Introduction

IoT is a group of objects interconnected via the Internet. The objects can vary from people to electronic gadgets. There are many wireless protocols for communication between different objects. Usually, we use HTTP as a means to communicate. Considering IoT, the objects are small and in some cases where we would need to just read the input from a sensor, HTTP becomes overkill for the task. Considering these small tasks in mind, Internet Engineering Task Force (IETF) developed a lightweight protocol called the Constrained Application Protocol (CoAP).

CoAP vs HTTP and CoAP vs MQTT

CoAP is a network-oriented protocol that is similar to HTTP with lower overhead and many more features like multicast which is not possible in HTTP. For a constrained network HTTP becomes too complex. CoAP is based on REST architecture. In CoAP we need to optimize the length of the datagram to satisfy the REST protocol. Unlike HTTP, CoAP has a request/response mechanism. This is to compensate for the unreliability of UDP.

So in simpler words, CoAP is just a compression of the HTTP protocol for a constrained network and constrained devices. CoAP redesigned some of the features to accommodate low processing and low power requirement.

Message Queue Telemetry Transport (MQTT), is a publish-subscribe protocol that facilitates one-to-many communication.MQTT is a similar protocol like CoAP used for communication. There are some differences when it comes to the features. It uses TCP for communication, unlike CoAP which uses UDP. It uses a header of 2 bytes while CoAP the header size is 4 bytes. MQTT consumes more power compared to CoAP.

Features of CoAP

Different layers of networks are governed by many protocols. TCP/IP is the main foundation for the internet. TCP and UDP are mainly employed for IoT communication. TCP is a connection-oriented protocol that makes it more complex and difficult to use on resource-constrained devices. UDP is a connectionless protocol but it is not stable. In IoT, we use UDP and combine with the application layer to improve stability. At the application layer, Since HTTP becomes overkill, we use CoAP to provide web service. The table given below summarizes different protocols in different layers and the position of CoAP.

The Constrained Application Protocol is a specialized web transfer/service protocol for lesser nodes and constrained networks. CoAP is a standard protocol to enable interaction between devices in IoT. CoAP fulfills machine to machine requirements. It helps in Asynchronous message exchanges. There is no requirement of a clock to exchange messages. CoAP has lower overhead and parsing complexity. It supports simple proxy and caching capabilities. Since it relies mainly on UDP, it supports unicast and multicast requests.

CoAP Structure Model

CoAP is an interactive model that is similar to the HTTP client/server model. It mainly consists of 2 layers. The bottom layer is designed to deal with UDP and Asynchronous Communication. The other layer ie, the request/response layer concerns the communication method and deals with request/response message.

since CoAP works like a client/server model, Let us look at how Constrained Application Protocol works from the server side and the client side.

CoAP Server and Client

The message layer supports 4 types of messages: CON (confirmable), NON (non-confirmable), ACK(Acknowledgment), RST(Reset). There are mainly 2 kinds of message transport.

A) Reliable message transport: Keep transmitting messages until ACK with the same message ID. If the recipient fails to process the message, it responds by replacing ACK with RST.

B) Unreliable message transport: Transporting with NON message. It doesn’t need to be ACKed but contains message ID for supervising in case of retransmission. It the recipient fails to process the message server replies to RST.

Security Protocol for CoAP

Security is important to protect the communication between devices. DTLS (Datagram transport layer security) is introduced here for the job. Security deals with integrity, authentication, and confidentiality. DTLS satisfies all of them. DTLS is an application layer protocol that protects end-to-end communication. So an end-to-end communication will make it difficult for an attacker to access the data. It uses TCP which is too complex. It solves problems like reordering and packet loss.

Why only DTLS?

As mentioned earlier DTLS satisfies integrity, authentication and confidentiality. It solves reordering and packet lost. It adds 3 implements as follows:

• Packet retransmission
• Assigning sequence number within handshake
• Replay detection

Conclusion

This blog describes CoAP and its features.CoAP is based on HTTP protocol and is designed for constrained resource devices. It compares HTTP and CoAP. The blog also states the advantages of using CoAP for IoT . This blog also provides a corresponding security protocol DTLS.