[Sis-dtn] Bundle Signing And Encryption With CMS

Jeremy Pierce-Mayer jeremy.mayer at dlr.de
Tue Jun 30 10:02:20 UTC 2015 

Hey Everyone,
 
During the Bundle Security telecom last week, I took the action to wedge the
Cryptographic Message Syntax (CMS) into BP, for use in signing and
encryption. Here are the results:
 
Software Implementation:
For this testing, I used a random payload, passed that through the CMS
implementation (OpenSSL), using a pre-shared 1024b RSA key in an X509
certificate. The enveloped data was outputted in DER encoding (Base64). It
is important to note that this is not S-MIME. The DER-ified data was added
as a bundle payload. For future testing, it should be possible to update (or
dynamically generate) the X509 stuff, where we can set the FROM/TO addressed
to the src/dest EID's. 
 
I ran two tests, signing and verification...
 
Measurement Methodology:
 
All of the numbers below were taken from the receiver side. In other words,
the "pre-signing/encryption" sizes were based upon successfully decrypting
or verifying the data at the end of the pipe.
 
Results - Signing:
 
 
There are two subtests here, one where I carried the CMS signer cert within
the data, and one where I didn't. As you can see, the overhead isn't
terrible, especially when you consider that (in some of the tests) I was
carrying the cert down the wire. You can also stack signer certificates
within a single CMS message, though I opted to not do that (for simplicity)
until we have a further plan for CMS.
 
Results - Encryption:
I'm going to prefix this by saying that I really didn't need a graph for
this one, but graphs are cool, and if I write enough here, it will look like
a proper headline... So, graphs:

 
Once again, the overhead isn't awful, at 349 bytes.
 
Where Do We Go From Here:
I have no idea, though I'm tempted to say that this is a discussion for
Darmstadt.
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/sis-dtn/attachments/20150630/56e52144/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook.jpg
Type: image/jpeg
Size: 59257 bytes
Desc: not available
URL: <http://mailman.ccsds.org/pipermail/sis-dtn/attachments/20150630/56e52144/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook.jpg
Type: image/jpeg
Size: 49880 bytes
Desc: not available
URL: <http://mailman.ccsds.org/pipermail/sis-dtn/attachments/20150630/56e52144/attachment-0001.jpg>

More information about the SIS-DTN mailing list