Securing Delay-Tolerant Networks With Bpsec

Read more

Securing Delay-Tolerant Networks with BPSec
 
One-stop reference on how to secure a Delay-Tolerant Network (DTN), written by experienced industry insiders
 
Securing Delay-Tolerant Networks with BPSec answers the question, "How can delay-tolerant networks be secured when operating in environments that would otherwise break many of the common security approaches used on the terrestrial Internet today?"
 
The text is composed of three sections: (1) security considerations for delay-tolerant networks, (2) the design, implementation, and customization of the BPSec protocol, and (3) how this protocol can be applied, combined with other security protocols, and deployed in emerging network environments.
 
The text includes pragmatic considerations for deploying BPSec in both regular and delay-tolerant networks. It also features a tutorial on how to achieve several important security outcomes with a combination of security protocols, BPSec included.
 
Overall, it covers best practices for common security functions, clearly showing designers how to prevent network architecture from being over-constrained by traditional security approaches.
 
Written by the lead author and originator of the BPSec protocol specification, Securing Delay-Tolerant Networks (DTNs) with BPSec includes information on:
* The gap between cryptography and network security, how security requirements constrain network architectures, and why we need something different
* DTN stressing conditions, covering intermittent connectivity, congested paths, partitioned topologies, limited link state, and multiple administrative controls
* Securing the terrestrial internet, involving a layered approach to security, the impact of protocol design on security services, and securing the internetworking and transport layers
* A delay-tolerant security architecture, including desirable properties of a DTN secure protocol, fine-grained security services, and protocol augmentation
 
Securing Delay-Tolerant Networks (DTNs) with BPSec is a one-stop reference on the subject for any professional operationally deploying BP who must use BPSec for its security, including software technical leads, software developers, space flight mission leaders, network operators, and technology and product development leaders in general.

List of contents

Acronyms xix
 
About the Authors xxiii
 
Foreword xxv
 
Preface xxix
 
About the Companion Website xxxi
 
1 Introduction 1
 
1.1 A Pervasively Networked World 1
 
1.1.1 A New Networking Approach 4
 
1.1.2 A New Transport Mechanism 5
 
1.1.3 A New Security Mechanism 6
 
1.2 Motivation For This Book 7
 
1.3 Conventions 8
 
1.3.1 Focus Studies 8
 
1.3.2 Summary Boxes 8
 
1.3.3 Margin Notes 9
 
1.3.4 Extract Quotes 9
 
1.3.5 Definitions 9
 
1.4 Organization 9
 
1.5 Summary 10
 
References 10
 
2 Network Design Considerations 12
 
2.1 Designing for Challenged Networks 12
 
2.1.1 Network Design Constraints 13
 
2.1.2 Finding Constraints 14
 
2.1.2.1 Constraint Sources 14
 
2.1.2.2 Constraint Types 15
 
2.1.3 Identifying Security Challenges 16
 
2.2 Layered Network Architectures 17
 
2.2.1 Encapsulation 19
 
2.2.1.1 Design Benefits 20
 
2.2.1.2 Challenges 20
 
2.2.2 Delay and Disruption Intolerance 20
 
2.2.2.1 Design Benefits 22
 
2.2.2.2 Challenges 23
 
2.2.3 Coarse-Grained Security 23
 
2.2.3.1 Design Benefits 23
 
2.2.3.2 Challenges 24
 
2.2.4 Impact on Protocol Design 24
 
2.3 Cryptography and Network Security 25
 
2.3.1 Cryptographic Algorithm Capabilities 25
 
2.3.2 Configurations 26
 
2.3.3 Packaging and Transport 28
 
2.4 Summary 29
 
References 30
 
3 DTN Security Stressors and Strategies 31
 
3.1 DTN Constraints 31
 
3.1.1 The Solar System Internet 32
 
3.1.2 Other Challenged Networks 33
 
3.1.3 Tolerant Networking 33
 
3.2 Security-Stressing Conditions 35
 
3.2.1 Intermittent Partitioning 35
 
3.2.1.1 Secret Establishment 35
 
3.2.1.2 Security State Synchronization 37
 
3.2.2 Time-Variant Topology 37
 
3.2.2.1 Secure Tunnels 39
 
3.2.2.2 Key Selection 40
 
3.2.2.3 Security Policy Configuration 40
 
3.2.3 Long-Term Storage 41
 
3.2.3.1 Security-at-rest 41
 
3.2.3.2 Time-to-live 41
 
3.3 Security Strategies 42
 
3.3.1 Separate Concerns 42
 
3.3.1.1 Structural 43
 
3.3.1.2 Policy 43
 
3.3.1.3 Configuration 44
 
3.3.2 Local Autonomy 44
 
3.3.2.1 Key Appropriateness 44
 
3.3.2.2 State Modeling 45
 
3.3.3 Time Awareness 45
 
3.3.3.1 Identification 46
 
3.3.3.2 Error Inference 47
 
3.3.3.3 State Prediction 47
 
3.3.4 Atomic Communications 47
 
3.3.5 Threshold Trust 47
 
3.3.5.1 Web of Trust 48
 
3.3.5.2 Blockchain 48
 
3.3.5.3 Attribute-Based Encryption 48
 
3.4 Summary 49
 
References 49
 
4 Delay-Tolerant Security Architecture Elements 51
 
4.1 Defining Security Architectures 51
 
4.1.1 Evolving Cyber Threats 51
 
4.1.2 Novel Capabilities 52
 
4.2 IP Security Mechanisms 52
 
4.2.1 Protocol Structure 53
 
4.2.2 Security Scoping 54
 
4.3 DTN Transport 56
 
4.3.1 The Bundle Protocol 57
 
4.3.2 Format 57
 
4.3.3 BP Capabilities 57
 
4.3.3.1 Extension Blocks 58
 
4.3.3.2 Store and Forward 59
 
4.3.3.3 Convergence Layer Adapters 59
 
4.3.3.4 Late Binding Endpoints 60
 
4.4 A BPv7 Model for DTN Security 60
 
4.4.1 Extension Blocks Implications 61
 
4.4.2 Store and Forward Implications 61
 <

About the author

Dr Edward J. Birrane III, is CTO at Tolerant Network Solutions, LLC, Adjunct Faculty at University of Maryland, Baltimore County, and supervises the embedded applications group of The Johns Hopkins University Applied Physics Laboratory Space Exploration Sector. He received his Ph.D. from the University of Maryland, Baltimore County. Sarah Heiner is an Embedded Software Engineer at The Johns Hopkins University Applied Physics Laboratory. Ken McKeever is an Engineer at The Johns Hopkins University Applied Physics Laboratory.