This software implements bundle authentication, conforming to the Delay-Tolerant Networking (DTN) Internet Draft on Bundle Security Protocol (BSP), for the Interplanetary Overlay Network (ION) implementation of DTN. This is the only implementation of BSP that is integrated with ION.
The bundle protocol is used in DTNs that overlay multiple networks, some of which may be challenged by limitations such as intermittent and possibly unpredictable loss of connectivity, long or variable delay, asymmetric data rates, and high error rates. The purpose of the bundle protocol is to support interoperability across such stressed networks. The bundle protocol is layered on top of a “convergence layer” of adapters that encapsulate bundles in the protocol data units (PDUs) of the underlying networks’ native protocols for transmission and also extract bundles from the PDUs of those protocols as they are received. This convergence-layer encapsulation enables an application in one network to communicate with an application in another network built on entirely different native protocols, both of which are spanned by the DTN.
Security will be important for the bundle protocol. The stressed environment of the underlying networks over which the bundle protocol will operate makes it important that the DTN be protected from unauthorized use, and this stressed environment poses unique challenges on the mechanisms needed to secure the bundle protocol. Furthermore, DTNs may very likely be deployed in environments where a portion of the network might become compromised, posing the usual security challenges related to confidentiality, integrity, and availability.
The BSP encompasses four mechanisms that are designed to provide this security. The technology currently being reported implements one of those mechanisms, the Bundle Authentication Block (BAB), and provides a framework for implementation of the remaining mechanisms: Payload Integrity Block, Payload Confidentiality Block, and Extension Security Block.
The ION system runs on Linux, OS/X, Solaris, FreeBSD, RTEMS, and VxWorks, and it should port readily to other POSIX-based operating systems. No special hardware is required. RAM (random access memory) requirements depend on the volume of DTN traffic that must be handled.
This work was done by Scott C. Burleigh of Caltech and Edward J. Birrane and Christopher Krupiarz of the Johns Hopkins University Applied Physics Laboratory for NASA’s Jet Propulsion Laboratory.
This software is available for commercial licensing. Please contact Daniel Broderick of the California Institute of Technology at
This Brief includes a Technical Support Package (TSP).
Bundle Security Protocol for ION
(reference NPO-47211) is currently available for download from the TSP library.
Don't have an account?
Overview
The document is a technical support package detailing the Bundle Security Protocol (BSP) for the Interplanetary Overlay Network (ION), developed under the auspices of NASA's Jet Propulsion Laboratory (JPL) and the Johns Hopkins Applied Physics Laboratory. It serves as a release note for BSP-ION, specifically Version 1.0, and outlines the configuration and operational aspects of the protocol.
The BSP is designed to enhance the security of data bundles transmitted across the ION, which is crucial for interplanetary communication. The document emphasizes the importance of two key configurable parameters: the security policy and the key management database. The security policy determines whether a Bundle Authentication Block (BAB) is expected in a bundle, while the key management database provides the necessary keys for the Hash-based Message Authentication Code using the Secure Hash Algorithm 1 (HMAC-SHA1).
A BAB rule is defined by three components: an endpoint name, a ciphersuite name, and a key name. The endpoint name identifies the source or destination of the bundle, the ciphersuite name specifies the cryptographic suite to be used, and the key name corresponds to the key defined in the key management database. The document also explains that security keys consist of a unique name and a value, which can be complex and shared among multiple key names at a node.
The IONSEC program is integral to the operation of BSP-ION, as it must be initiated before the bpadmin program. IONSEC allows for the configuration of security keys and BAB rules through configuration files or command-line inputs. The document provides guidance on the startup process and the importance of proper key selection, referencing external resources for further information on HMAC-SHA1 and SHA hash functions.
Additionally, the document notes that if a BAB rule is found during the processing of a bundle, the authenticity of the bundle will be checked. If no rule is found, the bundle will be presumed authentic, highlighting the protocol's reliance on defined security measures.
Overall, this technical support package serves as a comprehensive guide for implementing and operating the BSP-ION, ensuring secure communication in the challenging environment of interplanetary networks.
