DTN Security Update Stephen Farrell, Trinity College Dublin Susan Symmington, The MITRE Corp. Howard Weiss, Sparta Inc. IETF-65 Dallas March 2006.

Slides:



Advertisements
Similar presentations
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Advertisements

Secure Mobile IP Communication
Internet Security CSCE 813 IPsec
Linear Confidential Linear Technology Response to RFP – ETSI TC ERM Request for Changes.
© 2004 The MITRE Corporation. All rights reserved DTN Security Susan Symington March 2005 IETF DTN meeting.
Session Announcement Protocol Colin Perkins University College London.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
IPv6 Header & Extensions Joe Zhao SW2 Great China R&D Center ZyXEL Communications, Inc.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Cryptography and Network Security
THE USE OF IP ESP TO PROVIDE A MIX OF SECURITY SERVICES IN IP DATAGRAM SREEJITH SREEDHARAN CS843 PROJECT PRESENTATION 04/28/03.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Brett Neely IP Next Generation. To boldly go where no network has gone before...
CSCE 715: Network Systems Security
IEEE MEDIA INDEPENDENT HANDOVER DCN: MuGM Title: TGd Message Signing Proposal Date Submitted: Presented at IEEE d session.
July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna
IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
1 AERO Algorithm Overview October 2013 San Antonio, Texas USA Howard Weiss NASA/JPL/PARSONS* Identity crisis: Formerly SPARTA Formerly Cobham Formerly.
P2P Streaming Protocol (PPSP) Requirements draft-zong-ppsp-reqs-03.
Rfc4474bis-01 IETF 90 (Toronto) STIR WG Jon. First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed,
1 IETF 88 (Vancouver) November 6, 2013 Cullen Jennings V3.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Network Address Translation for IPv4 Routing And Switching.
ROLL RPL Security IETF 77 status
Chapter 8 IP Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Encapsulated Security Payload Header ● RFC 2406 ● Services – Confidentiality ● Plus – Connectionless integrity – Data origin authentication – Replay protection.
Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61
Overview of draft–16 for MIPv6 MIPv6 Design Team March 19 th, 2002.
End-to-middle Security in SIP draft-ono-sipping-end2middle-security-04 Kumiko Ono IETF62.
Authentication Header ● RFC 2402 ● Services – Connectionless integrity – Data origin authentication – Replay protection – As much header authentication.
The Integration of the Bundle Security Protocol Features into DTN2 Walter J. Scheirer and Prof. Mooi Choo Chuah Department of Computer Science and Engineering.
1 draft-sidr-bgpsec-protocol-05 Open Issues. 2 Overview I received many helpful reviews: Thanks Rob, Sandy, Sean, Randy, and Wes Most issues are minor.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
Chapter 7 – Confidentiality Using Symmetric Encryption.
IPSec  general IP Security mechanisms  provides  authentication  confidentiality  key management  Applications include Secure connectivity over.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Layer Security Network Systems Security Mort Anvari.
Doc.: IEEE Submission Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Additional Comments.
K. Salah1 Security Protocols in the Internet IPSec.
Information Model for LMAP draft-ietf-lmap-information-model-02 (and beyond!) IETF Interim, Dublin, September 2014 Trevor Burbridge, BT 1.
Information Model for LMAP draft-ietf-lmap-information-model-03 and proposed changes for 04 IETF Interim, 12 th February 2015 Trevor Burbridge, BT 1.
IETF-73 DTNRG Chairs: Kevin Fall/Stephen Farrell
GSMPv3 Packet Capable Switch Support 56th IETF GSMP WG, San Francisco Kenneth Sundell
第六章 IP 安全. Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
“Streamlined” Bundle Security Protocol Edward Birrane
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
NACK-Oriented Reliable Multicast (NORM) Update
Updated SBSP draft-birrane-dtn-sbsp-01.txt Edward Birrane
Next Generation: Internet Protocol, Version 6 (IPv6) RFC 2460
Bundle Protocol Specification
DTN Reference Implementation Update
Cryptography and Network Security
Guide to TCP/IP Fourth Edition
IETF 101 (London) STIR WG Mar2018
Update on draft-ietf-bess-mvpn-expl-track A. Dolganow J. Kotalwar E
Updates to Draft Specification for DTN TCPCLv4
BPSEC Updates Edward Birrane
draft-ietf-dtn-bpsec-06
BPSec: AD Review Comments and Responses
Interoperabilty Cipher Suites
Cryptography and Network Security
Presentation transcript:

DTN Security Update Stephen Farrell, Trinity College Dublin Susan Symmington, The MITRE Corp. Howard Weiss, Sparta Inc. IETF-65 Dallas March 2006

Document status DTN Security Overview –draft-irtf-dtnrg-sec-overview-01 Won’t cover today unless… Bundle Security Protocol Specification –draft-irtf-dtnrg-bundle-security-01 Comments to or to dtn- (usual subscription

Bundle security changes Aligned terminology with Bundle Protocol spec. Allow security headers to follow the payload, so nodes with small buffers can validate the security results in large bundles –Add a new field to the headers to correlate front/rear pairs –Ciphersuite ID is in front header; security result in rear Increased the # bits for indicating the ciphersuite Accommodated and use SDNVs Removed the discussion of bundle service API primitives and parameters (as in Bundle spec.)

Bundle security (quickly) Header types (BAH, PSH, CH = 2,3,4) and mandated use of canonical bundle header format Canonicalization for putting bundles with BAHs and PSHs in the correct form for security result calculation and verification –Strict and mutable c14n algs –Needs checking – typical place to go wrong. Three mandatory ciphersuites (one each for BAH, PSH, and CH) –BAH-HMAC –PSH-RSA-SHA256 –CH-RSA-AES-PAYLOAD-PSH

Big Open Issue - Combinations Question is really how much flexibility to allow in terms of combining PSH and CH –Example 1: order of application Node1 adds PSH (signs) Node2 adds CH (encrypts) Node3 verifies PSH (strips?) Node4 removes CH (decrypts) –Example 2: super encryption Its hard to get this right and the current draft probably doesn’t –And things get complex very quickly Guidance?

Other open issues Providing confidentiality for source, destination, and possibly other header fields Key Management (lack of a delay-tolerant method) –Research topic really Handling Replays –Some replays are desirable; how distinguish them? –Deleting “recently seen” messages is impractical in a DTN context Traffic Analysis –Not clear if there is a need for hiding traffic, but perhaps –Current known methods of doing so consume significant resources Routing Protocol Security Security Policy Distribution Multicast Security

Implementation It’d be really nice to get someone coding this stuff up –Any takers?

Plans Receive and incorporate comments on the two drafts Security overview document may be ready to go to (informational) RFC as is Bundle Security Protocol may need additional ciphersuites to handle more complex combinations of applying PSH/CH services; please make your preferences known Goal: submit both security specs into the RFC process by summer

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.