Re: [dtn-security] Is there a "secure" reference implementation of the DTN stack?

"Graham Keellings (Leonix Solutions Pte Ltd)" <Graham@LeonixSolutions.com> Sun, 28 June 2009 06:26 UTC

Received: from sky.fastbighost.net (sky.fastbighost.net [76.76.22.153]) by maillists.intel-research.net (8.13.8/8.13.8) with ESMTP id n5S6QmV3019614 for <dtn-security@maillists.intel-research.net>; Sat, 27 Jun 2009 23:26:48 -0700
Received: from dyn98-b60-access.superdsl.com.sg ([202.73.60.98] helo=[192.9.200.138]) by sky.fastbighost.net with esmtpa (Exim 4.69) (envelope-from <Graham@LeonixSolutions.com>) id 1MKnp5-0005El-G4; Sun, 28 Jun 2009 02:25:08 -0400
Message-ID: <4A470CD7.4010502@LeonixSolutions.com>
Date: Sun, 28 Jun 2009 14:25:27 +0800
From: "Graham Keellings (Leonix Solutions Pte Ltd)" <Graham@LeonixSolutions.com>
Organization: Leonix Solutions Pte Ltd
User-Agent: Thunderbird 2.0.0.21 (X11/20090409)
MIME-Version: 1.0
To: Peter Lovell <plovell@mac.com>
References: <89E48AE60E64EF4E8EB32B0B7EC74920A1B0F5@EVS-EC1-NODE2.surrey.ac.uk> <4A12195A.6000207@LeonixSolutions.com> <3A5AA67A8B120B48825BFFCF5443856137E0B06196@NDJSSCC03.ndc.nasa.gov> <4A1DD73F.50000@bbn.com> <023601c9df2a$694fd5b0$3bef8110$@com> <4A2DF7FD.5020104@LeonixSolutions.com> <3A5AA67A8B120B48825BFFCF5443856137E3553C4B@NDJSSCC03.ndc.nasa.gov> <029d01c9e925$1e354880$5a9fd980$@com> <4A46C257.3040006@LeonixSolutions.com> <20090628050243.1566215671@smtp.mac.com> <4A46FBB2.3080205@LeonixSolutions.com> <20090628052255.640550503@smtp.mac.com>
In-Reply-To: <20090628052255.640550503@smtp.mac.com>
Content-Type: multipart/mixed; boundary="------------040502040607010203000007"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - sky.fastbighost.net
X-AntiAbuse: Original Domain - maillists.intel-research.net
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - LeonixSolutions.com
X-Source:
X-Source-Args:
X-Source-Dir:
Cc: dtn-security@maillists.intel-research.net
Subject: Re: [dtn-security] Is there a "secure" reference implementation of the DTN stack?
X-BeenThere: dtn-security@maillists.intel-research.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <dtn-security.maillists.intel-research.net>
List-Unsubscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=unsubscribe>
List-Archive: <http://maillists.intel-research.net/pipermail/dtn-security>
List-Post: <mailto:dtn-security@maillists.intel-research.net>
List-Help: <mailto:dtn-security-request@maillists.intel-research.net?subject=help>
List-Subscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=subscribe>
X-List-Received-Date: Sun, 28 Jun 2009 06:26:48 -0000

That;'s the problem - I am not a security expert?

I guess encryption would be provided by the application which uses DTN?

What about add a MAC (or HMAC) for the link established stuff (or even 
every bundle)?

How to denying man in the middle attacks or spoofed bundles, DOS at the 
network layer by injecting many fake packets? That sort of thing ...

Thanks again for your help, Peter.



Peter Lovell wrote:
> Hi Graham,
>
>   
>>  there is an agreed upon standard "reference implementation" of DTN 2.6
>> and Oasys 1.3, but  it lacks security features.
>>     
>
> what security features do you find missing? The RI is not a turnkey
> solution but more of a "reference framework".
>
> I'm trying to help but am unsure of what's lacking.
>
> Regards.....Peter
>
>
>
> On Sun, Jun 28, 2009, Graham Keellings (Leonix Solutions Pte Ltd)
> <Graham@LeonixSolutions.com> wrote:
>
>   
>> hi, Peter,
>>
>>  there is an agreed upon standard "reference implementation" of DTN 2.6
>> and Oasys 1.3, but  it lacks security features.
>>
>> Now, let us say that someone wants a "secure" implementation - but
>> doesn't care about the details of "secure", just that it is generally
>> agreed to be "secure" (or (much) more so than the standard
>> implementation. Is there a reference build for that which can be downloaded?
>>
>> My guess is that everyone's perception of "secure" differs and that even
>> for one person it is a matter of trade-offs, but I just though that I
>> would  ask if there is some consensus on what it means for DTN to be
>> "secure".
>>
>> Thanks very much for taking the time to reply.
>>
>> With best wishes,
>>
>> Graham
>>
>>
>> Peter Lovell wrote:
>>     
>>> On Sun, Jun 28, 2009, Graham Keellings (Leonix Solutions Pte Ltd)
>>> <Graham@leonixsolutions.com> wrote:
>>>
>>>
>>>       
>>>> Is there a "secure" reference implementation of the DTN stack available
>>>> for download? Is there even agreement of what a "secure" implementation
>>>> should be, or is it all a question of trade-offs?
>>>>
>>>> Thanks in advance for any help.
>>>>
>>>> Graham
>>>>
>>>>         
>>> Hi Graham,
>>>
>>> I'm not sure what you're expecting when you refer to a "secure"
>>> reference implementation. Do you mean one with the security protocols,
>>> or one that had been hardened, or one that has been certified by some
>>> organization or other?
>>>
>>> If you can give a little more context we can help fill in what you need.
>>>
>>> Cheers.....Peter
>>>
>>>
>>>
>>>       
>> --
>> Technical Director
>> Leonix Solutions (Pte) Ltd
>> 18 Boon Lay Way
>> #09-95 TradeHub 21
>> Singapore 609966
>> Telephone:+65 6316 9968
>> Fax: +65 6316 9208
>>
>>     
>
>
>
>   


-- 
Technical Director
Leonix Solutions (Pte) Ltd
18 Boon Lay Way
#09-95 TradeHub 21
Singapore 609966
Telephone:+65 6316 9968
Fax: +65 6316 9208