Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS
Meeting Agenda 23 March 2015 – 08:45 – 09:45: CCSDS Plenary (Beckman Institute) – 09:45 – 10:45: Systems Engineering Area (SEA) Plenary (Baxter 33) – 13:30 – 17:30: Security WG (Baxter 33) – Welcome, introductions, logistics, agenda review – Review results of Fall 2014 (London) meeting – Status of documents, action items – Future work areas for CWE Framework – Charter review (if required) – Review the new programs list (all) – CCSDS Credentials (Shames/Weiss, all) – Federation – Cloud Testing (all) – Threat book revision review (Weiss) – ESA Secure Software Development (Fischer) – Working Group Dinner
Meeting Agenda (cont) 24 March 2015 (08:45 – 17:30) (Baxter 303) – Network Layer Security » IPsec Testing + Yellow Book Status (Sheehe/Airaud) » Network layer security for non-IP environments (Fischer/Aguilar- Sanchez) – Key Management Blue Book (Fischer/Aguilar-Sanchez) » KM for SDLS extended procedures (Fisher) » KM Green Book – Link Layer Security Update Discussion (Biggerstaff/Weiss/Aguilar- Sanchez) – Role-based authentication (FIPS 140) (Biggerstaff) – Proposed new areas of work – continuation of discussions – Other areas of discussion 25 March 2015 – 08:45-17:30: Space Data Link Security WG (Dabney 110) 26 March 2015 – 08:45-17:30: Space Data Link Security WG (Dabney 110) 27 November 2014 – 08:45-12:30: DTN Security (Baxter 127) – 16:00-17:30: SEA Wrap-up Plenary (room 504)
Attendance NameOrganization Address Howard Weiss Gordon BlackUK Space Daniel Ignacio Chuck Dorothea Julian Mike Brandon Craig
Executive Summary Attendees from UK Space Agency, ESA/ESTEC, ESA/ESOC, DLR, CNES, NASA/GRC, NASA/GSFC, NASA/JSC, and NASA/JPL. A minor change will be made to the WG charter to remove references to the Common Criteria. We revisited our London discussion on SecWG future programs and edited and adjusted the previous list. Elevated “credentials” work as #1 new work item. Reviewed action items from London. Carrying several forward and all others were completed. Discussed cloud-based testing environment architectures and potential issues surrounding its use. Reviewed ESA Secure Software Initiative. Reviewed revision of Threat GB. Minor changes. Plan is to incorporate the final changes, send it out for final WG call, and then submit for publication. Reviewed Network Layer Security adaption profile testing. Testing is near completion. Discussed Key Management and the SDLS key management “extended procedures” documents. The WG has decided that the SecWG KM BB should be changed to a KM MB. Discussed role-based access controls (FIPS 140-2) application to space. Discussed DTN Security plans and the streamlined Bundle Security Protocol at DTN meeting. SDLS Red-4 document ready to progress to publication.
Summary of Goals and Deliverables 1. Revised future SecWG programs list and elevated “credentials” program to #1. 2. KM will be changed in CWE from Blue to Magenta Book. SDLS KM document will be a BB (specifics from the SecWG doc) 3. Threat Green Book revision almost complete. 4. NASA/GRC and CNES Network Layer Security testing is completing. 5. SDLS Protocol Red-4 book ready for publication. 6. Engaged with DTN WG on DTN security. 7. Discussed issues surrounding cloud computing testing environment.
SEA Area MID-TERM REPORT SUMMARY TECHNICAL STATUS 1.Security WG Goal: Working Status: Active _X_ Idle ____ Summary progress: documents actively being produced: Key Management MB, Threat GB revision, Network Layer BB. All docs green. Progress since last meeting: threat GB rev, network layer security testing, KM MB progress. Problems and Issues: None status:OKCAUTIONPROBLEM Comment: Working Group is advancing and producing good products. Docs OK.
Near-Term Schedule DeliverableMilestoneDate Key Management Magenta Book Continue drafting next revision11/15 Network Layer Profile Completed per testing results feedback Threat Document Revision 5 rd revised draft05/15 Network Layer Yellow Book Final05/15
Future Work Areas (1) Credentials (2016) Certificate management (2) Secure Software GB (2016) (date TBR) (3) Network layer over space packets (2017) (4) Application layer security (protecting the app layer): TLS; (2018) providing security services via the application layer (KM, etc) eg., SM&C MOS (mission operation services). (2020) Link layer security for future unified space link protocol (migration of SDLS). (2025) SDLS Extended Procedures Green Book (2017) SDLS Extended Procedures Yellow Book (2016) Network Layer (IP) Security Green Book DTN Security
Open Issues See next slide:
Resolutions to be Sent to CESG and Then to CMC Resolution: The SecWG will be actively engaged in the review of all Red Books: Levels of involvement range from cursory examination of the Red Books under development, to active involvement in the development of the books. Response: AD will provide docs to the WG for review in parallel with AD review. Resolution: All CCSDS document editors will reach out, early in the development of the book to the SecWG to reduce downstream security issues. Response: AD will provide “pointers” to WGs for SecWG Resolution: Security shall be addressed in all new project initiations. All new projects should consider the extent to which security is relevant. Considerations will be documented in the project initiation request. Response: AD forwards new projects definitions to SecWG to analyze security implications & to work with the initiating WG.
Action Items Item NumberAction Item:Assigned to:Date Due: SecWG0315:1Investigate if optical comm WG is addressing security Howard Weiss04/01/15 SecWG0315:2Remove Common Criteria reference from WG Charter and investigate what we meant by item #7 Howard Weiss04/25/15 SecWG0315:3Decide/investigate if a network layer security green book is needed and if GRC and CNES are authorized to write it. Chuck Sheehe, Julian Airaud 05/01/15 SecWG0315:4Open a new work item – credentials. Write white book and investigate which members of the WG will work on program. Howard Weiss05/01/15 SecWG0315:5Investigate when to start work on the Software Security program within the SecWG Daniel Fischer04/01/15 SecWG0315:6Write white paper on cloud testing for CCSDS (architecture, cloud computing issues, etc) [also action item for SDLS] Brandon Bailey07/01/15 SecWG0315:7Investigate Agency issues/sensitivities with cloud computing at ESA and CNES Daniel Fischer, Julian Airaud 09/01/15
Action Items Item NumberAction Item:Assigned to:Date Due: SecWG0315:8Revise Threat GB per WG comments, send out for last call. Howard Weiss06/01/15 SecWG0315:9Update CWE entry to change KM from Blue to Magenta book Howard Weiss04/15/15 SecWG0315:10Update the KM “magenta” bookDaniel Fisher10/15/15 SecWG0315:11Follow-up with Peter Shames re: WG resolutions from Noorwijk – feedback? Howard Weiss03/30/15
Resource Problems Resources had been adequate to perform the current tasks although personnel have only limited time percentage to apply to CCSDS tasks.
Risk Management Update Must ensure that the current trend of additional resources remains and that resources don’t shrink.
Cross Area WG / BOF Issues Joint meeting with Space Data Link Security (SDLS) WG Joint meeting with Disruption Tolerant Networking (DTN) WG
New Working Items, New BOFs, etc. Credentials.