ospab
/
ostp
mirror of https://github.com/ospab/ostp.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ostp/docs/en/ieee_spec.md

94 lines
5.8 KiB
Markdown
Raw Blame History

# IEEE P2974.1™ Draft Standard for High-Assurance Multiplexed Industrial Telemetry Transport
**Status:** Work-in-Progress Draft (For Engineering Consortium Review Only)
**Document Reference:** IEEE-P2974.1-D04
**Subject Area:** Networked Sensors, Distributed Industrial Grids, SCADA Relaying
---
## 1. Overview and Scope
### 1.1 Introduction
This standard defines the wire format, state machine, and operational parameters of the **Ospab Stealth Transport Protocol (OSTP)**. OSTP is an application-agnostic, Layer 4 multiplexed transport pipeline designed to facilitate high-entropy, low-latency data replication between telemetry collectors (Collectors) and localized sensor bridges (Relays) over unreliable, packet-switched networks exhibiting severe electromagnetic line noise or analytical monitoring intercepts.
### 1.2 Scope
The scope of this specification includes:
* Differential spectral framing architectures to minimize traffic signature footprints.
* Zero-trust pre-shared cryptographic node initialization channels.
* Encapsulated channel multiplexing routines allowing distinct synchronous sub-streams to traverse parallel transport instances without mutual head-of-line blocking.
---
## 2. Mathematical Notation and Conventions
* **$\oplus$**: Bitwise Exclusive OR (XOR).
* **$\text{SHA-256}(X)$**: Secure Hash Algorithm yielding 32 octets.
* **$\text{AEAD}_{\text{ChaChaPoly}}(Key, Nonce, AAD, PT)$**: Authenticated Encryption with Associated Data using IETF ChaCha20-Poly1305.
* **$\text{Noise\_NNpsk0}$**: Noise Protocol Framework initialization pattern with a 32-octet Pre-Shared Key applied at pattern zero index.
---
## 3. Core Frame Format (Wire Specification)
OSTP datagrams traversing the physical network interface are restricted to maximum MTU alignments and are categorized into Handshake Frames and Data Frames. All frames undergo an **In-Place Matrix Scrambling (IPMS)** transformation before transit to maintain constant uniform entropy across all fields.
### 3.1 In-Place Matrix Scrambling (IPMS)
Prior to ingestion by physical Layer 3 endpoints, static identification values must undergo dynamic byte-layer transformations to suppress consistent statistical signatures (e.g., constant prefixes).
Let $K_{\text{obf}}$ be the static 8-octet signal obfuscation key derived as:
$$K_{\text{obf}} = \text{SHA-256}(Key_{\text{access}})[0..7]$$
#### 3.1.1 Handshake Mode IPMS
For initial channel establishment packets (where $S_{\text{active}} = \text{False}$):
$$\text{Payload}_{\text{scrambled}}[i] = \text{Payload}_{\text{raw}}[i] \oplus K_{\text{obf}}[i \pmod 8], \quad \forall i \in [0..3]$$
#### 3.1.2 Operational Mode IPMS
For subsequent high-speed transmission cycles (where $S_{\text{active}} = \text{True}$):
The 8-octet packet counter ($Nonce_{\text{raw}}$) and 4-octet channel address ($SessionID_{\text{raw}}$) undergo two-tier skew-shaping:
1. **Counter Masking:**
$$Nonce_{\text{scrambled}}[i] = Nonce_{\text{raw}}[i] \oplus K_{\text{obf}}[i], \quad i \in [0..7]$$
2. **Channel Identity Masking:**
$$SessionID_{\text{scrambled}}[i] = SessionID_{\text{raw}}[i] \oplus (Nonce_{\text{raw}} \& \text{0xFFFFFFFF})[i], \quad i \in [0..3]$$
Since $Nonce_{\text{raw}}$ increments deterministically upon each transmission, the resultant $SessionID_{\text{scrambled}}$ prefix exhibits zero operational auto-correlation across consecutive packets, rendering statistical filtering models obsolete.
---
## 4. Cryptographic Pipeline Initialization
The validation handshake sequence utilizes the `Noise_NNpsk0_25519_ChaChaPoly_BLAKE2s` specification. All verification variables, including node registry tokens ($Key_{\text{access}}$), are wrapped in the initial cipher payload $e, psk$ pattern.
```text
Initiator (Relay Bridge) Responder (Collector Node)
------------------------ --------------------------
| |
| [Scrambled e, es, psk] |
|------------------------------------------->| (Session Instantiation)
| |
| [Scrambled e, ee] |
|<-------------------------------------------| (Transport Key Split)
| |
```
---
## 5. Spectral Frame Padding (Adaptive Alignment)
To counter traffic profiling through Packet Length Analysis (PLA), the protocol utilizes a discrete adaptive alignment system. Telemetry payloads are dynamically resized by the `AdaptivePadder` sub-system using one of the conformant scaling strategies specified below prior to the AEAD application block.
### 5.1 Scaling Strategies
1. **Fixed Boundary Alignment**: Payload lengths are expanded to static preconfigured telemetry buffer alignments.
2. **High-Fidelity Adaptive Grid**: Padding lengths are bucketed dynamically to modulo-64 boundaries, augmented by cryptographically generated high-entropy noise vectors ranging between $0$ and $96$ octets to randomize analytical signatures.
3. **Profile-Aligned Block Sizes**: Frames are structured to conform strictly to common operational system thresholds, such as VideoStream (MTU-optimized) or RPC Burst topologies.
### 5.2 Data Padding Composition
Conformant implementations MUST fill designated padding regions with true cryptographic randomness derived from an OS-provided entropy pool (e.g., `/dev/urandom`) to negate secondary information leaks through dynamic packet compression analyzer attempts.
---
## 6. Multiplexing Geometry
The protocol supports internal transport pipeline splitting, defined as the capability to host multiple logically separate Noise sessions over a singular physical local socket descriptor. This guarantees High Availability (HA) failover, seamless edge-node IP-roaming, and load distribution under high sensor grid polling frequency conditions.
Reference in New Issue View Git Blame Copy Permalink