Acronyms xixAbout the Authors xxiiiForeword xxvPreface xxixAbout the Companion Website xxxi1 Introduction 11.1 A Pervasively Networked World 11.1.1 A New Networking Approach 41.1.2 A New Transport Mechanism 51.1.3 A New Security Mechanism 61.2 Motivation For This Book 71.3 Conventions 81.3.1 Focus Studies 81.3.2 Summary Boxes 81.3.3 Margin Notes 91.3.4 Extract Quotes 91.3.5 Definitions 91.4 Organization 91.5 Summary 10References 102 Network Design Considerations 122.1 Designing for Challenged Networks 122.1.1 Network Design Constraints 132.1.2 Finding Constraints 142.1.2.1 Constraint Sources 142.1.2.2 Constraint Types 152.1.3 Identifying Security Challenges 162.2 Layered Network Architectures 172.2.1 Encapsulation 192.2.1.1 Design Benefits 202.2.1.2 Challenges 202.2.2 Delay and Disruption Intolerance 202.2.2.1 Design Benefits 222.2.2.2 Challenges 232.2.3 Coarse-Grained Security 232.2.3.1 Design Benefits 232.2.3.2 Challenges 242.2.4 Impact on Protocol Design 242.3 Cryptography and Network Security 252.3.1 Cryptographic Algorithm Capabilities 252.3.2 Configurations 262.3.3 Packaging and Transport 282.4 Summary 29References 303 DTN Security Stressors and Strategies 313.1 DTN Constraints 313.1.1 The Solar System Internet 323.1.2 Other Challenged Networks 333.1.3 Tolerant Networking 333.2 Security-Stressing Conditions 353.2.1 Intermittent Partitioning 353.2.1.1 Secret Establishment 353.2.1.2 Security State Synchronization 373.2.2 Time-Variant Topology 373.2.2.1 Secure Tunnels 393.2.2.2 Key Selection 403.2.2.3 Security Policy Configuration 403.2.3 Long-Term Storage 413.2.3.1 Security-at-rest 413.2.3.2 Time-to-live 413.3 Security Strategies 423.3.1 Separate Concerns 423.3.1.1 Structural 433.3.1.2 Policy 433.3.1.3 Configuration 443.3.2 Local Autonomy 443.3.2.1 Key Appropriateness 443.3.2.2 State Modeling 453.3.3 Time Awareness 453.3.3.1 Identification 463.3.3.2 Error Inference 473.3.3.3 State Prediction 473.3.4 Atomic Communications 473.3.5 Threshold Trust 473.3.5.1 Web of Trust 483.3.5.2 Blockchain 483.3.5.3 Attribute-Based Encryption 483.4 Summary 49References 494 Delay-Tolerant Security Architecture Elements 514.1 Defining Security Architectures 514.1.1 Evolving Cyber Threats 514.1.2 Novel Capabilities 524.2 IP Security Mechanisms 524.2.1 Protocol Structure 534.2.2 Security Scoping 544.3 DTN Transport 564.3.1 The Bundle Protocol 574.3.2 Format 574.3.3 BP Capabilities 574.3.3.1 Extension Blocks 584.3.3.2 Store and Forward 594.3.3.3 Convergence Layer Adapters 594.3.3.4 Late Binding Endpoints 604.4 A BPv7 Model for DTN Security 604.4.1 Extension Blocks Implications 614.4.2 Store and Forward Implications 614.4.3 Overlay Implications 624.5 Scoping Bundle Security 624.5.1 Security by Encapsulation 634.5.1.1 Benefits 634.5.1.2 Challenges 644.5.2 Security by Augmentation 654.5.2.1 Benefits 664.5.2.2 Challenges 674.6 Policy Considerations 674.6.1 Configuration 674.6.2 Late Binding 694.7 Summary 69References 705 The Design of the Bundle Protocol Security Extensions 715.1 A Brief History of Bundle Security 715.1.1 Bundle Protocol Version 6 725.1.1.1 Changes from BPv6 to BPv7 725.1.2 Bundle Protocol Security Protocol (BSP) 735.1.2.1 BSP Benefits 735.1.2.2 BSP Lessons Learned 745.2 Design Principles 785.2.1 Block-Level Granularity 795.2.2 Multiple Security Sources 805.2.3 Mixed Security Policy 825.2.4 User-Defined Security Contexts 825.2.5 Deterministic Processing 835.3 Determining Security Services 845.3.1 General Security Capabilities 845.3.2 Out of Scope Capabilities 845.3.2.1 Availability 855.3.2.2 Whole Bundle Authentication 855.3.2.3 Whole Bundle Non-repudiation 865.3.2.4 Resource Authorization 865.3.3 BPSec Capabilities 875.3.3.1 Plaintext Integrity 875.3.3.2 Authenticated Confidentiality 885.3.3.3 BPSec Services and Capabilities Mapping 895.4 Protocol Comparisons 895.5 Summary 90References 916 The BPSec Security Mechanism 936.1 The BPSec Mechanism 936.2 Security Operations 946.2.1 Notation 946.2.2 Security Operation States 946.2.2.1 Inserting Security Operations 956.2.2.2 Rejecting Security Operations 956.2.2.3 Accepting Security Operations 956.2.3 Uniqueness 966.2.3.1 Same Service. Same Target 966.2.3.2 Same Service. Different Targets 966.2.3.3 Different Services. Same Target 976.2.3.4 Different Services. Different Targets 976.2.4 Bundle Representation 986.3 Security Contexts 986.3.1 Scope 986.3.2 Moderation 986.3.3 Application 996.4 Security Blocks 996.4.1 Security Block Features 1006.4.2 Security Operation Aggregation 1006.4.3 The Abstract Security Block 1016.4.3.1 Security Operation Identification 1026.4.3.2 Security Configuration 1026.4.3.3 Security Results 1036.4.4 Types of Security Information 1036.4.4.1 Shared Information 1036.4.4.2 Security Operation Specific Information 1046.4.4.3 Security Targets 1046.4.4.4 Security Results 1046.5 Block Integrity Block 1056.5.1 Populating the ASB 1056.5.2 Block Considerations 1056.5.2.1 Block Processing Control Flags 1056.5.2.2 Multiple Signatures 1076.5.2.3 Cryptographic Binding 1076.6 Block Confidentiality Block 1076.6.1 Populating the ASB 1086.6.2 Block Considerations 1086.6.2.1 Encrypted Payload Fragmentation 1096.6.2.2 BCB Processing 1096.6.2.3 Appropriate Security Targets 1106.6.2.4 Authenticated Encryption with Associated Data 1106.7 Other Security Blocks 1106.8 Mapping 1126.9 Summary 113Reference 1147 Security Block Processing 1157.1 General Block Processing 1157.2 The Extension Block Lifecycle 1167.2.1 Implementation Notes 1177.2.1.1 Transcoding 1197.2.1.2 Extraction 1197.2.1.3 Hybrid 1197.2.2 Lifecycle Actions 1197.2.2.1 Block Source Actions 1197.2.2.2 Block Processor Actions 1207.2.2.3 Block Acceptor Actions 1207.2.3 Security Implications 1217.2.3.1 Order of Block Evaluation 1217.2.3.2 Defer Some Processing 1227.2.3.3 Preserve Security Blocks 1227.3 Security Operation Processing 1237.3.1 Security Roles 1237.3.2 Security Source Processing 1247.3.3 Security Verifier Processing 1257.3.4 Security Acceptor Processing 1267.4 Security Block Manipulation 1277.4.1 Grouping Security Operations 1277.4.2 Grouping Requirements 1297.4.3 Block Manipulation Algorithms 1307.4.3.1 Add Security Operation 1307.4.3.2 Merge Security Blocks 1307.4.3.3 Remove Security Operation 1327.4.3.4 Split Security Blocks 1327.5 Target Multiplicity Examples 1337.5.1 Confidentiality 1337.5.2 Integrity 1337.6 Common Error Conditions 1357.6.1 BIB Target Verification Failed at Security Verifier 1357.6.2 Security Block Segmentation Failure at Security Source 1357.6.3 Security Block Segmentation Failure at Security Acceptor 1367.7 Summary 136References 1368 Security Dependency Management 1378.1 Dependency Management 1378.2 Bundle-Related Dependencies 1398.2.1 Intra-Bundle Dependencies 1398.2.1.1 Payload Processing 1408.2.1.2 Decoding 1408.2.1.3 Configuration 1408.2.1.4 Assessment 1418.2.2 Inter-Bundle Dependencies 1418.2.2.1 Network Information 1428.2.2.2 Fragmentation Dependency 1438.3 Security-Related Dependencies 1438.3.1 Operation Dependencies 1438.3.2 Block Dependencies 1448.3.3 Configuration Dependencies 1448.3.3.1 Security Context Support 1458.3.3.2 Security Context Configuration 1468.3.3.3 Policy Configuration 1468.3.4 Security Dependency Mappings 1468.4 Dependency-Related Constraints 1478.4.1 Single-Operation Sources 1488.4.2 Unique Security Services 1488.4.3 Exclusively Linear Dependencies 1498.5 Special Processing Rules 1508.5.1 Inclusive Confidentiality 1508.5.2 No Service Redundancy 1518.5.3 Process Confidentiality First 1528.6 Handling Policy Conflicts 1528.6.1 In-Bundle Policies 1538.6.2 Security Versus Bundle Policy 1538.6.3 Case Study: Verify Unknown Block 1538.6.3.1 Option 1: Security Policy First 1548.6.3.2 Option 2: Block Policy First 1558.6.4 Reflections on Processing Order 1568.6.5 Security Roles and Timing 1578.7 Summary 157References 1589 Threat Considerations for BPv7 Networks 1599.1 Security Implications of BPv7 Networks 1599.1.1 Network Topology 1609.1.2 Timing and Key Management 1609.1.3 Timing and Incident Response 1609.2 Threat Model and BPSec Assumptions 1619.2.1 The Internet Threat Model 1619.2.2 BPSec Design Assumptions 1629.2.2.1 Proper Implementation 1639.2.2.2 Proper Configuration 1639.2.2.3 Appropriate Security Contexts 1649.3 Attacker Objectives and Capabilities 1649.3.1 Attacker Objectives 1649.3.2 Attacker Placement 1669.3.2.1 Node Compromise 1679.3.2.2 Topology Attacks 1679.3.2.3 Proximity Access 1689.3.3 Attacker Privileges 1689.4 Passive Attacks 1699.4.1 Cryptanalysis 1709.4.2 Network Profiling 1709.4.3 Traffic Profiling 1719.5 Active Attacks 1739.5.1 Bundle Injection 1749.5.2 Bundle Modification 1759.5.3 Topology 1759.6 Summary 176References 17710 Using Security Contexts 17810.1 The Case for Contexts 17810.1.1 A BPv7 Security Ecosystem 17810.1.1.1 Adaptation Properties 17910.1.2 Cipher Suites 18010.1.2.1 Cipher Suite Terms 18110.1.2.2 Cipher Suite Algorithms 18210.1.2.3 Partial Suites 18310.1.3 Security Configuration 18310.1.3.1 Configuration Sources 18510.1.3.2 Configuration Types 18510.1.3.3 Limitations of Current Approaches 18710.2 Using Security Contexts 18810.2.1 Identifying Contexts 18810.2.2 Selecting Contexts 19010.2.2.1 Provided Services 19210.2.2.2 Assumptions 19210.2.2.3 Algorithms 19210.2.2.4 Parameters 19310.2.3 Selecting Parameters and Results 19310.2.3.1 Parameter Encoding 19310.2.3.2 Parameter Types 19410.2.3.3 Parameter Sources 19410.2.3.4 Result Types 19510.3 Summary 197References 19811 Security Context Design 19911.1 Overview 19911.2 Novelty 20011.3 Network Considerations 20111.3.1 Data Lifetime 20111.3.2 One-Way Traffic 20211.3.2.1 Long Signal Propagation Delays 20211.3.2.2 Frequent Disruptions 20211.3.2.3 Opportunistic Links 20211.3.2.4 Hardware Limitations 20211.3.3 On-Demand Access 20311.4 Behavioral Considerations 20311.4.1 Parameterization 20311.4.2 Authenticating Encryption 20411.4.2.1 MAC-then-Encrypt 20411.4.2.2 Encrypt-then-MAC 20411.4.2.3 Encrypt-and-MAC 20411.4.3 Key Management 20411.4.4 Target Associations 20511.4.4.1 Single-Target Single-Result (STSR) Contexts 20611.4.4.2 Single-Target Multiple-Result (STMR) Contexts 20711.4.4.3 Multiple-Target Contexts 20811.5 Syntactic Considerations 20911.5.1 Parameter and Result Encodings 21011.5.2 Canonicalization 21011.5.3 Encryption Ciphertext Packing 21011.5.4 Handling CRC Fields 21111.6 Cryptographic Binding 21211.6.1 Candidate Data Sets 21211.6.1.1 Other Blocks' Block-Type-Specific Data 21211.6.1.2 Processing Flags 21311.6.1.3 Other Bundle Elements 21311.6.2 Identifying Data Sets 21311.6.3 Data Representation 21311.6.3.1 Monolithic Data Input 21311.6.3.2 Independent Data Inputs 21311.6.3.3 Scenarios 21411.6.3.4 Processing Steps 21511.6.4 Common Error Conditions 21511.6.4.1 Dropped Blocks 21611.6.4.2 Poor Canonicalization 21611.6.4.3 Block Ordering 21611.6.4.4 Fragmentation 21611.7 Summary 217References 21712 Security Policy Overview 21812.1 Overview 21812.2 Policy Information Sources 21912.3 Policy Information Types 21912.3.1 Negotiating Sources 22012.3.2 Asserting Sources 22012.3.3 Predicting Sources 22112.4 Security Operation Events 22112.4.1 The Security Operation Lifecycle 22112.4.1.1 Security Source Events 22212.4.1.2 Security Verifier Events 22212.4.1.3 Security Acceptor Events 22412.5 Processing Actions 22412.5.1 Processing Requirements 22412.5.1.1 Required Processing Actions 22512.5.1.2 Optional Processing Actions 22512.5.1.3 Prohibited Processing Actions 22512.5.2 Processing Action Categories 22612.5.2.1 Data Generation Actions 22612.5.2.2 Block Manipulation Actions 22712.5.2.3 Bundle Manipulation Actions 22812.6 Matching Policy to Security Blocks 23212.6.1 Types of Policy Statements 23312.6.1.1 Required Policy Statements 23312.6.1.2 Optional Policy Statements 23412.6.1.3 Constraining Policy Statements 23412.6.2 Associating Events and Actions 23412.7 A Sample Policy Engine 23512.7.1 System Policy Engine Overview 23512.7.1.1 Filter Criteria 23512.7.1.2 Specification Criteria 23812.7.1.3 Event Criteria 23812.7.2 Policy Configuration Examples 23812.7.2.1 Minimizing Illegitimate Traffic 23812.7.2.2 Analysis of Security Failures 23912.8 Summary 239References 23913 Achieving Security Outcomes 24013.1 Security Outcomes 24013.1.1 Outcome Components 24113.1.2 Outcome Descriptions 24113.2 Verifying BIB-Integrity 24113.2.1 Overview 24213.2.2 Methodology 24213.2.3 Potential Issues 24313.3 Verifying BCB-Confidentiality 24313.3.1 Overview 24413.3.1.1 Security Context Options 24413.3.2 Methodology 24513.3.3 Potential Issues 24613.4 Whole-Bundle Authentication 24613.4.1 Overview 24713.4.1.1 Target Block Selection 24713.4.1.2 Security Result Definition 24813.4.1.3 Whole-Bundle Scope 24813.4.1.4 Security Context Capabilities 24913.4.2 Methodology 25013.4.3 Potential Issues 25013.5 Protected Bundle Composition 25113.5.1 Overview 25113.5.1.1 Block and Bundle Relationships 25113.5.1.2 Harmful Bundle Manipulation 25313.5.1.3 Identifying Critical Blocks 25413.5.2 Methodology 25713.5.2.1 Bundle Source Processing Steps 25713.5.2.2 Other BPA Processing Steps 25813.5.3 Potential Issues 25813.6 Summary 259Reference 25914 Special Considerations 26014.1 Scoping Security Concerns 26014.2 BPA Resource Considerations 26114.2.1 Additional Computational Load 26114.2.2 Memory and Storage Requirements 26314.3 Bundle Fragmentation Considerations 26314.3.1 Delayed Security Processing 26414.3.2 Block Duplication 26514.3.3 Security Block Affinity 26614.4 Security Context Considerations 26714.5 Policy Considerations 26814.5.1 Key Management 26814.5.1.1 Key Independence 26814.5.1.2 Key Exhaustion 26914.5.1.3 Planning for Key Expiration 27014.5.1.4 Mitigations 27114.5.2 Cryptographic Binding 27114.5.2.1 Bound Block Changes 27214.5.2.2 Forensic Analysis 27314.5.3 Role Misconfiguration 27314.5.3.1 Missing Security Operations 27314.5.3.2 Duplicated Security Operations 27414.5.3.3 Mitigations 27514.5.4 Security Context Misuse 27514.5.5 Bundle Matching 27614.5.5.1 Nodes versus EIDs 27614.5.5.2 Multiple Naming Schemes 27714.5.6 Rule Specificity 27814.5.7 Cascading Events 28014.5.7.1 Removing Target Blocks 28014.5.7.2 Removing Security Blocks 28014.6 Summary 281References 281Appendix A Example Security Contexts 282A.1 Integrity Security Context 283A.1.1 Security Context Scope 283A 1.1.1 Integrity Scope Flags 283A.1.1.2 Primary Block 284A.1.1.3 Target Block Headers 285A.1.1.4 Security Block Headers 285A.1.1.5 Target Block-Type-Specific Data 285A.1.2 Security Context Parameters 286A.1.2.1 SHA Variant 286A.1.2.2 Wrapped Key 286A.1.2.3 Integrity Scope Flags 286A.1.3 Security Results 287A.1.4 Input Canonicalization 287A.2 Confidentiality Security Context 288A.2.1 Cipher Suite Selection 288A.2.2 Security Context Scope 289A.2.2.1 Confidentiality Scope 289A.2.2.2 Authentication Scope 289A.2.3 Security Context Parameters 290A.2.3.1 Initialization Vector (IV) 290A.2.3.2 AES Variant 290A.2.3.3 Wrapped Key 290A.2.3.4 AAD Scope Flags 291A.2.4 Security Results 291A.2.5 Input Canonicalization 291References 292Appendix B Security Block Processing 293B.1 Overview 293B.2 Single-Target Single-Result Security Contexts 293B.2.1 BCB-Confidentiality 293B.2.1.1 Scenario 294B.2.1.2 Processing Steps 294B.2.2 BIB-Integrity 295B.2.2.1 Scenario 295B.2.2.2 Processing Steps 295B.2.3 Common Error Conditions 296B.2.3.1 Failed Generation of Cryptographic Material 296B.2.3.2 Integrity Verification Failure 296B.2.3.3 Decryption Failure at the Security Acceptor 297B. 3 Single-Target Multiple-Result Security Contexts 297B.3.1 BCB-Confidentiality 297B.3.1.1 Scenario 297B.3.1.2 Processing Steps 298B.3.2 BIB-Integrity 299B.3.2.1 Scenario 299B.3.2.2 Processing Steps 299B.3.3 Common Error Conditions 300B.3.3.1 Failed Generation of Cryptographic Material: Integrity Signature at Security Source 300B.3.3.2 Integrity Verification Failure at a Security Verifier 300B 3.3.3 Integrity Verification Failure at the Security Acceptor 301B.3.3.4 Failed Generation of Cryptographic Material: Ciphertext at Security Source 301B.3.3.5 Confidentiality Verification Failed at a Security Verifier 301B.3.3.6 Confidentiality Processing Failed at the Security Acceptor 301B.4 Multiple Security Sources 302B.4.1 Scenario 302B.4.2 Processing Steps 303B.4.3 Common Error Conditions 304B.4.3.1 Failed Generation of BIB at Security Source 304B.4.3.2 Failed Generation of BCB at Security Source 304Reference 304Appendix c Bundle Protocol Data Representation 305C.1 Bundle Protocol Data Objects 305C.2 Data Representation 306C.2.1 CBOR Basics 306C.2.1.1 CBOR Objectives 306C.2.1.2 CBOR Encoding 307C.2.2 CDDL Basics 307C.2.2.1 Groups 308C 2.2.2 Entries 308C.2.2.3 Group Contexts: Arrays and Maps 308C.2.2.4 Entry Occurrence Indicators 309C.2.2.5 Choices 309C.2.2.6 Building Objects: Sockets, Plugs, and Within 309C.3 CDDL Representations 310C.3.1 Bundle Protocol v7 310C.3.2 BPSec 312C.3.3 Default Security Context 313References 313Index 315

Dr Edward J. Birrane III, is CTO at Tolerant Network Solutions, LLC, Adjunct Faculty at University of Maryland, Baltimore County, and supervises the embedded applications group of The Johns Hopkins University Applied Physics Laboratory Space Exploration Sector. He received his Ph.D. from the University of Maryland, Baltimore County.Sarah Heiner is an Embedded Software Engineer at The Johns Hopkins University Applied Physics Laboratory.Ken McKeever is an Engineer at The Johns Hopkins University Applied Physics Laboratory.