[Nfd-dev] Has the testbed changed?
Junxiao Shi
shijunxiao at email.arizona.edu
Thu Jan 28 16:31:35 PST 2021
Hi Nikos
Have a look at "Signed Interest processing" regarding SignatureTime:
https://named-data.net/doc/NDN-packet-spec/0.3/signed-interest.html
Every prefix registration command is a signed Interest (it's using a
different format but conceptually equivalent to the quoted spec). It
contains a timestamp when the command is signed.
The validator keeps track of the timestamp of the last Interest signed by
each key. When the next Interest signed by the same key arrives, it would
be accepted only if the timestamp is greater than the previous one.
If you have the same key on multiple end hosts and they are sending prefix
registration commands around the same time, it's possible for a command
carrying an earlier timestamp to arrive at a router after a command
carrying a later timestamp. This would cause the first command to be
rejected.
This could happen only if two end hosts are connected on the same testbed
router. It cannot happen if two end hosts are connected on different
testbed routers, and certainly will not happen if the same end host is
moving between routers.
Yours, Junxiao
On Thu, Jan 28, 2021 at 3:42 PM Nikos Fotiou <fotiou at aueb.gr> wrote:
> Dear Junxiao,
>
> Definitely we are doing this
>
> "You are sharing the same key across multiple end hosts. This would
> trigger replay attack protection in Signed Interest validation. You need a
> unique key for each end host."
>
> So I will start with that. How is this triggered? How the testbed
> distinguishes among hosts? We will test a scenario where a host changes
> attachment point in the network, will that trigger this protection?
>
> Thanks a lot,
> Nikos
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20210128/7503d678/attachment.html>
More information about the Nfd-dev
mailing list