I have an application that uses several different communication channels udp/tcp over wifi, gsm, satellite, etc. I want to add a security layer to that system by implementing the DTLS protocol. Since DTLS is agnostic to the protocol beneath it, i feel like it should be possible to implement it in a way that all channels rely on the same connection.
Let me give you an example of what I mean:
The handshake could be performed over Wifi and once the session keys are established, secured messages could also be sent over the other communication channels relying on the same session keys. (assuming the message comes from the same client)
How would one go about it?
My idea is to implement some abstraction layer for all the different communication protocols. The mbedtls_net_bind() in net_sockets.c would then bind to some “port” of that abstraction layer. And of course all the other functions in net_sockets.c would be implemented using the same abstraction layer.
Does anyone see a problem with that?
The function variables of mbedtls_net_bind() only allow for either UDP or TCP as an option for the used protocol. Could this just be ignored and handled accordingly in the function itself or would I need to make some modifications to the library? If so, where?
A different approach would be if I open a separate connection for each client and have a separate net_sockets.c implementation for each. But this will lead to higher energy consumption which I am try to avoid, so I ruled that one out.
Does this make sense or is there an easier way to do this?
It would be much appreciated if anyone was able to provide some guidance or advice regarding this approach or alternatives in any form.