<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
</head>
<body ocsi="0" fpstyle="1">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Jeremy<br>
<br>
This is very cool! Thanks for spinning this up so quickly. Its very neat that you could use an off-the-shelf standard and open source software to provide bundle security services in such an expedited manner. And the fact that the overheads are not bad makes
it even nicer.<br>
<br>
Regards<br>
<br>
howie<br>
<div><br>
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px"><font style="font-family:Verdana" size="2"><span style="font-weight:bold"><br>
</span></font>
<hr style="width:100%; height:2px">
<font style="font-family:Verdana" size="2"><span style="font-weight:bold"></span></font><span style="font-weight:bold">Howard Weiss</span><br>
<font size="1">Technical Director</font><br>
<br>
<font size="1"><font size="2"><span style="font-weight:bold">PARSONS</span></font><br>
7110 Samuel Morse Drive<br>
Columbia, MD 21046<br>
443-430-8089 (office)<br>
410-262-1479 (cell)<br>
443-430-8238 (fax)<br>
howard.weiss@parsons.com<br>
www.parsons.com<br>
<br>
<span style="color:rgb(51,153,102)">Please consider the environment before printing this message</span></font><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div style="font-family: Times New Roman; color: #000000; font-size: 16px">
<hr tabindex="-1">
<div style="direction: ltr;" id="divRpF275448"><font color="#000000" face="Tahoma" size="2"><b>From:</b> sis-dtn-bounces@mailman.ccsds.org [sis-dtn-bounces@mailman.ccsds.org] on behalf of Jeremy Pierce-Mayer [jeremy.mayer@dlr.de]<br>
<b>Sent:</b> Tuesday, June 30, 2015 6:02 AM<br>
<b>To:</b> sis-dtn@mailman.ccsds.org<br>
<b>Subject:</b> [Sis-dtn] Bundle Signing And Encryption With CMS<br>
</font><br>
</div>
<div></div>
<div>
<div><font face="Arial" size="2">Hey Everyone,</font></div>
<div><font face="Arial" size="2"></font> </div>
<div><font face="Arial" size="2">During the Bundle Security telecom last week, I took the action to wedge the Cryptographic Message Syntax (CMS) into BP, for use in signing and encryption. Here are the results:</font></div>
<div><font face="Arial" size="2"></font> </div>
<div><strong><font face="Arial" size="2">Software Implementation:</font></strong></div>
<div><font face="Arial" size="2">For this testing, I used a random payload, passed that through the CMS implementation (OpenSSL), using a pre-shared 1024b RSA key in an X509 certificate. The enveloped data was outputted in DER encoding (Base64)<strong>.
</strong>It is important to note that this is not S-MIME. The DER-ified data was added as a bundle payload.
</font><font face="Arial" size="2">For future testing, it should be possible</font> <font face="Arial" size="2">to update (or dynamically generate) the X509 stuff, where we can set the FROM/TO addressed to the src/dest EID's.
</font></div>
<div><font face="Arial" size="2"></font> </div>
<div><font face="Arial" size="2">I ran two tests, signing and verification...</font></div>
<div><font face="Arial" size="2"></font> </div>
<div><strong><font face="Arial" size="2">Measurement Methodology:</font></strong></div>
<div><strong><font face="Arial" size="2"></font></strong> </div>
<div><font face="Arial" size="2">All of the numbers below were taken from the receiver side. In other words, the "pre-signing/encryption" sizes were based upon successfully decrypting or verifying the data at the end of the pipe.</font></div>
<div><font face="Arial" size="2"></font> </div>
<div><strong><font face="Arial" size="2">Results - Signing:</font></strong></div>
<img src="cid:788143909@30062015-3797">
<div><font face="Arial" size="2"></font> </div>
<div><font face="Arial" size="2">There are two subtests here, one where I carried the CMS signer cert within the data, and one where I didn't. As you can see, the overhead isn't terrible, especially when you consider that (in some of the tests) I was carrying
the cert down the wire. You can also stack signer certificates within a single CMS message, though I opted to not do that (for simplicity) until we have a further plan for CMS.</font></div>
<div><font face="Arial" size="2"></font> </div>
<div><strong><font face="Arial" size="2">Results - Encryption:</font></strong></div>
<div><font face="Arial" size="2">I'm going to prefix this by saying that I really didn't need a graph for this one, but graphs are cool, and if I write enough here, it will look like a proper headline... So, graphs:</font></div>
<div><img src="cid:788143909@30062015-379E"></div>
<div><font face="Arial" size="2"></font> </div>
<div><font face="Arial" size="2">Once again, the overhead isn't awful, at <strong>
349</strong> bytes.</font></div>
<div><font face="Arial" size="2"></font> </div>
<div><strong><font face="Arial" size="2">Where Do We Go From Here:</font></strong></div>
<div><font face="Arial" size="2">I have no idea, though I'm tempted to say that this is a discussion for Darmstadt.</font></div>
<div><font face="Arial" size="2"></font> </div>
<div><font face="Arial" size="2"></font> </div>
</div>
</div>
</div>
</body>
</html>