data by up to 70%.

arXiv.org
chrysnApr 2, 2023
A new release of #aioCoAP is now published on the #Python package index. This network library for #CoAP ("HTTP for the #IoT") now supports the latest draft of #OSCORE group communication, which can secure multicast communication. Also, it is now possible to use it in #JupyterLite notebooks.
chrysnMar 26, 2023
During the #IETF116 #IETFHackathon, we've tested several variants of Group #OSCORE -- secure group communication for #IoT devices. While a few details will need clarification, our implementations can interoperate in most cases. An update of #aioCoAP supporting the latest draft should become available soon-ish.
Show threadchrysnDec 20, 2022
@jberi Nice, someone providing cloud solutions that support #CoAP and #SUIT – we've been looking for something like that at @RIOT_OS.
Is Golioth something that'd also be reasonably usable by a device with an existing CoAP stack (not pulling extra SDK)? Any plans for #OSCORE support?
RIOTNov 5, 2022
The RIOT project is participating in the #IETF 115 hackathon in London this weekend, exploring #SCHC, #OSCORE, #DSME and #CORECONF. Drop by and say hello!
https://wiki.ietf.org/en/meeting/115/hackathon
chrysnNov 25, 2021
Announcing the new release of aiocoap, the asynchronous #Python #CoAP library, version 0.4.2: with updated group #OSCORE support, server-side #DTLS, and many small fixes. https://aiocoap.readthedocs.io/
aiocoap – The Python CoAP library — aiocoap 0.4.2.post0 documentation

RIOTSep 9, 2021
Christian Amsüss about "Pieces to Picture: Security components of the CoRE ecosystem" #IoT #openSource #CoAP #OSCORE #IETF #RIOTSummit2021 https://twitter.com/RIOT_OS/status/1435968762134421513/photo/1
RIOT on Twitter

“Christian Amsüss about "Pieces to Picture: Security components of the CoRE ecosystem" #IoT #openSource #CoAP #OSCORE #IETF #RIOTSummit2021”