ETD

• anonymity and privacy
• bundle protocol
• cross-agency interoperability
• cross-certification
• delay/disruption-tolerant networking
• DTN architectures
• interplanetary communications
• onion routing
• public key infrastructure
• space communications security

In the emerging Solar System Internet (SSI), Delay/Disruption-Tolerant Networking (DTN) is the foundational architecture for interplanetary communications. Ensuring security, interoperability, and privacy in such environments poses unique challenges: long delays, intermittent connectivity, asymmetric data rates, and heterogeneous trust domains make conventional Internet security models unsuitable. To address these challenges, this thesis - conducted at the European Space Agency (ESA) - investigates and implements a unified framework of DTN security mechanisms, fully aligned with CCSDS and IETF standards for the Bundle Protocol (BPv7) and Bundle Protocol Security (BPSec). The research introduces and evaluates four main contributions. First, a cross-agency Public Key Infrastructure (PKI) based on the Intergovernmental Certification Authority (IGCA) model is proposed, solving the lack of a common trust anchor and enabling secure credential interoperability across independent space agencies. Sec- ond, the Bundle-in-Bundle Encapsulation (BIBE) mechanism was refactored and extended within ESA’s BP implementation, ensuring compliance with the latest CCSDS draft and supporting reliable encapsulation workflows. Third, a novel Bundle-in-Bundle Segmentation (BIBS) scheme was designed to preserve end-to- end security semantics and policy continuity when fragmentation occurs. Finally, a new Bundle-in-Bundle Onion Routing (BIBOR) protocol was developed, extending BIBE with layered encapsulation to enhance anonymity and metadata protection in asynchronous, store–carry–and–forward networks. All mechanisms were designed and integrated within the ESA BP reference stack, and validated through comprehensive unit, integration, and cross-node testing. Among them, BIBOR represents the most innovative contribution: conceived entirely from scratch, it was fully implemented, deployed, and analyzed in detail. The evaluation confirms the feasibility of onion-like routing and anonymous encapsulation in store–carry–and–forward DTN architectures, establishing a solid foundation for future privacy-oriented extensions of the Bundle Protocol. The results contribute directly to ongoing CCSDS Security and DTN Working Group activities, supporting future standardization efforts toward secure and private inter- planetary communications for missions such as Moonlight, LunaNet, and MARCONI.