[Sis-dtn] Spring Meeting Agenda Add: BPSec Analysis and Improvements

Thu Sep 26 15:16:26 UTC 2024

Hi everyone,

Thanks for your support and interest. Regarding logistics of doing a joint session with SEC and to Tomaso’s point:
Concerning the meetings schedule, the slot for the joint SEC/DTN meeting is already scheduled on Thursday the 7th in the afternoon, starting from 1330. My suggestion would be then to iterate with SEC folks to come up with a list of items and related time allocation for the joint meeting. I’m cc’ing Howie and Marcus to converge.
I think a common session with the Security WG would be a great idea. Howie & Marcus, I think a 45-1hr time slot would be ample enough time for us to get our idea out and discuss in the groups. Here’s a rough outline of topics we would like to discuss:

  1.  Overview
  2.  Security guarantees of BPSec under the Default Security Context and concerns
  3.  Related works/ideas
  4.  Improvements to BPSec with ‘Read Receipts’
  5.  Possible ways to incorporate improvements
  6.  Discussion

Felix, in response to your point:
Regarding message loss detection, is there some overlap with the sequence numbering we are seeking to introduce in the Compressed Bundle Reporting / Custody transfer Orange Book (https://docs.google.com/document/d/1YPTwJ7_3az5WliWspg0F0M2FsoPoCoVS/edit)?
In its simplest form, the CREB just contains a bundle sequence number (‘scoped’ by the source node) with sequences according to the bundle’s destination endpoint IDs. This CREB actually does not request any reporting (maybe we should work on terminology) but allows the destination node to detect gaps in sequences of bundles (and do re-ordering if required).

Our work looks at loss detection from a cryptographic perspective but I think we can incorporate the sequence number described in what we MAC over as part of our ‘read-receipt’ concept that we introduce in the paper to permit only honest changes by intermediate nodes to a bundle in flight from a sender to the security destination. Happy to talk more about how we could integrate these two concepts together more at the meeting.

Very Respectfully,

Xisen Tian
LT     USN
PhD Student
Applied Cryptography
Naval Postgraduate School

From: Felix Flentge <Felix.Flentge at esa.int>
Date: Monday, September 23, 2024 at 11:15 PM
To: Tian, Xisen (LT) <xisen.tian1 at nps.edu>, sis-dtn at mailman.ccsds.org <sis-dtn at mailman.ccsds.org>
Cc: Hale, Britta (CIV) <britta.hale at nps.edu>, Bhagya Wimalasiri <b.m.wimalasiri at sheffield.ac.uk>, Benjamin Dowling <dowling.bj at gmail.com>
Subject: RE: Spring Meeting Agenda Add: BPSec Analysis and Improvements
NPS WARNING: *external sender* verify before acting.

Hi,

I think this is super interesting and we should try to have the presentation in the common session with the Security WG.

Regarding message loss detection, is there some overlap with the sequence numbering we are seeking to introduce in the Compressed Bundle Reporting / Custody transfer Orange Book (https://docs.google.com/document/d/1YPTwJ7_3az5WliWspg0F0M2FsoPoCoVS/edit)?
In its simplest form, the CREB just contains a bundle sequence number (‘scoped’ by the source node) with sequences according to the bundle’s destination endpoint IDs. This CREB actually does not request any reporting (maybe we should work on terminology) but allows the destination node to detect gaps in sequences of bundles (and do re-ordering if required).

Regards,
Felix

From: SIS-DTN <sis-dtn-bounces at mailman.ccsds.org> On Behalf Of Tian, Xisen (LT) via SIS-DTN
Sent: Tuesday, September 24, 2024 3:23 AM
To: sis-dtn at mailman.ccsds.org
Cc: Hale, Britta (CIV) <britta.hale at nps.edu>; Bhagya Wimalasiri <b.m.wimalasiri at sheffield.ac.uk>; Benjamin Dowling <dowling.bj at gmail.com>
Subject: [Sis-dtn] Spring Meeting Agenda Add: BPSec Analysis and Improvements

Hello,

I’m Xisen Tian, I’m a PhD student being advised by Dr. Britta Hale and Scott Burleigh at the Naval Postgraduate School researching cryptographic analysis of DTN protocols. My co-authors (cc’d) and I have completed a formal analysis of BPSec with recommendations for improvements which we are ready to present to the DTN WG at the upcoming fall meeting in London. We would like to request a 30-45 minute time slot in the agenda to do a presentation of our work followed by discussion on how our improvements could be adopted (if at all). Our full paper is forthcoming: it has been submitted to a journal and we are currently going through the review/revision process. I’ve pasted our abstract below:

ABSTRACT: Space networking has become an increasing area of development with the advent of commercial satellite networks such as those hosted by Starlink and Kuiper, and increased satellite and space presence by governments around the world. Yet, historically such network designs have not been made public, leading to limited formal cryptographic analysis of the security offered by them. One of the few public protocols used in space networking is the Bundle Protocol, which is secured by Bundle Protocol Security (BPSec), an Internet Engineering Task Force (IETF) standard. We undertake a first analysis of BPSec, building a model of the secure channel security goals stated in the IETF standard, and note issues therein with message loss detection. We prove security of BPSec under a limited model and also provide a stronger construction, one that supports the Bundle Protocol’s functionality goals while also ensuring destination awareness of missing messages components.

Please let me know if you have questions, concerns, or feedback. Thank you.

Very Respectfully,

Xisen Tian
LT     USN
PhD Student
Applied Cryptography
Naval Postgraduate School

This message is intended only for the recipient(s) named above. It may contain proprietary information and/or protected content. Any unauthorised disclosure, use, retention or dissemination is prohibited. If you have received this e-mail in error, please notify the sender immediately. ESA applies appropriate organisational measures to protect personal data, in case of data privacy queries, please contact the ESA Data Protection Officer (dpo at esa.int).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/sis-dtn/attachments/20240926/26a208f0/attachment-0001.htm>