1 CCSDS Security Working Group Spring Meeting Colorado Springs Security Architecture January 19 th 2007.

Slides:

Advertisements

Similar presentations

CESG, Fall 2011, 5 th November 2011 Stuart Fowell, SciSys Device Virtualisation and Electronic Data Sheets.

Advertisements

Siebel Web Services Siebel Web Services March, From

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Consultancy Infrastructure Requirements for Fast, Reliable and Secure HL7 V3 Messaging Andrew Hinchley CPL Consulting.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.

VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Proposal for an achievable, cost effective Security Concept for EOBRs C. Hardinge / A. Lindinger.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Applied Cryptography for Network Security

Firefox 2 Feature Proposal: Remote User Profiles TeamOne August 3, 2007 TeamOne August 3, 2007.

Data Networking Fundamentals Unit 7 7/2/ Modified by: Brierley.

Internet Protocol Security (IPSec)

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.

Configuring connections between Dr.Web Enterprise Servers.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

CCSDS Security WG Management Remarks Martin Pilgram - DLR RB-KOB > Management Remarks on Sec WG > www.DLR.de/rb Slide 1.

CCSDS IPsec Compatibility Testing 10/28/2013 OKECHUKWU MEZU CHARLES SHEEHE CCSDS GRC POC.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Symmetric Key Management Books Development Plan Daniel Fischer (ESA) Ignacio Aguilar Sanchez (ESA) CCSDS Spring Meeting 2010 | Portsmouth, VA.

SAML Right Here, Right Now Hal Lockhart September 25, 2012.

© 2009 Research In Motion Limited Advanced Java Application Development for the BlackBerry Smartphone Trainer name Date.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

June 2004 SIW-4 - IP in Space Implementation Guide 1 Handbook for Using IP Protocols for Space Missions James Rash - NASA/GSFC Keith Hogie, Ed Criscuolo,

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.

Wolfgang EffelsbergUniversity of Mannheim1 Differentiated Services for the Internet Wolfgang Effelsberg University of Mannheim September 2001.

1 CCSDS Security Working Group Fall 2010 Meeting October 2010 British Standards Institute London, UK Howard Weiss NASA/JPL.

CCSDS Security WG meeting October 2008, hosted by DLR at DIN premises (Berlin) 1 Data Link Security BOF An ESA contribution on Lessons Learned and Issues/Questions.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

CSC 600 Internetworking with TCP/IP Unit 7: IPv6 (ch. 33) Dr. Cheer-Sun Yang Spring 2001.

A Combat Support Agency Defense Information Systems Agency GIG EWSE IA and NetOps (EE213) 17 August 2011 UNCLASSIFIED Tactical Edge Service: NetOps and.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Terminal Services Technical Overview Olav Tvedt TVEDT.info Microsoft Speaker Community

1 15 November 2004 CCSDS Security Architecture 15 th November 2004 Toulouse.

1 CCSDS Security Working Group Spring Meeting – Rome Key Management June 13 th 2006.

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

Chapter2 Networking Fundamentals

Information Architecture WG: Report of the Spring 2004 Meeting May 13, 2004 Dan Crichton, NASA/JPL.

1 SecWG New Business Discussions CCSDS CNES, Toulouse FR Howard Weiss NASA/JPL/SPARTA November 2004.

11 CLUSTERING AND AVAILABILITY Chapter 11. Chapter 11: CLUSTERING AND AVAILABILITY2 OVERVIEW  Describe the clustering capabilities of Microsoft Windows.

CCSDS march 2008 meeting – Crystal City 1 TC/TM space links security SEA / SLS cross area meeting.

IT 606 Computer Networks (CN). 1.Evolution of Computer Networks & Application Layer. 2.Transport Layer & Network Layer. 3.Routing & Data link Layer. 4.Physical.

Agenda CCSDS Network Layer Security IPSec+IKE Profile for CCSDS

CCSDS Security Working Group Program Space IT Security Standards Products Howard Weiss SPARTA, Inc. (a Parsons Company)

The CCSDS Cislunar Communications Architecture Keith Scott The MITRE Corporation CCSDS Meeting January 2007.

Key Management V 0.4 Discussion of document revision SeaSec Intermediary Meeting, Heppenheim, October 07 Daniel Fischer Uni Lux SECAN-Lab / ESA OPS-GDA.

By Mau, Morgan Arora, Pankaj Desai, Kiran.  Large address space  Briefing on IPsec  IPsec implementation  IPsec operational modes  Authentication.

Information Architecture BOF: Report of the Fall 2003 Meeting October 28, 2003 Dan Crichton, NASA/JPL.

August 2, 2005 IETF 63 – Paris, France Media Independent Handover Services and Interoperability Ajay Rajkumar Chair, IEEE WG.

1 CCSDS Security Working Group Spring 2011 Meeting May 2011 Deutsches Institut für Normung (DIN) Berlin, Germany Howard Weiss NASA/JPL.

Role of Router. The Router as a Perimeter Device  Usually the main function of a router is considered as the forwarding of packets between two network.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

Security WG: Report of the Fall 2004 Meeting November 19, 2004 Howard Weiss.

1 CCSDS Security Working Group Fall 2011 Meeting 1-2 November 2011 University of Colorado Boulder, Colorado USA Howard Weiss NASA/JPL.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

Security WG: Report of the Fall 2003 Meeting October 28, 2003 Howard Weiss, NASA/JPL/SPARTA.

Exploring the World of Wireless James Taylor - COSC 352 Fall 2007.

Securing Access to Data Using IPsec Josh Jones Cosc352.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/Cobham (Parsons) October 2011.

Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.

CCSDS IPsec Compatibility Testing 05/4/2016 CHARLES SHEEHE, CCSDS GRC POC OKECHUKWU MEZU, Test Engineer 1.

Richard Ogier Presented by Tom Henderson July 28, 2011

Agenda CCSDS Network Layer Security IPSec+IKE Profile for CCSDS

Chapter 3: Open Systems Interconnection (OSI) Model

Presentation transcript:

1 CCSDS Security Working Group Spring Meeting Colorado Springs Security Architecture January 19 th 2007

2 Agenda Changes since Rome A recap on the use of the Views The Security Architecture CCSDS Security Core Suite Some examples Emergency Commanding Next Steps Q&A

3 Changes since Rome Removal of in-depth discussions on –Authentication –Algorithm types –Key Management These are now discussed in greater detail in other books, to which the Security Architecture refers. Extended discussions to encompass more than scientific missions The architecture was always designed to be flexible and extensible, this has been brought out more in the document. Removal of File based encryption as a mandated part of the architecture, it is still available as an optional plugin for large delay and non-continuous communications. Emergency Commanding has been updated to allow for a range of options which can be selected by mission planners, there is no mandated solution for this as there is little need to interoperability in this area. Ground systems, from discussions in Rome it was felt that the Security Architecture should concentrate on Space Solutions, ground systems will use best-of-breed terrestrial technology and can be changed as the need arises.

4 The Views – A Summary Enterprise View – Tells us what inter-agency policies need to be developed Connectivity View – Tells us to consider Threats due to HOW elements communicate –RF in Space, non-continuous, QoS –Ground systems, use of the Internet, need for VPNs Functional View – Tells us the high level shape of the System Security Architecture –What functions does the mission need that the Security Architecture should support? Information View – Tell us the detail of the System Security Architecture –Where is the data, how is it stored, how is it transmitted, how should it be protected.

5 Proposed Architecture Based on a layered and expandable model Use of security formats, which can be used together or individually. –Transport Layer Encryption –Network Layer Encryption The use of Link Layer or Payload specific encryption is also accommodated by the architecture

6 CCSDS Security Core Suite Use of a Core suite of algorithms to allow reuse where missions do not need the complexity of bespoke solutions Mandated to ensure all CCSDS missions are interoperable Two layers, Network and Transport, can either be used together or separately Choice of recommended algorithms and configurations to be decided in other security books

7 Core Suite Configurations NetworkTransportComment 00 No encryption from Core Suite, suitable if a mission specific encryption suite is being used instead or there is no need for encryption such as in deep space. 10 Network only encryption, suitable for point to point encryption, very efficient. 01 Transport only encryption, suitable for when intermediate nodes are being used in the communications link. 11 Both Transport and Network encryption are being used, this would occur when a payload control centre is talking securely to it’s payload, over the secure communications the mission control centre has set up using network layer encryption.

8 Extending the Security Architecture The Core suite is not intended to solve all mission problems Missions are free to develop their own solutions as plug-ins to the architecture Note use of Link and Payload Security Agencies are free to develop their own security suites as plug- ins of the Security Architecture Core Suite supplies interoperability

9 Simple solutions

10 Emergency Commanding Agreement from Rome that this could not be a binary YES/NO for Security Therefore proposed a range of solutions –In Safe Mode but CPU online - use normal authentication –In Safe Mode, CPU offline- Watchdog drops need for authentication –Not in Safe Mode, CPU offline- Watchdog drops need for authentication –Tumbling- Watchdog drops need for authentication In the above cases the Watchdog is looking for certain events to reliably happen, if they do not it can drop the need for authentication Main aim is to keep the Watchdog very simple and robust Up to Missions Planners to decide which combination to choose, or whether to take the risk and not have authentication on emergency commands Little need for interoperability so recommend it is not a mandated part of the security architecture.

11 Next Steps We need to develop a set of missions profiles to be used as examples for each of the 5 missions types. –Manned Space –Weather –Communications –Scientific –Navigation It would be good to have input from the agencies with specific experiences of these mission types to ensure a good quality result. However we need to be clear that these are examples only, the main message must be to use the different views to examine each mission on its own merits and ensure that all the correct Polices, infrastructure and architecture are in place, for that mission.

12 AoB Questions?