One-stop reference on how to secure a Delay-Tolerant Network (DTN), written by experienced industry insiders
Securing Delay-Tolerant Networks with BPSec answers the question, “How can delay-tolerant networks be secured when operating in environments that would otherwise break many of the common security approaches used on the terrestrial Internet today?”
The text is composed of three sections: (1) security considerations for delay-tolerant networks, (2) the design, implementation, and customization of the BPSec protocol, and (3) how this protocol can be applied, combined with other security protocols, and deployed in emerging network environments.
The text includes pragmatic considerations for deploying BPSec in both regular and delay-tolerant networks. It also features a tutorial on how to achieve several important security outcomes with a combination of security protocols, BPSec included.
Overall, it covers best practices for common security functions, clearly showing designers how to prevent network architecture from being over-constrained by traditional security approaches.
Written by the lead author and originator of the BPSec protocol specification, Securing Delay-Tolerant Networks (DTNs) with BPSec includes information on: - The gap between cryptography and network security, how security requirements constrain network architectures, and why we need something different - DTN stressing conditions, covering intermittent connectivity, congested paths, partitioned topologies, limited link state, and multiple administrative controls - Securing the terrestrial internet, involving a layered approach to security, the impact of protocol design on security services, and securing the internetworking and transport layers - A delay-tolerant security architecture, including desirable properties of a DTN secure protocol, fine-grained security services, and protocol augmentation
Securing Delay-Tolerant Networks (DTNs) with BPSec is a one-stop reference on the subject for any professional operationally deploying BP who must use BPSec for its security, including software technical leads, software developers, space flight mission leaders, network operators, and technology and product development leaders in general.
Table of Contents
Acronyms xix
About the Authors xxiii
Foreword xxv
Preface xxix
About the Companion Website xxxi
1 Introduction 1
1.1 A Pervasively Networked World 1
1.1.1 A New Networking Approach 4
1.1.2 A New Transport Mechanism 5
1.1.3 A New Security Mechanism 6
1.2 Motivation For This Book 7
1.3 Conventions 8
1.3.1 Focus Studies 8
1.3.2 Summary Boxes 8
1.3.3 Margin Notes 9
1.3.4 Extract Quotes 9
1.3.5 Definitions 9
1.4 Organization 9
1.5 Summary 10
References 10
2 Network Design Considerations 12
2.1 Designing for Challenged Networks 12
2.1.1 Network Design Constraints 13
2.1.2 Finding Constraints 14
2.1.2.1 Constraint Sources 14
2.1.2.2 Constraint Types 15
2.1.3 Identifying Security Challenges 16
2.2 Layered Network Architectures 17
2.2.1 Encapsulation 19
2.2.1.1 Design Benefits 20
2.2.1.2 Challenges 20
2.2.2 Delay and Disruption Intolerance 20
2.2.2.1 Design Benefits 22
2.2.2.2 Challenges 23
2.2.3 Coarse-Grained Security 23
2.2.3.1 Design Benefits 23
2.2.3.2 Challenges 24
2.2.4 Impact on Protocol Design 24
2.3 Cryptography and Network Security 25
2.3.1 Cryptographic Algorithm Capabilities 25
2.3.2 Configurations 26
2.3.3 Packaging and Transport 28
2.4 Summary 29
References 30
3 DTN Security Stressors and Strategies 31
3.1 DTN Constraints 31
3.1.1 The Solar System Internet 32
3.1.2 Other Challenged Networks 33
3.1.3 Tolerant Networking 33
3.2 Security-Stressing Conditions 35
3.2.1 Intermittent Partitioning 35
3.2.1.1 Secret Establishment 35
3.2.1.2 Security State Synchronization 37
3.2.2 Time-Variant Topology 37
3.2.2.1 Secure Tunnels 39
3.2.2.2 Key Selection 40
3.2.2.3 Security Policy Configuration 40
3.2.3 Long-Term Storage 41
3.2.3.1 Security-at-rest 41
3.2.3.2 Time-to-live 41
3.3 Security Strategies 42
3.3.1 Separate Concerns 42
3.3.1.1 Structural 43
3.3.1.2 Policy 43
3.3.1.3 Configuration 44
3.3.2 Local Autonomy 44
3.3.2.1 Key Appropriateness 44
3.3.2.2 State Modeling 45
3.3.3 Time Awareness 45
3.3.3.1 Identification 46
3.3.3.2 Error Inference 47
3.3.3.3 State Prediction 47
3.3.4 Atomic Communications 47
3.3.5 Threshold Trust 47
3.3.5.1 Web of Trust 48
3.3.5.2 Blockchain 48
3.3.5.3 Attribute-Based Encryption 48
3.4 Summary 49
References 49
4 Delay-Tolerant Security Architecture Elements 51
4.1 Defining Security Architectures 51
4.1.1 Evolving Cyber Threats 51
4.1.2 Novel Capabilities 52
4.2 IP Security Mechanisms 52
4.2.1 Protocol Structure 53
4.2.2 Security Scoping 54
4.3 DTN Transport 56
4.3.1 The Bundle Protocol 57
4.3.2 Format 57
4.3.3 BP Capabilities 57
4.3.3.1 Extension Blocks 58
4.3.3.2 Store and Forward 59
4.3.3.3 Convergence Layer Adapters 59
4.3.3.4 Late Binding Endpoints 60
4.4 A BPv7 Model for DTN Security 60
4.4.1 Extension Blocks Implications 61
4.4.2 Store and Forward Implications 61
4.4.3 Overlay Implications 62
4.5 Scoping Bundle Security 62
4.5.1 Security by Encapsulation 63
4.5.1.1 Benefits 63
4.5.1.2 Challenges 64
4.5.2 Security by Augmentation 65
4.5.2.1 Benefits 66
4.5.2.2 Challenges 67
4.6 Policy Considerations 67
4.6.1 Configuration 67
4.6.2 Late Binding 69
4.7 Summary 69
References 70
5 The Design of the Bundle Protocol Security Extensions 71
5.1 A Brief History of Bundle Security 71
5.1.1 Bundle Protocol Version 6 72
5.1.1.1 Changes from BPv6 to BPv7 72
5.1.2 Bundle Protocol Security Protocol (BSP) 73
5.1.2.1 BSP Benefits 73
5.1.2.2 BSP Lessons Learned 74
5.2 Design Principles 78
5.2.1 Block-Level Granularity 79
5.2.2 Multiple Security Sources 80
5.2.3 Mixed Security Policy 82
5.2.4 User-Defined Security Contexts 82
5.2.5 Deterministic Processing 83
5.3 Determining Security Services 84
5.3.1 General Security Capabilities 84
5.3.2 Out of Scope Capabilities 84
5.3.2.1 Availability 85
5.3.2.2 Whole Bundle Authentication 85
5.3.2.3 Whole Bundle Non-repudiation 86
5.3.2.4 Resource Authorization 86
5.3.3 BPSec Capabilities 87
5.3.3.1 Plaintext Integrity 87
5.3.3.2 Authenticated Confidentiality 88
5.3.3.3 BPSec Services and Capabilities Mapping 89
5.4 Protocol Comparisons 89
5.5 Summary 90
References 91
6 The BPSec Security Mechanism 93
6.1 The BPSec Mechanism 93
6.2 Security Operations 94
6.2.1 Notation 94
6.2.2 Security Operation States 94
6.2.2.1 Inserting Security Operations 95
6.2.2.2 Rejecting Security Operations 95
6.2.2.3 Accepting Security Operations 95
6.2.3 Uniqueness 96
6.2.3.1 Same Service. Same Target 96
6.2.3.2 Same Service. Different Targets 96
6.2.3.3 Different Services. Same Target 97
6.2.3.4 Different Services. Different Targets 97
6.2.4 Bundle Representation 98
6.3 Security Contexts 98
6.3.1 Scope 98
6.3.2 Moderation 98
6.3.3 Application 99
6.4 Security Blocks 99
6.4.1 Security Block Features 100
6.4.2 Security Operation Aggregation 100
6.4.3 The Abstract Security Block 101
6.4.3.1 Security Operation Identification 102
6.4.3.2 Security Configuration 102
6.4.3.3 Security Results 103
6.4.4 Types of Security Information 103
6.4.4.1 Shared Information 103
6.4.4.2 Security Operation Specific Information 104
6.4.4.3 Security Targets 104
6.4.4.4 Security Results 104
6.5 Block Integrity Block 105
6.5.1 Populating the ASB 105
6.5.2 Block Considerations 105
6.5.2.1 Block Processing Control Flags 105
6.5.2.2 Multiple Signatures 107
6.5.2.3 Cryptographic Binding 107
6.6 Block Confidentiality Block 107
6.6.1 Populating the ASB 108
6.6.2 Block Considerations 108
6.6.2.1 Encrypted Payload Fragmentation 109
6.6.2.2 BCB Processing 109
6.6.2.3 Appropriate Security Targets 110
6.6.2.4 Authenticated Encryption with Associated Data 110
6.7 Other Security Blocks 110
6.8 Mapping 112
6.9 Summary 113
Reference 114
7 Security Block Processing 115
7.1 General Block Processing 115
7.2 The Extension Block Lifecycle 116
7.2.1 Implementation Notes 117
7.2.1.1 Transcoding 119
7.2.1.2 Extraction 119
7.2.1.3 Hybrid 119
7.2.2 Lifecycle Actions 119
7.2.2.1 Block Source Actions 119
7.2.2.2 Block Processor Actions 120
7.2.2.3 Block Acceptor Actions 120
7.2.3 Security Implications 121
7.2.3.1 Order of Block Evaluation 121
7.2.3.2 Defer Some Processing 122
7.2.3.3 Preserve Security Blocks 122
7.3 Security Operation Processing 123
7.3.1 Security Roles 123
7.3.2 Security Source Processing 124
7.3.3 Security Verifier Processing 125
7.3.4 Security Acceptor Processing 126
7.4 Security Block Manipulation 127
7.4.1 Grouping Security Operations 127
7.4.2 Grouping Requirements 129
7.4.3 Block Manipulation Algorithms 130
7.4.3.1 Add Security Operation 130
7.4.3.2 Merge Security Blocks 130
7.4.3.3 Remove Security Operation 132
7.4.3.4 Split Security Blocks 132
7.5 Target Multiplicity Examples 133
7.5.1 Confidentiality 133
7.5.2 Integrity 133
7.6 Common Error Conditions 135
7.6.1 BIB Target Verification Failed at Security Verifier 135
7.6.2 Security Block Segmentation Failure at Security Source 135
7.6.3 Security Block Segmentation Failure at Security Acceptor 136
7.7 Summary 136
References 136
8 Security Dependency Management 137
8.1 Dependency Management 137
8.2 Bundle-Related Dependencies 139
8.2.1 Intra-Bundle Dependencies 139
8.2.1.1 Payload Processing 140
8.2.1.2 Decoding 140
8.2.1.3 Configuration 140
8.2.1.4 Assessment 141
8.2.2 Inter-Bundle Dependencies 141
8.2.2.1 Network Information 142
8.2.2.2 Fragmentation Dependency 143
8.3 Security-Related Dependencies 143
8.3.1 Operation Dependencies 143
8.3.2 Block Dependencies 144
8.3.3 Configuration Dependencies 144
8.3.3.1 Security Context Support 145
8.3.3.2 Security Context Configuration 146
8.3.3.3 Policy Configuration 146
8.3.4 Security Dependency Mappings 146
8.4 Dependency-Related Constraints 147
8.4.1 Single-Operation Sources 148
8.4.2 Unique Security Services 148
8.4.3 Exclusively Linear Dependencies 149
8.5 Special Processing Rules 150
8.5.1 Inclusive Confidentiality 150
8.5.2 No Service Redundancy 151
8.5.3 Process Confidentiality First 152
8.6 Handling Policy Conflicts 152
8.6.1 In-Bundle Policies 153
8.6.2 Security Versus Bundle Policy 153
8.6.3 Case Study: Verify Unknown Block 153
8.6.3.1 Option 1: Security Policy First 154
8.6.3.2 Option 2: Block Policy First 155
8.6.4 Reflections on Processing Order 156
8.6.5 Security Roles and Timing 157
8.7 Summary 157
References 158
9 Threat Considerations for BPv7 Networks 159
9.1 Security Implications of BPv7 Networks 159
9.1.1 Network Topology 160
9.1.2 Timing and Key Management 160
9.1.3 Timing and Incident Response 160
9.2 Threat Model and BPSec Assumptions 161
9.2.1 The Internet Threat Model 161
9.2.2 BPSec Design Assumptions 162
9.2.2.1 Proper Implementation 163
9.2.2.2 Proper Configuration 163
9.2.2.3 Appropriate Security Contexts 164
9.3 Attacker Objectives and Capabilities 164
9.3.1 Attacker Objectives 164
9.3.2 Attacker Placement 166
9.3.2.1 Node Compromise 167
9.3.2.2 Topology Attacks 167
9.3.2.3 Proximity Access 168
9.3.3 Attacker Privileges 168
9.4 Passive Attacks 169
9.4.1 Cryptanalysis 170
9.4.2 Network Profiling 170
9.4.3 Traffic Profiling 171
9.5 Active Attacks 173
9.5.1 Bundle Injection 174
9.5.2 Bundle Modification 175
9.5.3 Topology 175
9.6 Summary 176
References 177
10 Using Security Contexts 178
10.1 The Case for Contexts 178
10.1.1 A BPv7 Security Ecosystem 178
10.1.1.1 Adaptation Properties 179
10.1.2 Cipher Suites 180
10.1.2.1 Cipher Suite Terms 181
10.1.2.2 Cipher Suite Algorithms 182
10.1.2.3 Partial Suites 183
10.1.3 Security Configuration 183
10.1.3.1 Configuration Sources 185
10.1.3.2 Configuration Types 185
10.1.3.3 Limitations of Current Approaches 187
10.2 Using Security Contexts 188
10.2.1 Identifying Contexts 188
10.2.2 Selecting Contexts 190
10.2.2.1 Provided Services 192
10.2.2.2 Assumptions 192
10.2.2.3 Algorithms 192
10.2.2.4 Parameters 193
10.2.3 Selecting Parameters and Results 193
10.2.3.1 Parameter Encoding 193
10.2.3.2 Parameter Types 194
10.2.3.3 Parameter Sources 194
10.2.3.4 Result Types 195
10.3 Summary 197
References 198
11 Security Context Design 199
11.1 Overview 199
11.2 Novelty 200
11.3 Network Considerations 201
11.3.1 Data Lifetime 201
11.3.2 One-Way Traffic 202
11.3.2.1 Long Signal Propagation Delays 202
11.3.2.2 Frequent Disruptions 202
11.3.2.3 Opportunistic Links 202
11.3.2.4 Hardware Limitations 202
11.3.3 On-Demand Access 203
11.4 Behavioral Considerations 203
11.4.1 Parameterization 203
11.4.2 Authenticating Encryption 204
11.4.2.1 MAC-then-Encrypt 204
11.4.2.2 Encrypt-then-MAC 204
11.4.2.3 Encrypt-and-MAC 204
11.4.3 Key Management 204
11.4.4 Target Associations 205
11.4.4.1 Single-Target Single-Result (STSR) Contexts 206
11.4.4.2 Single-Target Multiple-Result (STMR) Contexts 207
11.4.4.3 Multiple-Target Contexts 208
11.5 Syntactic Considerations 209
11.5.1 Parameter and Result Encodings 210
11.5.2 Canonicalization 210
11.5.3 Encryption Ciphertext Packing 210
11.5.4 Handling CRC Fields 211
11.6 Cryptographic Binding 212
11.6.1 Candidate Data Sets 212
11.6.1.1 Other Blocks’ Block-Type-Specific Data 212
11.6.1.2 Processing Flags 213
11.6.1.3 Other Bundle Elements 213
11.6.2 Identifying Data Sets 213
11.6.3 Data Representation 213
11.6.3.1 Monolithic Data Input 213
11.6.3.2 Independent Data Inputs 213
11.6.3.3 Scenarios 214
11.6.3.4 Processing Steps 215
11.6.4 Common Error Conditions 215
11.6.4.1 Dropped Blocks 216
11.6.4.2 Poor Canonicalization 216
11.6.4.3 Block Ordering 216
11.6.4.4 Fragmentation 216
11.7 Summary 217
References 217
12 Security Policy Overview 218
12.1 Overview 218
12.2 Policy Information Sources 219
12.3 Policy Information Types 219
12.3.1 Negotiating Sources 220
12.3.2 Asserting Sources 220
12.3.3 Predicting Sources 221
12.4 Security Operation Events 221
12.4.1 The Security Operation Lifecycle 221
12.4.1.1 Security Source Events 222
12.4.1.2 Security Verifier Events 222
12.4.1.3 Security Acceptor Events 224
12.5 Processing Actions 224
12.5.1 Processing Requirements 224
12.5.1.1 Required Processing Actions 225
12.5.1.2 Optional Processing Actions 225
12.5.1.3 Prohibited Processing Actions 225
12.5.2 Processing Action Categories 226
12.5.2.1 Data Generation Actions 226
12.5.2.2 Block Manipulation Actions 227
12.5.2.3 Bundle Manipulation Actions 228
12.6 Matching Policy to Security Blocks 232
12.6.1 Types of Policy Statements 233
12.6.1.1 Required Policy Statements 233
12.6.1.2 Optional Policy Statements 234
12.6.1.3 Constraining Policy Statements 234
12.6.2 Associating Events and Actions 234
12.7 A Sample Policy Engine 235
12.7.1 System Policy Engine Overview 235
12.7.1.1 Filter Criteria 235
12.7.1.2 Specification Criteria 238
12.7.1.3 Event Criteria 238
12.7.2 Policy Configuration Examples 238
12.7.2.1 Minimizing Illegitimate Traffic 238
12.7.2.2 Analysis of Security Failures 239
12.8 Summary 239
References 239
13 Achieving Security Outcomes 240
13.1 Security Outcomes 240
13.1.1 Outcome Components 241
13.1.2 Outcome Descriptions 241
13.2 Verifying BIB-Integrity 241
13.2.1 Overview 242
13.2.2 Methodology 242
13.2.3 Potential Issues 243
13.3 Verifying BCB-Confidentiality 243
13.3.1 Overview 244
13.3.1.1 Security Context Options 244
13.3.2 Methodology 245
13.3.3 Potential Issues 246
13.4 Whole-Bundle Authentication 246
13.4.1 Overview 247
13.4.1.1 Target Block Selection 247
13.4.1.2 Security Result Definition 248
13.4.1.3 Whole-Bundle Scope 248
13.4.1.4 Security Context Capabilities 249
13.4.2 Methodology 250
13.4.3 Potential Issues 250
13.5 Protected Bundle Composition 251
13.5.1 Overview 251
13.5.1.1 Block and Bundle Relationships 251
13.5.1.2 Harmful Bundle Manipulation 253
13.5.1.3 Identifying Critical Blocks 254
13.5.2 Methodology 257
13.5.2.1 Bundle Source Processing Steps 257
13.5.2.2 Other BPA Processing Steps 258
13.5.3 Potential Issues 258
13.6 Summary 259
Reference 259
14 Special Considerations 260
14.1 Scoping Security Concerns 260
14.2 BPA Resource Considerations 261
14.2.1 Additional Computational Load 261
14.2.2 Memory and Storage Requirements 263
14.3 Bundle Fragmentation Considerations 263
14.3.1 Delayed Security Processing 264
14.3.2 Block Duplication 265
14.3.3 Security Block Affinity 266
14.4 Security Context Considerations 267
14.5 Policy Considerations 268
14.5.1 Key Management 268
14.5.1.1 Key Independence 268
14.5.1.2 Key Exhaustion 269
14.5.1.3 Planning for Key Expiration 270
14.5.1.4 Mitigations 271
14.5.2 Cryptographic Binding 271
14.5.2.1 Bound Block Changes 272
14.5.2.2 Forensic Analysis 273
14.5.3 Role Misconfiguration 273
14.5.3.1 Missing Security Operations 273
14.5.3.2 Duplicated Security Operations 274
14.5.3.3 Mitigations 275
14.5.4 Security Context Misuse 275
14.5.5 Bundle Matching 276
14.5.5.1 Nodes versus EIDs 276
14.5.5.2 Multiple Naming Schemes 277
14.5.6 Rule Specificity 278
14.5.7 Cascading Events 280
14.5.7.1 Removing Target Blocks 280
14.5.7.2 Removing Security Blocks 280
14.6 Summary 281
References 281
Appendix A Example Security Contexts 282
A.1 Integrity Security Context 283
A.1.1 Security Context Scope 283
A 1.1.1 Integrity Scope Flags 283
A.1.1.2 Primary Block 284
A.1.1.3 Target Block Headers 285
A.1.1.4 Security Block Headers 285
A.1.1.5 Target Block-Type-Specific Data 285
A.1.2 Security Context Parameters 286
A.1.2.1 SHA Variant 286
A.1.2.2 Wrapped Key 286
A.1.2.3 Integrity Scope Flags 286
A.1.3 Security Results 287
A.1.4 Input Canonicalization 287
A.2 Confidentiality Security Context 288
A.2.1 Cipher Suite Selection 288
A.2.2 Security Context Scope 289
A.2.2.1 Confidentiality Scope 289
A.2.2.2 Authentication Scope 289
A.2.3 Security Context Parameters 290
A.2.3.1 Initialization Vector (IV) 290
A.2.3.2 AES Variant 290
A.2.3.3 Wrapped Key 290
A.2.3.4 AAD Scope Flags 291
A.2.4 Security Results 291
A.2.5 Input Canonicalization 291
References 292
Appendix B Security Block Processing 293
B.1 Overview 293
B.2 Single-Target Single-Result Security Contexts 293
B.2.1 BCB-Confidentiality 293
B.2.1.1 Scenario 294
B.2.1.2 Processing Steps 294
B.2.2 BIB-Integrity 295
B.2.2.1 Scenario 295
B.2.2.2 Processing Steps 295
B.2.3 Common Error Conditions 296
B.2.3.1 Failed Generation of Cryptographic Material 296
B.2.3.2 Integrity Verification Failure 296
B.2.3.3 Decryption Failure at the Security Acceptor 297
B 3 Single-Target Multiple-Result Security Contexts 297
B.3.1 BCB-Confidentiality 297
B.3.1.1 Scenario 297
B.3.1.2 Processing Steps 298
B.3.2 BIB-Integrity 299
B.3.2.1 Scenario 299
B.3.2.2 Processing Steps 299
B.3.3 Common Error Conditions 300
B.3.3.1 Failed Generation of Cryptographic Material: Integrity Signature at Security Source 300
B.3.3.2 Integrity Verification Failure at a Security Verifier 300
B 3.3.3 Integrity Verification Failure at the Security Acceptor 301
B.3.3.4 Failed Generation of Cryptographic Material: Ciphertext at Security Source 301
B.3.3.5 Confidentiality Verification Failed at a Security Verifier 301
B.3.3.6 Confidentiality Processing Failed at the Security Acceptor 301
B.4 Multiple Security Sources 302
B.4.1 Scenario 302
B.4.2 Processing Steps 303
B.4.3 Common Error Conditions 304
B.4.3.1 Failed Generation of BIB at Security Source 304
B.4.3.2 Failed Generation of BCB at Security Source 304
Reference 304
Appendix c Bundle Protocol Data Representation 305
C.1 Bundle Protocol Data Objects 305
C.2 Data Representation 306
C.2.1 CBOR Basics 306
C.2.1.1 CBOR Objectives 306
C.2.1.2 CBOR Encoding 307
C.2.2 CDDL Basics 307
C.2.2.1 Groups 308
C 2.2.2 Entries 308
C.2.2.3 Group Contexts: Arrays and Maps 308
C.2.2.4 Entry Occurrence Indicators 309
C.2.2.5 Choices 309
C.2.2.6 Building Objects: Sockets, Plugs, and Within 309
C.3 CDDL Representations 310
C.3.1 Bundle Protocol v7 310
C.3.2 BPSec 312
C.3.3 Default Security Context 313
References 313
Index 315