Nebula Public Library

The knowledge bank of ESA’s R&D programmes

Testbed for Bundle Protocol Security (BPSec)

Programme Reference
Prime Contractor
RDI Network
Start Date
End Date

Develop a representative testbed of a Bundle Protocol Security (BPSec) to validate standardisation activities and de-risk future developments of BPSec-compliant systems.

The CCSDS (Consultative Committee for Space Data Systems) Bundle Protocol (BP) is one component to realise next-generation Delay Tolerant Networking (DTN) / store-and-forward capabilities in space networks. It is part of the protocol stack foreseen for next generation exploration missions (e.g. Gateway). The SIS(Space Internetworking Systems-Delay)-DTN Bundle Security Book, is currently defined within CCSDS. The IETF (Internet Engineering Task Force) is also working on dedicated DTN security publications. This activity aims at implementing and validating a BPSec protocol (on a virtualised testbed), addressing also operational concerns and challenges. Securing a DTN requires to consider network physical properties, multiple topologies, policies at each node, and various security requirements. There are numerous challenges associated to such protocol: node authentication, anti-replay mechanisms, key management, security association management and overall monitoring and control in a distributed network of nodes scenario, integrity checks across waypoints, protocol data overheads and associated trade-offs, etc. ;This activity is to validate proposed standards, identify problem areas, propose and test associated solutions. The testbed shall build upon an existing BP implementation. The testbed shall require adequate network simulation tools and shall implement simulated delays/disruptions and multiple network nodes. A proof-of-concept application shall be developed and test security operations compliant with the proposed standards. Results will also aim at enabling BPSec interoperability testing. This development is relevant for any mission adopting CCSDS Bundle Protocol / Delay Tolerant Networking. ;The activity encompasses the following tasks: - Analyse existing standards and publications, derive associated test case scenarios and testbed system requirements, - Adapt an existing BP implementation to realise a prototype BPSec implementation, - Design the testbed architecture including identification of all components and relevant off-the-shelf solutions (e.g. for virtualisation layer management, network simulation, security libraries), - Implement the testbed in an iterative and agile manner: testing scenarios, identifying issues, proposing solutions, re-testing, ;- Produce findings and lessons learned including recommendations for the standards and for future systems implementing them.
Application Domain
Technology Domain
1 - On-board Data Subsystems
12 - Ground Station Systems and Networks
9 - Mission Operation and Ground Data Systems
Competence Domain
8-Ground Systems and Mission Operations
16-Mission Operations Data Systems
Initial TRL
Target TRL
Achieved TRL
Public Document