| draft-ietf-dtn-bpsec-17.txt | draft-ietf-dtn-bpsec-18.txt | |||
|---|---|---|---|---|
| Delay-Tolerant Networking E. Birrane | Delay-Tolerant Networking E. Birrane | |||
| Internet-Draft K. McKeever | Internet-Draft K. McKeever | |||
| Obsoletes: 6257 (if approved) JHU/APL | Intended status: Standards Track JHU/APL | |||
| Intended status: Standards Track January 22, 2020 | Expires: July 30, 2020 January 27, 2020 | |||
| Expires: July 25, 2020 | ||||
| Bundle Protocol Security Specification | Bundle Protocol Security Specification | |||
| draft-ietf-dtn-bpsec-17 | draft-ietf-dtn-bpsec-18 | |||
| Abstract | Abstract | |||
| This document defines a security protocol providing end to end data | This document defines a security protocol providing end to end data | |||
| integrity and confidentiality services for the Bundle Protocol. | integrity and confidentiality services for the Bundle Protocol. | |||
| This document is an update of the protocol described in RFC 6257, | ||||
| reflecting lessons learned. For this reason it obsoletes RFC 6257, | ||||
| an IRTF-stream document. | ||||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on July 25, 2020. | This Internet-Draft will expire on July 30, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.1. Supported Security Services . . . . . . . . . . . . . . . 4 | 1.1. Supported Security Services . . . . . . . . . . . . . . . 3 | |||
| 1.2. Specification Scope . . . . . . . . . . . . . . . . . . . 4 | 1.2. Specification Scope . . . . . . . . . . . . . . . . . . . 4 | |||
| 1.3. Related Documents . . . . . . . . . . . . . . . . . . . . 5 | 1.3. Related Documents . . . . . . . . . . . . . . . . . . . . 5 | |||
| 1.4. Terminology . . . . . . . . . . . . . . . . . . . . . . . 6 | 1.4. Terminology . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 2. Design Decisions . . . . . . . . . . . . . . . . . . . . . . 7 | 2. Design Decisions . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 2.1. Block-Level Granularity . . . . . . . . . . . . . . . . . 7 | 2.1. Block-Level Granularity . . . . . . . . . . . . . . . . . 7 | |||
| 2.2. Multiple Security Sources . . . . . . . . . . . . . . . . 8 | 2.2. Multiple Security Sources . . . . . . . . . . . . . . . . 8 | |||
| 2.3. Mixed Security Policy . . . . . . . . . . . . . . . . . . 8 | 2.3. Mixed Security Policy . . . . . . . . . . . . . . . . . . 8 | |||
| 2.4. User-Defined Security Contexts . . . . . . . . . . . . . 9 | 2.4. User-Defined Security Contexts . . . . . . . . . . . . . 9 | |||
| 2.5. Deterministic Processing . . . . . . . . . . . . . . . . 9 | 2.5. Deterministic Processing . . . . . . . . . . . . . . . . 9 | |||
| 3. Security Blocks . . . . . . . . . . . . . . . . . . . . . . . 10 | 3. Security Blocks . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 3.1. Block Definitions . . . . . . . . . . . . . . . . . . . . 10 | 3.1. Block Definitions . . . . . . . . . . . . . . . . . . . . 9 | |||
| 3.2. Uniqueness . . . . . . . . . . . . . . . . . . . . . . . 10 | 3.2. Uniqueness . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 3.3. Target Multiplicity . . . . . . . . . . . . . . . . . . . 11 | 3.3. Target Multiplicity . . . . . . . . . . . . . . . . . . . 11 | |||
| 3.4. Target Identification . . . . . . . . . . . . . . . . . . 12 | 3.4. Target Identification . . . . . . . . . . . . . . . . . . 11 | |||
| 3.5. Block Representation . . . . . . . . . . . . . . . . . . 12 | 3.5. Block Representation . . . . . . . . . . . . . . . . . . 12 | |||
| 3.6. Abstract Security Block . . . . . . . . . . . . . . . . . 12 | 3.6. Abstract Security Block . . . . . . . . . . . . . . . . . 12 | |||
| 3.7. Block Integrity Block . . . . . . . . . . . . . . . . . . 15 | 3.7. Block Integrity Block . . . . . . . . . . . . . . . . . . 15 | |||
| 3.8. Block Confidentiality Block . . . . . . . . . . . . . . . 16 | 3.8. Block Confidentiality Block . . . . . . . . . . . . . . . 16 | |||
| 3.9. Block Interactions . . . . . . . . . . . . . . . . . . . 17 | 3.9. Block Interactions . . . . . . . . . . . . . . . . . . . 17 | |||
| 3.10. Parameter and Result Identification . . . . . . . . . . . 19 | 3.10. Parameter and Result Identification . . . . . . . . . . . 18 | |||
| 3.11. BSP Block Examples . . . . . . . . . . . . . . . . . . . 19 | 3.11. BSP Block Examples . . . . . . . . . . . . . . . . . . . 19 | |||
| 3.11.1. Example 1: Constructing a Bundle with Security . . . 19 | 3.11.1. Example 1: Constructing a Bundle with Security . . . 19 | |||
| 3.11.2. Example 2: Adding More Security At A New Node . . . 20 | 3.11.2. Example 2: Adding More Security At A New Node . . . 20 | |||
| 4. Canonical Forms . . . . . . . . . . . . . . . . . . . . . . . 22 | 4. Canonical Forms . . . . . . . . . . . . . . . . . . . . . . . 22 | |||
| 5. Security Processing . . . . . . . . . . . . . . . . . . . . . 23 | 5. Security Processing . . . . . . . . . . . . . . . . . . . . . 22 | |||
| 5.1. Bundles Received from Other Nodes . . . . . . . . . . . . 23 | 5.1. Bundles Received from Other Nodes . . . . . . . . . . . . 23 | |||
| 5.1.1. Receiving BCBs . . . . . . . . . . . . . . . . . . . 23 | 5.1.1. Receiving BCBs . . . . . . . . . . . . . . . . . . . 23 | |||
| 5.1.2. Receiving BIBs . . . . . . . . . . . . . . . . . . . 24 | 5.1.2. Receiving BIBs . . . . . . . . . . . . . . . . . . . 24 | |||
| 5.2. Bundle Fragmentation and Reassembly . . . . . . . . . . . 25 | 5.2. Bundle Fragmentation and Reassembly . . . . . . . . . . . 25 | |||
| 6. Key Management . . . . . . . . . . . . . . . . . . . . . . . 25 | 6. Key Management . . . . . . . . . . . . . . . . . . . . . . . 25 | |||
| 7. Security Policy Considerations . . . . . . . . . . . . . . . 25 | 7. Security Policy Considerations . . . . . . . . . . . . . . . 25 | |||
| 8. Security Considerations . . . . . . . . . . . . . . . . . . . 27 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 27 | |||
| 8.1. Attacker Capabilities and Objectives . . . . . . . . . . 27 | 8.1. Attacker Capabilities and Objectives . . . . . . . . . . 27 | |||
| 8.2. Attacker Behaviors and BPSec Mitigations . . . . . . . . 28 | 8.2. Attacker Behaviors and BPSec Mitigations . . . . . . . . 28 | |||
| 8.2.1. Eavesdropping Attacks . . . . . . . . . . . . . . . . 28 | 8.2.1. Eavesdropping Attacks . . . . . . . . . . . . . . . . 28 | |||
| 8.2.2. Modification Attacks . . . . . . . . . . . . . . . . 29 | 8.2.2. Modification Attacks . . . . . . . . . . . . . . . . 29 | |||
| 8.2.3. Topology Attacks . . . . . . . . . . . . . . . . . . 30 | 8.2.3. Topology Attacks . . . . . . . . . . . . . . . . . . 30 | |||
| 8.2.4. Message Injection . . . . . . . . . . . . . . . . . . 30 | 8.2.4. Message Injection . . . . . . . . . . . . . . . . . . 30 | |||
| 9. Security Context Considerations . . . . . . . . . . . . . . . 31 | 9. Security Context Considerations . . . . . . . . . . . . . . . 31 | |||
| 9.1. Identification and Configuration . . . . . . . . . . . . 31 | 9.1. Identification and Configuration . . . . . . . . . . . . 31 | |||
| 9.2. Authorship . . . . . . . . . . . . . . . . . . . . . . . 32 | 9.2. Authorship . . . . . . . . . . . . . . . . . . . . . . . 31 | |||
| 10. Defining Other Security Blocks . . . . . . . . . . . . . . . 33 | 10. Defining Other Security Blocks . . . . . . . . . . . . . . . 33 | |||
| 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34 | 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34 | |||
| 11.1. Bundle Block Types . . . . . . . . . . . . . . . . . . . 34 | 11.1. Bundle Block Types . . . . . . . . . . . . . . . . . . . 34 | |||
| 11.2. Security Context Identifiers . . . . . . . . . . . . . . 35 | 11.2. Security Context Identifiers . . . . . . . . . . . . . . 34 | |||
| 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 35 | 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 35 | |||
| 12.1. Normative References . . . . . . . . . . . . . . . . . . 35 | 12.1. Normative References . . . . . . . . . . . . . . . . . . 35 | |||
| 12.2. Informative References . . . . . . . . . . . . . . . . . 36 | 12.2. Informative References . . . . . . . . . . . . . . . . . 35 | |||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 36 | Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 36 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 37 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 36 | |||
| 1. Introduction | 1. Introduction | |||
| This document defines security features for the Bundle Protocol (BP) | This document defines security features for the Bundle Protocol (BP) | |||
| [I-D.ietf-dtn-bpbis] and is intended for use in Delay Tolerant | [I-D.ietf-dtn-bpbis] and is intended for use in Delay Tolerant | |||
| Networks (DTNs) to provide end-to-end security services. | Networks (DTNs) to provide end-to-end security services. | |||
| The Bundle Protocol specification [I-D.ietf-dtn-bpbis] defines DTN as | The Bundle Protocol specification [I-D.ietf-dtn-bpbis] defines DTN as | |||
| referring to "a networking architecture providing communications in | referring to "a networking architecture providing communications in | |||
| and/or through highly stressed environments" where "BP may be viewed | and/or through highly stressed environments" where "BP may be viewed | |||
| skipping to change at page 3, line 44 ¶ | skipping to change at page 3, line 40 ¶ | |||
| transport security mechanisms may not be sufficient. For example, | transport security mechanisms may not be sufficient. For example, | |||
| the store-carry-forward nature of the network may require protecting | the store-carry-forward nature of the network may require protecting | |||
| data at rest, preventing unauthorized consumption of critical | data at rest, preventing unauthorized consumption of critical | |||
| resources such as storage space, and operating without regular | resources such as storage space, and operating without regular | |||
| contact with a centralized security oracle (such as a certificate | contact with a centralized security oracle (such as a certificate | |||
| authority). | authority). | |||
| An end-to-end security service is needed that operates in all of the | An end-to-end security service is needed that operates in all of the | |||
| environments where the BP operates. | environments where the BP operates. | |||
| This document is an update of the protocol described in RFC 6257, | ||||
| reflecting lessons learned. For this reason it obsoletes RFC 6257, | ||||
| an IRTF-stream document. | ||||
| Note to the RFC editor: Please delete below paragraph prior to RFC | ||||
| publication. | ||||
| The Internet Research Task Force will be requested to mark RFC6257 as | ||||
| obsolete. | ||||
| 1.1. Supported Security Services | 1.1. Supported Security Services | |||
| BPSec provides end-to-end integrity and confidentiality services for | BPSec provides end-to-end integrity and confidentiality services for | |||
| BP bundles, as defined in this section. | BP bundles, as defined in this section. | |||
| Integrity services ensure that changes to target data within a bundle | Integrity services ensure that changes to target data within a bundle | |||
| can be discovered. Data changes may be caused by processing errors, | can be discovered. Data changes may be caused by processing errors, | |||
| environmental conditions, or intentional manipulation. In the | environmental conditions, or intentional manipulation. In the | |||
| context of BPSec, integrity services apply to plain-text in the | context of BPSec, integrity services apply to plain-text in the | |||
| bundle. | bundle. | |||
| End of changes. 14 change blocks. | ||||
| 30 lines changed or deleted | 14 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||