Project

General

Profile

Actions

Feature #4599

closed

Redesign Signed Interest and Command Interest for packet format v0.3

Added by Junxiao Shi over 6 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Start date:
Due date:
% Done:

100%

Estimated time:
3.00 h

Description

SignedInterest places a signature as part of the Interest name. Its extension CommandInterest adds protection against replay attacks by adding more name components.
Packet Format v0.3 introduces a Parameters element as part of the Interest. This issue is to design a new protocol that places signature and replay-protection fields into Parameters, so that the response Data does not need to send them back in the name.


Related issues 4 (1 open3 closed)

Blocks NFD - Feature #4600: Redesign NFD Management protocol to use ApplicationParametersNew

Actions
Blocks NFD - Feature #4649: Include PrefixAnnouncement in prefix registration commandsClosedJunxiao Shi

Actions
Blocks ndn-cxx - Feature #4804: Signed Interest v0.3ClosedEric Newberry

Actions
Blocked by NDN Specifications - Feature #4831: Redefine ParametersSha256DigestComponent covered areaClosedJunxiao Shi

Actions
Actions #1

Updated by Junxiao Shi over 6 years ago

  • Blocks Feature #4600: Redesign NFD Management protocol to use ApplicationParameters added
Actions #2

Updated by Davide Pesavento over 6 years ago

  • Tracker changed from Task to Feature
Actions #3

Updated by Junxiao Shi over 6 years ago

  • Blocks Feature #4649: Include PrefixAnnouncement in prefix registration commands added
Actions #4

Updated by Junxiao Shi over 6 years ago

  • Status changed from New to In Progress
  • Assignee set to Alex Afanasyev
Actions #5

Updated by Junxiao Shi about 6 years ago

On 20181202 call, I pointed out a significant problem with 4942,22:
The ParametersSha256DigestComponent is being used for two purposes: (1) identify Parameters (and possibly SignatureInfo) as basis of signing; (2) ensure every Interest has a different name during forwarding.
As a result, a malicious consumer could modify the SignatureValue and confuse PIT aggregation, triggering a denial-of-service attack that is impossible to detect from the network without having a universal trust schema.

My proposal to fix this problem is:

  1. For signing purpose, a digest over Parameters (if present) and SignatureInfo is appended temporarily to the name. This name is used for signing.
  2. After signing, a digest over Parameters (if present), SignatureInfo, and SignatureValue is put into the name and transmitted.
Actions #6

Updated by Junxiao Shi almost 6 years ago

Actions #7

Updated by Junxiao Shi almost 6 years ago

  • Blocked by Feature #4831: Redefine ParametersSha256DigestComponent covered area added
Actions #8

Updated by Davide Pesavento over 5 years ago

  • Subject changed from Redesign Signed Interest and Command Interest to use Parameters to Redesign Signed Interest and Command Interest for packet format v0.3
  • Status changed from In Progress to Closed
  • Assignee changed from Alex Afanasyev to Zhiyi Zhang
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF