Full Text

Abstract-Security and privacy are the top priority for Internet of Things (IoT) followed by performance, reliability and management. Majorly used application protocols in IoT are MQTT, CoAP, XMPP, DDS and AMQP. Protocol such as 6LoWPAN and CoAP provides feature through which smart objects can integrate into the IP-driven Internet of Things. The CoAP is a specialized web transfer protocol offering simplicity, low overhead, Machine-to-Machine communications (M2M) and Machine-to-Customer (M2C). The CoAP protocol uses interactive model between application endpoints which is nothing but a request and response model. CoAP modifies some HTTP functionalities to meet the IoT requirements such as low power consumption and operation in the presence of lousy and noisy networks. CoAP allows Cross-Protocol Proxies between CoAP and HTTP. CoAP-HTTP proxy is enabled to access on HTTP server through an intermediary. Since HTTP and CoAP share the basic set of request methods, performing a CoAP request on an HTTP resources is not so different from performing it on a CoAP resource. Security services such as Confidentiality Authentication and Authorization for an application has to be ensured because endpoints have much potential vulnerability susceptible to malicious or unintentional errors. We configured the lab with CoAP Python with Eclipse IDE, Californium (Cf) CoAP framework and Copper (Cu) Firefox add-on for security testing purpose. We practically demonstrated and proved that CoAP proxy is vulnerable and succeeded to show that the information is transiting in clear text format which is susceptible for attacks or manipulation of data.

Keywords-component;

IoT, CoAP, IETF, CoAP proxy, Vulnerability, HTTP