Re: [dtn-security] BSP ciphersuites

Sebastian Domancich <sebasdoman@gmail.com> Thu, 18 March 2010 13:30 UTC

Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.158]) by maillists.intel-research.net (8.13.8/8.13.8) with ESMTP id o2IDUXqS021551 for <dtn-security@maillists.intel-research.net>; Thu, 18 Mar 2010 06:30:38 -0700
Received: by fg-out-1718.google.com with SMTP id 19so375758fgg.16 for <dtn-security@maillists.intel-research.net>; Thu, 18 Mar 2010 06:30:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.204.6.203 with SMTP id a11mr2521653bka.33.1268919030038; Thu, 18 Mar 2010 06:30:30 -0700 (PDT)
In-Reply-To: <8b1d0f5e1003170646w612258aclf68d723eb390c26e@mail.gmail.com>
References: <8b1d0f5e1003170646w612258aclf68d723eb390c26e@mail.gmail.com>
Date: Thu, 18 Mar 2010 14:30:30 +0100
Message-ID: <8b1d0f5e1003180630w2fa43438se67dfd68600faac0@mail.gmail.com>
From: Sebastian Domancich <sebasdoman@gmail.com>
To: dtn-security@maillists.intel-research.net
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [dtn-security] BSP ciphersuites
X-BeenThere: dtn-security@maillists.intel-research.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <dtn-security.maillists.intel-research.net>
List-Unsubscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=unsubscribe>
List-Archive: <http://maillists.intel-research.net/pipermail/dtn-security>
List-Post: <mailto:dtn-security@maillists.intel-research.net>
List-Help: <mailto:dtn-security-request@maillists.intel-research.net?subject=help>
List-Subscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=subscribe>
X-List-Received-Date: Thu, 18 Mar 2010 13:30:39 -0000

Hey! Perhaps it would help if I add some context to my previous
question about using security in DTN2.

I belong to the Bytewalla project, which aims at providing DTN
connectivity to rural areas of Africa, by means of an Android
implementation of the Bundle Protocol.  Our project would fit under
the category of "Extending the Internet: Predetermined Mobility Paths
but No Hard Schedule", according to the terminology used by N4C to
specify usage scenarios for DTN.

In January 2010 our group published an Android Implementation of the
Bundle Protocol, being interoperable with the Reference Implementation
(DTN2). Our previous work can be found here:
http://www.tslab.ssvl.kth.se/csd/projects/092106/

Right now I am working on the security aspects of the project, and our
plan is to port the security mechanisms from DTN2 to our Android
implementation to provide confidentiality and privacy to the
communication.

I was wondering if anyone with experience on sending PSB and CB
protected bundles, could point me into the right direction.

Thank you in advance for your help.

Regards,
Sebastian Domancich.

On Wed, Mar 17, 2010 at 2:46 PM, Sebastian Domancich
<sebasdoman@gmail.com> wrote:
> Dear all,
>
> I am working on security in DTN2, to send and receive security protected
> bundles. I would like to ask for a piece of help.
>
> By setting the 20-byte symmetric key, I could send and receive hop-by-hop
> integrity protected bundles, using the BAB-HMAC ciphersuite and the
> "security setkey" command.
>
> In order to use the PSB (end-to-end integrity protection) and CB
> (confidentiality) ciphersuites, I read in a previous post in this list that
> we need to manage the keys using the KeySteward class. I have used OpenSSL
> to create the RSA public-private pairs. However, I could not figure out how
> to make use of the implemented functionality. I would like to ask you:
>
> *Is there any available code snippet where we make use of the KeySteward
> class to send and receive bundles with the PSB and the CB ciphersuites?
>
> Thank you in advance for your help!
>
> Regards,
>
> Sebastian Domancich
>
> Royal Institute of Technology
>
> Helsinki University of Technology
>