[ndnSIM] security issues of the Interest packet

Hu, Xiaoyan xhbreezehu at gmail.com
Fri Nov 9 21:42:24 PST 2018 

Dear Prof. Zhang,

Thank you so much for your information and the endeavor that the team has
made for the project.
Look forward to the TR.

Best regards,
Xiaoyan

On Sat, Nov 10, 2018 at 8:40 AM Lixia Zhang <lixia at cs.ucla.edu> wrote:

> Hi Xiaoyan,
>
> by now I assume you've found the current NDN spec page
> https://named-data.net/doc/NDN-packet-spec/current/
>
> The protocol changes are the results of discussions among the NDN team
> including Van Jacobson, and with others from the broader community as well,
> over the last few years; we finally pushed them out earlier this year. Yes
> we should have a tech report to document all the reasoning behind the
> changes, just that we are yet to get there. As the project spreading out
> more widely, the NDN team falls so shorthanded these days:-(
> I do hope to see this TR out in some near future:)
>
> Lixia
>
> On Nov 9, 2018, at 4:17 AM, Hu, Xiaoyan <xhbreezehu at gmail.com> wrote:
>
> Dear Prof. Zhang,
>
> Thanks very much for your information about the update in the NDN protocol
> design.
> Would you please offer a pointer that explains why the selector field is
> deprecated?
>
> Best regards,
> Xiaoyan
>
> On Tue, Nov 6, 2018 at 11:36 AM Lixia Zhang <lixia at cs.ucla.edu> wrote:
>
>>
>> On Nov 5, 2018, at 7:20 PM, mengxue <mengxue_1224 at 126.com> wrote:
>>
>> Hi, all
>>
>>    Thank you for your reading!
>>     I have some doubts about the security issues of the Interest. What I
>> have learned is that an Interest packet is not secured by design(such as no
>> signature).So I wonder if an attacker can modify the elements of the
>> original Interest, such as changing one name component ,or changing  the
>> Selector part or changing the Nonce part or changing the additional part
>> added to the Interest by the developers.
>>   Thank you very much!
>>
>>
>> first, some nits:
>> - there is no more selector (see the current protocol spec)
>> - data fetching interests for publicly accessible data are not signed;
>> they have no logical side effect on producers in general (and not signing
>> has the benefit of obscuring requesters).
>> - an interest can and should be signed, if it leads to an effect (e.g. a
>> command interest).
>>
>> second: the above mentioned interests modifications assume that an
>> attacker is MIM (man-in-middle, i.e. on interest forwarding path): in this
>> case the attacker can already do denial of service by dropping the
>> interests; modifying interests is likely leading to the same result
>>
>> _______________________________________________
>> ndnSIM mailing list
>> ndnSIM at lists.cs.ucla.edu
>> http://www.lists.cs.ucla.edu/mailman/listinfo/ndnsim
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndnsim/attachments/20181110/e7a854c4/attachment.html>

More information about the ndnSIM mailing list