-
Notifications
You must be signed in to change notification settings - Fork 394
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: Security functionalities for LCM #467
Comments
Thank you for this proposal! This does indeed look rather interesting. From a maintainer perspective, I have a few thoughts:
Regarding your question to users of LCM, you may want to post to the Google group https://groups.google.com/g/lcm-dev or https://groups.google.com/g/lcm-users to sample the broader community's interest. I think that's it from my point of view. I appreciate your interest in contributing to LCM! |
I appreciate your interest :) If you are open to move forward with this, provided your comments are met, i will do some cleanup to reduce intrusion etc.
It is not right now, but it should not be a problem to achieve this.
Most of the code is indeed seperate, and in a seperate folder. However, i will give you an overview of places where there is some intrusion:
I hope i did not miss anything, but if there are other changes, i think they are either very small or unnesscary and could be cleaned up.
This is the case - a seperate header and Magic Number is used for the secure case. Since i intercept the udp packets, the message format itself is not touched. I would be happy to hear your thoughts about this - especially about the current level of intermixing between LCM and LCMsec. |
Excellent!
Yes, taking a look at the changes, this appears to be the case.
Agreed.
This should also work since that struct is accessed as an opaque object from users of the LCM library.
That might be a good idea, though, I might need to see a version with the changes you've mentioned thus far. Overall, this all sounds good. |
Motivation
LCM does not provide any security features. Tunneling LCM over a secure protocol (when using the UDP-Multicast provider) is difficult due to the - mostly - multicast-based nature of LCM. Therefore, i expect most of the users of this library to use LCM in some sort of isolated network. This however violates against the zero trust principle: "The entire enterprise private network is not considered an implicit trust zone" [1]
Solution
We have developed and implemented a set of security features of LCM. A paper has been submitted for peer review and is available here. The mentioned security features have been implemented in a fork called LCMsec.
The goals of LCMsec are as follows:
Non-goals are:
Proposal
Merge LCMsec into the LCM library as an optional, secured version of the protocol.
If there is indeed interest, i would be happy to work towards a merge. In that case, would one of the maintainers be willing to coordinate with me and make a plan as to what is / is not required to merge?
[1] https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf
The text was updated successfully, but these errors were encountered: