Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Integration of the Bundle Security Protocol Features into DTN2 Walter J. Scheirer and Prof. Mooi Choo Chuah Department of Computer Science and Engineering.

Published byLinda Hines Modified over 8 years ago

Similar presentations

Presentation on theme: "The Integration of the Bundle Security Protocol Features into DTN2 Walter J. Scheirer and Prof. Mooi Choo Chuah Department of Computer Science and Engineering."— Presentation transcript:

1 The Integration of the Bundle Security Protocol Features into DTN2 Walter J. Scheirer and Prof. Mooi Choo Chuah Department of Computer Science and Engineering Lehigh University

2 References: Bundle Security Protocol Specification  draft-irtf-dtnrg-bundle-security-00, June 8, 2005 Bundle Protocol Specification  draft-irtf-dtnrg-bundle-spec-03.txt, July 2005 *  draft-irtf-dtnrg-bundle-spec-02.txt, Sept. 2004 DTN2  Sept. 6, 2005 CVS revision  Current

3 Major Features Bundle Authentication Header (BAH) Payload Security Header (PSH) Confidentiality Header (CH) Bundle Fragmentation/Reassembly

4 Summary of Technical Approach Bundle Authentication Header (BAH)  The BAH is used to assure the authenticity of the bundle along a single hop from sender to recipient Payload Security Header (PSH)  The PSH is used to assure the authenticity of the bundle from the PSH security source, which creates the PSH, to the PSH security destination, which verifies the PSH authenticator Confidentiality Header (CH)  The CH is used to indicate that the bundle payload has been encrypted while en route between the CH source and the CH security destination

5 Summary of Technical Approach Each node will turn on the optional security-related delivery option parameters if it desires certain security features -  if it desires confidentiality, then a CH header must be applied to the bundle  if it desires authentication, a PSH and/or a BAH must be applied and the relevant parts of the bundle digitally signed or MACed appropriately

6 Bundle with security headers BAH (w/ signed Hash value All other Headers Primary Bundle Header Payload Class Len. Payload AE78F98D567BB32CAD5F4D PSH (w/ signed Hash value) Confid. Header 567BB32CAD5F4D All other Headers Primary Bundle Header Len. Payload Segment Size Payload Hash Size Toilet Paper Ciphersuite ID Format flag Key ID (optional) Len.0 BAH All other Headers Primary Bundle Header Payload Class Len. Payload AE78F98D Payload Segment Size Payload Hash Size Toilet Paper Ciphersuite ID Format flag Next Hdr Key ID (optional) Len.0 PSH (w/ signed Hash value) BAH Fragment Header (offset=9) Next Hdr PSH, confidentiality header and payload class field deleted from successive fragments Authent. of Hdr & payload segment Authent. of Hdr & payload segment Fragment Header (offset=0) Authent. of Hdr & payload segment Confid. Header Challenges faced in fragmentation scenario:

7 Implementation Details Ciphersuites  Have been implemented using the OpenSSL (v. 0.9.7a, Fedora Core 2) library  Significant code addition to servlib/bundling/BundleProtocol.cc  BAH EntireBundleHMAC, HeadofBundleHMAC, HeadOfBundleSig, EntireBundleSig, EntireBundleMAC

8 Implementation Details  PSH EntireBundleHMAC  CH Payload Encryption - Blowfish Support different combinations of Headers  BAH, PSH, CH; BAH and PSH; BAH and CH

9 Implementation Details Security Headers populate header fields apply ciphersuite append to bundle Sending parse header fields apply ciphersuite verify integrity Receiving

10 Implementation Details Protocol Stack Bundle Transmitted BundleProtocol.cc / format_headers() build CH build PSH build BAH TCP Convergence LayerBundle Received BundleProtocol.cc / parse_headers() check CH check PSH check BAH TCP Convergence Layer

11 Questions?

Download ppt "The Integration of the Bundle Security Protocol Features into DTN2 Walter J. Scheirer and Prof. Mooi Choo Chuah Department of Computer Science and Engineering."

Similar presentations

Overview of the 802.10 SDE Protocol Presented by Ken Alonge Chair, 802.10.

Overview of the SDE Protocol Presented by Ken Alonge Chair,
IPv6 Overview Brent Frye EECS710. Overview Google Drive Microsoft Cloud Drive Dropbox Paid-for alternatives 2.

IPv6 Overview Brent Frye EECS710. Overview Google Drive Microsoft Cloud Drive Dropbox Paid-for alternatives 2.
The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,

The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,
IPv6 Internet Protocol Version 6. 2003-2004 - Information management 2 Groep T Leuven – Information department 2/24 Internet Protocol Version 6 (IPv6)

IPv6 Internet Protocol Version Information management 2 Groep T Leuven – Information department 2/24 Internet Protocol Version 6 (IPv6)
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
IPv6 Tutorial Module 1: IPv6 Protocol Structure Dan Campbell, President Millennia Systems, Inc.

IPv6 Tutorial Module 1: IPv6 Protocol Structure Dan Campbell, President Millennia Systems, Inc.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.

1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.
© 2004 The MITRE Corporation. All rights reserved DTN Security Susan Symington March 2005 IETF DTN meeting.

© 2004 The MITRE Corporation. All rights reserved DTN Security Susan Symington March 2005 IETF DTN meeting.
IPv6 Header & Extensions Joe Zhao SW2 Great China R&D Center ZyXEL Communications, Inc.

IPv6 Header & Extensions Joe Zhao SW2 Great China R&D Center ZyXEL Communications, Inc.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Chapter 3 Review of Protocols And Packet Formats

Chapter 3 Review of Protocols And Packet Formats
E-mail Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Similar presentations

Ads by Google