dtnrg-4----Page:12
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
|
Security Policy Router: for finer granularity of access control anywhere in the DTN Bundle Agent Region ? Region ? Security Policy Router (may check PSH value) Source Application Node Destination Application Node Payload Security Header is computed once at the source bundle agent, carried unchanged, and may be checked at security boundary routers. Verification of the PSH hash value authenticates the bundle as having been sent by the source and as being unmodified since being sent The security policy router access control decision may be based on the source’s credentials; there is no need to trust upstream bundle agents Source vs. Sender Destination vs. Receiver Receiver/ Sender Source Bundle Agent may enforce access control and Reject traffic from a Bundle application. PSH PSH |