+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

Securing Delay-Tolerant Networks with BPSec. Edition No. 1

  • Book

  • 352 Pages
  • December 2022
  • John Wiley and Sons Ltd
  • ID: 5837897
Securing Delay-Tolerant Networks with BPSec

One-stop reference on how to secure a Delay-Tolerant Network (DTN), written by experienced industry insiders

Securing Delay-Tolerant Networks with BPSec answers the question, “How can delay-tolerant networks be secured when operating in environments that would otherwise break many of the common security approaches used on the terrestrial Internet today?”

The text is composed of three sections: (1) security considerations for delay-tolerant networks, (2) the design, implementation, and customization of the BPSec protocol, and (3) how this protocol can be applied, combined with other security protocols, and deployed in emerging network environments.

The text includes pragmatic considerations for deploying BPSec in both regular and delay-tolerant networks. It also features a tutorial on how to achieve several important security outcomes with a combination of security protocols, BPSec included.

Overall, it covers best practices for common security functions, clearly showing designers how to prevent network architecture from being over-constrained by traditional security approaches.

Written by the lead author and originator of the BPSec protocol specification, Securing Delay-Tolerant Networks (DTNs) with BPSec includes information on: - The gap between cryptography and network security, how security requirements constrain network architectures, and why we need something different - DTN stressing conditions, covering intermittent connectivity, congested paths, partitioned topologies, limited link state, and multiple administrative controls - Securing the terrestrial internet, involving a layered approach to security, the impact of protocol design on security services, and securing the internetworking and transport layers - A delay-tolerant security architecture, including desirable properties of a DTN secure protocol, fine-grained security services, and protocol augmentation

Securing Delay-Tolerant Networks (DTNs) with BPSec is a one-stop reference on the subject for any professional operationally deploying BP who must use BPSec for its security, including software technical leads, software developers, space flight mission leaders, network operators, and technology and product development leaders in general.

Table of Contents

Acronyms xix

About the Authors xxiii

Foreword xxv

Preface xxix

About the Companion Website xxxi

1 Introduction 1

1.1 A Pervasively Networked World 1

1.1.1 A New Networking Approach 4

1.1.2 A New Transport Mechanism 5

1.1.3 A New Security Mechanism 6

1.2 Motivation For This Book 7

1.3 Conventions 8

1.3.1 Focus Studies 8

1.3.2 Summary Boxes 8

1.3.3 Margin Notes 9

1.3.4 Extract Quotes 9

1.3.5 Definitions 9

1.4 Organization 9

1.5 Summary 10

References 10

2 Network Design Considerations 12

2.1 Designing for Challenged Networks 12

2.1.1 Network Design Constraints 13

2.1.2 Finding Constraints 14

2.1.2.1 Constraint Sources 14

2.1.2.2 Constraint Types 15

2.1.3 Identifying Security Challenges 16

2.2 Layered Network Architectures 17

2.2.1 Encapsulation 19

2.2.1.1 Design Benefits 20

2.2.1.2 Challenges 20

2.2.2 Delay and Disruption Intolerance 20

2.2.2.1 Design Benefits 22

2.2.2.2 Challenges 23

2.2.3 Coarse-Grained Security 23

2.2.3.1 Design Benefits 23

2.2.3.2 Challenges 24

2.2.4 Impact on Protocol Design 24

2.3 Cryptography and Network Security 25

2.3.1 Cryptographic Algorithm Capabilities 25

2.3.2 Configurations 26

2.3.3 Packaging and Transport 28

2.4 Summary 29

References 30

3 DTN Security Stressors and Strategies 31

3.1 DTN Constraints 31

3.1.1 The Solar System Internet 32

3.1.2 Other Challenged Networks 33

3.1.3 Tolerant Networking 33

3.2 Security-Stressing Conditions 35

3.2.1 Intermittent Partitioning 35

3.2.1.1 Secret Establishment 35

3.2.1.2 Security State Synchronization 37

3.2.2 Time-Variant Topology 37

3.2.2.1 Secure Tunnels 39

3.2.2.2 Key Selection 40

3.2.2.3 Security Policy Configuration 40

3.2.3 Long-Term Storage 41

3.2.3.1 Security-at-rest 41

3.2.3.2 Time-to-live 41

3.3 Security Strategies 42

3.3.1 Separate Concerns 42

3.3.1.1 Structural 43

3.3.1.2 Policy 43

3.3.1.3 Configuration 44

3.3.2 Local Autonomy 44

3.3.2.1 Key Appropriateness 44

3.3.2.2 State Modeling 45

3.3.3 Time Awareness 45

3.3.3.1 Identification 46

3.3.3.2 Error Inference 47

3.3.3.3 State Prediction 47

3.3.4 Atomic Communications 47

3.3.5 Threshold Trust 47

3.3.5.1 Web of Trust 48

3.3.5.2 Blockchain 48

3.3.5.3 Attribute-Based Encryption 48

3.4 Summary 49

References 49

4 Delay-Tolerant Security Architecture Elements 51

4.1 Defining Security Architectures 51

4.1.1 Evolving Cyber Threats 51

4.1.2 Novel Capabilities 52

4.2 IP Security Mechanisms 52

4.2.1 Protocol Structure 53

4.2.2 Security Scoping 54

4.3 DTN Transport 56

4.3.1 The Bundle Protocol 57

4.3.2 Format 57

4.3.3 BP Capabilities 57

4.3.3.1 Extension Blocks 58

4.3.3.2 Store and Forward 59

4.3.3.3 Convergence Layer Adapters 59

4.3.3.4 Late Binding Endpoints 60

4.4 A BPv7 Model for DTN Security 60

4.4.1 Extension Blocks Implications 61

4.4.2 Store and Forward Implications 61

4.4.3 Overlay Implications 62

4.5 Scoping Bundle Security 62

4.5.1 Security by Encapsulation 63

4.5.1.1 Benefits 63

4.5.1.2 Challenges 64

4.5.2 Security by Augmentation 65

4.5.2.1 Benefits 66

4.5.2.2 Challenges 67

4.6 Policy Considerations 67

4.6.1 Configuration 67

4.6.2 Late Binding 69

4.7 Summary 69

References 70

5 The Design of the Bundle Protocol Security Extensions 71

5.1 A Brief History of Bundle Security 71

5.1.1 Bundle Protocol Version 6 72

5.1.1.1 Changes from BPv6 to BPv7 72

5.1.2 Bundle Protocol Security Protocol (BSP) 73

5.1.2.1 BSP Benefits 73

5.1.2.2 BSP Lessons Learned 74

5.2 Design Principles 78

5.2.1 Block-Level Granularity 79

5.2.2 Multiple Security Sources 80

5.2.3 Mixed Security Policy 82

5.2.4 User-Defined Security Contexts 82

5.2.5 Deterministic Processing 83

5.3 Determining Security Services 84

5.3.1 General Security Capabilities 84

5.3.2 Out of Scope Capabilities 84

5.3.2.1 Availability 85

5.3.2.2 Whole Bundle Authentication 85

5.3.2.3 Whole Bundle Non-repudiation 86

5.3.2.4 Resource Authorization 86

5.3.3 BPSec Capabilities 87

5.3.3.1 Plaintext Integrity 87

5.3.3.2 Authenticated Confidentiality 88

5.3.3.3 BPSec Services and Capabilities Mapping 89

5.4 Protocol Comparisons 89

5.5 Summary 90

References 91

6 The BPSec Security Mechanism 93

6.1 The BPSec Mechanism 93

6.2 Security Operations 94

6.2.1 Notation 94

6.2.2 Security Operation States 94

6.2.2.1 Inserting Security Operations 95

6.2.2.2 Rejecting Security Operations 95

6.2.2.3 Accepting Security Operations 95

6.2.3 Uniqueness 96

6.2.3.1 Same Service. Same Target 96

6.2.3.2 Same Service. Different Targets 96

6.2.3.3 Different Services. Same Target 97

6.2.3.4 Different Services. Different Targets 97

6.2.4 Bundle Representation 98

6.3 Security Contexts 98

6.3.1 Scope 98

6.3.2 Moderation 98

6.3.3 Application 99

6.4 Security Blocks 99

6.4.1 Security Block Features 100

6.4.2 Security Operation Aggregation 100

6.4.3 The Abstract Security Block 101

6.4.3.1 Security Operation Identification 102

6.4.3.2 Security Configuration 102

6.4.3.3 Security Results 103

6.4.4 Types of Security Information 103

6.4.4.1 Shared Information 103

6.4.4.2 Security Operation Specific Information 104

6.4.4.3 Security Targets 104

6.4.4.4 Security Results 104

6.5 Block Integrity Block 105

6.5.1 Populating the ASB 105

6.5.2 Block Considerations 105

6.5.2.1 Block Processing Control Flags 105

6.5.2.2 Multiple Signatures 107

6.5.2.3 Cryptographic Binding 107

6.6 Block Confidentiality Block 107

6.6.1 Populating the ASB 108

6.6.2 Block Considerations 108

6.6.2.1 Encrypted Payload Fragmentation 109

6.6.2.2 BCB Processing 109

6.6.2.3 Appropriate Security Targets 110

6.6.2.4 Authenticated Encryption with Associated Data 110

6.7 Other Security Blocks 110

6.8 Mapping 112

6.9 Summary 113

Reference 114

7 Security Block Processing 115

7.1 General Block Processing 115

7.2 The Extension Block Lifecycle 116

7.2.1 Implementation Notes 117

7.2.1.1 Transcoding 119

7.2.1.2 Extraction 119

7.2.1.3 Hybrid 119

7.2.2 Lifecycle Actions 119

7.2.2.1 Block Source Actions 119

7.2.2.2 Block Processor Actions 120

7.2.2.3 Block Acceptor Actions 120

7.2.3 Security Implications 121

7.2.3.1 Order of Block Evaluation 121

7.2.3.2 Defer Some Processing 122

7.2.3.3 Preserve Security Blocks 122

7.3 Security Operation Processing 123

7.3.1 Security Roles 123

7.3.2 Security Source Processing 124

7.3.3 Security Verifier Processing 125

7.3.4 Security Acceptor Processing 126

7.4 Security Block Manipulation 127

7.4.1 Grouping Security Operations 127

7.4.2 Grouping Requirements 129

7.4.3 Block Manipulation Algorithms 130

7.4.3.1 Add Security Operation 130

7.4.3.2 Merge Security Blocks 130

7.4.3.3 Remove Security Operation 132

7.4.3.4 Split Security Blocks 132

7.5 Target Multiplicity Examples 133

7.5.1 Confidentiality 133

7.5.2 Integrity 133

7.6 Common Error Conditions 135

7.6.1 BIB Target Verification Failed at Security Verifier 135

7.6.2 Security Block Segmentation Failure at Security Source 135

7.6.3 Security Block Segmentation Failure at Security Acceptor 136

7.7 Summary 136

References 136

8 Security Dependency Management 137

8.1 Dependency Management 137

8.2 Bundle-Related Dependencies 139

8.2.1 Intra-Bundle Dependencies 139

8.2.1.1 Payload Processing 140

8.2.1.2 Decoding 140

8.2.1.3 Configuration 140

8.2.1.4 Assessment 141

8.2.2 Inter-Bundle Dependencies 141

8.2.2.1 Network Information 142

8.2.2.2 Fragmentation Dependency 143

8.3 Security-Related Dependencies 143

8.3.1 Operation Dependencies 143

8.3.2 Block Dependencies 144

8.3.3 Configuration Dependencies 144

8.3.3.1 Security Context Support 145

8.3.3.2 Security Context Configuration 146

8.3.3.3 Policy Configuration 146

8.3.4 Security Dependency Mappings 146

8.4 Dependency-Related Constraints 147

8.4.1 Single-Operation Sources 148

8.4.2 Unique Security Services 148

8.4.3 Exclusively Linear Dependencies 149

8.5 Special Processing Rules 150

8.5.1 Inclusive Confidentiality 150

8.5.2 No Service Redundancy 151

8.5.3 Process Confidentiality First 152

8.6 Handling Policy Conflicts 152

8.6.1 In-Bundle Policies 153

8.6.2 Security Versus Bundle Policy 153

8.6.3 Case Study: Verify Unknown Block 153

8.6.3.1 Option 1: Security Policy First 154

8.6.3.2 Option 2: Block Policy First 155

8.6.4 Reflections on Processing Order 156

8.6.5 Security Roles and Timing 157

8.7 Summary 157

References 158

9 Threat Considerations for BPv7 Networks 159

9.1 Security Implications of BPv7 Networks 159

9.1.1 Network Topology 160

9.1.2 Timing and Key Management 160

9.1.3 Timing and Incident Response 160

9.2 Threat Model and BPSec Assumptions 161

9.2.1 The Internet Threat Model 161

9.2.2 BPSec Design Assumptions 162

9.2.2.1 Proper Implementation 163

9.2.2.2 Proper Configuration 163

9.2.2.3 Appropriate Security Contexts 164

9.3 Attacker Objectives and Capabilities 164

9.3.1 Attacker Objectives 164

9.3.2 Attacker Placement 166

9.3.2.1 Node Compromise 167

9.3.2.2 Topology Attacks 167

9.3.2.3 Proximity Access 168

9.3.3 Attacker Privileges 168

9.4 Passive Attacks 169

9.4.1 Cryptanalysis 170

9.4.2 Network Profiling 170

9.4.3 Traffic Profiling 171

9.5 Active Attacks 173

9.5.1 Bundle Injection 174

9.5.2 Bundle Modification 175

9.5.3 Topology 175

9.6 Summary 176

References 177

10 Using Security Contexts 178

10.1 The Case for Contexts 178

10.1.1 A BPv7 Security Ecosystem 178

10.1.1.1 Adaptation Properties 179

10.1.2 Cipher Suites 180

10.1.2.1 Cipher Suite Terms 181

10.1.2.2 Cipher Suite Algorithms 182

10.1.2.3 Partial Suites 183

10.1.3 Security Configuration 183

10.1.3.1 Configuration Sources 185

10.1.3.2 Configuration Types 185

10.1.3.3 Limitations of Current Approaches 187

10.2 Using Security Contexts 188

10.2.1 Identifying Contexts 188

10.2.2 Selecting Contexts 190

10.2.2.1 Provided Services 192

10.2.2.2 Assumptions 192

10.2.2.3 Algorithms 192

10.2.2.4 Parameters 193

10.2.3 Selecting Parameters and Results 193

10.2.3.1 Parameter Encoding 193

10.2.3.2 Parameter Types 194

10.2.3.3 Parameter Sources 194

10.2.3.4 Result Types 195

10.3 Summary 197

References 198

11 Security Context Design 199

11.1 Overview 199

11.2 Novelty 200

11.3 Network Considerations 201

11.3.1 Data Lifetime 201

11.3.2 One-Way Traffic 202

11.3.2.1 Long Signal Propagation Delays 202

11.3.2.2 Frequent Disruptions 202

11.3.2.3 Opportunistic Links 202

11.3.2.4 Hardware Limitations 202

11.3.3 On-Demand Access 203

11.4 Behavioral Considerations 203

11.4.1 Parameterization 203

11.4.2 Authenticating Encryption 204

11.4.2.1 MAC-then-Encrypt 204

11.4.2.2 Encrypt-then-MAC 204

11.4.2.3 Encrypt-and-MAC 204

11.4.3 Key Management 204

11.4.4 Target Associations 205

11.4.4.1 Single-Target Single-Result (STSR) Contexts 206

11.4.4.2 Single-Target Multiple-Result (STMR) Contexts 207

11.4.4.3 Multiple-Target Contexts 208

11.5 Syntactic Considerations 209

11.5.1 Parameter and Result Encodings 210

11.5.2 Canonicalization 210

11.5.3 Encryption Ciphertext Packing 210

11.5.4 Handling CRC Fields 211

11.6 Cryptographic Binding 212

11.6.1 Candidate Data Sets 212

11.6.1.1 Other Blocks’ Block-Type-Specific Data 212

11.6.1.2 Processing Flags 213

11.6.1.3 Other Bundle Elements 213

11.6.2 Identifying Data Sets 213

11.6.3 Data Representation 213

11.6.3.1 Monolithic Data Input 213

11.6.3.2 Independent Data Inputs 213

11.6.3.3 Scenarios 214

11.6.3.4 Processing Steps 215

11.6.4 Common Error Conditions 215

11.6.4.1 Dropped Blocks 216

11.6.4.2 Poor Canonicalization 216

11.6.4.3 Block Ordering 216

11.6.4.4 Fragmentation 216

11.7 Summary 217

References 217

12 Security Policy Overview 218

12.1 Overview 218

12.2 Policy Information Sources 219

12.3 Policy Information Types 219

12.3.1 Negotiating Sources 220

12.3.2 Asserting Sources 220

12.3.3 Predicting Sources 221

12.4 Security Operation Events 221

12.4.1 The Security Operation Lifecycle 221

12.4.1.1 Security Source Events 222

12.4.1.2 Security Verifier Events 222

12.4.1.3 Security Acceptor Events 224

12.5 Processing Actions 224

12.5.1 Processing Requirements 224

12.5.1.1 Required Processing Actions 225

12.5.1.2 Optional Processing Actions 225

12.5.1.3 Prohibited Processing Actions 225

12.5.2 Processing Action Categories 226

12.5.2.1 Data Generation Actions 226

12.5.2.2 Block Manipulation Actions 227

12.5.2.3 Bundle Manipulation Actions 228

12.6 Matching Policy to Security Blocks 232

12.6.1 Types of Policy Statements 233

12.6.1.1 Required Policy Statements 233

12.6.1.2 Optional Policy Statements 234

12.6.1.3 Constraining Policy Statements 234

12.6.2 Associating Events and Actions 234

12.7 A Sample Policy Engine 235

12.7.1 System Policy Engine Overview 235

12.7.1.1 Filter Criteria 235

12.7.1.2 Specification Criteria 238

12.7.1.3 Event Criteria 238

12.7.2 Policy Configuration Examples 238

12.7.2.1 Minimizing Illegitimate Traffic 238

12.7.2.2 Analysis of Security Failures 239

12.8 Summary 239

References 239

13 Achieving Security Outcomes 240

13.1 Security Outcomes 240

13.1.1 Outcome Components 241

13.1.2 Outcome Descriptions 241

13.2 Verifying BIB-Integrity 241

13.2.1 Overview 242

13.2.2 Methodology 242

13.2.3 Potential Issues 243

13.3 Verifying BCB-Confidentiality 243

13.3.1 Overview 244

13.3.1.1 Security Context Options 244

13.3.2 Methodology 245

13.3.3 Potential Issues 246

13.4 Whole-Bundle Authentication 246

13.4.1 Overview 247

13.4.1.1 Target Block Selection 247

13.4.1.2 Security Result Definition 248

13.4.1.3 Whole-Bundle Scope 248

13.4.1.4 Security Context Capabilities 249

13.4.2 Methodology 250

13.4.3 Potential Issues 250

13.5 Protected Bundle Composition 251

13.5.1 Overview 251

13.5.1.1 Block and Bundle Relationships 251

13.5.1.2 Harmful Bundle Manipulation 253

13.5.1.3 Identifying Critical Blocks 254

13.5.2 Methodology 257

13.5.2.1 Bundle Source Processing Steps 257

13.5.2.2 Other BPA Processing Steps 258

13.5.3 Potential Issues 258

13.6 Summary 259

Reference 259

14 Special Considerations 260

14.1 Scoping Security Concerns 260

14.2 BPA Resource Considerations 261

14.2.1 Additional Computational Load 261

14.2.2 Memory and Storage Requirements 263

14.3 Bundle Fragmentation Considerations 263

14.3.1 Delayed Security Processing 264

14.3.2 Block Duplication 265

14.3.3 Security Block Affinity 266

14.4 Security Context Considerations 267

14.5 Policy Considerations 268

14.5.1 Key Management 268

14.5.1.1 Key Independence 268

14.5.1.2 Key Exhaustion 269

14.5.1.3 Planning for Key Expiration 270

14.5.1.4 Mitigations 271

14.5.2 Cryptographic Binding 271

14.5.2.1 Bound Block Changes 272

14.5.2.2 Forensic Analysis 273

14.5.3 Role Misconfiguration 273

14.5.3.1 Missing Security Operations 273

14.5.3.2 Duplicated Security Operations 274

14.5.3.3 Mitigations 275

14.5.4 Security Context Misuse 275

14.5.5 Bundle Matching 276

14.5.5.1 Nodes versus EIDs 276

14.5.5.2 Multiple Naming Schemes 277

14.5.6 Rule Specificity 278

14.5.7 Cascading Events 280

14.5.7.1 Removing Target Blocks 280

14.5.7.2 Removing Security Blocks 280

14.6 Summary 281

References 281

Appendix A Example Security Contexts 282

A.1 Integrity Security Context 283

A.1.1 Security Context Scope 283

A 1.1.1 Integrity Scope Flags 283

A.1.1.2 Primary Block 284

A.1.1.3 Target Block Headers 285

A.1.1.4 Security Block Headers 285

A.1.1.5 Target Block-Type-Specific Data 285

A.1.2 Security Context Parameters 286

A.1.2.1 SHA Variant 286

A.1.2.2 Wrapped Key 286

A.1.2.3 Integrity Scope Flags 286

A.1.3 Security Results 287

A.1.4 Input Canonicalization 287

A.2 Confidentiality Security Context 288

A.2.1 Cipher Suite Selection 288

A.2.2 Security Context Scope 289

A.2.2.1 Confidentiality Scope 289

A.2.2.2 Authentication Scope 289

A.2.3 Security Context Parameters 290

A.2.3.1 Initialization Vector (IV) 290

A.2.3.2 AES Variant 290

A.2.3.3 Wrapped Key 290

A.2.3.4 AAD Scope Flags 291

A.2.4 Security Results 291

A.2.5 Input Canonicalization 291

References 292

Appendix B Security Block Processing 293

B.1 Overview 293

B.2 Single-Target Single-Result Security Contexts 293

B.2.1 BCB-Confidentiality 293

B.2.1.1 Scenario 294

B.2.1.2 Processing Steps 294

B.2.2 BIB-Integrity 295

B.2.2.1 Scenario 295

B.2.2.2 Processing Steps 295

B.2.3 Common Error Conditions 296

B.2.3.1 Failed Generation of Cryptographic Material 296

B.2.3.2 Integrity Verification Failure 296

B.2.3.3 Decryption Failure at the Security Acceptor 297

B 3 Single-Target Multiple-Result Security Contexts 297

B.3.1 BCB-Confidentiality 297

B.3.1.1 Scenario 297

B.3.1.2 Processing Steps 298

B.3.2 BIB-Integrity 299

B.3.2.1 Scenario 299

B.3.2.2 Processing Steps 299

B.3.3 Common Error Conditions 300

B.3.3.1 Failed Generation of Cryptographic Material: Integrity Signature at Security Source 300

B.3.3.2 Integrity Verification Failure at a Security Verifier 300

B 3.3.3 Integrity Verification Failure at the Security Acceptor 301

B.3.3.4 Failed Generation of Cryptographic Material: Ciphertext at Security Source 301

B.3.3.5 Confidentiality Verification Failed at a Security Verifier 301

B.3.3.6 Confidentiality Processing Failed at the Security Acceptor 301

B.4 Multiple Security Sources 302

B.4.1 Scenario 302

B.4.2 Processing Steps 303

B.4.3 Common Error Conditions 304

B.4.3.1 Failed Generation of BIB at Security Source 304

B.4.3.2 Failed Generation of BCB at Security Source 304

Reference 304

Appendix c Bundle Protocol Data Representation 305

C.1 Bundle Protocol Data Objects 305

C.2 Data Representation 306

C.2.1 CBOR Basics 306

C.2.1.1 CBOR Objectives 306

C.2.1.2 CBOR Encoding 307

C.2.2 CDDL Basics 307

C.2.2.1 Groups 308

C 2.2.2 Entries 308

C.2.2.3 Group Contexts: Arrays and Maps 308

C.2.2.4 Entry Occurrence Indicators 309

C.2.2.5 Choices 309

C.2.2.6 Building Objects: Sockets, Plugs, and Within 309

C.3 CDDL Representations 310

C.3.1 Bundle Protocol v7 310

C.3.2 BPSec 312

C.3.3 Default Security Context 313

References 313

Index 315

Authors

Edward J. Birrane, III University of Maryland, Baltimore, MD. Sarah Heiner The Johns Hopkins University Applied Physics Laboratory. Ken McKeever The Johns Hopkins University Applied Physics Laboratory.