[dtn-security] hop-by-hop authentication

Shoaib Malik <shoaibmalik1981@gmail.com> Fri, 04 February 2011 11:26 UTC

Received: from mail-fx0-f41.google.com (mail-fx0-f41.google.com []) by maillists.intel-research.net (8.13.8/8.13.8) with ESMTP id p14BQUs9027413; Fri, 4 Feb 2011 03:26:30 -0800
Received: by fxm12 with SMTP id 12so2207786fxm.28 for <multiple recipients>; Fri, 04 Feb 2011 03:26:31 -0800 (PST)
MIME-Version: 1.0
Received: by with SMTP id z15mr7326699mur.56.1296818790917; Fri, 04 Feb 2011 03:26:30 -0800 (PST)
Received: by with HTTP; Fri, 4 Feb 2011 03:26:30 -0800 (PST)
Date: Fri, 4 Feb 2011 11:26:30 +0000
Message-ID: <AANLkTikPhS2HKOtgXYL4yE9eq=uN3kKMYc4pa47hSA9o@mail.gmail.com>
From: Shoaib Malik <shoaibmalik1981@gmail.com>
To: dtn-security@maillists.intel-research.net
Content-Type: multipart/alternative; boundary=0016364c43ed5ee7b4049b73276f
Cc: dtn-interest@maillists.intel-research.net
Subject: [dtn-security] hop-by-hop authentication
X-BeenThere: dtn-security@maillists.intel-research.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <dtn-security.maillists.intel-research.net>
List-Unsubscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=unsubscribe>
List-Archive: <http://maillists.intel-research.net/pipermail/dtn-security>
List-Post: <mailto:dtn-security@maillists.intel-research.net>
List-Help: <mailto:dtn-security-request@maillists.intel-research.net?subject=help>
List-Subscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=subscribe>
X-List-Received-Date: Fri, 04 Feb 2011 11:26:31 -0000

Hi All,
I have a question about the hop-by-hop authentication in BSP..

On each hop, the receiving node validates the integrity of bundle and
performs authentication of forwarder (source or intermediate forwarder)...
What benefits we get from this process ? What level of trust we have to
assume ? ... This security feature can only provide integrity of data and
nothing more than that ?
If a malicious node can sign the bundle and forward it, then the forwarder
can verify the integrity but, still it will forward...

In short, What are the assumptions on which BSP works ? ..

many thanks..

kind regards,