Re: [dtn-security] How do you feel about Bonjour/Avahi?

["Graham Keellings (Leonix Solutions Pte Ltd)" <Graham@LeonixSolutions.com>]

Peter Lovell wrote:
> On Thu, Jul 9, 2009, Graham Keellings (Leonix Solutions Pte Ltd)
> <Graham@leonixsolutions.com> wrote:
>
>   
>> From a security standpoint?
>>
>> How secure is it to have all of my nodes blaring "here I am, bad guys,
>> come and try to connect to me"?
>>
>> Would I be safer just using hard coded IP address?
>>
>> Thanks in advance for any opinions.
>>
>> ~graham();
>>     
>
>
> Hi Graham,
>
> it depends.
>
> Mostly it depends upon the definition you have in mind for "security".
>
> In typical discussions, security encompasses integrity, confidentiality
> and availability. Various organizations will prioritize those differently.
>
>   
Thanks very much for the swift reply, Peter. It came within ten minutes 
and I am a day late in replying :-/


I am glad that you mention "availability", because some people with whom 
I discuss the subject seem fixated on cryptography. As you mention 
later, we might  decline to use Bonjour, but are still broadcasting our 
presence. That leaves each node open to conventional DOS attacks, but 
some people seem to see that as not a part of DTN, just some standard 
let someone else take care of it, IP" issue.

> Many commercial transactions will place integrity uppermost, although
> those containing sensitive personally-identifying data may have
> confidentiality above all. Thinking about a personal stock trade account
> as an example - my purchase instruction for a thousand shares of some
> company is not very secret but the brokerage really does want to know
> that it is accurate and came from me.
>
> If I'm the exclusive retailer for a top-selling low-priced widget, I'll
> probably tolerate some fraudulent transactions but I *really* need my
> web site to be up all the time, taking orders.
>
> If I'm part of law enforcement, I'll probably value confidentiality most
> highly (although the courts may emphasize integrity and chain-of-custody
> for evidence).
>
>   
And military? I would imagine that since lives are at stake that might 
be the defining peak of the pyramid...


> Bonjour is just a service discovery protocol, not a part of a security
> system. And it's localized so that only your neighbours know. It
> shouldn't make any difference to integrity or confidentiality as those
> should be handled by the defenses you have deployed. At a stretch, it
> might make adversaries aware of your system but if they see Bonjour
> advertisements then they're close to you already and can see your
> network traffic.
>   
An excellent point, and one which worries me. How does "standard" 
security which is not int he DTN part of the system affect the overall 
system of which DTN is only a part?


> Bonjour and static IP addresses are solutions to different problems. An
> IP address allows a system to send something to you. Bonjour allows a
> nearby system to find you if it doesn't know your address.
>   
In my idea of a "closed, secure" system, if someone does not know my IP 
address, then I don't even want him to know that I exist (al least, I 
think so ... )

> If you are sensitive about denial-of-service attacks then I would
> suggest strongly that you do not use a hard-coded IP address, but
> specify a dns address instead.
>
>   
And that gets resolved to an IP address how? If I have an ad-hoc 
network, I don't want to have a DNS server.


> Regards.....Peter
>
>
>   
Thanks, peter, despite 25+ years of telecoms s/w development, much of 
what we now discuss is strangely new to me. I am learning a lot from you.

/graham