Securing Delay-Tolerant Networks with BPSec One-stop reference on how to secure a Delay-Tolerant Network (DTN), written by experienced industry insiders
Securing Delay-Tolerant Networks with BPSec answers the question, “How can delay-tolerant networks be secured when operating in environments that would otherwise break many of the common security approaches used on the terrestrial Internet today?”
The text is composed of three sections: (1) security considerations for delay-tolerant networks, (2) the design, implementation, and customization of the BPSec protocol, and (3) how this protocol can be applied, combined with other security protocols, and deployed in emerging network environments.
The text includes pragmatic considerations for deploying BPSec in both regular and delay-tolerant networks. It also features a tutorial on how to achieve several important security outcomes with a combination of security protocols, BPSec included.
Overall, it covers best practices for common security functions, clearly showing designers how to prevent network architecture from being over-constrained by traditional security approaches.
Written by the lead author and originator of the BPSec protocol specification, Securing Delay-Tolerant Networks (DTNs) with BPSec includes information on:
The gap between cryptography and network security, how security requirements constrain network architectures, and why we need something different
DTN stressing conditions, covering intermittent connectivity, congested paths, partitioned topologies, limited link state, and multiple administrative controls
Securing the terrestrial internet, involving a layered approach to security, the impact of protocol design on security services, and securing the internetworking and transport layers
A delay-tolerant security architecture, including desirable properties of a DTN secure protocol, fine-grained security services, and protocol augmentation
Securing Delay-Tolerant Networks (DTNs) with BPSec is a one-stop reference on the subject for any professional operationally deploying BP who must use BPSec for its security, including software technical leads, software developers, space flight mission leaders, network operators, and technology and product development leaders in general.
Acronyms xix About the Authors xxiii Foreword xxv Preface xxix About the Companion Website xxxi 1 Introduction 1 1.1 A Pervasively Networked World 1 1.1.1 A New Networking Approach 4 1.1.2 A New Transport Mechanism 5 1.1.3 A New Security Mechanism 6 1.2 Motivation For This Book 7 1.3 Conventions 8 1.3.1 Focus Studies 8 1.3.2 Summary Boxes 8 1.3.3 Margin Notes 9 1.3.4 Extract Quotes 9 1.3.5 Definitions 9 1.4 Organization 9 1.5 Summary 10 References 10 2 Network Design Considerations 12 2.1 Designing for Challenged Networks 12 2.1.1 Network Design Constraints 13 2.1.2 Finding Constraints 14 2.1.2.1 Constraint Sources 14 2.1.2.2 Constraint Types 15 2.1.3 Identifying Security Challenges 16 2.2 Layered Network Architectures 17 2.2.1 Encapsulation 19 2.2.1.1 Design Benefits 20 2.2.1.2 Challenges 20 2.2.2 Delay and Disruption Intolerance 20 2.2.2.1 Design Benefits 22 2.2.2.2 Challenges 23 2.2.3 Coarse-Grained Security 23 2.2.3.1 Design Benefits 23 2.2.3.2 Challenges 24 2.2.4 Impact on Protocol Design 24 2.3 Cryptography and Network Security 25 2.3.1 Cryptographic Algorithm Capabilities 25 2.3.2 Configurations 26 2.3.3 Packaging and Transport 28 2.4 Summary 29 References 30 3 DTN Security Stressors and Strategies 31 3.1 DTN Constraints 31 3.1.1 The Solar System Internet 32 3.1.2 Other Challenged Networks 33 3.1.3 Tolerant Networking 33 3.2 Security-Stressing Conditions 35 3.2.1 Intermittent Partitioning 35 3.2.1.1 Secret Establishment 35 3.2.1.2 Security State Synchronization 37 3.2.2 Time-Variant Topology 37 3.2.2.1 Secure Tunnels 39 3.2.2.2 Key Selection 40 3.2.2.3 Security Policy Configuration 40 3.2.3 Long-Term Storage 41 3.2.3.1 Security-at-rest 41 3.2.3.2 Time-to-live 41 3.3 Security Strategies 42 3.3.1 Separate Concerns 42 3.3.1.1 Structural 43 3.3.1.2 Policy 43 3.3.1.3 Configuration 44 3.3.2 Local Autonomy 44 3.3.2.1 Key Appropriateness 44 3.3.2.2 State Modeling 45 3.3.3 Time Awareness 45 3.3.3.1 Identification 46 3.3.3.2 Error Inference 47 3.3.3.3 State Prediction 47 3.3.4 Atomic Communications 47 3.3.5 Threshold Trust 47 3.3.5.1 Web of Trust 48 3.3.5.2 Blockchain 48 3.3.5.3 Attribute-Based Encryption 48 3.4 Summary 49 References 49 4 Delay-Tolerant Security Architecture Elements 51 4.1 Defining Security Architectures 51 4.1.1 Evolving Cyber Threats 51 4.1.2 Novel Capabilities 52 4.2 IP Security Mechanisms 52 4.2.1 Protocol Structure 53 4.2.2 Security Scoping 54 4.3 DTN Transport 56 4.3.1 The Bundle Protocol 57 4.3.2 Format 57 4.3.3 BP Capabilities 57 4.3.3.1 Extension Blocks 58 4.3.3.2 Store and Forward 59 4.3.3.3 Convergence Layer Adapters 59 4.3.3.4 Late Binding Endpoints 60 4.4 A BPv7 Model for DTN Security 60 4.4.1 Extension Blocks Implications 61 4.4.2 Store and Forward Implications 61 4.4.3 Overlay Implications 62 4.5 Scoping Bundle Security 62 4.5.1 Security by Encapsulation 63 4.5.1.1 Benefits 63 4.5.1.2 Challenges 64 4.5.2 Security by Augmentation 65 4.5.2.1 Benefits 66 4.5.2.2 Challenges 67 4.6 Policy Considerations 67 4.6.1 Configuration 67 4.6.2 Late Binding 69 4.7 Summary 69 References 70 5 The Design of the Bundle Protocol Security Extensions 71 5.1 A Brief History of Bundle Security 71 5.1.1 Bundle Protocol Version 6 72 5.1.1.1 Changes from BPv6 to BPv7 72 5.1.2 Bundle Protocol Security Protocol (BSP) 73 5.1.2.1 BSP Benefits 73 5.1.2.2 BSP Lessons Learned 74 5.2 Design Principles 78 5.2.1 Block-Level Granularity 79 5.2.2 Multiple Security Sources 80 5.2.3 Mixed Security Policy 82 5.2.4 User-Defined Security Contexts 82 5.2.5 Deterministic Processing 83 5.3 Determining Security Services 84 5.3.1 General Security Capabilities 84 5.3.2 Out of Scope Capabilities 84 5.3.2.1 Availability 85 5.3.2.2 Whole Bundle Authentication 85 5.3.2.3 Whole Bundle Non-repudiation 86 5.3.2.4 Resource Authorization 86 5.3.3 BPSec Capabilities 87 5.3.3.1 Plaintext Integrity 87 5.3.3.2 Authenticated Confidentiality 88 5.3.3.3 BPSec Services and Capabilities Mapping 89 5.4 Protocol Comparisons 89 5.5 Summary 90 References 91 6 The BPSec Security Mechanism 93 6.1 The BPSec Mechanism 93 6.2 Security Operations 94 6.2.1 Notation 94 6.2.2 Security Operation States 94 6.2.2.1 Inserting Security Operations 95 6.2.2.2 Rejecting Security Operations 95 6.2.2.3 Accepting Security Operations 95 6.2.3 Uniqueness 96 6.2.3.1 Same Service. Same Target 96 6.2.3.2 Same Service. Different Targets 96 6.2.3.3 Different Services. Same Target 97 6.2.3.4 Different Services. Different Targets 97 6.2.4 Bundle Representation 98 6.3 Security Contexts 98 6.3.1 Scope 98 6.3.2 Moderation 98 6.3.3 Application 99 6.4 Security Blocks 99 6.4.1 Security Block Features 100 6.4.2 Security Operation Aggregation 100 6.4.3 The Abstract Security Block 101 6.4.3.1 Security Operation Identification 102 6.4.3.2 Security Configuration 102 6.4.3.3 Security Results 103 6.4.4 Types of Security Information 103 6.4.4.1 Shared Information 103 6.4.4.2 Security Operation Specific Information 104 6.4.4.3 Security Targets 104 6.4.4.4 Security Results 104 6.5 Block Integrity Block 105 6.5.1 Populating the ASB 105 6.5.2 Block Considerations 105 6.5.2.1 Block Processing Control Flags 105 6.5.2.2 Multiple Signatures 107 6.5.2.3 Cryptographic Binding 107 6.6 Block Confidentiality Block 107 6.6.1 Populating the ASB 108 6.6.2 Block Considerations 108 6.6.2.1 Encrypted Payload Fragmentation 109 6.6.2.2 BCB Processing 109 6.6.2.3 Appropriate Security Targets 110 6.6.2.4 Authenticated Encryption with Associated Data 110 6.7 Other Security Blocks 110 6.8 Mapping 112 6.9 Summary 113 Reference 114 7 Security Block Processing 115 7.1 General Block Processing 115 7.2 The Extension Block Lifecycle 116 7.2.1 Implementation Notes 117 7.2.1.1 Transcoding 119 7.2.1.2 Extraction 119 7.2.1.3 Hybrid 119 7.2.2 Lifecycle Actions 119 7.2.2.1 Block Source Actions 119 7.2.2.2 Block Processor Actions 120 7.2.2.3 Block Acceptor Actions 120 7.2.3 Security Implications 121 7.2.3.1 Order of Block Evaluation 121 7.2.3.2 Defer Some Processing 122 7.2.3.3 Preserve Security Blocks 122 7.3 Security Operation Processing 123 7.3.1 Security Roles 123 7.3.2 Security Source Processing 124 7.3.3 Security Verifier Processing 125 7.3.4 Security Acceptor Processing 126 7.4 Security Block Manipulation 127 7.4.1 Grouping Security Operations 127 7.4.2 Grouping Requirements 129 7.4.3 Block Manipulation Algorithms 130 7.4.3.1 Add Security Operation 130 7.4.3.2 Merge Security Blocks 130 7.4.3.3 Remove Security Operation 132 7.4.3.4 Split Security Blocks 132 7.5 Target Multiplicity Examples 133 7.5.1 Confidentiality 133 7.5.2 Integrity 133 7.6 Common Error Conditions 135 7.6.1 BIB Target Verification Failed at Security Verifier 135 7.6.2 Security Block Segmentation Failure at Security Source 135 7.6.3 Security Block Segmentation Failure at Security Acceptor 136 7.7 Summary 136 References 136 8 Security Dependency Management 137 8.1 Dependency Management 137 8.2 Bundle-Related Dependencies 139 8.2.1 Intra-Bundle Dependencies 139 8.2.1.1 Payload Processing 140 8.2.1.2 Decoding 140 8.2.1.3 Configuration 140 8.2.1.4 Assessment 141 8.2.2 Inter-Bundle Dependencies 141 8.2.2.1 Network Information 142 8.2.2.2 Fragmentation Dependency 143 8.3 Security-Related Dependencies 143 8.3.1 Operation Dependencies 143 8.3.2 Block Dependencies 144 8.3.3 Configuration Dependencies 144 8.3.3.1 Security Context Support 145 8.3.3.2 Security Context Configuration 146 8.3.3.3 Policy Configuration 146 8.3.4 Security Dependency Mappings 146 8.4 Dependency-Related Constraints 147 8.4.1 Single-Operation Sources 148 8.4.2 Unique Security Services 148 8.4.3 Exclusively Linear Dependencies 149 8.5 Special Processing Rules 150 8.5.1 Inclusive Confidentiality 150 8.5.2 No Service Redundancy 151 8.5.3 Process Confidentiality First 152 8.6 Handling Policy Conflicts 152 8.6.1 In-Bundle Policies 153 8.6.2 Security Versus Bundle Policy 153 8.6.3 Case Study: Verify Unknown Block 153 8.6.3.1 Option 1: Security Policy First 154 8.6.3.2 Option 2: Block Policy First 155 8.6.4 Reflections on Processing Order 156 8.6.5 Security Roles and Timing 157 8.7 Summary 157 References 158 9 Threat Considerations for BPv7 Networks 159 9.1 Security Implications of BPv7 Networks 159 9.1.1 Network Topology 160 9.1.2 Timing and Key Management 160 9.1.3 Timing and Incident Response 160 9.2 Threat Model and BPSec Assumptions 161 9.2.1 The Internet Threat Model 161 9.2.2 BPSec Design Assumptions 162 9.2.2.1 Proper Implementation 163 9.2.2.2 Proper Configuration 163 9.2.2.3 Appropriate Security Contexts 164 9.3 Attacker Objectives and Capabilities 164 9.3.1 Attacker Objectives 164 9.3.2 Attacker Placement 166 9.3.2.1 Node Compromise 167 9.3.2.2 Topology Attacks 167 9.3.2.3 Proximity Access 168 9.3.3 Attacker Privileges 168 9.4 Passive Attacks 169 9.4.1 Cryptanalysis 170 9.4.2 Network Profiling 170 9.4.3 Traffic Profiling 171 9.5 Active Attacks 173 9.5.1 Bundle Injection 174 9.5.2 Bundle Modification 175 9.5.3 Topology 175 9.6 Summary 176 References 177 10 Using Security Contexts 178 10.1 The Case for Contexts 178 10.1.1 A BPv7 Security Ecosystem 178 10.1.1.1 Adaptation Properties 179 10.1.2 Cipher Suites 180 10.1.2.1 Cipher Suite Terms 181 10.1.2.2 Cipher Suite Algorithms 182 10.1.2.3 Partial Suites 183 10.1.3 Security Configuration 183 10.1.3.1 Configuration Sources 185 10.1.3.2 Configuration Types 185 10.1.3.3 Limitations of Current Approaches 187 10.2 Using Security Contexts 188 10.2.1 Identifying Contexts 188 10.2.2 Selecting Contexts 190 10.2.2.1 Provided Services 192 10.2.2.2 Assumptions 192 10.2.2.3 Algorithms 192 10.2.2.4 Parameters 193 10.2.3 Selecting Parameters and Results 193 10.2.3.1 Parameter Encoding 193 10.2.3.2 Parameter Types 194 10.2.3.3 Parameter Sources 194 10.2.3.4 Result Types 195 10.3 Summary 197 References 198 11 Security Context Design 199 11.1 Overview 199 11.2 Novelty 200 11.3 Network Considerations 201 11.3.1 Data Lifetime 201 11.3.2 One-Way Traffic 202 11.3.2.1 Long Signal Propagation Delays 202 11.3.2.2 Frequent Disruptions 202 11.3.2.3 Opportunistic Links 202 11.3.2.4 Hardware Limitations 202 11.3.3 On-Demand Access 203 11.4 Behavioral Considerations 203 11.4.1 Parameterization 203 11.4.2 Authenticating Encryption 204 11.4.2.1 MAC-then-Encrypt 204 11.4.2.2 Encrypt-then-MAC 204 11.4.2.3 Encrypt-and-MAC 204 11.4.3 Key Management 204 11.4.4 Target Associations 205 11.4.4.1 Single-Target Single-Result (STSR) Contexts 206 11.4.4.2 Single-Target Multiple-Result (STMR) Contexts 207 11.4.4.3 Multiple-Target Contexts 208 11.5 Syntactic Considerations 209 11.5.1 Parameter and Result Encodings 210 11.5.2 Canonicalization 210 11.5.3 Encryption Ciphertext Packing 210 11.5.4 Handling CRC Fields 211 11.6 Cryptographic Binding 212 11.6.1 Candidate Data Sets 212 11.6.1.1 Other Blocks’ Block-Type-Specific Data 212 11.6.1.2 Processing Flags 213 11.6.1.3 Other Bundle Elements 213 11.6.2 Identifying Data Sets 213 11.6.3 Data Representation 213 11.6.3.1 Monolithic Data Input 213 11.6.3.2 Independent Data Inputs 213 11.6.3.3 Scenarios 214 11.6.3.4 Processing Steps 215 11.6.4 Common Error Conditions 215 11.6.4.1 Dropped Blocks 216 11.6.4.2 Poor Canonicalization 216 11.6.4.3 Block Ordering 216 11.6.4.4 Fragmentation 216 11.7 Summary 217 References 217 12 Security Policy Overview 218 12.1 Overview 218 12.2 Policy Information Sources 219 12.3 Policy Information Types 219 12.3.1 Negotiating Sources 220 12.3.2 Asserting Sources 220 12.3.3 Predicting Sources 221 12.4 Security Operation Events 221 12.4.1 The Security Operation Lifecycle 221 12.4.1.1 Security Source Events 222 12.4.1.2 Security Verifier Events 222 12.4.1.3 Security Acceptor Events 224 12.5 Processing Actions 224 12.5.1 Processing Requirements 224 12.5.1.1 Required Processing Actions 225 12.5.1.2 Optional Processing Actions 225 12.5.1.3 Prohibited Processing Actions 225 12.5.2 Processing Action Categories 226 12.5.2.1 Data Generation Actions 226 12.5.2.2 Block Manipulation Actions 227 12.5.2.3 Bundle Manipulation Actions 228 12.6 Matching Policy to Security Blocks 232 12.6.1 Types of Policy Statements 233 12.6.1.1 Required Policy Statements 233 12.6.1.2 Optional Policy Statements 234 12.6.1.3 Constraining Policy Statements 234 12.6.2 Associating Events and Actions 234 12.7 A Sample Policy Engine 235 12.7.1 System Policy Engine Overview 235 12.7.1.1 Filter Criteria 235 12.7.1.2 Specification Criteria 238 12.7.1.3 Event Criteria 238 12.7.2 Policy Configuration Examples 238 12.7.2.1 Minimizing Illegitimate Traffic 238 12.7.2.2 Analysis of Security Failures 239 12.8 Summary 239 References 239 13 Achieving Security Outcomes 240 13.1 Security Outcomes 240 13.1.1 Outcome Components 241 13.1.2 Outcome Descriptions 241 13.2 Verifying BIB-Integrity 241 13.2.1 Overview 242 13.2.2 Methodology 242 13.2.3 Potential Issues 243 13.3 Verifying BCB-Confidentiality 243 13.3.1 Overview 244 13.3.1.1 Security Context Options 244 13.3.2 Methodology 245 13.3.3 Potential Issues 246 13.4 Whole-Bundle Authentication 246 13.4.1 Overview 247 13.4.1.1 Target Block Selection 247 13.4.1.2 Security Result Definition 248 13.4.1.3 Whole-Bundle Scope 248 13.4.1.4 Security Context Capabilities 249 13.4.2 Methodology 250 13.4.3 Potential Issues 250 13.5 Protected Bundle Composition 251 13.5.1 Overview 251 13.5.1.1 Block and Bundle Relationships 251 13.5.1.2 Harmful Bundle Manipulation 253 13.5.1.3 Identifying Critical Blocks 254 13.5.2 Methodology 257 13.5.2.1 Bundle Source Processing Steps 257 13.5.2.2 Other BPA Processing Steps 258 13.5.3 Potential Issues 258 13.6 Summary 259 Reference 259 14 Special Considerations 260 14.1 Scoping Security Concerns 260 14.2 BPA Resource Considerations 261 14.2.1 Additional Computational Load 261 14.2.2 Memory and Storage Requirements 263 14.3 Bundle Fragmentation Considerations 263 14.3.1 Delayed Security Processing 264 14.3.2 Block Duplication 265 14.3.3 Security Block Affinity 266 14.4 Security Context Considerations 267 14.5 Policy Considerations 268 14.5.1 Key Management 268 14.5.1.1 Key Independence 268 14.5.1.2 Key Exhaustion 269 14.5.1.3 Planning for Key Expiration 270 14.5.1.4 Mitigations 271 14.5.2 Cryptographic Binding 271 14.5.2.1 Bound Block Changes 272 14.5.2.2 Forensic Analysis 273 14.5.3 Role Misconfiguration 273 14.5.3.1 Missing Security Operations 273 14.5.3.2 Duplicated Security Operations 274 14.5.3.3 Mitigations 275 14.5.4 Security Context Misuse 275 14.5.5 Bundle Matching 276 14.5.5.1 Nodes versus EIDs 276 14.5.5.2 Multiple Naming Schemes 277 14.5.6 Rule Specificity 278 14.5.7 Cascading Events 280 14.5.7.1 Removing Target Blocks 280 14.5.7.2 Removing Security Blocks 280 14.6 Summary 281 References 281 Appendix A Example Security Contexts 282 A.1 Integrity Security Context 283 A.1.1 Security Context Scope 283 A 1.1.1 Integrity Scope Flags 283 A.1.1.2 Primary Block 284 A.1.1.3 Target Block Headers 285 A.1.1.4 Security Block Headers 285 A.1.1.5 Target Block-Type-Specific Data 285 A.1.2 Security Context Parameters 286 A.1.2.1 SHA Variant 286 A.1.2.2 Wrapped Key 286 A.1.2.3 Integrity Scope Flags 286 A.1.3 Security Results 287 A.1.4 Input Canonicalization 287 A.2 Confidentiality Security Context 288 A.2.1 Cipher Suite Selection 288 A.2.2 Security Context Scope 289 A.2.2.1 Confidentiality Scope 289 A.2.2.2 Authentication Scope 289 A.2.3 Security Context Parameters 290 A.2.3.1 Initialization Vector (IV) 290 A.2.3.2 AES Variant 290 A.2.3.3 Wrapped Key 290 A.2.3.4 AAD Scope Flags 291 A.2.4 Security Results 291 A.2.5 Input Canonicalization 291 References 292 Appendix B Security Block Processing 293 B.1 Overview 293 B.2 Single-Target Single-Result Security Contexts 293 B.2.1 BCB-Confidentiality 293 B.2.1.1 Scenario 294 B.2.1.2 Processing Steps 294 B.2.2 BIB-Integrity 295 B.2.2.1 Scenario 295 B.2.2.2 Processing Steps 295 B.2.3 Common Error Conditions 296 B.2.3.1 Failed Generation of Cryptographic Material 296 B.2.3.2 Integrity Verification Failure 296 B.2.3.3 Decryption Failure at the Security Acceptor 297 B. 3 Single-Target Multiple-Result Security Contexts 297 B.3.1 BCB-Confidentiality 297 B.3.1.1 Scenario 297 B.3.1.2 Processing Steps 298 B.3.2 BIB-Integrity 299 B.3.2.1 Scenario 299 B.3.2.2 Processing Steps 299 B.3.3 Common Error Conditions 300 B.3.3.1 Failed Generation of Cryptographic Material: Integrity Signature at Security Source 300 B.3.3.2 Integrity Verification Failure at a Security Verifier 300 B 3.3.3 Integrity Verification Failure at the Security Acceptor 301 B.3.3.4 Failed Generation of Cryptographic Material: Ciphertext at Security Source 301 B.3.3.5 Confidentiality Verification Failed at a Security Verifier 301 B.3.3.6 Confidentiality Processing Failed at the Security Acceptor 301 B.4 Multiple Security Sources 302 B.4.1 Scenario 302 B.4.2 Processing Steps 303 B.4.3 Common Error Conditions 304 B.4.3.1 Failed Generation of BIB at Security Source 304 B.4.3.2 Failed Generation of BCB at Security Source 304 Reference 304 Appendix c Bundle Protocol Data Representation 305 C.1 Bundle Protocol Data Objects 305 C.2 Data Representation 306 C.2.1 CBOR Basics 306 C.2.1.1 CBOR Objectives 306 C.2.1.2 CBOR Encoding 307 C.2.2 CDDL Basics 307 C.2.2.1 Groups 308 C 2.2.2 Entries 308 C.2.2.3 Group Contexts: Arrays and Maps 308 C.2.2.4 Entry Occurrence Indicators 309 C.2.2.5 Choices 309 C.2.2.6 Building Objects: Sockets, Plugs, and Within 309 C.3 CDDL Representations 310 C.3.1 Bundle Protocol v7 310 C.3.2 BPSec 312 C.3.3 Default Security Context 313 References 313 Index 315
Dr Edward J. Birrane III, is CTO at Tolerant Network Solutions, LLC, Adjunct Faculty at University of Maryland, Baltimore County, and supervises the embedded applications group of The Johns Hopkins University Applied Physics Laboratory Space Exploration Sector. He received his Ph.D. from the University of Maryland, Baltimore County. Sarah Heiner is an Embedded Software Engineer at The Johns Hopkins University Applied Physics Laboratory. Ken McKeever is an Engineer at The Johns Hopkins University Applied Physics Laboratory.
