Secure Descriptive Message Dissemination in DTNs M. Chuah CSE Dept Lehigh University Bethlehem, PA 18015, USA chuah@cse.lehigh.edu S. Roy CSE Dept Lehigh University Bethlehem, PA18015, USA ros308@cse.lehigh.edu I. Stoev CSE Dept Lehigh University Bethlehem, PA 18015, USA ivs209@lehigh.edu ABSTRACT Mobile nodes in some challenging network scenarios suffer from intermittent connectivity and frequent partitions e.g. battlefield and disaster recovery scenarios. Disruption Tolerant Network (DTN) technologies are designed to enable nodes in such environments to communicate with one another. A key feature of DTN technology is the late-binding capability that allows messages destined to a descriptive name to be resolved progressively until the messages are delivered to one or several recipients. In this paper, we describe a flexible security solution that allows messages destined to descriptive names to be sent securely such that unauthorized personnel is not allowed to eavesdrop on them. Our solution builds on the attributed based cryptography system. In addition, we describe our implementation of a late-binding router that supports our security solution. We also present our prototyping experience. Categories and Subject Descriptors C.2.0 [Computer-Communication-Networks]: General; C.2.2 [Computer-Communication-Networks]: Network Protocols General Terms Design, Security Keywords Security, Descriptive Message Delivery, Disruption Tolerant Networks 1. INTRODUCTION With the advancement in technology, many users carry small computing devices e.g. PDAs, cell-phones etc with wireless interfaces. These devices can form mobile ad hoc networks and communicate with one another via the help of intermediate nodes. Such ad hoc networks are very useful in several scenarios e.g. battlefield operations, vehicular ad hoc networks and disaster response scenarios. Many ad hoc routing schemes have been designed for ad hoc networks but such routing schemes are not useful in some challenging network scenarios where the nodes have intermittent connectivity and suffer frequent partitioning. Recently, disruption tolerant network (DTN) technologies [1],[2] have been proposed to allow nodes in such extreme networking environment to communicate with one another. New routing schemes more appropriate for DTN environment are also proposed e.g. [17]. Three key ideas in the DTN architecture are (a) intentional naming, (b) late binding and (c) persistent delivery. Intentional naming [1,4,5] means that nodes can be addressed using some descriptive attributes of the roles of their users e.g. all mall shoppers in the 2 nd floor. It is often useful to be able to address nodes using both the standard DTN endpoint identifier (EID)s as well as some descriptive attributes of nodes or users of nodes. A similar idea has been proposed in MIT’s intentional name system [3]. However, the application of these ideas to DTNs is relatively new [1],[4]. Some examples of intentional naming are shown in Table 1. Table 1: Examples of Intentional Names Category Examples All nodes equipped with GPS All nodes which detect poisonous gas All EE students at Lehigh All soldiers from Company A All vehicles within 200m of Bethlehem City Center All nodes within 500m of Manhattan Bridge Combined User & All medics within 200m of Allentown City Building Location Based All firefighters within 200m of Wall Street Building All CSE students within Packard Laboratory Node-Attribute User-Attribute Location Based Late binding [4,5] means that the mapping of an intentional name to an address needs not happen when a packet (or referred to as a bundle in the DTN architecture) is created. In a conventional network, the mapping from a name to an address usually happens very early when packets are constructed and passed to the routing layer. In a DTN, due to the sparse connectivity, it may not be feasible for a source to have the necessary information to bind values of attributes (e.g. roles, locations) to addresses. Therefore, we need to have a process of progressively mapping an intentional name to canonical EIDs. This process is referred to as “intentional name resolution”. Persistent delivery [5] means that bundles will be stored for further delivery at an intermediate node if that node can not yet resolve the intentional name of these bundles or find no routes yet to the resolved addresses of these bundles. Since DTN nodes persistently store information, bundles can be delivered to recipients that match the description but are not present at the time a bundle is received. Prototypes supporting DTN are available but only one [5] provides the intentional name and late binding features. The prototype in [5] is not available to the general public. In this work, we develop a late binding router implementation that supports these features and our prototype will be made available in the near future. In some DTN application scenarios e.g. mobile services for Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. MobiOpp’10, Feb 22-23, 2010, Pisa, Italy. Copyright 2010 ACM 978-1-60558-925-1/10/02…$10.00.