Re: [dtn-security] Bundle Authentication Block interoperability

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 08 December 2009 16:49 UTC

Received: from TX2EHSOBE006.bigfish.com (tx2ehsobe003.messaging.microsoft.com [65.55.88.13]) by maillists.intel-research.net (8.13.8/8.13.8) with ESMTP id nB8GnXkN009640 for <dtn-security@maillists.intel-research.net>; Tue, 8 Dec 2009 08:49:33 -0800
Received: from mail40-tx2-R.bigfish.com (10.9.14.247) by TX2EHSOBE006.bigfish.com (10.9.40.26) with Microsoft SMTP Server id 8.1.340.0; Tue, 8 Dec 2009 16:49:34 +0000
Received: from mail40-tx2 (localhost.localdomain [127.0.0.1]) by mail40-tx2-R.bigfish.com (Postfix) with ESMTP id 7810AE28485; Tue, 8 Dec 2009 16:49:33 +0000 (UTC)
X-SpamScore: -30
X-BigFish: VPS-30(zz542N1432R98dN9371Pzz1202hzzz2dh6bh87h61h)
X-Spam-TCS-SCL: 0:0
X-FB-DOMAIN-IP-MATCH: fail
Received: from mail40-tx2 (localhost.localdomain [127.0.0.1]) by mail40-tx2 (MessageSwitch) id 1260290971738389_9019; Tue, 8 Dec 2009 16:49:31 +0000 (UTC)
Received: from TX2EHSMHS009.bigfish.com (unknown [10.9.14.250]) by mail40-tx2.bigfish.com (Postfix) with ESMTP id 14EA55C0175; Tue, 8 Dec 2009 16:49:30 +0000 (UTC)
Received: from imx2.tcd.ie (134.226.1.156) by TX2EHSMHS009.bigfish.com (10.9.99.109) with Microsoft SMTP Server id 14.0.482.32; Tue, 8 Dec 2009 16:49:27 +0000
Received: from Vams.imx2 (imx2.tcd.ie [134.226.1.156]) by imx2.tcd.ie (Postfix) with SMTP id 2871F68008; Tue, 8 Dec 2009 16:49:27 +0000 (GMT)
Received: from imx2.tcd.ie ([134.226.1.156]) by imx2.tcd.ie ([134.226.1.156]) with SMTP (gateway) id A064F524B4B; Tue, 08 Dec 2009 16:49:27 +0000
Received: from [134.226.36.180] (sfarrell.dsg.cs.tcd.ie [134.226.36.180]) by imx2.tcd.ie (Postfix) with ESMTP id 1449E68009; Tue, 8 Dec 2009 16:49:27 +0000 (GMT)
Message-ID: <4B1E83A0.6070205@cs.tcd.ie>
Date: Tue, 8 Dec 2009 16:49:36 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Thunderbird 2.0.0.23 (X11/20090812)
MIME-Version: 1.0
To: "Ivancic, William D. (GRC-RHN0)" <william.d.ivancic@nasa.gov>
References: <3A5AA67A8B120B48825BFFCF54438561945FE46FA3@NDJSSCC03.ndc.nasa.gov> <3A5AA67A8B120B48825BFFCF54438561945FE47367@NDJSSCC03.ndc.nasa.gov>
In-Reply-To: <3A5AA67A8B120B48825BFFCF54438561945FE47367@NDJSSCC03.ndc.nasa.gov>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-AntiVirus-Status: MessageID = A164F524B4B
X-AntiVirus-Status: Host: imx2.tcd.ie
X-AntiVirus-Status: Action Taken:
X-AntiVirus-Status: NONE
X-AntiVirus-Status: Checked by TCD Vexira. (version=1.60.2 VDF=10.115.3)
X-Reverse-DNS: imx2.tcd.ie
Cc: "dtn-security@maillists.intel-research.net" <dtn-security@maillists.intel-research.net>
Subject: Re: [dtn-security] Bundle Authentication Block interoperability
X-BeenThere: dtn-security@maillists.intel-research.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <dtn-security.maillists.intel-research.net>
List-Unsubscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=unsubscribe>
List-Archive: <http://maillists.intel-research.net/pipermail/dtn-security>
List-Post: <mailto:dtn-security@maillists.intel-research.net>
List-Help: <mailto:dtn-security-request@maillists.intel-research.net?subject=help>
List-Subscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2009 16:49:33 -0000

Ivancic, William D. (GRC-RHN0) wrote:
> We discovered our problem.
> 
> DTN2 uses a 40 character hex string. ION key file should contain a 20 byte ASCII key, not the hex equivalent of that as DTN2 expects. Thus, one can hexdump the 20 byte ION key file and use the hex value of that key in the DTN2 config.
> 
> Still interested to know if anyone has run BAB interoperability with various DTN builds.

Not that I know of. I've an MSc student planning to do something
on this next spring/summer, so would be interested in knowing
of interop holes that are worth filling in then.

Good to get the basic ION/DTN2 BAB stuff done though. Well done.

S.

> 
> 
> --Will
> 
> 
>> -----Original Message-----
>> From: dtn-security-bounces@maillists.intel-research.net [mailto:dtn-
>> security-bounces@maillists.intel-research.net] On Behalf Of Ivancic,
>> William D. (GRC-RHN0)
>> Sent: Monday, December 07, 2009 2:24 PM
>> To: dtn-security@maillists.intel-research.net
>> Subject: [dtn-security] Bundle Authentication Block interoperability
>>
>> We have been running DTN-2 and ION interoperability tests for BAB up to
>> 64 Kbyte blocks using "dtn" naming.
>>
>> We have run into a problem in that it appears to be in the Hash
>> algorithm or implementation.
>>
>> DTN2 code is using the OpenSSL HMAC functions.
>>
>> According to Scott Burleigh, "The ION code's SHA1 implementation is
>> taken from git, which seems to be using the SHA 180-1 Reference
>> Implementation (Compact Version) developed by Paul Kocher.  The HMAC
>> implementation was written by Bill Van Biesen from RFC 2104 and
>> validated with NIST test vectors."
>>
>> I was wondering if any other DTN bundling implementations have
>> implemented BAB and tested it with other DTN bundling implementations?
>> (i.e. Spindle III, Symbian, JAVA implementations, etc...).
>>
>>
>> Will
> 
> _______________________________________________
> dtn-security mailing list
> dtn-security@maillists.intel-research.net
> http://maillists.intel-research.net/mailman/listinfo/dtn-security
>