Presentation is loading. Please wait.

Presentation is loading. Please wait.

DTN Security Update Stephen Farrell, Trinity College Dublin Susan Symmington, The MITRE Corp. Howard Weiss, Sparta Inc. IETF-65 Dallas March 2006.

Published byKaren Bennett Modified over 9 years ago

Similar presentations

Presentation on theme: "DTN Security Update Stephen Farrell, Trinity College Dublin Susan Symmington, The MITRE Corp. Howard Weiss, Sparta Inc. IETF-65 Dallas March 2006."— Presentation transcript:

1 DTN Security Update Stephen Farrell, Trinity College Dublin Susan Symmington, The MITRE Corp. Howard Weiss, Sparta Inc. IETF-65 Dallas March 2006

2 Document status DTN Security Overview –draft-irtf-dtnrg-sec-overview-01 Won’t cover today unless… Bundle Security Protocol Specification –draft-irtf-dtnrg-bundle-security-01 Comments to dtn-sec@mailman.dtnrg.org or to dtn- interest@dtnrg.org (usual subscription rules)dtn-sec@mailman.dtnrg.orgdtn- interest@dtnrg.org

3 Bundle security changes Aligned terminology with Bundle Protocol spec. Allow security headers to follow the payload, so nodes with small buffers can validate the security results in large bundles –Add a new field to the headers to correlate front/rear pairs –Ciphersuite ID is in front header; security result in rear Increased the # bits for indicating the ciphersuite Accommodated and use SDNVs Removed the discussion of bundle service API primitives and parameters (as in Bundle spec.)

4 Bundle security (quickly) Header types (BAH, PSH, CH = 2,3,4) and mandated use of canonical bundle header format Canonicalization for putting bundles with BAHs and PSHs in the correct form for security result calculation and verification –Strict and mutable c14n algs –Needs checking – typical place to go wrong. Three mandatory ciphersuites (one each for BAH, PSH, and CH) –BAH-HMAC –PSH-RSA-SHA256 –CH-RSA-AES-PAYLOAD-PSH

5 Big Open Issue - Combinations Question is really how much flexibility to allow in terms of combining PSH and CH –Example 1: order of application Node1 adds PSH (signs) Node2 adds CH (encrypts) Node3 verifies PSH (strips?) Node4 removes CH (decrypts) –Example 2: super encryption Its hard to get this right and the current draft probably doesn’t –And things get complex very quickly Guidance?

6 Other open issues Providing confidentiality for source, destination, and possibly other header fields Key Management (lack of a delay-tolerant method) –Research topic really Handling Replays –Some replays are desirable; how distinguish them? –Deleting “recently seen” messages is impractical in a DTN context Traffic Analysis –Not clear if there is a need for hiding traffic, but perhaps –Current known methods of doing so consume significant resources Routing Protocol Security Security Policy Distribution Multicast Security

7 Implementation It’d be really nice to get someone coding this stuff up –Any takers?

8 Plans Receive and incorporate comments on the two drafts Security overview document may be ready to go to (informational) RFC as is Bundle Security Protocol may need additional ciphersuites to handle more complex combinations of applying PSH/CH services; please make your preferences known Goal: submit both security specs into the RFC process by summer

Download ppt "DTN Security Update Stephen Farrell, Trinity College Dublin Susan Symmington, The MITRE Corp. Howard Weiss, Sparta Inc. IETF-65 Dallas March 2006."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Secure Mobile IP Communication

Secure Mobile IP Communication
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
Linear Confidential Linear Technology Response to 802.15 RFP – ETSI TC ERM Request for Changes.

Linear Confidential Linear Technology Response to RFP – ETSI TC ERM Request for Changes.
© 2004 The MITRE Corporation. All rights reserved DTN Security Susan Symington March 2005 IETF DTN meeting.

© 2004 The MITRE Corporation. All rights reserved DTN Security Susan Symington March 2005 IETF DTN meeting.
Session Announcement Protocol Colin Perkins University College London.

Session Announcement Protocol Colin Perkins University College London.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
IPv6 Header & Extensions Joe Zhao SW2 Great China R&D Center ZyXEL Communications, Inc.

IPv6 Header & Extensions Joe Zhao SW2 Great China R&D Center ZyXEL Communications, Inc.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Cryptography and Network Security

Cryptography and Network Security
THE USE OF IP ESP TO PROVIDE A MIX OF SECURITY SERVICES IN IP DATAGRAM SREEJITH SREEDHARAN CS843 PROJECT PRESENTATION 04/28/03.

THE USE OF IP ESP TO PROVIDE A MIX OF SECURITY SERVICES IN IP DATAGRAM SREEJITH SREEDHARAN CS843 PROJECT PRESENTATION 04/28/03.
Secure e-mail r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Brett Neely IP Next Generation. To boldly go where no network has gone before...

Brett Neely IP Next Generation. To boldly go where no network has gone before...
CSCE 715: Network Systems Security

CSCE 715: Network Systems Security
IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-12-0156-00-MuGM Title: 802.21 TGd Message Signing Proposal Date Submitted: Presented at IEEE 802.21d session.

IEEE MEDIA INDEPENDENT HANDOVER DCN: MuGM Title: TGd Message Signing Proposal Date Submitted: Presented at IEEE d session.
July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna

July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna

Similar presentations

Ads by Google