Re: [dtn-security] hop-by-hop authentication
"Scott, Keith L." <kscott@mitre.org> Fri, 04 February 2011 13:23 UTC
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by maillists.intel-research.net (8.13.8/8.13.8) with ESMTP id p14DNQQK008770; Fri, 4 Feb 2011 05:23:26 -0800
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 0B8A921B0334; Fri, 4 Feb 2011 08:23:28 -0500 (EST)
Received: from imchub2.MITRE.ORG (imchub2.mitre.org [129.83.29.74]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 00ECA21B032B; Fri, 4 Feb 2011 08:23:28 -0500 (EST)
Received: from IMCMBX2.MITRE.ORG ([129.83.29.209]) by imchub2.MITRE.ORG ([129.83.29.74]) with mapi; Fri, 4 Feb 2011 08:23:28 -0500
From: "Scott, Keith L." <kscott@mitre.org>
To: Shoaib Malik <shoaibmalik1981@gmail.com>, "dtn-security@maillists.intel-research.net" <dtn-security@maillists.intel-research.net>
Date: Fri, 04 Feb 2011 08:23:25 -0500
Thread-Topic: [dtn-security] hop-by-hop authentication
Thread-Index: AcvEXnWrcJ7S3YnCRbaGxuptySQBSwADs6uw
Message-ID: <0111C34BD897FD41841D60396F2AD3D307A7CF35F6@IMCMBX2.MITRE.ORG>
References: <AANLkTikPhS2HKOtgXYL4yE9eq=uN3kKMYc4pa47hSA9o@mail.gmail.com>
In-Reply-To: <AANLkTikPhS2HKOtgXYL4yE9eq=uN3kKMYc4pa47hSA9o@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_00B8_01CBC444.CB46DBF0"
MIME-Version: 1.0
Cc: "dtn-interest@maillists.intel-research.net" <dtn-interest@maillists.intel-research.net>
Subject: Re: [dtn-security] hop-by-hop authentication
X-BeenThere: dtn-security@maillists.intel-research.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <dtn-security.maillists.intel-research.net>
List-Unsubscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=unsubscribe>
List-Archive: <http://maillists.intel-research.net/pipermail/dtn-security>
List-Post: <mailto:dtn-security@maillists.intel-research.net>
List-Help: <mailto:dtn-security-request@maillists.intel-research.net?subject=help>
List-Subscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=subscribe>
X-List-Received-Date: Fri, 04 Feb 2011 13:23:26 -0000
The hop-by-hop authentication is designed to keep 'bogus' traffic out of the network by providing a mechanism to prevent un-authenticated sources from injecting it. Hop-by-hop security assumes that the appropriate keys and policy are in the network. You're right in that *if* a malicious node can forge a signature for a bundle and inject it into the network, then after the first hop there's nothing in the BAB machinery to restrict that bundle's movement (though other security policies that use non-single-hop mechanisms like the payload security block might be in place). The notion was that some networks may have very constrained, expensive, or critical links and that it would be desirable to deter someone who could connect to the network from being able to inject traffic that would cross those links, consuming resources. End-to-end security like IPSec doesn't do this, e.g., because the traffic isn't thrown away until the destination (after it's consumed resources on the critical link(s)). --keith From: dtn-security-bounces@maillists.intel-research.net [mailto:dtn-security-bounces@maillists.intel-research.net] On Behalf Of Shoaib Malik Sent: Friday, February 04, 2011 6:27 AM To: dtn-security@maillists.intel-research.net Cc: dtn-interest@maillists.intel-research.net Subject: [dtn-security] hop-by-hop authentication Hi All, I have a question about the hop-by-hop authentication in BSP.. On each hop, the receiving node validates the integrity of bundle and performs authentication of forwarder (source or intermediate forwarder)... What benefits we get from this process ? What level of trust we have to assume ? ... This security feature can only provide integrity of data and nothing more than that ? If a malicious node can sign the bundle and forward it, then the forwarder can verify the integrity but, still it will forward... In short, What are the assumptions on which BSP works ? .. many thanks.. kind regards, Shoaib
- [dtn-security] hop-by-hop authentication Shoaib Malik
- Re: [dtn-security] hop-by-hop authentication Scott, Keith L.