[Sis-dtn] Bundle Signing And Encryption With CMS

Weiss, Howard Howard.Weiss at parsons.com
Tue Jun 30 18:49:17 UTC 2015 

Scott

The SHA256 authentication/integrity digest results in a huge overhead regardless of the protocol used.  While we don't usually 'encourage' people to truncate SHA digests, it can be done when wire overhead is a major issue.  See NIST SP 800-107 for info on truncation (http://csrc.nist.gov/publications/nistpubs/800-107-rev1/sp800-107-rev1.pdf)

And as Dennis says, elliptic curve saves many bits over RSA.

Howie


________________________________
Howard Weiss
Technical Director

PARSONS
7110 Samuel Morse Drive
Columbia, MD 21046
443-430-8089 (office)
410-262-1479 (cell)
443-430-8238 (fax)
howard.weiss at parsons.com
www.parsons.com

Please consider the environment before printing this message
________________________________
From: Iannicca, Dennis C. (GRC-LCA0) [dennis.c.iannicca at nasa.gov]
Sent: Tuesday, June 30, 2015 2:23 PM
To: Burleigh, Scott C (JPL-312B)[Jet Propulsion Laboratory]; Weiss, Howard; Mayer, Jeremy P. (JSC-OT/ESA)[EUROPEAN SPACE AGENCY]; sis-dtn at mailman.ccsds.org
Subject: Re: [Sis-dtn] Bundle Signing And Encryption With CMS

On 6/30/15 1:26 PM, "Burleigh, Scott C (312B)" <scott.c.burleigh at jpl.nasa.gov<mailto:scott.c.burleigh at jpl.nasa.gov>> wrote:

I agree, Jeremy, it’s terrific that you could do this so quickly.  And I agree that the overheads are not bad, but to my mind they are still a little troubling.  I can imagine an SBSP Block Integrity Block ciphersuite that would use a one-time, randomly generated SHA256 key to generate a SHA256 digest over the payload (shipped in the BIB’s results field); would include that key in the BIB’s ciphersuite parameters; and would also provide an elliptic-curve digital signature for that key (computed using the sender’s private key, to be verified using the sender’s pre-placed public key) as an additional ciphersuite parameter.  I think that would come to 256 bits for the SHA256 digest plus 256 bits for the SHA256 key, plus 320 bits for the ECDS, for a total of 832 bits = 104 bytes.  Even allowing for a little additional BIB structural overhead, this is still less than a sixth of the overhead measured for the CMS signing option.

Scott,
CMS would allow you to use ECDSA for signatures in lieu of RSA if you wanted to reduce the overhead seen in these examples.

--
Dennis Iannicca
NASA Glenn Research Center
21000 Brookpark Road, MS 54-1
Cleveland, OH 44135
216-433-6493
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/sis-dtn/attachments/20150630/0ca1c4fb/attachment.html>

More information about the SIS-DTN mailing list