Securing any network is a complex combination of protocols, configurations, policies, and proper software and hardware implementations. High-availability and low-latency networks beneficially leverage their communications infrastructure to support helpful security functions such as just-in-time key negotiation. Networks, particularly those conforming to the Delay Tolerant Networking (DTN) architecture, cannot rely on a communications infrastructure with such assumptions. Instead, these networks must rely on out-of-band mechanisms in cases where end-to-end negotiation is not possible.

Therefore, a Bundle Protocol version 7 (BPv7) network is at best as difficult to secure as any other terrestrial network and at worst much harder. This chapter discusses some of the unique challenges that must be addressed when securing any type of BPv7 network and those special considerations when securing networks conforming to the DTN architecture.

After reading this chapter you will be able to:

14.1 Scoping Security Concerns

The security of message data in a network must include mechanisms for data confidentiality, integrity, and authentication. BPSec defines the bcb-confidentiality service to apply data confidentiality ...