Slow but certain wins the race: authenticated bundle communication in delay tolerant networks

Abstract

We present SEGURA, a Bundle layer security extension for ensuring the authenticity and integrity of message bundles in Delay Tolerant Networks (DTNs). SEGURA employs probabilistic set membership constructs to amortize the cryptographic functionality of traditional authentication mechanisms such as Message Authentication Codes, Hash trees, authentication graphs, and digital signatures in relatively small sized data structures. Using probabilistic set membership constructs in the integrity verification process eliminates any form of dependency among individual network packets which gives the security protocol the capability of handling out of order packets and enduring high packet loss rates. This makes SEGURA a very suitable choice for operation in performance-challenged DTNs with highly disruptive natures featuring excessive disconnection rates, massive delays, and intermittent communication. Moreover, the SEGURA integrity enforcement mechanism gives intermediate DTN routers and gateways the ability to verify the integrity of bundles without employing expensive public-key operations. The goal here is to isolate the effects of any malicious attack as close as possible to the source of the attack. This results in the reduction of bogus network traffic and hence contributes to a major decrease in the messaging delay caused by distant packet retransmission.