Authentication for Fragments - PowerPoint PPT Presentation

1 / 8
About This Presentation
Title:

Authentication for Fragments

Description:

Authentication for Fragments. Craig Partridge. BBN Technologies. craig_at_bbn.com. The Problem ... New network scenarios with intermittent (potentially) ... – PowerPoint PPT presentation

Number of Views:29
Avg rating:3.0/5.0
Slides: 9
Provided by: crai141
Category:

less

Transcript and Presenter's Notes

Title: Authentication for Fragments


1
Authentication for Fragments
  • Craig Partridge
  • BBN Technologies
  • craig_at_bbn.com

2
The Problem
Packet (Fragments)
An Intermittent Link Comes Up
Router
Which Fragment Do You Send?
3
Why An Issue?
  • New network scenarios with intermittent
    (potentially) oversubscribed links
  • A desire to send the most valuable traffic first
  • Large native unit of authentication
  • Mobigrams
  • DTN bundles

4
Starting Assumptions
  • Datagram may be (re)fragmented at any point in
    the data and at any time (including during
    transmission)
  • Fragments do not all follow the same path

5
Datagram may be (re)fragmented at any point in
the data and at any time (including during
transmission
  • Nice assumption
  • Can pre-empt fragments during transmission
  • Very general
  • Apparently untenable
  • Creates unauthenticatable fragments
  • Creates new style of attack on fragments
  • Must fragment on boundaries determined by origin
    (ugh!)

6
Fragments do not all follow same path
  • Distributed Romanow-Floyd problem
  • Fragment lost on path 1 means fragments on path 2
    now can only do harm, yet path 2 must treat them
    as valuable
  • Shared keys problematic
  • Every fragmentation point has private key with
    each origin?
  • Public key signatures are BIG
  • Either
  • Each fragment is self authenticating (see PK is
    BIG)
  • Or we distribute aggregated authentication
    information down all possible paths (can we make
    it small enough?)

7
Can We Make Authentication Information Small
Enough?
  • An idea send function definition, not signature
  • Implies result of function is known
  • E.g. fragment 5 has digital hash of 5
  • Such functions exist
  • But either compact in representation OR strong
    enough to provide digital signature
  • NOT both (yet!)
  • Why this is a HOTNETS paper

8
While I Take Questions
  • This builds on prior work
  • Kent/Mogul, Fragmentation Considered Harmful
  • Romanow/Floyd, Dynamics of TCP Traffic over ATM
    Networks
  • Matthis/Heffner/Chandler, Fragmentation
    Considered Very Harmful
  • Toilet paper authentication ideas in DTN list
Write a Comment
User Comments (0)
About PowerShow.com