139 lines
5.1 KiB
Markdown
139 lines
5.1 KiB
Markdown
# Delay Tolerant Networks Security
|
|
|
|
#### Applications of DTNs
|
|
|
|
##### Interplanetary communication
|
|
|
|
<img src="/lectures/acn/img/o.png" alt="DTN in space" style="zoom:50%;" />
|
|
|
|
> **Characteristics**
|
|
>
|
|
> * High intermittent connectivity
|
|
> * Extremely long message travel time
|
|
> * Delay: finite speed of light
|
|
> * Low Transmission reliability
|
|
> * Inaccurate position
|
|
> * Limited visibility
|
|
> * Low asymmetric Data Rate
|
|
>
|
|
> **Security**
|
|
>
|
|
> - CCSDS protocol
|
|
> - space End to End security
|
|
> - space end to end reliability
|
|
|
|
##### Military
|
|
|
|
> No consistent network infrastructure and frequent disruptions
|
|
>
|
|
> **Characteristics**
|
|
>
|
|
> * High intermittent connectivity
|
|
> * Mobility, destruction, noise & attacks, interference
|
|
> * Low transmission reliability
|
|
> * positioning inaccuracy
|
|
> * limited visibility
|
|
> * Low data rate
|
|
>
|
|
> **Security**
|
|
>
|
|
> - Mainly MANET security
|
|
> - Distribution of CAs (Certificate Authorities) in mobile ad hoc networks cannot provide military level security
|
|
> - Combining a self-organised approach with an off-line trusted third-party
|
|
|
|
##### Rural Areas
|
|
|
|
>Providing internet connectivity to rural/developing areas
|
|
>
|
|
>**Characteristics**
|
|
>
|
|
>- Intermittent connectivity
|
|
>- Mobility - sparse development
|
|
>- High propagation delay
|
|
>- Asymmetric data rate
|
|
>
|
|
>
|
|
>
|
|
>**Security**
|
|
>
|
|
>- Standard cryptographic techniques such as PKI and transparent encrypted file systems
|
|
|
|
- Disaster struck areas
|
|
- Disconnected kiosks in rural areas
|
|
- Remote sensing applications
|
|
|
|
But also
|
|
|
|
- Bulk data distribution in urban areas
|
|
- Sharing of individual contents in urban areas
|
|
- Mobile location-aware sensing application
|
|
- Social mobile applications
|
|
|
|
#### DTN Security Goals
|
|
|
|
Due to the resource-causticity that DTNs have, the focus is on protecting the DTN infrastructure from unauthorised access and use.
|
|
|
|
* Prevent **access** by unauthorised applications.
|
|
* Prevent unauthorised applications from asserting control over DTN infrastructure.
|
|
* Prevent authorised applications from sending bundles at a rate or class of service for which they **don't have permissions for**.
|
|
* Detect and discard bundles that were sent from unauthorised applications/users.
|
|
* Detect and discard bundles who's headers have been modified.
|
|
* Detect and discard compromised entities.
|
|
|
|
Secondary emphasis is on providing optional end-to-end security services to bundle applications.
|
|
|
|
#### DTN Security Challenges
|
|
|
|
* High round-trip times and disconnections
|
|
* Do not allow frequent distribution of a large number of certificates and encryption keys end-to-end.
|
|
* More scalable to use user's keys and credentials at neighbouring or nearby nodes.
|
|
* Delays or loss of connectivity to a key or certificate server
|
|
* Multiple certificate authorities desirable but not sufficient and certificate revocation not appropriate
|
|
* Long delays
|
|
* Messages may be valid for days/weeks, so message expiration may not be able to be depended on to rid the network of unwanted messages as efficiently as in other types of networks.
|
|
* Constrained Bandwidth
|
|
* Need to minimise the cost of security in terms of network overhead (header bits).
|
|
|
|
###### Traditional PKI not applicable
|
|
|
|
* Traditional symmetric cryptography approaches are not suitable for DTNs for two major reasons
|
|
* In PKI a user authenticates another users public key using a certificate
|
|
* This is not possible without online access to the receivers public key or certificates
|
|
* PKIs implement key revocation based on frequently updated online certificate revocation lists
|
|
* In the absence of instant online access to CAs servers, a receiver cannot authenticate the sender's certificate.
|
|
|
|
###### Identity Based Cryptography not applicable
|
|
|
|
Identity Based Cryptography (IBC) schemes where the public key of each entity is replaced by its identity and associated public formatting policies are not suitable for the security in DTNs
|
|
|
|
- IBC does not solve the key management problem in DTNs
|
|
- It is not scalable because it assumes that a user must know the public parameters for all the trusted parties.
|
|
|
|
###### Mobile ad hoc Key Management Proposals not applicable
|
|
|
|
- Virtual Certificate Authority
|
|
- Not applicable due to no trusted third parties
|
|
- Certificate chaining based on pretty good privacy (PGP)
|
|
- Not applicable due to insufficient density of certificate graphs
|
|
- Peer-to-peer key management based on mobilty
|
|
- Not applicable due to certificate revocation mechanism
|
|
|
|
#### Existing Mandatory DTN Security
|
|
|
|
Based on the *bundle* protocol
|
|
|
|
* Hop-by-hop bundle integrity
|
|
* Hop-by-hop bundle sender authentication
|
|
* Access Control (only legit users with right permissions)
|
|
* Limited protection from DoS attacks
|
|
|
|
|
|
|
|
- Payload Security Header is computed once at the source bundle agent, carried unchanged, and checked at the destination bundle agent (and possibly also security boundary bundle agents)
|
|
|
|
- Bundle Authentication Header is computed at every sending bundle agent and checked at every receiving hop along the way from the source to the destination.
|
|
|
|
Current DTN security initiative is based on pre-shared secrets and involves no trust dynamics mechanisms
|
|
|
|
- Works well against external threats but not applicable to internal threats
|