{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,9]],"date-time":"2026-01-09T17:33:35Z","timestamp":1767980015805,"version":"3.49.0"},"reference-count":39,"publisher":"MDPI AG","issue":"19","license":[{"start":{"date-parts":[[2021,9,29]],"date-time":"2021-09-29T00:00:00Z","timestamp":1632873600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100010665","name":"H2020 Marie Sk\u0142odowska-Curie Actions","doi-asserted-by":"publisher","award":["764785"],"award-info":[{"award-number":["764785"]}],"id":[{"id":"10.13039\/100010665","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>In recent years, the Transport Layer Security (TLS) protocol has enjoyed rapid growth as a security protocol for the Internet of Things (IoT). In its newest iteration, TLS 1.3, the Internet Engineering Task Force (IETF) has standardized a zero round-trip time (0-RTT) session resumption sub-protocol, allowing clients to already transmit application data in their first message to the server, provided they have shared session resumption details in a previous handshake. Since it is common for IoT devices to transmit periodic messages to a server, this 0-RTT protocol can help in reducing bandwidth overhead. Unfortunately, the sub-protocol has been designed for the Web and is susceptible to replay attacks. In our previous work, we adapted the 0-RTT protocol to strengthen it against replay attacks, while also reducing bandwidth overhead, thus making it more suitable for IoT applications. However, we did not include a formal security analysis of the protocol. In this work, we address this and provide a formal security analysis using OFMC. Further, we have included more accurate estimates on its performance, as well as making minor adjustments to the protocol itself to reduce implementation ambiguity and improve resilience.<\/jats:p>","DOI":"10.3390\/s21196524","type":"journal-article","created":{"date-parts":[[2021,10,8]],"date-time":"2021-10-08T21:26:20Z","timestamp":1633728380000},"page":"6524","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["rTLS: Secure and Efficient TLS Session Resumption for the Internet of Things"],"prefix":"10.3390","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8757-2831","authenticated-orcid":false,"given":"Koen","family":"Tange","sequence":"first","affiliation":[{"name":"DTU Compute, Department of Applied Mathematics and Computer Science, Technical University of Denmark, Richard Petersens Plads, 2800 Kongens Lyngby, Denmark"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sebastian","family":"M\u00f6dersheim","sequence":"additional","affiliation":[{"name":"DTU Compute, Department of Applied Mathematics and Computer Science, Technical University of Denmark, Richard Petersens Plads, 2800 Kongens Lyngby, Denmark"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Apostolos","family":"Lalos","sequence":"additional","affiliation":[{"name":"DTU Compute, Department of Applied Mathematics and Computer Science, Technical University of Denmark, Richard Petersens Plads, 2800 Kongens Lyngby, Denmark"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9871-0013","authenticated-orcid":false,"given":"Xenofon","family":"Fafoutis","sequence":"additional","affiliation":[{"name":"DTU Compute, Department of Applied Mathematics and Computer Science, Technical University of Denmark, Richard Petersens Plads, 2800 Kongens Lyngby, Denmark"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9575-2990","authenticated-orcid":false,"given":"Nicola","family":"Dragoni","sequence":"additional","affiliation":[{"name":"DTU Compute, Department of Applied Mathematics and Computer Science, Technical University of Denmark, Richard Petersens Plads, 2800 Kongens Lyngby, Denmark"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2021,9,29]]},"reference":[{"key":"ref_1","unstructured":"Rescorla, E. (2021, August 09). The Transport Layer Security (TLS) Protocol Version 1.3. Available online: https:\/\/rfc-editor.org\/rfc\/rfc8446.txt."},{"key":"ref_2","unstructured":"AT&T (2021, August 09). LTE-M and NB-IoT. Available online: https:\/\/www.business.att.com\/products\/lpwa.html."},{"key":"ref_3","unstructured":"Verizon (2021, August 09). Verizon Thingspace. Available online: https:\/\/thingspace.verizon.com\/services\/connectivity.html."},{"key":"ref_4","unstructured":"Hologram (2021, August 09). Hologram Pricing. Available online: https:\/\/hologram.io\/pricing\/."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Tange, K., Howard, D., Shanahan, T., Pepe, S., Fafoutis, X., and Dragoni, N. (2020, January 24\u201327). rTLS: Lightweight TLS Session Resumption for Constrained IoT Devices. Proceedings of the 22nd International Conference on Information and Communications Security, Copenhagen, Denmark.","DOI":"10.1007\/978-3-030-61078-4_14"},{"key":"ref_6","unstructured":"OpenSSL Software Foundation (2021, August 09). OpenSSL. Available online: https:\/\/www.openssl.org."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"181","DOI":"10.1007\/s10207-004-0055-7","article-title":"OFMC: A symbolic model checker for security protocols","volume":"4","author":"Basin","year":"2005","journal-title":"Int. J. Inf. Sec."},{"key":"ref_8","unstructured":"Perrin, T., and Marlinspike, M. (2021, August 09). The Double Ratchet Algorithm. Available online: https:\/\/www.signal.org\/docs\/specifications\/doubleratchet\/doubleratchet.pdf."},{"key":"ref_9","unstructured":"Rescorla, E., and Dierks, T. (2021, August 09). The Transport Layer Security (TLS) Protocol Version 1.2. Available online: https:\/\/rfc-editor.org\/rfc\/rfc5246.txt."},{"key":"ref_10","unstructured":"Salowey, J., Zhou, H., Eronen, P., and Tschofenig, H. (2021, August 09). Transport Layer Security (TLS) Session Resumption without Server-Side State. Available online: https:\/\/rfc-editor.org\/rfc\/rfc4507.txt."},{"key":"ref_11","unstructured":"WolfSSL (2021, September 21). WolfSSL Embedded SSL\/TLS Library. Available online: https:\/\/www.wolfssl.com\/."},{"key":"ref_12","unstructured":"Systems, O. (2021, August 09). Signal. Available online: https:\/\/www.signal.org."},{"key":"ref_13","unstructured":"WhatsApp (2021, August 09). WhatsApp Encryption Overview. Available online: https:\/\/www.whatsapp.com\/security\/WhatsApp-Security-Whitepaper.pdf."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., and Stebila, D. (2017, January 26\u201328). A Formal Security Analysis of the Signal Messaging Protocol. Proceedings of the 2017 IEEE European Symposium on Security and Privacy (EuroS&P), Paris, France.","DOI":"10.1109\/EuroSP.2017.27"},{"key":"ref_15","first-page":"281","article-title":"The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications","volume":"Volume 3576","author":"Etessami","year":"2005","journal-title":"Proceedings of the Computer Aided Verification, 17th International Conference, CAV 2005"},{"key":"ref_16","unstructured":"European Union (2021, August 09). The AVISPA Project. Available online: http:\/\/www.avispa-project.org\/main.html."},{"key":"ref_17","unstructured":"Yannick, C., Compagna, L., Cuellar, J., Drielsma, P., Mantovani, J., and M\u00f6dersheim, S.A.L.V. (2004, January 20\u201324). A High Level Protocol Specification Language for Industrial Security-Sensitive Protocols. Proceedings of the SAPS\u201904, Linz, Austria."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Vigan\u00f2, L. (2012, January 2\u20136). Automated validation of trust and security of service-oriented architectures with the AVANTSSAR platform. Proceedings of the 2012 International Conference on High Performance Computing Simulation (HPCS), Madrid, Spain.","DOI":"10.1109\/HPCSim.2012.6266956"},{"key":"ref_19","unstructured":"Lalos, A. (2021, August 09). A Formal Library of IoT Protocols. Available online: http:\/\/findit.dtu.dk."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"131","DOI":"10.1016\/0020-0190(95)00144-2","article-title":"An attack on the Needham-Schroeder public-key authentication protocol","volume":"56","author":"Lowe","year":"1995","journal-title":"Inf. Process. Lett."},{"key":"ref_21","unstructured":"Lowe, G. (1997, January 10\u201312). A hierarchy of authentication specifications. Proceedings of the 10th Computer Security Foundations Workshop, Rockport, MA, USA."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1007\/s00145-021-09387-y","article-title":"Selfie: reflections on TLS 1.3 with PSK","volume":"34","author":"Lowe","year":"2021","journal-title":"J. Cryptol."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"6562953","DOI":"10.1155\/2017\/6562953","article-title":"Authentication Protocols for Internet of Things: A Comprehensive Survey","volume":"2017","author":"Ferrag","year":"2017","journal-title":"Secur. Commun. Netw."},{"key":"ref_24","unstructured":"Bormann, C., Ersue, M., and Ker\u00e4nen, A. (2021, August 09). Terminology for Constrained-Node Networks. Available online: https:\/\/rfc-editor.org\/rfc\/rfc7228.txt."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"425","DOI":"10.1016\/j.pmcj.2005.08.005","article-title":"Sizzle: A Standards-Based End-to-End Security Architecture for the Embedded Internet","volume":"1","author":"Gupta","year":"2005","journal-title":"Pervasive Mob. Comput."},{"key":"ref_26","unstructured":"Rescorla, E., and Modadugu, N. (2021, August 09). Datagram Transport Layer Security. Available online: https:\/\/rfc-editor.org\/rfc\/rfc4347.txt."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Rescorla, E., Tschofenig, H., and Modadugu, N. (2021, August 09). The Datagram Transport Layer Security (DTLS) Protocol Version 1.3. Available online: https:\/\/www.ietf.org\/archive\/id\/draft-ietf-tls-dtls13-41.txt.","DOI":"10.17487\/RFC9147"},{"key":"ref_28","unstructured":"WolfSSL (2021, August 09). TLS 1.3 Protocol Support. Available online: https:\/\/www.wolfssl.com\/docs\/tls13\/."},{"key":"ref_29","unstructured":"Bergmann, O., Gerdes, S., and Bormann, C. (2012, January 23). Simple keys for simple smart objects. Proceedings of the Workshop on Smart Object Security, Paris, France."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Kothmayr, T., Schmitt, C., Hu, W., Br\u00fcnig, M., and Carle, G. (2012, January 22\u201325). A DTLS based end-to-end security architecture for the Internet of Things with two-way authentication. Proceedings of the 37th Annual IEEE Conference on Local Computer Networks\u2014Workshops, Clearwater, FL, USA.","DOI":"10.1109\/LCNW.2012.6424088"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Raza, S., Trabalza, D., and Voigt, T. (2012, January 16\u201318). 6LoWPAN Compressed DTLS for CoAP. Proceedings of the 2012 IEEE 8th International Conference on Distributed Computing in Sensor Systems, Hangzhou, China.","DOI":"10.1109\/DCOSS.2012.55"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Restuccia, G., Tschofenig, H., and Baccelli, E. (2020, January 1\u20133). Low-Power IoT Communication Security: On the Performance of DTLS and TLS 1.3. Proceedings of the 2020 9th IFIP International Conference on Performance Evaluation and Modeling in Wireless Networks (PEMWN), Berlin, Germany.","DOI":"10.23919\/PEMWN50727.2020.9293085"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Caminati, G., Kiade, S., D\u2019Angelo, G., Ferretti, S., and Ghini, V. (2020, January 10\u201313). Fast Session Resumption in DTLS for Mobile Communications. Proceedings of the 2020 IEEE 17th Annual Consumer Communications Networking Conference (CCNC), Las Vegas, NV, USA.","DOI":"10.1109\/CCNC46108.2020.9045119"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"100333","DOI":"10.1016\/j.iot.2020.100333","article-title":"Evaluating the performance of the OSCORE security protocol in constrained IoT environments","volume":"13","author":"Gunnarsson","year":"2021","journal-title":"Internet Things"},{"key":"ref_35","unstructured":"Santesson, S., and Tschofenig, H. (2021, August 09). Transport Layer Security (TLS) Cached Information Extension. Available online: https:\/\/rfc-editor.org\/rfc\/rfc7924.txt."},{"key":"ref_36","unstructured":"Wouters, P., Tschofenig, H., Gilmore, J., Weiler, S., and Kivinen, T. (2021, August 09). Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). Available online: https:\/\/rfc-editor.org\/rfc\/rfc7250.txt."},{"key":"ref_37","unstructured":"Rescorla, E., and Barnes, H.T. (2021, August 09). Compact TLS 1.3 (IETF Draft). Available online: https:\/\/datatracker.ietf.org\/doc\/draft-rescorla-tls-ctls\/."},{"key":"ref_38","unstructured":"NIST (2021, August 09). Lightweight Cryptography, Available online: https:\/\/csrc.nist.gov\/projects\/lightweight-cryptography."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Hall-Andersen, M., Wong, D., Sullivan, N., and Chator, A. (2018, January 4). NQUIC: Noise-Based QUIC Packet Protection. Proceedings of the Workshop on the Evolution, Performance, and Interoperability of QUIC\u2014EPIQ\u201918, Heraklion, Greece.","DOI":"10.1145\/3284850.3284854"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/19\/6524\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T07:07:36Z","timestamp":1760166456000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/19\/6524"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,9,29]]},"references-count":39,"journal-issue":{"issue":"19","published-online":{"date-parts":[[2021,10]]}},"alternative-id":["s21196524"],"URL":"https:\/\/doi.org\/10.3390\/s21196524","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,9,29]]}}}