Bundle authentication, which ensures the authenticity and integrity of bundles, is critical in space Delay/disruption-Tolerant Networks (DTNs). When bundle fragment services are needed, the previous solutions directly using digital signatures suffer from heavy computational costs and bandwidth overheads. This paper addresses the issue of fragment authentication for Bundle Protocol by exploiting erasure codes and the batch transmission characteristic of DTNs. Erasure codes are adopted to allow all the fragments of a bundle to equally share only one signature, to tolerate high delays as well as unexpected loss of connectivity. Following this generic idea, we present two approaches, both of which are effective in filtering inauthentic fragments as early as possible. The first one takes a surprisingly low bandwidth overhead, while it makes all received fragments of a bundle to be removed when there is an inauthentic one, because of its failure in locating the inauthentic fragments. Considering this defect, we present an improved scheme which is able to detect inauthentic fragments thanks to a special hash chain and then only remove these inauthentic ones. The performance simulation demonstrates that both our schemes significantly reduce bandwidth overheads and computational costs as compared to the prior works.
Lv, X., Mu, Y. & Li, H. (2015). Loss-tolerant bundle fragment authentication for space-based DTNs. IEEE Transactions on Dependable and Secure Computing, 12 (6), 615-625.