The Integration of the Bundle Security Protocol Features into DTN2

1
The Integration of the Bundle Security Protocol
Features into DTN2

• Walter J. Scheirer and Prof. Mooi Choo Chuah
• Department of Computer Science and Engineering
• Lehigh University

2
Sources

• Bundle Security Protocol Specification
• draft-irtf-dtnrg-bundle-security-00, June 8,
  2005
• Bundle Protocol Specification
• draft-irtf-dtnrg-bundle-spec-03.txt, July 2005
• draft-irtf-dtnrg-bundle-spec-03.txt, Sept. 2004
• DTN2
• Sept. 6, 2005 CVS revision

3
Major Features

• Bundle Authentication Header (BAH)
• Payload Security Header (PSH)
• Confidentiality Header (CH)
• Bundle Fragmentation/Reassembly

4
Summary of Technical Approach

• Bundle Authentication Header (BAH)
• The BAH is used to assure the authenticity of the
  bundle along a single hop from sender to
  recipient
• Payload Security Header (PSH)
• The PSH is used to assure the authenticity of the
  bundle from the PSH security source, which
  creates the PSH, to the PSH security destination,
  which verifices the PSH authenticator
• Confidentiality Header (CH)
• The CH is used to indicate that the bundle
  payload has been encrypted while en route between
  the CH source and the CH security destination

5
Summary of Technical Approach

• Each node will turn on the optional
  security-related delivery option parameters if it
  desires certain security features -
• if it desires confidentiality, then a CH header
  must be applied to the bundle
• if it desires authentication, a PSH must be
  applied and the relevant parts of the bundle
  digitally signed or MACed appropriately

6
Implementation Details

• Ciphersuites
• Have been implemented using the OpenSSL (v.
  0.9.7a, Fedora Core 2) library
• Significant code addition to servlib/bundling/Bund
  leProtocol.cc
• BAH
• EntireBundleHMAC, HeadofBundleHMAC,
  HeadOfBundleSig, EntireBundleSig, EntireBundleMAC

7
Implementation Details

• PSH
• EntreBundleHMAC
• CH
• Payload Encryption - Blowfish
• Supported Combinations of Headers
• BAH, PSH, CH, BAH and PSH, BAH and CH

8
Demonstration

• 4-node testbed
• Two demonstrations
• The functionality of the BAH
• The functionality of the PSH (in conjunction with
  the BAH)
• Specifically, the PSH-source need not be the data
  source

9
Demonstration Part 1

• In this setup, two sending nodes - one
  legitimate, one suspicious, will attempt to send
  a bundle in a network with the BAH feature
  enabled
• The malicious node (M1) attempts to send bundles
  without the appropriate BAH to the receiving node
  (N2)
• N2 will drop the bundles
• The legitimate sender (N1) send bundles with the
  appropriate BAH, allowing for successful
  authentication
• N2 will forward the bundle to the destination
  (N3)

10
Demonstration Part 1
Security Perimeter
N1
N2
N3
M1
11
Demonstration Part 2

• In this setup, N1 sends a bundle to N2, with only
  the BAH activated
• The link between N2 and N3 may not be secure, so
  N2 turns on the PSH feature, and becomes the
  PSH-source
• The PSH-destination can still be the destination
  node of the bundle (N4)

12
Demonstration Part 2
N3
N1
N2
N4
PSH-Source
PSH-Destination
13
Questions?