Project

General

Profile

SignedInterest » History » Revision 5

Revision 4 (Junxiao Shi, 12/13/2014 10:36 PM) → Revision 5/7 (Yingdi Yu, 05/25/2015 01:41 PM)

Signed Interest 
 =============== 

 **Signed Interest** is a mechanism to issue an authenticated interest. 

 The signature of a signed Interest packet is embedded into the last component of the Interest name. 
 The signature covers a continuous block starting from the first name component TLV to the penultimate name component TLV: 

     +-------------+----------+-----------------------------------------------------------------------------------+ 
     |    Interest     | Interest | +------+--------+--------------------------------------------------+ +----------+ | 
     | Type (0x01) |    length    | | Name |    Name    | +---------+--     --+---------+---------+---------+| | Other      | | 
     |               |            | | Type | Length | |Component|    ...    |Component|Component|Component|| | TLVs ... | | 
     |               |            | |        |          | |    TLV 1    |         | TLV n-2 | TLV n-1 |    TLV n    || | in         | | 
     |               |            | |        |          | +---------+--     --+---------+---------+---------+| | Interest | | 
     |               |            | +------+--------+--------------------------------------------------+ +----------+ | 
     +-------------+----------+-----------------------------------------------------------------------------------+ 

                                                  \                                      /\          / 
                                                   ----------------    ------------------    ---    --- 
                                                                   \/                         \/ 
                                                        Signed portion of Interest         Signature 


 More specifically, the SignedInterest is defined to have two four additional components: 

 * ``<timestamp>`` 
 * ``<nonce>`` 
 * ``<SignatureInfo>`` 
 * ``<SignatureValue>`` 

 For example, for ``/signed/interest/name`` name, SignedInterest CommandInterest will be defined as: 
 
      /signed/interest/name/<SignatureInfo>/<SignatureValue> /signed/interest/name/<timestamp>/<random-value>/<SignatureInfo>/<SignatureValue> 

                           \                                                                                          / 
                            -------------- -----------------------------    -------------- 
                                          -------------------------- 
                                                         \/ 
                       
                                   Additional components of Signed Interest 

 ## Signed Interest specific Name components 

 ### Timestamp component (n-3 *th*) 

 The value of the n-3 *th* component is the interest's timestamp (in terms of millisecond offset from UTC 1970-01-01 00:00:00) encoded as [nonNegativeInteger](http://named-data.net/doc/ndn-tlv/tlv.html#non-negative-integer-encoding).  
 The timestamp may be used to protect against replay attack. 

 ### Nonce component (n-2 *th*) 

 The value of the n-2 *th* component is random value (encoded as [nonNegativeInteger](http://named-data.net/doc/ndn-tlv/tlv.html#non-negative-integer-encoding)) that adds additional assurances that the interest will be unique. 

 ### SignatureInfo component (n-1 *th*) 

 The value of the n-1 *th* component is actually a [SignatureInfo](http://named-data.net/doc/ndn-tlv/signature.html) TLV. 

     +---------+---------+-------------------+ 
     |Component|Component| +---------------+ | 
     |     Type    |    Length | | SignatureInfo | | 
     |           |           | |        TLV        | | 
     |           |           | +---------------+ | 
     +---------+---------+-------------------+ 
    
     |                                         | 
     |<---------The n-1 th Component-------->| 

 ### SignatureValue component (n *th*) 

 The value of the n *th* component is actually a [SignatureValue](http://named-data.net/doc/ndn-tlv/signature.html) TLV. 

     +---------+---------+--------------------+ 
     |Component|Component| +----------------+ | 
     |     Type    |    Length | | SignatureValue | | 
     |           |           | |        TLV         | | 
     |           |           | +----------------+ | 
     +---------+---------+--------------------+ 
    
     |                                          | 
     |<----------The n th Component---------->| 


 ## Signed Interest Processing 

 Signed How to verify signed interest verification is simply signature verification. In other words, checking may vary among applications, depending on the wire encoding of the first n-1 name components against the value of the last name component (SignatureValue). 

 ## Use of Signed Interest 

 Signed interest application specific communication model.  
 One possible processing style can be extended to handle control command. In this case, more name components (such as nonce and timestamp) need to be encoded before the SignatureInfo component to prevent replay attack. found [here](http://redmine.named-data.net/projects/ndn-cxx/wiki/SignedInterestProcessing).