In Delay/Disruption-Tolerant Networks, man-in-the-middle attacks are easy: due to the store-carry-forward principle, an attacker can simply place itself on the route between source and destination to eavesdrop or alter bundles. This weakness is aggravated in networks, where devices are energy-constrained but the attacker is not. To protect against these attacks, we design and implement mu DTNSec, a security layer for Delay/Disruption-Tolerant Networks on microcontrollers. Our design establishes a public key infrastructure with lightweight certificates as an extension to the Bundle Protocol. It has been fully implemented as an addition to mu DTN on Contiki OS and uses elliptic curve cryptography and hardware-backed symmetric encryption. In this enhanced version of mu DTNSec, public key identity bindings are validated by exchanging certificates using neighbor discovery. mu DTNSec provides a signature mode for authenticity and a sign-then-encrypt mode for added confidentiality. Our performance evaluation shows that the choice of the curve dominates the influence of the payload size. We also provide energy measurements for all operations to show the feasibility of our security layer on energy-constrained devices. Because a high quality source of randomness is required, we evaluated the random number generators by the AT86RF231 radio, its successor AT86RF233, and one based on the noise of the A/D converter. We found that only AT86RF233 provides the required quality.
