Re: [dtn-security] hop-by-hop authentication

"Scott, Keith L." <kscott@mitre.org> Fri, 04 February 2011 13:23 UTC

From: "Scott, Keith L." <kscott@mitre.org>
To: Shoaib Malik <shoaibmalik1981@gmail.com>, "dtn-security@maillists.intel-research.net" <dtn-security@maillists.intel-research.net>
Date: Fri, 04 Feb 2011 08:23:25 -0500
Thread-Topic: [dtn-security] hop-by-hop authentication
Thread-Index: AcvEXnWrcJ7S3YnCRbaGxuptySQBSwADs6uw
Message-ID: <0111C34BD897FD41841D60396F2AD3D307A7CF35F6@IMCMBX2.MITRE.ORG>
References: <AANLkTikPhS2HKOtgXYL4yE9eq=uN3kKMYc4pa47hSA9o@mail.gmail.com>
In-Reply-To: <AANLkTikPhS2HKOtgXYL4yE9eq=uN3kKMYc4pa47hSA9o@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_00B8_01CBC444.CB46DBF0"
MIME-Version: 1.0
Cc: "dtn-interest@maillists.intel-research.net" <dtn-interest@maillists.intel-research.net>
Subject: Re: [dtn-security] hop-by-hop authentication
Precedence: list

The hop-by-hop authentication is designed to keep 'bogus' traffic out of the
network by providing a mechanism to prevent un-authenticated sources from
injecting it.  Hop-by-hop security assumes that the appropriate keys and
policy are in the network.  You're right in that *if* a malicious node can
forge a signature for a bundle and inject it into the network, then after
the first hop there's nothing in the BAB machinery to restrict that bundle's
movement (though other security policies that use non-single-hop mechanisms
like the payload security block might be in place).

 

The notion was that some networks may have very constrained, expensive, or
critical links and that it would be desirable to deter someone who could
connect to the network from being able to inject traffic that would cross
those links, consuming resources.  End-to-end security like IPSec doesn't do
this, e.g., because the traffic isn't thrown away until the destination
(after it's consumed resources on the critical link(s)).

 

                                --keith

 

From: dtn-security-bounces@maillists.intel-research.net
[mailto:dtn-security-bounces@maillists.intel-research.net] On Behalf Of
Shoaib Malik
Sent: Friday, February 04, 2011 6:27 AM
To: dtn-security@maillists.intel-research.net
Cc: dtn-interest@maillists.intel-research.net
Subject: [dtn-security] hop-by-hop authentication

 

Hi All, 

I have a question about the hop-by-hop authentication in BSP.. 

 

On each hop, the receiving node validates the integrity of bundle and
performs authentication of forwarder (source or intermediate forwarder)...
What benefits we get from this process ? What level of trust we have to
assume ? ... This security feature can only provide integrity of data and
nothing more than that ? 

If a malicious node can sign the bundle and forward it, then the forwarder
can verify the integrity but, still it will forward... 

 

In short, What are the assumptions on which BSP works ? .. 

 

many thanks.. 

 

kind regards,

Shoaib

Attachment: smime.p7s

[dtn-security] hop-by-hop authentication Shoaib Malik
Re: [dtn-security] hop-by-hop authentication Scott, Keith L.

Re: [dtn-security] hop-by-hop authentication

Attachment: smime.p7s