One document matched: draft-irtf-dtnrg-bundle-metadata-conf-00.txt
DTN Research Group P. Lovell
Internet-Draft SPARTA, Inc.
Expires: April 29, 2009 October 26, 2008
DTN Bundle Metadata Confidentiality Specification
draft-irtf-dtnrg-bundle-metadata-conf-00
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 29, 2009.
Copyright Notice
Copyright (C) The IETF Trust (2008).
Lovell Expires April 29, 2009 [Page 1]
Internet-Draft Metadata Confidentiality October 2008
Abstract
This document describes a confidentiality ciphersuite for metadata in
Delay-Tolerant Networking (DTN) Bundle Protocol (BP) bundles.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Storage Layout . . . . . . . . . . . . . . . . . . . . . . . . 4
3. CB-RSA-AES128-MB . . . . . . . . . . . . . . . . . . . . . . . 6
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
5.1. Normative References . . . . . . . . . . . . . . . . . . . 8
5.2. Informative References . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 9
Intellectual Property and Copyright Statements . . . . . . . . . . 10
Lovell Expires April 29, 2009 [Page 2]
Internet-Draft Metadata Confidentiality October 2008
1. Introduction
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [1].
This document defines a ciphersuite to protect metadata portions of a
bundle. Bundles and the bundle protocol are described in [2].
Metadata blocks are described in [3]
A bundle may contain one or more metadata blocks with information
useful for routing and other decisions. In some scenarios it is
necessary to prevent the metadata from being read in transit or at
DTN nodes other than those authorized to do so.
This ciphersuite is not for the direct use of the DTN bundle security
protocol [4] since the confideniality described there is primarily
for payload blocksand other security blocks related to the payload.
Applying payload security to metadata will use the same key as the
payload and this defeats most of the attractive characteristics we
want. We therefore define a confidentiality suite that uses a
different extension block type.
Lovell Expires April 29, 2009 [Page 3]
Internet-Draft Metadata Confidentiality October 2008
2. Storage Layout
All extension blocks use the Canonical Bundle Block Format as defined
in the Bundle Protocol Specification, and security blocks follow the
Abstract Security Block layout shown in [4] Section 2.1. This block
generally follows the Confidentiality Block description in Section
2.4 and Confidentiality ciphersuite #3 in Section 4.3, with
exceptions and adjustments noted here.
The layout is reproduced here (non-normative) for the convenience of
readers, please refer to [4] for complete details.
+----------------+----------------+----------------+----------------+
| type | flags (SDNV) | EID ref list(comp) |
+----------------+----------------+----------------+----------------+
| length (SDNV) |
+----------------+----------------+----------------+----------------+
| ciphersuite | correlator (SDNV) (optional) |
+----------------+----------------+----------------+----------------+
|params len(SDNV)| ciphersuite params data |
+----------------+----------------+----------------+----------------+
|res-len (SDNV) | security result data |
+----------------+----------------+----------------+----------------+
The structure of an abstract security block
Figure 1
Block type is 0x09. [needs conflict check]
Ciphersuite flags indicate which fields are present in this block.
EID references MUST be stored in the EID reference list.
Security-source MAY be present. If not present, then the bundle-
source is the security-source.
Security-destination SHOULD be present. If not present, then the
bundle-destination is the security-destination. In typical usage,
the security-destination will be a logical group address of nodes
which might be expected to use the metadata. Format of this group
address is to be determined.
Ciphersuite parameters and results are described in [4].
The following items will be present in ciphersuite parameters
Lovell Expires April 29, 2009 [Page 4]
Internet-Draft Metadata Confidentiality October 2008
1: initialization vector (IV)
7: C block salt
8: C block ICV
The following items will be present in ciphersuite results
3: key information
13: encapsulated metadata block
Lovell Expires April 29, 2009 [Page 5]
Internet-Draft Metadata Confidentiality October 2008
3. CB-RSA-AES128-MB
The CB-RSA-AES128-MB ciphersuite has ciphersuite ID value 0x004.
This scheme encrypts metadata blocks of block type 0x08.
The key size for this ciphersuite is 128 bits.
Encryption is done using the AES algorithm in Galois/Counter Mode
(GCM) as defined for ciphersuite #3 in [4] .
The metadata block in the bundle is encrypted in its entirety using
the key materials described in Section 2. The resultant ciphertext,
plus the type and length, is placed into the security-result field of
the C block. This C block then replaces the metadata block in the
bundle.
The key details are specified as key information (item type 2). The
salt and IV items must be present in ciphersuite parameters.
In normal usage, a node receiving a metadata block in encrypted form
will decrypt the block and recover the metadata for its own purposes.
If the block is forwarded then it SHOULD be in the as-received
encrypted form, unless policy determines otherwise.
The processing of the block from metadata to encrypted metadata is
very similar to that performed on Payload Integrity Blocks in the
standard Bundle Security Prototol, except that this blocks contains
key information and there is no correlator.
Lovell Expires April 29, 2009 [Page 6]
Internet-Draft Metadata Confidentiality October 2008
4. IANA Considerations
None at this time. If the bundle protocol becomes a standards track
protocol, then we may want to consider having IANA establish a
register of block types, and in particular for this specification a
separate register of block formats.
Lovell Expires April 29, 2009 [Page 7]
Internet-Draft Metadata Confidentiality October 2008
5. References
5.1. Normative References
[1] Bradner, S. and J. Reynolds, "Key words for use in RFCs to
Indicate Requirement Levels", RFC 2119, October 1997.
[2] Scott, K., "Bundle Protocol Specification",
draft-irtf-dtnrg-bundle-spec-09.txt , April 2007.
[3] Symington, S., "Delay-Tolerant Networking Metadata Extension
Block", draft-irtf-dtnrg-bundle-metadata-block-00.txt ,
June 2007.
[4] Symington, S., Farrell, S., Weiss, H., and P. Lovell, "Bundle
Security Protocol Specification",
draft-irtf-dtnrg-bundle-security-03.txt , March 2007.
5.2. Informative References
[5] Cerf, V., "Delay-Tolerant Network Architecture",
draft-irtf-dtnrg-arch-07.txt , October 2006,
<draft-irtf-dtnrg-arch-07.txt>.
[6] Farrell, S., Symington, S., and H. Weiss, "Delay-Tolerant
Network Security Overview",
draft-irtf-dtnrg-sec-overview-02.txt , October 2006.
Lovell Expires April 29, 2009 [Page 8]
Internet-Draft Metadata Confidentiality October 2008
Author's Address
Peter Lovell
SPARTA, Inc.
7110 Samuel Morse Drive
Columbia, MD 21046
US
Phone: +1-443-430-8052
Email: peter.lovell@sparta.com
Lovell Expires April 29, 2009 [Page 9]
Internet-Draft Metadata Confidentiality October 2008
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
Lovell Expires April 29, 2009 [Page 10]
| PAFTECH AB 2003-2026 | 2026-04-24 10:28:41 |