Feature #4599
closed
Redesign Signed Interest and Command Interest for packet format v0.3
Added by Junxiao Shi over 6 years ago.
Updated over 5 years ago.
Description
SignedInterest places a signature as part of the Interest name. Its extension CommandInterest adds protection against replay attacks by adding more name components.
Packet Format v0.3 introduces a Parameters element as part of the Interest. This issue is to design a new protocol that places signature and replay-protection fields into Parameters, so that the response Data does not need to send them back in the name.
- Blocks Feature #4600: Redesign NFD Management protocol to use ApplicationParameters added
- Tracker changed from Task to Feature
- Blocks Feature #4649: Include PrefixAnnouncement in prefix registration commands added
- Status changed from New to In Progress
- Assignee set to Alex Afanasyev
On 20181202 call, I pointed out a significant problem with 4942,22:
The ParametersSha256DigestComponent is being used for two purposes: (1) identify Parameters (and possibly SignatureInfo) as basis of signing; (2) ensure every Interest has a different name during forwarding.
As a result, a malicious consumer could modify the SignatureValue and confuse PIT aggregation, triggering a denial-of-service attack that is impossible to detect from the network without having a universal trust schema.
My proposal to fix this problem is:
- For signing purpose, a digest over Parameters (if present) and SignatureInfo is appended temporarily to the name. This name is used for signing.
- After signing, a digest over Parameters (if present), SignatureInfo, and SignatureValue is put into the name and transmitted.
- Blocked by Feature #4831: Redefine ParametersSha256DigestComponent covered area added
- Subject changed from Redesign Signed Interest and Command Interest to use Parameters to Redesign Signed Interest and Command Interest for packet format v0.3
- Status changed from In Progress to Closed
- Assignee changed from Alex Afanasyev to Zhiyi Zhang
- % Done changed from 0 to 100
Also available in: Atom
PDF
Updated by 
Updated by