Re: [dtn-security] hop-by-hop authentication

"Scott, Keith L." <> Fri, 04 February 2011 13:23 UTC

Received: from ( []) by (8.13.8/8.13.8) with ESMTP id p14DNQQK008770; Fri, 4 Feb 2011 05:23:26 -0800
Received: from (localhost.localdomain []) by localhost (Postfix) with SMTP id 0B8A921B0334; Fri, 4 Feb 2011 08:23:28 -0500 (EST)
Received: from imchub2.MITRE.ORG ( []) by (Postfix) with ESMTP id 00ECA21B032B; Fri, 4 Feb 2011 08:23:28 -0500 (EST)
Received: from IMCMBX2.MITRE.ORG ([]) by imchub2.MITRE.ORG ([]) with mapi; Fri, 4 Feb 2011 08:23:28 -0500
From: "Scott, Keith L." <>
To: Shoaib Malik <>, "" <>
Date: Fri, 4 Feb 2011 08:23:25 -0500
Thread-Topic: [dtn-security] hop-by-hop authentication
Thread-Index: AcvEXnWrcJ7S3YnCRbaGxuptySQBSwADs6uw
Message-ID: <0111C34BD897FD41841D60396F2AD3D307A7CF35F6@IMCMBX2.MITRE.ORG>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
acceptlanguage: en-US
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_00B8_01CBC444.CB46DBF0"
MIME-Version: 1.0
Cc: "" <>
Subject: Re: [dtn-security] hop-by-hop authentication
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 04 Feb 2011 13:23:26 -0000

The hop-by-hop authentication is designed to keep 'bogus' traffic out of the
network by providing a mechanism to prevent un-authenticated sources from
injecting it.  Hop-by-hop security assumes that the appropriate keys and
policy are in the network.  You're right in that *if* a malicious node can
forge a signature for a bundle and inject it into the network, then after
the first hop there's nothing in the BAB machinery to restrict that bundle's
movement (though other security policies that use non-single-hop mechanisms
like the payload security block might be in place).


The notion was that some networks may have very constrained, expensive, or
critical links and that it would be desirable to deter someone who could
connect to the network from being able to inject traffic that would cross
those links, consuming resources.  End-to-end security like IPSec doesn't do
this, e.g., because the traffic isn't thrown away until the destination
(after it's consumed resources on the critical link(s)).




[] On Behalf Of
Shoaib Malik
Sent: Friday, February 04, 2011 6:27 AM
Subject: [dtn-security] hop-by-hop authentication


Hi All, 

I have a question about the hop-by-hop authentication in BSP.. 


On each hop, the receiving node validates the integrity of bundle and
performs authentication of forwarder (source or intermediate forwarder)...
What benefits we get from this process ? What level of trust we have to
assume ? ... This security feature can only provide integrity of data and
nothing more than that ? 

If a malicious node can sign the bundle and forward it, then the forwarder
can verify the integrity but, still it will forward... 


In short, What are the assumptions on which BSP works ? .. 


many thanks.. 


kind regards,