LwM2M 1.1 configuring server and client security credentials

[Bharat0796]

Question

Hi i want to capture the pcap of lwm2m 1.1 client server packet exchange(mainly i want to know how security is handled in OSCORE) using wire shark for that i wanted to know how to configure the client side and server side , my setup is basically i have connected two systems to same network one act as server and another as client, i am new to this.... anyone's help would be much appreciated !!

[jvermillard]

run wireshark on the server or client machine and capture the whole traffic but filter by port (5683 or 5684)

[Bharat0796]

i am unable to find the config file can you please help me where i can configure(which file) the server ip on both server and client side and want to use security as psk and also configure oscore security credentials such as master secret , sender id , receipient id etc

[sbernard31]

i am unable to find the config file

Which file are you talking about ? 🤔

want to use security as psk and also configure oscore security credentials such as master secret , sender id , receipient id etc

In Leshan, OSCORE can not be used with DTLS (and so PSK) for now. (not implemented)

⚠️ Currently, OSCORE feature in Leshan is very experimental and unfortunately not in a really active state (#725 (comment))
You should be able to exchange some data but you will quickly face blocking issue. It MUST NOT be used in production.

More details at :

• OSCORE fallback use cases #1257

• OSCORE Context lifetime. #1230

• OSCORE Californium API/behavior changes. #1231

[Bharat0796]

So now i am using OSCORE without DTLS security but why it is failing to register,
from client side i am getting "Registration failed: UNAUTHORIZED(401) Security context not found"
and server side "Error while receiving OSCore request: Security context not found"
what is thing i am missing i am not able to figure out?

server side terminal

client side arguments i am passing

server side security configuration

[sbernard31]

I will try to reproduce this.

Please 🙏, avoid to use screenshot to share textual information like console output :

• this can not be copy/paste ...
• this use more space for same kind of information ...

[sbernard31]

1. You forgot to reverse Sender ID and Recipient ID

See : https://datatracker.ietf.org/doc/html/rfc8613#section-3.1

             .---------------------.   .---------------------.
             |    Common Context   | = |    Common Context   |
             +---------------------+   +---------------------+
             |    Sender Context   | = |  Recipient Context  |
             +---------------------+   +---------------------+
             |  Recipient Context  | = |    Sender Context   |
             '---------------------'   '---------------------'
                      Client                   Server

I know this is unintuitive.... I don't know what we could do to make this less missleading.
Maybe :

• Adding some text in server demo UI and/or client CLI help 🤷 ?
• OR change UI field name with Client Recipient ID and Client Sender ID ?
  (@rikard-sics any opinion on this ?)

So you should rather use :

java -jar leshan-client-demo.jar -sid CC -msec BBBB -rid AA

2. your device and your server config doesn't use same endpoint ...

It seems that you create a config for LeshanDemoClient at Server side...
AND
your device use N-INB-BBS endpoint name..

So,

• either create config for right N-INB-BBS at server side
• or you launch your client with : java -jar leshan-client-demo.jar -n LeshanDemoClient -sid CC -msec BBBB -rid AA

[Bharat0796]

Hi i resolved that by myself by trial and error method, actually i was reversed the sender id and recipient id only, now i am able to register to the network as well as i am able to see oscore data encryption in the wire shark.. anyways thank you soo much for your support.... peace ✌:)