Security in Delay Tolerant Networks for the Android Platform

Security Block (ASB) The structure of an ASB is presented in g. 3.2, and contains the following elds. • Block type code: Speci es the type of the block and is included in all DTN blocks. As of security, it speci es whether the block is BAB (0x02), PIB (0x03), PCB (0x04) or ESB (0x09). • Block processing control ags: It is de ned in the Bundle Protocol and is common to all DTN blocks. • EID references: Is an optional eld that contains the security-source and security-destination of the present bundle. • Block data length: Contains the length (bytes) of the remainder of the block. • Ciphersuite ID: Speci es the ciphersuite that is being used among the registered ones. • Ciphersuite ags: Control ags that mandate the security functionality. • Correlator: This optional eld is used to associate several related instances of a security block when this functionality is needed • Ciphersuite parameters and Security result: These two elds are composed of tuples represented as type-length-value, and are used by the CHAPTER 3. DTNRG PROTOCOLS 22 di erent ciphersuites to store security results. Some of the types that can be included are: Initialization Vector, encoded key information, salt, PCB Integrity Check value (ICV). Figure 3.2: Abstract Security Block (ASB) Payload Con dentiality Block (PCB) PCB is used to indicate that the bundle payload has been encrypted at the PCB security-source, and it will be decrypted at the security-destination. A ciphersuite that operates with a PCB should rstly generate a secure random key, called bundle encryption key (BEK) and use this key to encrypt the payload of the bundle. After that, it should encrypt the BEK with a long term encryption key (e.g., a public key) and send this encrypted key inside the PCB. In addition, a data integrity mechanism should be implemented to detect tampering into the bundle payload content. Bundle Authentication Block (BAB) BAB provides integrity and authenticity of the whole bundle on a hop-byhop basis, i.e., from a security-capable node to the next security-capable node (which might be actually more than one node distance). Payload Integrity Block (PIB) The PIB provides integrity and authenticity for the payload in an end-toend basis, starting from a security-source, which generates a signature of the block, and ending in the security-destination, which veri es the integrity of the received payload. Intermediate nodes could eventually check the integrity in case that they are in possession of the needed credentials. CHAPTER 3. DTNRG PROTOCOLS 23 Extension Security Block (ESB) The ESB is a later addition to the Bundle Security Protocol, which allows the protection of blocks not considered by the previous services. The Bundle Protocol allow the creation of speci c-purpose blocks to provide a particular functionality. The previously de ned security blocks aim only at encrypting the bundle payload and integrity protecting the whole bundle. In case that a speci c-purpose extension block needs security, the ESB is the right security block to provide it.