CCSDS Security Working Group Spring 2014 Meeting 10 November – 13 November 2014 London, England Okechukwu Mezu, Charles Sheehe NASA/Glenn.

Slides:

Advertisements

Similar presentations

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.

Advertisements

20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

IPv6: The Next Generation Internet Protocol Luke Simpson and Martin Bouts ECE 4112 Spring 2005 May 2nd, 2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT

SCSC 455 Computer Security Virtual Private Network (VPN)

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

CEG3185 Tutorial 7 Routers and Routing. IP Address An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer,

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

TRILL over IP draft-ietf-trill-over-ip-01.txt IETF 91, Honolulu Margaret Wasserman Donald Eastlake, Dacheng Zhang.

Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

Worldwide Product Marketing Group United States - Spain - UK - France - Germany - Singapore - Taipei Barricade™ VPN Broadband Routers (4 and 8 port)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.

CCSDS IPsec Compatibility Testing

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.

CCSDS IPsec Compatibility Testing 10/28/2013 OKECHUKWU MEZU CHARLES SHEEHE CCSDS GRC POC.

Security WG: Report of the Fall 2014 Meeting BSI, London UK 14 November 2014 Howard Weiss NASA/JPL/PARSONS

6/21/01Team 2 DCS 835 Rev 6/22/011 IP Security (IPSec)  Background –The internet has no centralized technical support. What makes it work is an agreed.

An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.

IPSec in a Multi-OS Environment. What is IPSec? IPSec stands for Internet Protocol Security It is at a most basic level a way of adding security to your.

1 Network Layer Security: Run over non-IP Protocol? Howie Weiss (NASA/JPL/Parsons) San Antonio, TX October 2013.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

Abdullah Alshalan Garrett Drown Team 3 CSE591: Virtualization and Cloud Computing.

Advanced Unix 25 Oct 2005 An Introduction to IPsec.

Module 5: Configuring Access for Remote Clients and Networks.

Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.

Ajh January 2007 CCSDS “Books” Adrian J. Hooke CMC Meeting, Colorado Springs 26 January 2007.

0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/PARSONS November 2014 BSI, London.

IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.

1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.

Chapter 4  Configuration: Client/Server Components 1 Chapter 4 Overview  Configure client/server components o Network interface card (NIC) o Windows.

Virtual Private Network. VPN In the most basic definition, VPN is a connection which allows 2 computers or networks to communicate with each other across.

FreeS/WAN & VPN Cory Petkovsek VPN: Virtual Private Network – a secure tunnel through untrusted networks. IP Security (IPSec): a standardized set of authentication.

Security WG: Status Briefing Noordwijkerhout, The Netherlands) 31 March 2014 Howard Weiss NASA/JPL/PARSONS

Module 10: Providing Secure Access to Remote Offices.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

AN OVERVIEW Rocky K. C. Chang13 Sept The web 2.

1 CCSDS Security Working Group Spring 2014 Meeting 31 March – 1 April 2014 Noordwijkerhout, The Netherlands Howard Weiss NASA/JPL/PARSONS* Identity crisis:

1 CCSDS Security Working Group Spring 2011 Meeting May 2011 Deutsches Institut für Normung (DIN) Berlin, Germany Howard Weiss NASA/JPL.

May SPACE LINK AREA MID-TERM REPORT SUMMARY TECHNICAL STATUS 1.DATA COMPRESSION WG Goal : specify an image compression algorithm fulfilling identified.

1 Systems Architecture WG: Charter and Work Plan October 23, 2003 Takahiro Yamada, JAXA/ISAS.

Security WG: Report of the Fall 2015 Meeting ESA/ESOC, Darmstadt DE 12 November 2015 Howard Weiss NASA/JPL/PARSONS

Security WG: Status Briefing BSI, London UK 10 November 2014 Howard Weiss NASA/JPL/PARSONS

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.

February 14, 2013 POIWG Technical Overview CR / HM-3430 Ku Forward Capability.

IPv6 Security By Eric Pennington COSC 356 – Network Security Dr. Oblitey

Cisco Routers Routers collectively provide the main feature of the network layer—the capability to forward packets end-to-end through a network. routers.

Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.

Reliability further points for discussion prepared for discussion at the IRTF Delay-Tolerant Networking session IETF 73, Minneapolis, November draft-irtf-dtnrg-bundle-checksum.

CCSDS IPsec Compatibility Testing 05/4/2016 CHARLES SHEEHE, CCSDS GRC POC OKECHUKWU MEZU, Test Engineer 1.

Virtual Private Network Technology Nikki London COSC 352 March 2, 2010.

CCSDS IPsec Compatibility Testing

Virtual Private Networks

CCSDS Security Credentials Blue Book

The CCSDS Security WG is chartered to:

Network Layer Security Update

Encryption and Network Security

CCSDS Systems Engineering Area: Security Working Group

Distributed Systems.

CCSDS IPsec Compatibility Testing

Security Protocols in the Internet

Encrypting OVN tunnels with IPsec

Presentation transcript:

CCSDS Security Working Group Spring 2014 Meeting 10 November – 13 November 2014 London, England Okechukwu Mezu, Charles Sheehe NASA/Glenn

IPsec Project Overview Performing Encapsulating Security Payload (ESP) using pre- shared keys on a CCSDS Internet Protocol (IP) packet going from source node over a satellite in space to a destination node Red book requires: – Two independent verifications of a specification are required prior to acceptance – Compatibility must be shown the IPV4 IPsec compatibility testing with CNES satisfies – CCSDS yellow book records the official documentation of testing and Compatibility test

NASA Internal IPV4 Network Connectivity Cisco 3825 Router Ground Station R1 Cisco 3825 Router CCSDS Satellite R2 GE 0/ GE 0/ GE 0/ GE 0/ GE 0/ GE 0/ IPsec VPN Legend GE – Gigabit Ethernet Cisco 3825 Router Receive Station R3 Tunnel represents a direct logical connection between R1 & R3 through R2. However, all communication between R1 & R3 go through R2 (representing a satellite/networked cloud) Linux Box

NASA Internal IPV6 Network Connectivity Cisco 3825 Router Ground Station R1 Cisco 3825 Router CCSDS Satellite R2 GE 0/0 2001:db8:1:1::1/64 GE 0/1 2001:db8:1:2::1/64 GE 0/0 2001:db8:1:2::2/64 GE 0/1 2001:db8:1:3::1/64 GE 0/1 2001:db8:1:4::1/64 GE 0/2 2001:db8:1:3::2/64 GE 0/0 2001:db8:1:X::X/64 GE 0/0 2001:db8:1:4::2/64 IPsec VPN Legend GE – Gigabit Ethernet Tunnel represents a direct logical connection between R1 & R3 through R2. However, all communication between R1 & R3 go through R2 (representing a satellite/networked cloud) Linux Box Cisco 3825 Router Receive Station R3

CCSDS Yellow Book IPsec Test Matrix # IP V4 /6 ESP Tu nn el Int eg rit y IP co m p Authenticated EncryptionConfidentialityManual Key Au to Ke y No Rek ey 1 4XXX X X 2 4XXXXX X 3 4XXX XX 4 4XXXX XX 5 4XXX XX 6 4XXXXX XX 7 4XXX X XX 8 4XXXX X XX 9 6XXX X X 10 6XXXXX X 11 6XXX XX 12 6XXXX XX 13 6XXX X XX 14 6XXXXX XX 15 6XXX X XX 16 6XXXX X XX

Proposed CCSDS IPsec Compatibility Testing Planned compatibility testing – Testing of IPv4 Linux CentOS 6.4 & Linux Umbutu – Testing for IPv6 Not performed Tests – #1 thru #8: IPV4. File transferred – La ligne de rang, nous allons ramer, de laisser rangée, laissé, Disons ramer le canot, Si doucement, si doucement, si doucement, Allons sur la mer.

IPV4 IPsec Compatibility Test

Status as of Spring Meeting Acquired hardware and software. Tested Local connectivity IPV4 & IPV6

Steps Accomplished from spring Resolve IPsec/VPN issue A:secure a module router, B: CNES multi agency test, C: excess shopping again. A&C&B dependent on resources Develop yellow book test configurations. Publish yellow book to WG chair for edits of tests and approval to proceed Update document and tests as necessary. IPV4 ping test with CNES

To be completed IPV4 test 1-8 from matrix Publish test results in yellow book for review by WG. Update document and testing as necessary. Publish yellow book out of WG, for acceptance