There is an increased use of wireless control networks in city infrastructure, environmental monitoring, industrial automation, and building management systems.  These wireless control networks comprise many electronic devices, sensors and actuators that are connected to each other, and in most cases Internet connected, thus creating a trend towards Internet of Things (IoT). The CoRE working group has defined a framework for resource-oriented applications intended to run on constrained nodes and networks. This connects devices which are constrained by power, limited amount of code size and memory in a network with severe limits on throughput. The Constrained Application Protocol (CoAP) can be used to manipulate resources on a device in these environments secured by Datagram Transport Layer Security (DTLS).

Over the past few years, there have been many efforts to implement DTLS on embedded systems in order to support Internet of Things (IoT) applications. In fact, Transport Layer    Security (TLS) and its datagram variant were both invented for use in the Internet-based web applications, and implementers face many challenges to deploy (D)TLS on IoT devices that are limited in memory resources (RAM, Flash), CPU and power. In particular, (D)TLS supports a wide range of security features and functionalities, some of these features are not necessarily required for IoT applications. One of the goals of DICE working group is to document the immediate problems that hinder the deployment of DTLS on embedded systems and proposes a DTLS profile for CoAP-based IoT applications based on well understood application use cases.

Group communication is an important feature in IoT applications as it can be effectively used to convey messages to a group of devices without requiring the sender to perform multiple time- and energy-consuming unicast transmissions, one for each group member.  For example, in a building control management system, Heating, Ventilation and Air-Conditioning (HVAC) and lighting devices can be grouped according to the layout of the building, and control commands can be issued to a group of devices.  Unsecured group communication for CNNs is enabled by using CoAP on top of IP-multicast. However, it must be secured as it is vulnerable to the usual attacks (eavesdropping, tampering, message forgery, replay, etc).  DTLS has been chosen by CoRE to protect CoAP unicast communications, and it would be beneficial if the same security protocol, i.e., DTLS Record Layer can be used to protect CoAP group communication as well without changing the existing DTLS state machine. The goal of the DICE working group is to ensure that DTLS is the obvious choice for protecting CoAP and other UDP based protocols for the Internet of Things. Key management of group keys is however out of scope of this working group.
The current design of DTLS leads to fragmentation of DTLS handshake messages over the wireless link, in particular when Raw Public-key and Certificate modes are used. From the various implementation experiences reported in the LWIG working group, the complexity of re-transmission and re-ordering of DTLS handshake messages in constrained networks has resulted in a significantly increased code size and RAM. Additional reliability mechanisms for transporting DTLS handshake messages are required as they will ensure that handling of re-ordered messages needs to be done only once in a single place in the stack. This working group may also look at alternative TLS transports in cooperation with the TLS WG.
This WG combines expertise from both the IETF Application and Security areas in order to work out the appropriate use of DTLS for the Internet of Things. DICE will work closely with LWIG to understand the complexity and overhead issues of DTLS, and to investigate the performance issues of the DTLS handshake. Cooperation with the TLS WG will be necessary for all activities in DICE.

The scope of this WG is to define the following:

	• Document the problems with the DTLS handshake for IoT, and define a suitable profile of DTLS for an IoT architecture and use case that minimizes the complexity and overhead of DTLS for constrained devices. The set of DTLS extensions and modes to be supported will be defined.
    
	• Define the reuse of DTLS Record Layer for secure CoAP group communication in combination with a (out-of-band delivered) group key for select cipher suites. The DTLS state machine should not be modified/altered and key management is outside the scope.