{"product_id":"securing-delay-tolerant-networks-with-bpsec-isbn-9781119823476","title":"Securing Delay-Tolerant Networks with BPSec","description":"\u003cb\u003eSecuring Delay-Tolerant Networks with BPSec\u003c\/b\u003e \u003cp\u003e\u003cb\u003eOne-stop reference on how to secure a Delay-Tolerant Network (DTN), written by experienced industry insiders\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003e\u003ci\u003eSecuring Delay-Tolerant Networks with BPSec\u003c\/i\u003e answers the question, “How can delay-tolerant networks be secured when operating in environments that would otherwise break many of the common security approaches used on the terrestrial Internet today?”  \u003c\/p\u003e\u003cp\u003eThe text is composed of three sections: (1) security considerations for delay-tolerant networks, (2) the design, implementation, and customization of the BPSec protocol, and (3) how this protocol can be applied, combined with other security protocols, and deployed in emerging network environments. \u003c\/p\u003e\u003cp\u003eThe text includes pragmatic considerations for deploying BPSec in both regular and delay-tolerant networks. It also features a tutorial on how to achieve several important security outcomes with a combination of security protocols, BPSec included.  \u003c\/p\u003e\u003cp\u003eOverall, it covers best practices for common security functions, clearly showing designers how to prevent network architecture from being over-constrained by traditional security approaches.  \u003c\/p\u003e\u003cp\u003eWritten by the lead author and originator of the BPSec protocol specification, \u003ci\u003eSecuring Delay-Tolerant Networks (DTNs) with BPSec\u003c\/i\u003e includes information on:  \u003c\/p\u003e\u003cul\u003e\n\u003cli\u003e The gap between cryptography and network security, how security requirements constrain network architectures, and why we need something different\u003c\/li\u003e \u003cli\u003e DTN stressing conditions, covering intermittent connectivity, congested paths, partitioned topologies, limited link state, and multiple administrative controls\u003c\/li\u003e \u003cli\u003e Securing the terrestrial internet, involving a layered approach to security, the impact of protocol design on security services, and securing the internetworking and transport layers\u003c\/li\u003e \u003cli\u003e A delay-tolerant security architecture, including desirable properties of a DTN secure protocol, fine-grained security services, and protocol augmentation\u003c\/li\u003e\n\u003c\/ul\u003e \u003cp\u003e\u003ci\u003eSecuring Delay-Tolerant Networks (DTNs) with BPSec\u003c\/i\u003e is a one-stop reference on the subject for any professional operationally deploying BP who must use BPSec for its security, including software technical leads, software developers, space flight mission leaders, network operators, and technology and product development leaders in general. \u003c\/p\u003e\u003cp\u003eAcronyms xix\u003c\/p\u003e \u003cp\u003eAbout the Authors xxiii\u003c\/p\u003e \u003cp\u003eForeword xxv\u003c\/p\u003e \u003cp\u003ePreface xxix\u003c\/p\u003e \u003cp\u003eAbout the Companion Website xxxi\u003c\/p\u003e \u003cp\u003e\u003cb\u003e1 Introduction 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e1.1 A Pervasively Networked World 1\u003c\/p\u003e \u003cp\u003e1.1.1 A New Networking Approach 4\u003c\/p\u003e \u003cp\u003e1.1.2 A New Transport Mechanism 5\u003c\/p\u003e \u003cp\u003e1.1.3 A New Security Mechanism 6\u003c\/p\u003e \u003cp\u003e1.2 Motivation For This Book 7\u003c\/p\u003e \u003cp\u003e1.3 Conventions 8\u003c\/p\u003e \u003cp\u003e1.3.1 Focus Studies 8\u003c\/p\u003e \u003cp\u003e1.3.2 Summary Boxes 8\u003c\/p\u003e \u003cp\u003e1.3.3 Margin Notes 9\u003c\/p\u003e \u003cp\u003e1.3.4 Extract Quotes 9\u003c\/p\u003e \u003cp\u003e1.3.5 Definitions 9\u003c\/p\u003e \u003cp\u003e1.4 Organization 9\u003c\/p\u003e \u003cp\u003e1.5 Summary 10\u003c\/p\u003e \u003cp\u003eReferences 10\u003c\/p\u003e \u003cp\u003e\u003cb\u003e2 Network Design Considerations 12\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e2.1 Designing for Challenged Networks 12\u003c\/p\u003e \u003cp\u003e2.1.1 Network Design Constraints 13\u003c\/p\u003e \u003cp\u003e2.1.2 Finding Constraints 14\u003c\/p\u003e \u003cp\u003e2.1.2.1 Constraint Sources 14\u003c\/p\u003e \u003cp\u003e2.1.2.2 Constraint Types 15\u003c\/p\u003e \u003cp\u003e2.1.3 Identifying Security Challenges 16\u003c\/p\u003e \u003cp\u003e2.2 Layered Network Architectures 17\u003c\/p\u003e \u003cp\u003e2.2.1 Encapsulation 19\u003c\/p\u003e \u003cp\u003e2.2.1.1 Design Benefits 20\u003c\/p\u003e \u003cp\u003e2.2.1.2 Challenges 20\u003c\/p\u003e \u003cp\u003e2.2.2 Delay and Disruption Intolerance 20\u003c\/p\u003e \u003cp\u003e2.2.2.1 Design Benefits 22\u003c\/p\u003e \u003cp\u003e2.2.2.2 Challenges 23\u003c\/p\u003e \u003cp\u003e2.2.3 Coarse-Grained Security 23\u003c\/p\u003e \u003cp\u003e2.2.3.1 Design Benefits 23\u003c\/p\u003e \u003cp\u003e2.2.3.2 Challenges 24\u003c\/p\u003e \u003cp\u003e2.2.4 Impact on Protocol Design 24\u003c\/p\u003e \u003cp\u003e2.3 Cryptography and Network Security 25\u003c\/p\u003e \u003cp\u003e2.3.1 Cryptographic Algorithm Capabilities 25\u003c\/p\u003e \u003cp\u003e2.3.2 Configurations 26\u003c\/p\u003e \u003cp\u003e2.3.3 Packaging and Transport 28\u003c\/p\u003e \u003cp\u003e2.4 Summary 29\u003c\/p\u003e \u003cp\u003eReferences 30\u003c\/p\u003e \u003cp\u003e\u003cb\u003e3 DTN Security Stressors and Strategies 31\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e3.1 DTN Constraints 31\u003c\/p\u003e \u003cp\u003e3.1.1 The Solar System Internet 32\u003c\/p\u003e \u003cp\u003e3.1.2 Other Challenged Networks 33\u003c\/p\u003e \u003cp\u003e3.1.3 Tolerant Networking 33\u003c\/p\u003e \u003cp\u003e3.2 Security-Stressing Conditions 35\u003c\/p\u003e \u003cp\u003e3.2.1 Intermittent Partitioning 35\u003c\/p\u003e \u003cp\u003e3.2.1.1 Secret Establishment 35\u003c\/p\u003e \u003cp\u003e3.2.1.2 Security State Synchronization 37\u003c\/p\u003e \u003cp\u003e3.2.2 Time-Variant Topology 37\u003c\/p\u003e \u003cp\u003e3.2.2.1 Secure Tunnels 39\u003c\/p\u003e \u003cp\u003e3.2.2.2 Key Selection 40\u003c\/p\u003e \u003cp\u003e3.2.2.3 Security Policy Configuration 40\u003c\/p\u003e \u003cp\u003e3.2.3 Long-Term Storage 41\u003c\/p\u003e \u003cp\u003e3.2.3.1 Security-at-rest 41\u003c\/p\u003e \u003cp\u003e3.2.3.2 Time-to-live 41\u003c\/p\u003e \u003cp\u003e3.3 Security Strategies 42\u003c\/p\u003e \u003cp\u003e3.3.1 Separate Concerns 42\u003c\/p\u003e \u003cp\u003e3.3.1.1 Structural 43\u003c\/p\u003e \u003cp\u003e3.3.1.2 Policy 43\u003c\/p\u003e \u003cp\u003e3.3.1.3 Configuration 44\u003c\/p\u003e \u003cp\u003e3.3.2 Local Autonomy 44\u003c\/p\u003e \u003cp\u003e3.3.2.1 Key Appropriateness 44\u003c\/p\u003e \u003cp\u003e3.3.2.2 State Modeling 45\u003c\/p\u003e \u003cp\u003e3.3.3 Time Awareness 45\u003c\/p\u003e \u003cp\u003e3.3.3.1 Identification 46\u003c\/p\u003e \u003cp\u003e3.3.3.2 Error Inference 47\u003c\/p\u003e \u003cp\u003e3.3.3.3 State Prediction 47\u003c\/p\u003e \u003cp\u003e3.3.4 Atomic Communications 47\u003c\/p\u003e \u003cp\u003e3.3.5 Threshold Trust 47\u003c\/p\u003e \u003cp\u003e3.3.5.1 Web of Trust 48\u003c\/p\u003e \u003cp\u003e3.3.5.2 Blockchain 48\u003c\/p\u003e \u003cp\u003e3.3.5.3 Attribute-Based Encryption 48\u003c\/p\u003e \u003cp\u003e3.4 Summary 49\u003c\/p\u003e \u003cp\u003eReferences 49\u003c\/p\u003e \u003cp\u003e\u003cb\u003e4 Delay-Tolerant Security Architecture Elements 51\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e4.1 Defining Security Architectures 51\u003c\/p\u003e \u003cp\u003e4.1.1 Evolving Cyber Threats 51\u003c\/p\u003e \u003cp\u003e4.1.2 Novel Capabilities 52\u003c\/p\u003e \u003cp\u003e4.2 IP Security Mechanisms 52\u003c\/p\u003e \u003cp\u003e4.2.1 Protocol Structure 53\u003c\/p\u003e \u003cp\u003e4.2.2 Security Scoping 54\u003c\/p\u003e \u003cp\u003e4.3 DTN Transport 56\u003c\/p\u003e \u003cp\u003e4.3.1 The Bundle Protocol 57\u003c\/p\u003e \u003cp\u003e4.3.2 Format 57\u003c\/p\u003e \u003cp\u003e4.3.3 BP Capabilities 57\u003c\/p\u003e \u003cp\u003e4.3.3.1 Extension Blocks 58\u003c\/p\u003e \u003cp\u003e4.3.3.2 Store and Forward 59\u003c\/p\u003e \u003cp\u003e4.3.3.3 Convergence Layer Adapters 59\u003c\/p\u003e \u003cp\u003e4.3.3.4 Late Binding Endpoints 60\u003c\/p\u003e \u003cp\u003e4.4 A BPv7 Model for DTN Security 60\u003c\/p\u003e \u003cp\u003e4.4.1 Extension Blocks Implications 61\u003c\/p\u003e \u003cp\u003e4.4.2 Store and Forward Implications 61\u003c\/p\u003e \u003cp\u003e4.4.3 Overlay Implications 62\u003c\/p\u003e \u003cp\u003e4.5 Scoping Bundle Security 62\u003c\/p\u003e \u003cp\u003e4.5.1 Security by Encapsulation 63\u003c\/p\u003e \u003cp\u003e4.5.1.1 Benefits 63\u003c\/p\u003e \u003cp\u003e4.5.1.2 Challenges 64\u003c\/p\u003e \u003cp\u003e4.5.2 Security by Augmentation 65\u003c\/p\u003e \u003cp\u003e4.5.2.1 Benefits 66\u003c\/p\u003e \u003cp\u003e4.5.2.2 Challenges 67\u003c\/p\u003e \u003cp\u003e4.6 Policy Considerations 67\u003c\/p\u003e \u003cp\u003e4.6.1 Configuration 67\u003c\/p\u003e \u003cp\u003e4.6.2 Late Binding 69\u003c\/p\u003e \u003cp\u003e4.7 Summary 69\u003c\/p\u003e \u003cp\u003eReferences 70\u003c\/p\u003e \u003cp\u003e\u003cb\u003e5 The Design of the Bundle Protocol Security Extensions 71\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e5.1 A Brief History of Bundle Security 71\u003c\/p\u003e \u003cp\u003e5.1.1 Bundle Protocol Version 6 72\u003c\/p\u003e \u003cp\u003e5.1.1.1 Changes from BPv6 to BPv7 72\u003c\/p\u003e \u003cp\u003e5.1.2 Bundle Protocol Security Protocol (BSP) 73\u003c\/p\u003e \u003cp\u003e5.1.2.1 BSP Benefits 73\u003c\/p\u003e \u003cp\u003e5.1.2.2 BSP Lessons Learned 74\u003c\/p\u003e \u003cp\u003e5.2 Design Principles 78\u003c\/p\u003e \u003cp\u003e5.2.1 Block-Level Granularity 79\u003c\/p\u003e \u003cp\u003e5.2.2 Multiple Security Sources 80\u003c\/p\u003e \u003cp\u003e5.2.3 Mixed Security Policy 82\u003c\/p\u003e \u003cp\u003e5.2.4 User-Defined Security Contexts 82\u003c\/p\u003e \u003cp\u003e5.2.5 Deterministic Processing 83\u003c\/p\u003e \u003cp\u003e5.3 Determining Security Services 84\u003c\/p\u003e \u003cp\u003e5.3.1 General Security Capabilities 84\u003c\/p\u003e \u003cp\u003e5.3.2 Out of Scope Capabilities 84\u003c\/p\u003e \u003cp\u003e5.3.2.1 Availability 85\u003c\/p\u003e \u003cp\u003e5.3.2.2 Whole Bundle Authentication 85\u003c\/p\u003e \u003cp\u003e5.3.2.3 Whole Bundle Non-repudiation 86\u003c\/p\u003e \u003cp\u003e5.3.2.4 Resource Authorization 86\u003c\/p\u003e \u003cp\u003e5.3.3 BPSec Capabilities 87\u003c\/p\u003e \u003cp\u003e5.3.3.1 Plaintext Integrity 87\u003c\/p\u003e \u003cp\u003e5.3.3.2 Authenticated Confidentiality 88\u003c\/p\u003e \u003cp\u003e5.3.3.3 BPSec Services and Capabilities Mapping 89\u003c\/p\u003e \u003cp\u003e5.4 Protocol Comparisons 89\u003c\/p\u003e \u003cp\u003e5.5 Summary 90\u003c\/p\u003e \u003cp\u003eReferences 91\u003c\/p\u003e \u003cp\u003e\u003cb\u003e6 The BPSec Security Mechanism 93\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e6.1 The BPSec Mechanism 93\u003c\/p\u003e \u003cp\u003e6.2 Security Operations 94\u003c\/p\u003e \u003cp\u003e6.2.1 Notation 94\u003c\/p\u003e \u003cp\u003e6.2.2 Security Operation States 94\u003c\/p\u003e \u003cp\u003e6.2.2.1 Inserting Security Operations 95\u003c\/p\u003e \u003cp\u003e6.2.2.2 Rejecting Security Operations 95\u003c\/p\u003e \u003cp\u003e6.2.2.3 Accepting Security Operations 95\u003c\/p\u003e \u003cp\u003e6.2.3 Uniqueness 96\u003c\/p\u003e \u003cp\u003e6.2.3.1 Same Service. Same Target 96\u003c\/p\u003e \u003cp\u003e6.2.3.2 Same Service. Different Targets 96\u003c\/p\u003e \u003cp\u003e6.2.3.3 Different Services. Same Target 97\u003c\/p\u003e \u003cp\u003e6.2.3.4 Different Services. Different Targets 97\u003c\/p\u003e \u003cp\u003e6.2.4 Bundle Representation 98\u003c\/p\u003e \u003cp\u003e6.3 Security Contexts 98\u003c\/p\u003e \u003cp\u003e6.3.1 Scope 98\u003c\/p\u003e \u003cp\u003e6.3.2 Moderation 98\u003c\/p\u003e \u003cp\u003e6.3.3 Application 99\u003c\/p\u003e \u003cp\u003e6.4 Security Blocks 99\u003c\/p\u003e \u003cp\u003e6.4.1 Security Block Features 100\u003c\/p\u003e \u003cp\u003e6.4.2 Security Operation Aggregation 100\u003c\/p\u003e \u003cp\u003e6.4.3 The Abstract Security Block 101\u003c\/p\u003e \u003cp\u003e6.4.3.1 Security Operation Identification 102\u003c\/p\u003e \u003cp\u003e6.4.3.2 Security Configuration 102\u003c\/p\u003e \u003cp\u003e6.4.3.3 Security Results 103\u003c\/p\u003e \u003cp\u003e6.4.4 Types of Security Information 103\u003c\/p\u003e \u003cp\u003e6.4.4.1 Shared Information 103\u003c\/p\u003e \u003cp\u003e6.4.4.2 Security Operation Specific Information 104\u003c\/p\u003e \u003cp\u003e6.4.4.3 Security Targets 104\u003c\/p\u003e \u003cp\u003e6.4.4.4 Security Results 104\u003c\/p\u003e \u003cp\u003e6.5 Block Integrity Block 105\u003c\/p\u003e \u003cp\u003e6.5.1 Populating the ASB 105\u003c\/p\u003e \u003cp\u003e6.5.2 Block Considerations 105\u003c\/p\u003e \u003cp\u003e6.5.2.1 Block Processing Control Flags 105\u003c\/p\u003e \u003cp\u003e6.5.2.2 Multiple Signatures 107\u003c\/p\u003e \u003cp\u003e6.5.2.3 Cryptographic Binding 107\u003c\/p\u003e \u003cp\u003e6.6 Block Confidentiality Block 107\u003c\/p\u003e \u003cp\u003e6.6.1 Populating the ASB 108\u003c\/p\u003e \u003cp\u003e6.6.2 Block Considerations 108\u003c\/p\u003e \u003cp\u003e6.6.2.1 Encrypted Payload Fragmentation 109\u003c\/p\u003e \u003cp\u003e6.6.2.2 BCB Processing 109\u003c\/p\u003e \u003cp\u003e6.6.2.3 Appropriate Security Targets 110\u003c\/p\u003e \u003cp\u003e6.6.2.4 Authenticated Encryption with Associated Data 110\u003c\/p\u003e \u003cp\u003e6.7 Other Security Blocks 110\u003c\/p\u003e \u003cp\u003e6.8 Mapping 112\u003c\/p\u003e \u003cp\u003e6.9 Summary 113\u003c\/p\u003e \u003cp\u003eReference 114\u003c\/p\u003e \u003cp\u003e\u003cb\u003e7 Security Block Processing 115\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e7.1 General Block Processing 115\u003c\/p\u003e \u003cp\u003e7.2 The Extension Block Lifecycle 116\u003c\/p\u003e \u003cp\u003e7.2.1 Implementation Notes 117\u003c\/p\u003e \u003cp\u003e7.2.1.1 Transcoding 119\u003c\/p\u003e \u003cp\u003e7.2.1.2 Extraction 119\u003c\/p\u003e \u003cp\u003e7.2.1.3 Hybrid 119\u003c\/p\u003e \u003cp\u003e7.2.2 Lifecycle Actions 119\u003c\/p\u003e \u003cp\u003e7.2.2.1 Block Source Actions 119\u003c\/p\u003e \u003cp\u003e7.2.2.2 Block Processor Actions 120\u003c\/p\u003e \u003cp\u003e7.2.2.3 Block Acceptor Actions 120\u003c\/p\u003e \u003cp\u003e7.2.3 Security Implications 121\u003c\/p\u003e \u003cp\u003e7.2.3.1 Order of Block Evaluation 121\u003c\/p\u003e \u003cp\u003e7.2.3.2 Defer Some Processing 122\u003c\/p\u003e \u003cp\u003e7.2.3.3 Preserve Security Blocks 122\u003c\/p\u003e \u003cp\u003e7.3 Security Operation Processing 123\u003c\/p\u003e \u003cp\u003e7.3.1 Security Roles 123\u003c\/p\u003e \u003cp\u003e7.3.2 Security Source Processing 124\u003c\/p\u003e \u003cp\u003e7.3.3 Security Verifier Processing 125\u003c\/p\u003e \u003cp\u003e7.3.4 Security Acceptor Processing 126\u003c\/p\u003e \u003cp\u003e7.4 Security Block Manipulation 127\u003c\/p\u003e \u003cp\u003e7.4.1 Grouping Security Operations 127\u003c\/p\u003e \u003cp\u003e7.4.2 Grouping Requirements 129\u003c\/p\u003e \u003cp\u003e7.4.3 Block Manipulation Algorithms 130\u003c\/p\u003e \u003cp\u003e7.4.3.1 Add Security Operation 130\u003c\/p\u003e \u003cp\u003e7.4.3.2 Merge Security Blocks 130\u003c\/p\u003e \u003cp\u003e7.4.3.3 Remove Security Operation 132\u003c\/p\u003e \u003cp\u003e7.4.3.4 Split Security Blocks 132\u003c\/p\u003e \u003cp\u003e7.5 Target Multiplicity Examples 133\u003c\/p\u003e \u003cp\u003e7.5.1 Confidentiality 133\u003c\/p\u003e \u003cp\u003e7.5.2 Integrity 133\u003c\/p\u003e \u003cp\u003e7.6 Common Error Conditions 135\u003c\/p\u003e \u003cp\u003e7.6.1 BIB Target Verification Failed at Security Verifier 135\u003c\/p\u003e \u003cp\u003e7.6.2 Security Block Segmentation Failure at Security Source 135\u003c\/p\u003e \u003cp\u003e7.6.3 Security Block Segmentation Failure at Security Acceptor 136\u003c\/p\u003e \u003cp\u003e7.7 Summary 136\u003c\/p\u003e \u003cp\u003eReferences 136\u003c\/p\u003e \u003cp\u003e\u003cb\u003e8 Security Dependency Management 137\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e8.1 Dependency Management 137\u003c\/p\u003e \u003cp\u003e8.2 Bundle-Related Dependencies 139\u003c\/p\u003e \u003cp\u003e8.2.1 Intra-Bundle Dependencies 139\u003c\/p\u003e \u003cp\u003e8.2.1.1 Payload Processing 140\u003c\/p\u003e \u003cp\u003e8.2.1.2 Decoding 140\u003c\/p\u003e \u003cp\u003e8.2.1.3 Configuration 140\u003c\/p\u003e \u003cp\u003e8.2.1.4 Assessment 141\u003c\/p\u003e \u003cp\u003e8.2.2 Inter-Bundle Dependencies 141\u003c\/p\u003e \u003cp\u003e8.2.2.1 Network Information 142\u003c\/p\u003e \u003cp\u003e8.2.2.2 Fragmentation Dependency 143\u003c\/p\u003e \u003cp\u003e8.3 Security-Related Dependencies 143\u003c\/p\u003e \u003cp\u003e8.3.1 Operation Dependencies 143\u003c\/p\u003e \u003cp\u003e8.3.2 Block Dependencies 144\u003c\/p\u003e \u003cp\u003e8.3.3 Configuration Dependencies 144\u003c\/p\u003e \u003cp\u003e8.3.3.1 Security Context Support 145\u003c\/p\u003e \u003cp\u003e8.3.3.2 Security Context Configuration 146\u003c\/p\u003e \u003cp\u003e8.3.3.3 Policy Configuration 146\u003c\/p\u003e \u003cp\u003e8.3.4 Security Dependency Mappings 146\u003c\/p\u003e \u003cp\u003e8.4 Dependency-Related Constraints 147\u003c\/p\u003e \u003cp\u003e8.4.1 Single-Operation Sources 148\u003c\/p\u003e \u003cp\u003e8.4.2 Unique Security Services 148\u003c\/p\u003e \u003cp\u003e8.4.3 Exclusively Linear Dependencies 149\u003c\/p\u003e \u003cp\u003e8.5 Special Processing Rules 150\u003c\/p\u003e \u003cp\u003e8.5.1 Inclusive Confidentiality 150\u003c\/p\u003e \u003cp\u003e8.5.2 No Service Redundancy 151\u003c\/p\u003e \u003cp\u003e8.5.3 Process Confidentiality First 152\u003c\/p\u003e \u003cp\u003e8.6 Handling Policy Conflicts 152\u003c\/p\u003e \u003cp\u003e8.6.1 In-Bundle Policies 153\u003c\/p\u003e \u003cp\u003e8.6.2 Security Versus Bundle Policy 153\u003c\/p\u003e \u003cp\u003e8.6.3 Case Study: Verify Unknown Block 153\u003c\/p\u003e \u003cp\u003e8.6.3.1 Option 1: Security Policy First 154\u003c\/p\u003e \u003cp\u003e8.6.3.2 Option 2: Block Policy First 155\u003c\/p\u003e \u003cp\u003e8.6.4 Reflections on Processing Order 156\u003c\/p\u003e \u003cp\u003e8.6.5 Security Roles and Timing 157\u003c\/p\u003e \u003cp\u003e8.7 Summary 157\u003c\/p\u003e \u003cp\u003eReferences 158\u003c\/p\u003e \u003cp\u003e\u003cb\u003e9 Threat Considerations for BPv7 Networks 159\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e9.1 Security Implications of BPv7 Networks 159\u003c\/p\u003e \u003cp\u003e9.1.1 Network Topology 160\u003c\/p\u003e \u003cp\u003e9.1.2 Timing and Key Management 160\u003c\/p\u003e \u003cp\u003e9.1.3 Timing and Incident Response 160\u003c\/p\u003e \u003cp\u003e9.2 Threat Model and BPSec Assumptions 161\u003c\/p\u003e \u003cp\u003e9.2.1 The Internet Threat Model 161\u003c\/p\u003e \u003cp\u003e9.2.2 BPSec Design Assumptions 162\u003c\/p\u003e \u003cp\u003e9.2.2.1 Proper Implementation 163\u003c\/p\u003e \u003cp\u003e9.2.2.2 Proper Configuration 163\u003c\/p\u003e \u003cp\u003e9.2.2.3 Appropriate Security Contexts 164\u003c\/p\u003e \u003cp\u003e9.3 Attacker Objectives and Capabilities 164\u003c\/p\u003e \u003cp\u003e9.3.1 Attacker Objectives 164\u003c\/p\u003e \u003cp\u003e9.3.2 Attacker Placement 166\u003c\/p\u003e \u003cp\u003e9.3.2.1 Node Compromise 167\u003c\/p\u003e \u003cp\u003e9.3.2.2 Topology Attacks 167\u003c\/p\u003e \u003cp\u003e9.3.2.3 Proximity Access 168\u003c\/p\u003e \u003cp\u003e9.3.3 Attacker Privileges 168\u003c\/p\u003e \u003cp\u003e9.4 Passive Attacks 169\u003c\/p\u003e \u003cp\u003e9.4.1 Cryptanalysis 170\u003c\/p\u003e \u003cp\u003e9.4.2 Network Profiling 170\u003c\/p\u003e \u003cp\u003e9.4.3 Traffic Profiling 171\u003c\/p\u003e \u003cp\u003e9.5 Active Attacks 173\u003c\/p\u003e \u003cp\u003e9.5.1 Bundle Injection 174\u003c\/p\u003e \u003cp\u003e9.5.2 Bundle Modification 175\u003c\/p\u003e \u003cp\u003e9.5.3 Topology 175\u003c\/p\u003e \u003cp\u003e9.6 Summary 176\u003c\/p\u003e \u003cp\u003eReferences 177\u003c\/p\u003e \u003cp\u003e\u003cb\u003e10 Using Security Contexts 178\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e10.1 The Case for Contexts 178\u003c\/p\u003e \u003cp\u003e10.1.1 A BPv7 Security Ecosystem 178\u003c\/p\u003e \u003cp\u003e10.1.1.1 Adaptation Properties 179\u003c\/p\u003e \u003cp\u003e10.1.2 Cipher Suites 180\u003c\/p\u003e \u003cp\u003e10.1.2.1 Cipher Suite Terms 181\u003c\/p\u003e \u003cp\u003e10.1.2.2 Cipher Suite Algorithms 182\u003c\/p\u003e \u003cp\u003e10.1.2.3 Partial Suites 183\u003c\/p\u003e \u003cp\u003e10.1.3 Security Configuration 183\u003c\/p\u003e \u003cp\u003e10.1.3.1 Configuration Sources 185\u003c\/p\u003e \u003cp\u003e10.1.3.2 Configuration Types 185\u003c\/p\u003e \u003cp\u003e10.1.3.3 Limitations of Current Approaches 187\u003c\/p\u003e \u003cp\u003e10.2 Using Security Contexts 188\u003c\/p\u003e \u003cp\u003e10.2.1 Identifying Contexts 188\u003c\/p\u003e \u003cp\u003e10.2.2 Selecting Contexts 190\u003c\/p\u003e \u003cp\u003e10.2.2.1 Provided Services 192\u003c\/p\u003e \u003cp\u003e10.2.2.2 Assumptions 192\u003c\/p\u003e \u003cp\u003e10.2.2.3 Algorithms 192\u003c\/p\u003e \u003cp\u003e10.2.2.4 Parameters 193\u003c\/p\u003e \u003cp\u003e10.2.3 Selecting Parameters and Results 193\u003c\/p\u003e \u003cp\u003e10.2.3.1 Parameter Encoding 193\u003c\/p\u003e \u003cp\u003e10.2.3.2 Parameter Types 194\u003c\/p\u003e \u003cp\u003e10.2.3.3 Parameter Sources 194\u003c\/p\u003e \u003cp\u003e10.2.3.4 Result Types 195\u003c\/p\u003e \u003cp\u003e10.3 Summary 197\u003c\/p\u003e \u003cp\u003eReferences 198\u003c\/p\u003e \u003cp\u003e\u003cb\u003e11 Security Context Design 199\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e11.1 Overview 199\u003c\/p\u003e \u003cp\u003e11.2 Novelty 200\u003c\/p\u003e \u003cp\u003e11.3 Network Considerations 201\u003c\/p\u003e \u003cp\u003e11.3.1 Data Lifetime 201\u003c\/p\u003e \u003cp\u003e11.3.2 One-Way Traffic 202\u003c\/p\u003e \u003cp\u003e11.3.2.1 Long Signal Propagation Delays 202\u003c\/p\u003e \u003cp\u003e11.3.2.2 Frequent Disruptions 202\u003c\/p\u003e \u003cp\u003e11.3.2.3 Opportunistic Links 202\u003c\/p\u003e \u003cp\u003e11.3.2.4 Hardware Limitations 202\u003c\/p\u003e \u003cp\u003e11.3.3 On-Demand Access 203\u003c\/p\u003e \u003cp\u003e11.4 Behavioral Considerations 203\u003c\/p\u003e \u003cp\u003e11.4.1 Parameterization 203\u003c\/p\u003e \u003cp\u003e11.4.2 Authenticating Encryption 204\u003c\/p\u003e \u003cp\u003e11.4.2.1 MAC-then-Encrypt 204\u003c\/p\u003e \u003cp\u003e11.4.2.2 Encrypt-then-MAC 204\u003c\/p\u003e \u003cp\u003e11.4.2.3 Encrypt-and-MAC 204\u003c\/p\u003e \u003cp\u003e11.4.3 Key Management 204\u003c\/p\u003e \u003cp\u003e11.4.4 Target Associations 205\u003c\/p\u003e \u003cp\u003e11.4.4.1 Single-Target Single-Result (STSR) Contexts 206\u003c\/p\u003e \u003cp\u003e11.4.4.2 Single-Target Multiple-Result (STMR) Contexts 207\u003c\/p\u003e \u003cp\u003e11.4.4.3 Multiple-Target Contexts 208\u003c\/p\u003e \u003cp\u003e11.5 Syntactic Considerations 209\u003c\/p\u003e \u003cp\u003e11.5.1 Parameter and Result Encodings 210\u003c\/p\u003e \u003cp\u003e11.5.2 Canonicalization 210\u003c\/p\u003e \u003cp\u003e11.5.3 Encryption Ciphertext Packing 210\u003c\/p\u003e \u003cp\u003e11.5.4 Handling CRC Fields 211\u003c\/p\u003e \u003cp\u003e11.6 Cryptographic Binding 212\u003c\/p\u003e \u003cp\u003e11.6.1 Candidate Data Sets 212\u003c\/p\u003e \u003cp\u003e11.6.1.1 Other Blocks’ Block-Type-Specific Data 212\u003c\/p\u003e \u003cp\u003e11.6.1.2 Processing Flags 213\u003c\/p\u003e \u003cp\u003e11.6.1.3 Other Bundle Elements 213\u003c\/p\u003e \u003cp\u003e11.6.2 Identifying Data Sets 213\u003c\/p\u003e \u003cp\u003e11.6.3 Data Representation 213\u003c\/p\u003e \u003cp\u003e11.6.3.1 Monolithic Data Input 213\u003c\/p\u003e \u003cp\u003e11.6.3.2 Independent Data Inputs 213\u003c\/p\u003e \u003cp\u003e11.6.3.3 Scenarios 214\u003c\/p\u003e \u003cp\u003e11.6.3.4 Processing Steps 215\u003c\/p\u003e \u003cp\u003e11.6.4 Common Error Conditions 215\u003c\/p\u003e \u003cp\u003e11.6.4.1 Dropped Blocks 216\u003c\/p\u003e \u003cp\u003e11.6.4.2 Poor Canonicalization 216\u003c\/p\u003e \u003cp\u003e11.6.4.3 Block Ordering 216\u003c\/p\u003e \u003cp\u003e11.6.4.4 Fragmentation 216\u003c\/p\u003e \u003cp\u003e11.7 Summary 217\u003c\/p\u003e \u003cp\u003eReferences 217\u003c\/p\u003e \u003cp\u003e\u003cb\u003e12 Security Policy Overview 218\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e12.1 Overview 218\u003c\/p\u003e \u003cp\u003e12.2 Policy Information Sources 219\u003c\/p\u003e \u003cp\u003e12.3 Policy Information Types 219\u003c\/p\u003e \u003cp\u003e12.3.1 Negotiating Sources 220\u003c\/p\u003e \u003cp\u003e12.3.2 Asserting Sources 220\u003c\/p\u003e \u003cp\u003e12.3.3 Predicting Sources 221\u003c\/p\u003e \u003cp\u003e12.4 Security Operation Events 221\u003c\/p\u003e \u003cp\u003e12.4.1 The Security Operation Lifecycle 221\u003c\/p\u003e \u003cp\u003e12.4.1.1 Security Source Events 222\u003c\/p\u003e \u003cp\u003e12.4.1.2 Security Verifier Events 222\u003c\/p\u003e \u003cp\u003e12.4.1.3 Security Acceptor Events 224\u003c\/p\u003e \u003cp\u003e12.5 Processing Actions 224\u003c\/p\u003e \u003cp\u003e12.5.1 Processing Requirements 224\u003c\/p\u003e \u003cp\u003e12.5.1.1 Required Processing Actions 225\u003c\/p\u003e \u003cp\u003e12.5.1.2 Optional Processing Actions 225\u003c\/p\u003e \u003cp\u003e12.5.1.3 Prohibited Processing Actions 225\u003c\/p\u003e \u003cp\u003e12.5.2 Processing Action Categories 226\u003c\/p\u003e \u003cp\u003e12.5.2.1 Data Generation Actions 226\u003c\/p\u003e \u003cp\u003e12.5.2.2 Block Manipulation Actions 227\u003c\/p\u003e \u003cp\u003e12.5.2.3 Bundle Manipulation Actions 228\u003c\/p\u003e \u003cp\u003e12.6 Matching Policy to Security Blocks 232\u003c\/p\u003e \u003cp\u003e12.6.1 Types of Policy Statements 233\u003c\/p\u003e \u003cp\u003e12.6.1.1 Required Policy Statements 233\u003c\/p\u003e \u003cp\u003e12.6.1.2 Optional Policy Statements 234\u003c\/p\u003e \u003cp\u003e12.6.1.3 Constraining Policy Statements 234\u003c\/p\u003e \u003cp\u003e12.6.2 Associating Events and Actions 234\u003c\/p\u003e \u003cp\u003e12.7 A Sample Policy Engine 235\u003c\/p\u003e \u003cp\u003e12.7.1 System Policy Engine Overview 235\u003c\/p\u003e \u003cp\u003e12.7.1.1 Filter Criteria 235\u003c\/p\u003e \u003cp\u003e12.7.1.2 Specification Criteria 238\u003c\/p\u003e \u003cp\u003e12.7.1.3 Event Criteria 238\u003c\/p\u003e \u003cp\u003e12.7.2 Policy Configuration Examples 238\u003c\/p\u003e \u003cp\u003e12.7.2.1 Minimizing Illegitimate Traffic 238\u003c\/p\u003e \u003cp\u003e12.7.2.2 Analysis of Security Failures 239\u003c\/p\u003e \u003cp\u003e12.8 Summary 239\u003c\/p\u003e \u003cp\u003eReferences 239\u003c\/p\u003e \u003cp\u003e\u003cb\u003e13 Achieving Security Outcomes 240\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e13.1 Security Outcomes 240\u003c\/p\u003e \u003cp\u003e13.1.1 Outcome Components 241\u003c\/p\u003e \u003cp\u003e13.1.2 Outcome Descriptions 241\u003c\/p\u003e \u003cp\u003e13.2 Verifying BIB-Integrity 241\u003c\/p\u003e \u003cp\u003e13.2.1 Overview 242\u003c\/p\u003e \u003cp\u003e13.2.2 Methodology 242\u003c\/p\u003e \u003cp\u003e13.2.3 Potential Issues 243\u003c\/p\u003e \u003cp\u003e13.3 Verifying BCB-Confidentiality 243\u003c\/p\u003e \u003cp\u003e13.3.1 Overview 244\u003c\/p\u003e \u003cp\u003e13.3.1.1 Security Context Options 244\u003c\/p\u003e \u003cp\u003e13.3.2 Methodology 245\u003c\/p\u003e \u003cp\u003e13.3.3 Potential Issues 246\u003c\/p\u003e \u003cp\u003e13.4 Whole-Bundle Authentication 246\u003c\/p\u003e \u003cp\u003e13.4.1 Overview 247\u003c\/p\u003e \u003cp\u003e13.4.1.1 Target Block Selection 247\u003c\/p\u003e \u003cp\u003e13.4.1.2 Security Result Definition 248\u003c\/p\u003e \u003cp\u003e13.4.1.3 Whole-Bundle Scope 248\u003c\/p\u003e \u003cp\u003e13.4.1.4 Security Context Capabilities 249\u003c\/p\u003e \u003cp\u003e13.4.2 Methodology 250\u003c\/p\u003e \u003cp\u003e13.4.3 Potential Issues 250\u003c\/p\u003e \u003cp\u003e13.5 Protected Bundle Composition 251\u003c\/p\u003e \u003cp\u003e13.5.1 Overview 251\u003c\/p\u003e \u003cp\u003e13.5.1.1 Block and Bundle Relationships 251\u003c\/p\u003e \u003cp\u003e13.5.1.2 Harmful Bundle Manipulation 253\u003c\/p\u003e \u003cp\u003e13.5.1.3 Identifying Critical Blocks 254\u003c\/p\u003e \u003cp\u003e13.5.2 Methodology 257\u003c\/p\u003e \u003cp\u003e13.5.2.1 Bundle Source Processing Steps 257\u003c\/p\u003e \u003cp\u003e13.5.2.2 Other BPA Processing Steps 258\u003c\/p\u003e \u003cp\u003e13.5.3 Potential Issues 258\u003c\/p\u003e \u003cp\u003e13.6 Summary 259\u003c\/p\u003e \u003cp\u003eReference 259\u003c\/p\u003e \u003cp\u003e\u003cb\u003e14 Special Considerations 260\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e14.1 Scoping Security Concerns 260\u003c\/p\u003e \u003cp\u003e14.2 BPA Resource Considerations 261\u003c\/p\u003e \u003cp\u003e14.2.1 Additional Computational Load 261\u003c\/p\u003e \u003cp\u003e14.2.2 Memory and Storage Requirements 263\u003c\/p\u003e \u003cp\u003e14.3 Bundle Fragmentation Considerations 263\u003c\/p\u003e \u003cp\u003e14.3.1 Delayed Security Processing 264\u003c\/p\u003e \u003cp\u003e14.3.2 Block Duplication 265\u003c\/p\u003e \u003cp\u003e14.3.3 Security Block Affinity 266\u003c\/p\u003e \u003cp\u003e14.4 Security Context Considerations 267\u003c\/p\u003e \u003cp\u003e14.5 Policy Considerations 268\u003c\/p\u003e \u003cp\u003e14.5.1 Key Management 268\u003c\/p\u003e \u003cp\u003e14.5.1.1 Key Independence 268\u003c\/p\u003e \u003cp\u003e14.5.1.2 Key Exhaustion 269\u003c\/p\u003e \u003cp\u003e14.5.1.3 Planning for Key Expiration 270\u003c\/p\u003e \u003cp\u003e14.5.1.4 Mitigations 271\u003c\/p\u003e \u003cp\u003e14.5.2 Cryptographic Binding 271\u003c\/p\u003e \u003cp\u003e14.5.2.1 Bound Block Changes 272\u003c\/p\u003e \u003cp\u003e14.5.2.2 Forensic Analysis 273\u003c\/p\u003e \u003cp\u003e14.5.3 Role Misconfiguration 273\u003c\/p\u003e \u003cp\u003e14.5.3.1 Missing Security Operations 273\u003c\/p\u003e \u003cp\u003e14.5.3.2 Duplicated Security Operations 274\u003c\/p\u003e \u003cp\u003e14.5.3.3 Mitigations 275\u003c\/p\u003e \u003cp\u003e14.5.4 Security Context Misuse 275\u003c\/p\u003e \u003cp\u003e14.5.5 Bundle Matching 276\u003c\/p\u003e \u003cp\u003e14.5.5.1 Nodes versus EIDs 276\u003c\/p\u003e \u003cp\u003e14.5.5.2 Multiple Naming Schemes 277\u003c\/p\u003e \u003cp\u003e14.5.6 Rule Specificity 278\u003c\/p\u003e \u003cp\u003e14.5.7 Cascading Events 280\u003c\/p\u003e \u003cp\u003e14.5.7.1 Removing Target Blocks 280\u003c\/p\u003e \u003cp\u003e14.5.7.2 Removing Security Blocks 280\u003c\/p\u003e \u003cp\u003e14.6 Summary 281\u003c\/p\u003e \u003cp\u003eReferences 281\u003c\/p\u003e \u003cp\u003eAppendix A Example Security Contexts 282\u003c\/p\u003e \u003cp\u003eA.1 Integrity Security Context 283\u003c\/p\u003e \u003cp\u003eA.1.1 Security Context Scope 283\u003c\/p\u003e \u003cp\u003eA 1.1.1 Integrity Scope Flags 283\u003c\/p\u003e \u003cp\u003eA.1.1.2 Primary Block 284\u003c\/p\u003e \u003cp\u003eA.1.1.3 Target Block Headers 285\u003c\/p\u003e \u003cp\u003eA.1.1.4 Security Block Headers 285\u003c\/p\u003e \u003cp\u003eA.1.1.5 Target Block-Type-Specific Data 285\u003c\/p\u003e \u003cp\u003eA.1.2 Security Context Parameters 286\u003c\/p\u003e \u003cp\u003eA.1.2.1 SHA Variant 286\u003c\/p\u003e \u003cp\u003eA.1.2.2 Wrapped Key 286\u003c\/p\u003e \u003cp\u003eA.1.2.3 Integrity Scope Flags 286\u003c\/p\u003e \u003cp\u003eA.1.3 Security Results 287\u003c\/p\u003e \u003cp\u003eA.1.4 Input Canonicalization 287\u003c\/p\u003e \u003cp\u003eA.2 Confidentiality Security Context 288\u003c\/p\u003e \u003cp\u003eA.2.1 Cipher Suite Selection 288\u003c\/p\u003e \u003cp\u003eA.2.2 Security Context Scope 289\u003c\/p\u003e \u003cp\u003eA.2.2.1 Confidentiality Scope 289\u003c\/p\u003e \u003cp\u003eA.2.2.2 Authentication Scope 289\u003c\/p\u003e \u003cp\u003eA.2.3 Security Context Parameters 290\u003c\/p\u003e \u003cp\u003eA.2.3.1 Initialization Vector (IV) 290\u003c\/p\u003e \u003cp\u003eA.2.3.2 AES Variant 290\u003c\/p\u003e \u003cp\u003eA.2.3.3 Wrapped Key 290\u003c\/p\u003e \u003cp\u003eA.2.3.4 AAD Scope Flags 291\u003c\/p\u003e \u003cp\u003eA.2.4 Security Results 291\u003c\/p\u003e \u003cp\u003eA.2.5 Input Canonicalization 291\u003c\/p\u003e \u003cp\u003eReferences 292\u003c\/p\u003e \u003cp\u003eAppendix B Security Block Processing 293\u003c\/p\u003e \u003cp\u003eB.1 Overview 293\u003c\/p\u003e \u003cp\u003eB.2 Single-Target Single-Result Security Contexts 293\u003c\/p\u003e \u003cp\u003eB.2.1 BCB-Confidentiality 293\u003c\/p\u003e \u003cp\u003eB.2.1.1 Scenario 294\u003c\/p\u003e \u003cp\u003eB.2.1.2 Processing Steps 294\u003c\/p\u003e \u003cp\u003eB.2.2 BIB-Integrity 295\u003c\/p\u003e \u003cp\u003eB.2.2.1 Scenario 295\u003c\/p\u003e \u003cp\u003eB.2.2.2 Processing Steps 295\u003c\/p\u003e \u003cp\u003eB.2.3 Common Error Conditions 296\u003c\/p\u003e \u003cp\u003eB.2.3.1 Failed Generation of Cryptographic Material 296\u003c\/p\u003e \u003cp\u003eB.2.3.2 Integrity Verification Failure 296\u003c\/p\u003e \u003cp\u003eB.2.3.3 Decryption Failure at the Security Acceptor 297\u003c\/p\u003e \u003cp\u003eB. 3 Single-Target Multiple-Result Security Contexts 297\u003c\/p\u003e \u003cp\u003eB.3.1 BCB-Confidentiality 297\u003c\/p\u003e \u003cp\u003eB.3.1.1 Scenario 297\u003c\/p\u003e \u003cp\u003eB.3.1.2 Processing Steps 298\u003c\/p\u003e \u003cp\u003eB.3.2 BIB-Integrity 299\u003c\/p\u003e \u003cp\u003eB.3.2.1 Scenario 299\u003c\/p\u003e \u003cp\u003eB.3.2.2 Processing Steps 299\u003c\/p\u003e \u003cp\u003eB.3.3 Common Error Conditions 300\u003c\/p\u003e \u003cp\u003eB.3.3.1 Failed Generation of Cryptographic Material: Integrity Signature at Security Source 300\u003c\/p\u003e \u003cp\u003eB.3.3.2 Integrity Verification Failure at a Security Verifier 300\u003c\/p\u003e \u003cp\u003eB 3.3.3 Integrity Verification Failure at the Security Acceptor 301\u003c\/p\u003e \u003cp\u003eB.3.3.4 Failed Generation of Cryptographic Material: Ciphertext at Security Source 301\u003c\/p\u003e \u003cp\u003eB.3.3.5 Confidentiality Verification Failed at a Security Verifier 301\u003c\/p\u003e \u003cp\u003eB.3.3.6 Confidentiality Processing Failed at the Security Acceptor 301\u003c\/p\u003e \u003cp\u003eB.4 Multiple Security Sources 302\u003c\/p\u003e \u003cp\u003eB.4.1 Scenario 302\u003c\/p\u003e \u003cp\u003eB.4.2 Processing Steps 303\u003c\/p\u003e \u003cp\u003eB.4.3 Common Error Conditions 304\u003c\/p\u003e \u003cp\u003eB.4.3.1 Failed Generation of BIB at Security Source 304\u003c\/p\u003e \u003cp\u003eB.4.3.2 Failed Generation of BCB at Security Source 304\u003c\/p\u003e \u003cp\u003eReference 304\u003c\/p\u003e \u003cp\u003eAppendix c Bundle Protocol Data Representation 305\u003c\/p\u003e \u003cp\u003eC.1 Bundle Protocol Data Objects 305\u003c\/p\u003e \u003cp\u003eC.2 Data Representation 306\u003c\/p\u003e \u003cp\u003eC.2.1 CBOR Basics 306\u003c\/p\u003e \u003cp\u003eC.2.1.1 CBOR Objectives 306\u003c\/p\u003e \u003cp\u003eC.2.1.2 CBOR Encoding 307\u003c\/p\u003e \u003cp\u003eC.2.2 CDDL Basics 307\u003c\/p\u003e \u003cp\u003eC.2.2.1 Groups 308\u003c\/p\u003e \u003cp\u003eC 2.2.2 Entries 308\u003c\/p\u003e \u003cp\u003eC.2.2.3 Group Contexts: Arrays and Maps 308\u003c\/p\u003e \u003cp\u003eC.2.2.4 Entry Occurrence Indicators 309\u003c\/p\u003e \u003cp\u003eC.2.2.5 Choices 309\u003c\/p\u003e \u003cp\u003eC.2.2.6 Building Objects: Sockets, Plugs, and Within 309\u003c\/p\u003e \u003cp\u003eC.3 CDDL Representations 310\u003c\/p\u003e \u003cp\u003eC.3.1 Bundle Protocol v7 310\u003c\/p\u003e \u003cp\u003eC.3.2 BPSec 312\u003c\/p\u003e \u003cp\u003eC.3.3 Default Security Context 313\u003c\/p\u003e \u003cp\u003eReferences 313\u003c\/p\u003e \u003cp\u003eIndex 315\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eDr Edward J. Birrane III,\u003c\/b\u003e is CTO at Tolerant Network Solutions, LLC, Adjunct Faculty at University of Maryland, Baltimore County, and supervises the embedded applications group of The Johns Hopkins University Applied Physics Laboratory Space Exploration Sector. He received his Ph.D. from the University of Maryland, Baltimore County.  \u003c\/p\u003e\u003cp\u003e\u003cb\u003eSarah Heiner\u003c\/b\u003e is an Embedded Software Engineer at The Johns Hopkins University Applied Physics Laboratory.  \u003c\/p\u003e\u003cp\u003e\u003cb\u003eKen McKeever\u003c\/b\u003e is an Engineer at The Johns Hopkins University Applied Physics Laboratory.   \u003c\/p\u003e\u003cp\u003e\u003cb\u003eOne-stop reference on how to secure a Delay-Tolerant Network (DTN), written by experienced industry insiders\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003e\u003ci\u003eSecuring Delay-Tolerant Networks with BPSec\u003c\/i\u003e answers the question, “How can delay-tolerant networks be secured when operating in environments that would otherwise break many of the common security approaches used on the terrestrial Internet today?”  \u003c\/p\u003e\u003cp\u003eThe text is composed of three sections: (1) security considerations for delay-tolerant networks, (2) the design, implementation, and customization of the BPSec protocol, and (3) how this protocol can be applied, combined with other security protocols, and deployed in emerging network environments. \u003c\/p\u003e\u003cp\u003eThe text includes pragmatic considerations for deploying BPSec in both regular and delay-tolerant networks. It also features a tutorial on how to achieve several important security outcomes with a combination of security protocols, BPSec included.  \u003c\/p\u003e\u003cp\u003eOverall, it covers best practices for common security functions, clearly showing designers how to prevent network architecture from being over-constrained by traditional security approaches.  \u003c\/p\u003e\u003cp\u003eWritten by the lead author and originator of the BPSec protocol specification, \u003ci\u003eSecuring Delay-Tolerant Networks (DTNs) with BPSec\u003c\/i\u003e includes information on:  \u003c\/p\u003e\u003cul\u003e\n\u003cli\u003e The gap between cryptography and network security, how security requirements constrain network architectures, and why we need something different\u003c\/li\u003e \u003cli\u003e DTN stressing conditions, covering intermittent connectivity, congested paths, partitioned topologies, limited link state, and multiple administrative controls\u003c\/li\u003e \u003cli\u003e Securing the terrestrial internet, involving a layered approach to security, the impact of protocol design on security services, and securing the internetworking and transport layers\u003c\/li\u003e \u003cli\u003e A delay-tolerant security architecture, including desirable properties of a DTN secure protocol, fine-grained security services, and protocol augmentation\u003c\/li\u003e\n\u003c\/ul\u003e \u003cp\u003e\u003ci\u003eSecuring Delay-Tolerant Networks (DTNs) with BPSec\u003c\/i\u003e is a one-stop reference on the subject for any professional operationally deploying BP who must use BPSec for its security, including software technical leads, software developers, space flight mission leaders, network operators, and technology and product development leaders in general.\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989997895909,"sku":"NP9781119823476","price":145.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781119823476.jpg?v=1761786156","url":"https:\/\/k12savings.com\/products\/securing-delay-tolerant-networks-with-bpsec-isbn-9781119823476","provider":"K12savings","version":"1.0","type":"link"}