# Delay Tolerant Networks Security #### Applications of DTNs ##### Interplanetary communication DTN in space > **Characteristics** > > * High intermittent connectivity > * Extremely long message travel time > * Delay: finite speed of light > * Low Transmission reliability > * Inaccurate position > * Limited visibility > * Low asymmetric Data Rate > > **Security** > > - CCSDS protocol > - space End to End security > - space end to end reliability ##### Military > No consistent network infrastructure and frequent disruptions > > **Characteristics** > > * High intermittent connectivity > * Mobility, destruction, noise & attacks, interference > * Low transmission reliability > * positioning inaccuracy > * limited visibility > * Low data rate > > **Security** > > - Mainly MANET security > - Distribution of CAs (Certificate Authorities) in mobile ad hoc networks cannot provide military level security > - Combining a self-organised approach with an off-line trusted third-party ##### Rural Areas >Providing internet connectivity to rural/developing areas > >**Characteristics** > >- Intermittent connectivity >- Mobility - sparse development >- High propagation delay >- Asymmetric data rate > >![img](/lectures/acn/img/p.png) > >**Security** > >- Standard cryptographic techniques such as PKI and transparent encrypted file systems - Disaster struck areas - Disconnected kiosks in rural areas - Remote sensing applications But also - Bulk data distribution in urban areas - Sharing of individual contents in urban areas - Mobile location-aware sensing application - Social mobile applications #### DTN Security Goals Due to the resource-causticity that DTNs have, the focus is on protecting the DTN infrastructure from unauthorised access and use. * Prevent **access** by unauthorised applications. * Prevent unauthorised applications from asserting control over DTN infrastructure. * Prevent authorised applications from sending bundles at a rate or class of service for which they **don't have permissions for**. * Detect and discard bundles that were sent from unauthorised applications/users. * Detect and discard bundles who's headers have been modified. * Detect and discard compromised entities. Secondary emphasis is on providing optional end-to-end security services to bundle applications. #### DTN Security Challenges * High round-trip times and disconnections * Do not allow frequent distribution of a large number of certificates and encryption keys end-to-end. * More scalable to use user's keys and credentials at neighbouring or nearby nodes. * Delays or loss of connectivity to a key or certificate server * Multiple certificate authorities desirable but not sufficient and certificate revocation not appropriate * Long delays * Messages may be valid for days/weeks, so message expiration may not be able to be depended on to rid the network of unwanted messages as efficiently as in other types of networks. * Constrained Bandwidth * Need to minimise the cost of security in terms of network overhead (header bits). ###### Traditional PKI not applicable * Traditional symmetric cryptography approaches are not suitable for DTNs for two major reasons * In PKI a user authenticates another users public key using a certificate * This is not possible without online access to the receivers public key or certificates * PKIs implement key revocation based on frequently updated online certificate revocation lists * In the absence of instant online access to CAs servers, a receiver cannot authenticate the sender's certificate. ###### Identity Based Cryptography not applicable Identity Based Cryptography (IBC) schemes where the public key of each entity is replaced by its identity and associated public formatting policies are not suitable for the security in DTNs - IBC does not solve the key management problem in DTNs - It is not scalable because it assumes that a user must know the public parameters for all the trusted parties. ###### Mobile ad hoc Key Management Proposals not applicable - Virtual Certificate Authority - Not applicable due to no trusted third parties - Certificate chaining based on pretty good privacy (PGP) - Not applicable due to insufficient density of certificate graphs - Peer-to-peer key management based on mobilty - Not applicable due to certificate revocation mechanism #### Existing Mandatory DTN Security Based on the *bundle* protocol * Hop-by-hop bundle integrity * Hop-by-hop bundle sender authentication * Access Control (only legit users with right permissions) * Limited protection from DoS attacks ![img](/lectures/acn/img/q.png) - Payload Security Header is computed once at the source bundle agent, carried unchanged, and checked at the destination bundle agent (and possibly also security boundary bundle agents) - Bundle Authentication Header is computed at every sending bundle agent and checked at every receiving hop along the way from the source to the destination. Current DTN security initiative is based on pre-shared secrets and involves no trust dynamics mechanisms - Works well against external threats but not applicable to internal threats