CaptchaLa Blog

Appearance

An Open-Source Framework to Emulate Delay and Disruption Tolerant Networks for International Space Station Communication

Source: arXiv:2605.21624 · Published 2026-05-20 · By Krit Grover, Marcelo Ponce

TL;DR

This paper addresses the critical challenge of enabling reliable communication in highly disrupted and delay-prone networks, specifically focusing on the International Space Station (ISS) communication environment where intermittent connectivity and high latency prevail. The core contribution is an open-source, full-stack implementation of the Bundle Protocol, the foundational protocol for Delay and Disruption Tolerant Networking (DTN), which includes key features such as bundle fragmentation, custody transfer, priority queuing, and end-to-end security via authentication and encryption (BAB, PIB, PCB). The authors integrate orbital mechanics and RF link budget calculations to realistically emulate the ISS-ground station contact windows and demonstrate both a simulation mode and a Mininet-based emulation mode to provide realistic packet-level network behavior.

Key findings

  • Implementation adheres to RFC 5050/9171 for Bundle Protocol and RFC 6257 for Bundle Security Blocks (BAB, PIB, PCB) with HMAC-SHA256 and AES-256-CBC providing hop-by-hop authentication and end-to-end confidentiality.
  • Simulation uses nine geographically distributed ground stations connected in a 100 Mbps mesh with ISS-ground links simulated at 56 kbps and 8-minute contact windows every 92-minute ISS orbit.
  • Custody transfer mechanism retries failed bundle transmissions up to 5 times with 30-second ACK timeouts, improving reliability under intermittent links.
  • Fragmentation respects a 4096-byte MTU, splitting bundles into securely linked fragments that reassemble at the destination using consistent metadata and integrity checks.
  • Link budget calculator dynamically models free-space path loss, atmospheric attenuation, Doppler shift, and noise floor to estimate real-time achievable data rates per pass using Shannon-Hartley theorem with 75% efficiency factor.
  • Mininet mode emulates real TCP/IP packet flows with dynamically adjusted link parameters (bandwidth, delay, loss) based on ISS orbital position, allowing Wireshark inspection of actual DTN protocol payloads and headers.
  • Front-end visualization integrates a 3D Earth globe with real-time ISS trajectory and contact window rendering, providing an interactive educational platform for understanding DTN in space communications.
  • Experimental setup validates bundle delivery, security overhead, fragmentation behavior, and routing correctness under deterministic synthetic ISS contact schedules.

Threat model

The system assumes an adversary of unreliable network conditions typical in space communications, including long disruptions, latency, and untrusted intermediate nodes. The attacker cannot break standard cryptography (HMAC-SHA256, AES-256-CBC) deployed for bundle confidentiality, integrity, and authentication. Physical layer attacks such as jamming or interception are out of scope. The focus is on reliable, secure message delivery despite network partitions and delays.

Methodology — deep read

The authors built an open-source simulation and emulation framework for Delay and Disruption Tolerant Networking applied to ISS communication.

  1. Threat Model: The adversary is implicitly assumed to be a malicious or unreliable network environment typical of space systems, including intermittent connectivity and potential untrusted relay nodes. The system protects bundle integrity and confidentiality against in-network attacks via BAB, PIB, and PCB security blocks, but does not target active adversaries capable of jamming or physical interception.

  2. Data: The system simulates nine real-world geographically distributed ground stations (Toronto, London, Tokyo, Sydney, Washington DC, Singapore, Bengaluru, Sao Paulo, Moscow). Orbital data relies on public Two-Line Element (TLE) data sets updated from Celestrak to compute ISS real-time position using the SGP4 propagation model via Skyfield.

  3. Architecture and Algorithm: The core is a Python backend using FastAPI, implementing the Bundle Protocol (RFC 5050/9171) with extensions for custody transfer, fragmentation, priority-based queuing, and bundle security (RFC 6257). The BSP security layer applies HMAC-SHA256 for hop-by-hop authentication (BAB), AES-256-CBC encryption and HMAC payload integrity (PIB, PCB). Fragmentation splits bundles >4096 bytes into fragments with shared security metadata and distinct identifiers. Routing uses a BFS algorithm on a mesh network of ground stations, leveraging orbital pass predictions to select next forwarders. Custody transfer acknowledges bundle receipt via ACK/NAK with retransmission timeouts.

The frontend is a React app using Three.js for 3D Earth and ISS visualization aligned by coordinate transforms from geodetic latitude/longitude/altitude to Three.js Cartesian coordinates.

  1. Training Regime: Not a learned model but a system implementation. Runs tested on standard workstation hardware. Simulation mode uses deterministic virtual timing for predictability; Mininet mode runs virtual TCP/IP topology with real sockets for more authentic network effects.

  2. Evaluation Protocol: Evaluation includes experiments in both simulation and Mininet modes using synthetic ISS contact schedules (92-minute orbit, 8-minute contacts) to measure bundle delivery success, routing correctness, retransmission behavior, and security overheads. Bundle logs and Wireshark traces verify protocol adherence.

  3. Reproducibility: The full code and documentation are open-source at https://github.com/kritgrover/iss-simulator, including a public web demo for interactive testing. The dataset includes public TLE orbital elements and network topology configurations.

In one concrete example, a bundle created at a ground station is encrypted via PCB, signed by PIB, and queued with priority. When ISS visibility begins, the system calculates the dynamic link budget and available data rate for the short pass. The bundle is fragmented if necessary and forwarded through selected ground stations using BFS routing, with custody acknowledgments returned. The frontend visualizes each step in real time, while backend logs record timestamps and status. If ACKs are missing beyond 30 seconds, retransmissions retry up to five times before dropping the bundle.

Technical innovations

  • Comprehensive open-source full-stack implementation of Bundle Protocol (RFC 5050/9171) including integrated Bundle Security Protocol (BAB, PIB, PCB) with modern cryptographic primitives.
  • Link budget and orbital mechanics integration into DTN simulation/emulation, dynamically adjusting link parameters in real-time using SGP4-based ISS tracking and RF path loss, atmospheric attenuation, Doppler shift calculations.
  • Dual-mode architecture supporting fast simulation with virtual timing and Mininet-based TCP/IP network emulation for packet-level protocol inspection and realistic network effects.
  • Interactive web frontend featuring 3D globe visualization synchronized with backend orbital calculations and bundle routing state, enhancing educational transparency and experimentation.

Datasets

  • ISS Ground Station Mesh Topology — 9 stations — constructed synthetic with real geographic coordinates
  • Two-Line Element sets (TLE) for ISS orbit — publicly sourced from celestrak.org

Baselines vs proposed

  • Simulation Mode Delivery Success: Bundle delivery >90% over deterministic contact windows, with custody retransmissions reducing bundle loss rate by >70% vs no retransmission.
  • Mininet Mode: Demonstrated presence of real TCP/IP packet loss, latency jitter, and correct Bundle Protocol operation under dynamically changing link conditions; no direct numerical baseline comparison reported.
  • Security Overhead: Bundle encryption and authentication blocks add approximately 5-10% overhead to bundle size, consistent with expected cryptographic payload expansion.

Figures from the paper

Figures are reproduced from the source paper for academic discussion. Original copyright: the paper authors. See arXiv:2605.21624.

Fig 1

Fig 1: Main dashboard interface showing 3D globe visualization, orbital parameters, and next pass.

Fig 2

Fig 2: Ground View showing the interface for creating bundles that show the encrypted text, network topology, link parameters and transmission history.

Fig 3

Fig 3: ISS View showing a relay interface, message inbox, and a reassembly

Fig 4

Fig 4: Backend logs showing routing and received ACKs, checksum and

Limitations

  • No adversarial or active attack evaluation beyond applying cryptographic protections; security evaluated as protocol correctness not threat resilience.
  • Limited scale with only nine ground stations and one orbital vehicle, no multi-satellite constellation or larger network topologies tested.
  • Simulation mode does not model lower-layer real network effects such as TCP congestion control, packet collisions, or RF physical impairments beyond link budget estimates.
  • Explicit thread safety issues acknowledged due to Python GIL and lack of comprehensive locking on shared data structures, potential race conditions in concurrent operation.
  • Database persistence relies on SQLite with limited robustness for high-concurrency or large-scale deployments.
  • Empirical validation limited to synthetic schedules and measured packet flows without real ISS communication data trace integration.

Open questions / follow-ons

  • How the system performs with multiple satellites or larger DTN topologies involving multi-hop orbital relays and inter-satellite links.
  • Evaluation of active adversarial disruptions beyond passive cryptographic protections, including denial of service or malicious bundle injection.
  • Trade-offs between simulation speed and fidelity in Mininet mode at larger scales or with more realistic RF channel modeling.
  • Integration of automated assessment, curriculum templates, or AI-assisted tutoring to leverage the platform’s educational focus.

Why it matters for bot defense

For bot-defense and CAPTCHA practitioners, this work is relevant as an exemplar of secure, delay-tolerant communication protocols under highly challenged network environments characterized by intermittent connectivity and long disruptions. The detailed emulation of network delay, fragmentation, custody transfer mechanisms, and cryptographic protection layers may inspire designs for CAPTCHA challenge delivery over unreliable or high-latency channels, such as satellite or remote IoT devices. Additionally, the transparent, open-source pipeline and modular simulation/emulation approach provides reproducible tooling for stress-testing protocol robustness under artificially imposed network delays or adversarial conditions relevant to bot defense.

The integration of physical-layer awareness (link budgets, Doppler shifts) into higher-layer protocol operation highlights the necessity of considering lower-layer constraints when deploying bot-defense or CAPTCHA challenges in constrained environments. While the system focuses on space communications, the methodologies for handling fragmentation, retransmission, end-to-end security, and opportunistic routing under disruption tolerant networking principles could be adapted to other network challenge-response scenarios where connection stability is not guaranteed.

Cite

bibtex
@article{arxiv2605_21624,
  title={ An Open-Source Framework to Emulate Delay and Disruption Tolerant Networks for International Space Station Communication },
  author={ Krit Grover and Marcelo Ponce },
  journal={arXiv preprint arXiv:2605.21624},
  year={ 2026 },
  url={https://arxiv.org/abs/2605.21624}
}

Read the full paper

Articles are CC BY 4.0 — feel free to quote with attribution

© 2026 CaptchaLa