[ndnSIM] security issues of the Interest packet

Lixia Zhang lixia at cs.ucla.edu
Fri Nov 9 16:40:51 PST 2018 

Hi Xiaoyan,

by now I assume you've found the current NDN spec page
https://named-data.net/doc/NDN-packet-spec/current/

The protocol changes are the results of discussions among the NDN team including Van Jacobson, and with others from the broader community as well, over the last few years; we finally pushed them out earlier this year. Yes we should have a tech report to document all the reasoning behind the changes, just that we are yet to get there. As the project spreading out more widely, the NDN team falls so shorthanded these days:-(
I do hope to see this TR out in some near future:)

Lixia

> On Nov 9, 2018, at 4:17 AM, Hu, Xiaoyan <xhbreezehu at gmail.com> wrote:
> 
> Dear Prof. Zhang, 
> 
> Thanks very much for your information about the update in the NDN protocol design. 
> Would you please offer a pointer that explains why the selector field is deprecated? 
> 
> Best regards,
> Xiaoyan
> 
> On Tue, Nov 6, 2018 at 11:36 AM Lixia Zhang <lixia at cs.ucla.edu <mailto:lixia at cs.ucla.edu>> wrote:
> 
>> On Nov 5, 2018, at 7:20 PM, mengxue <mengxue_1224 at 126.com <mailto:mengxue_1224 at 126.com>> wrote:
>> 
>> Hi, all 
>> 
>>    Thank you for your reading!
>>     I have some doubts about the security issues of the Interest. What I have learned is that an Interest packet is not secured by design(such as no signature).So I wonder if an attacker can modify the elements of the original Interest, such as changing one name component ,or changing  the Selector part or changing the Nonce part or changing the additional part added to the Interest by the developers.
>>   Thank you very much!
> 
> first, some nits: 
> - there is no more selector (see the current protocol spec)
> - data fetching interests for publicly accessible data are not signed; they have no logical side effect on producers in general (and not signing has the benefit of obscuring requesters).
> - an interest can and should be signed, if it leads to an effect (e.g. a command interest).
> 
> second: the above mentioned interests modifications assume that an attacker is MIM (man-in-middle, i.e. on interest forwarding path): in this case the attacker can already do denial of service by dropping the interests; modifying interests is likely leading to the same result
> 
> _______________________________________________
> ndnSIM mailing list
> ndnSIM at lists.cs.ucla.edu <mailto:ndnSIM at lists.cs.ucla.edu>
> http://www.lists.cs.ucla.edu/mailman/listinfo/ndnsim <http://www.lists.cs.ucla.edu/mailman/listinfo/ndnsim>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndnsim/attachments/20181109/ea4a7e08/attachment.html>

More information about the ndnSIM mailing list