Security WG: Report of the Spring 2005 Meeting April 14, 2004 Howard Weiss
Meeting Agenda 11 April 2005 : Joint meeting with Space Link Support Area 13 April 2005 : Welcome, opening remarks, logistics, agenda bashing, CMC/CESG Resolutions CESG ResolutionsCESG Resolutions : Review results of Fall 2004 SecWG meeting in Toulouse Mtg Notes Mtg Notes : Security Architecture Document Discussions (Kenny) : coffee break : Security Architecture Document Discussions, cont : Lunch : Anti-Jamming/Spread Spectrum (Olsen) : Final review Threat Document (Weiss) : coffee break : Key management discussion (Kenny) 14 April 2005 : Crypto and Authentication Standards (Weiss) : Security Policy Framework (all) : break : Information Security Planning Guide (all) : Joint meeting with Service Management WG
Executive Summary Attendees from CNES, BNSC, NASA/GSFC, ASI, INPE, CSA, Aerospace, and NASA/JPL Discussed and revised the SecWG documents in process: Security Architecture Threat Discussed the proposals for CCSDS standards for: Encryption (AES w/min 128-bit key) Authentication/integrity (Digital Signature Standard) Key Management (maybe IKE v2 but still under consideration) Discussed future work items: Anti-jam/Spread Spectrum Security Policy Framework Information Security Planning Guide
Summary of Goals and Deliverables 1. Security Green Book revision is complete and has been submitted to the Area Director for submission to the CESG for the approval process. 2. Security Architecture document has undergone another revision taking into account the previous comments. Plan is to revise based on current comments and deliver a Red-1 in May Review final comments on the Threat Document, make final revisions, and submit to the CESG for approval by early May Develop a trade-off analysis of potential CCSDS encryption standards as a means of deciding on a recommendation. 5. Develop a trade-off analysis of potential CCSDS authentication standards as a means of deciding on a recommendation. 6. Conduct further analysis to determine a CCSDS key management standard. 7. Continue to work with other Areas and their WGs with respect to security.
Progress Achieved Had joint meeting with SLS Area (twice) and the Cross Support Services Area (specifically on Service Management security architecture). Good cross discussions. The other areas were extremely interested in what work was underway in the Security WG – an overall briefing of this sort may be useful in a CCSDS-wide Plenary session since it was performed twice in Athens. Agreed upon changes to the Security Architecture document and the immediate schedule for producing a Red-1 (May 2005, with RID review in Fall 2005). Reviewed excellent, though provoking comments from CNES on the Threat Document Agreed to incorporation of revisions and submission to CESG upon revision completion. Reviewed the security standards previously proposed: Encryption AES-128 Authentication/Integrity Digital Signature Standard (DSS) National sensitivities to the use of these standards does not appear to be a problem In both cases, however it was decided that we needed to develop a trade analysis study contrasting the available solutions before making a final recommendation. Agreed to further study key management Potential cross-area work in Anti-Jam/Spreading with SLS. Discussed the beginning of the Security Policy Framework Guide – attempt a CCSDS re- write of the NIST Guide (800-47) and a starting point. Discussed the beginning of the Information Security Planning Guide for Mission Planners. We discussed the potential use of the Common Criteria (ISO 15408) and the adaptation/tailoring of the CCtoolbox software for space missions to allow mission planners to be “interviewed” to develop their security requirements resulting in a Common Criteria Protection Profile (PP).
SEA Area MID-TERM REPORT SUMMARY TECHNICAL STATUS 1.Security WG Goal: Working Status: Active __X_ Idle ____ Summary progress: Three documents actively being produced (Security Green Book, Security Architecture, Threat). All docs green. Green Book to CESG. Progress since last meeting: Completed Green Book, 95% complete Threat, advances on Architecture, Key Management, Encryption, Authentication, and future documents. Problems and Issues: Resources – need to ensure good participation from all member agencies status:OKCAUTIONPROBLEM comment: Working Group is advancing and producing good products. Docs OK. New work OK. ResourcesMinimal resources provided by ESA – no ESA representation at this meeting. CNES has really picked up the slack though.
Near-Term Schedule DeliverableMilestoneDate Green Book revisions Completed – delivered to Area Director Update Charter Charter and resources05/05 CCSDS Security Architecture (4nd Draft) Publish a draft document (White Book) Red Book-1 Red Book-2 Blue Book-1 Done 05/05 10/05 12/05 Revise Security Threat Document Revise wrt CNES comments discussed at meeting Deliver to Area Director for CESG 05/05
Schedule (cont) Encryption ProposalWrite trade-off analysis of potential encryption algorithms for discussion and recommendations. 08/05 Authentication/Integrity Proposal Write trade-off analysis of potential authentication algorithms for discussion and recommendations 08/05
Schedule (cont) Key Management document Revise trade analysis for conclusions and recommendations 06/05 First draft Security Policy Guide Develop a rough draft Security Policy Guide based on NIST /05 Examine the use of the Common Criteria and the CCToolbox as a Mission Planners Security Guide Look at the tailoring of the CCToolbox to develop mission protection profiles 06/05
Open Issues Encryption algorithm Authentication algorithm Key management proposal Security Policy framework NIST ? Ground systems Security for the ground system Interconnection/policy for cross support across ground systems Future documents – resources to tackle them Common Criteria Protection Profiles Security Handbook for Mission Planners Are these inter-married?
Action Items Item NumberAction Item:Assigned to:Date Due: SecWG0405:1Add SLS working group chairs to Security WG mailing list per Jean-Luc’s direction. Howie WeissASAP SecWG0405:2Update the charter and resources and send out to the WG for review. Howie WeissASAP SecWG0405:3Gavin Kenny will review the latest version of RASDS for its relationship to the security architecture. Gavin KennyASAP SecWG0405:4Write a section for the security architecture document describing the security of the ground infrastructure using firewalls, VPNs and proxies which can be used to overlay a ground network over the Internet Olivier BelbusMay
Action Items (2) SecWG0405:5Entire WG to review the current version of the architecture white book with the intent to go with a Red-1 book before the next (Fall 2005) meeting in September. AllJune 1, 2005 SecWG0405:6Can the entire architecture document process be speeded up to allow for a 3 month RID process which would allow us to review RIDs at the Fall meeting? Gavin KennyASAP SecWG0405:6Formalize a statement in response to the CNES “threat analysis” comment. Olivier BelbusASAP SecWG0405:8Review the Key Management document which will be in the Spring 2005 folder on CWE. AllJune 1, 2005 SecWG0405:9Develop a white paper/white book trade study for authentication/integrity alternatives for CCSDS. Anyone members of the working group who have subject matter expertise regarding average telecommand sizes, etc. should contribute this information via the mailing list. Howie WeissJuly 31, 2005
Action Items (3) SecWG0405:10Develop a white paper/white book trade study on encryption algorithms for possible use in CCSDS. The study should include algorithm specifics such as overhead, key sizes, strength of algorithm, modes of operations, ability to operate with graceful degradation, implementation specifics (hardware, software, memory, processor, efficiency). Howie WeissAugust 31, 2005 SecWG0405:11Take a first cut at the Security Policy Guide document. Howie WeissSeptember 30, 2005 SecWG0405:12Provide examples of CNES interconnection rules for the development of the Security Policy Guide document Olivier BelbusJuly 15, 2005
Action Items (4) SecWG0405:13Examine the resources needed to tailor the CCToolbox for the space community for mission planners to develop mission security requirements. Howie WeissMay 31, 2005 SecWG0405:14Provide an example of how CNES generates its mission security requirements using EDIOS Olivier BelbusMay 31, 2005 SecWG0405:15Write a document detailing the CNES security development process. Olivier BelbusAugust 1, 2005 SecWG0405:16Generate a draft cover letter based on the Security WG charter and the CMC resolution. Howie WeissMay 31, 2005
Resource Problems Resources are adequate to perform the current tasks. It has not yet been determined if resources are adequate to accomplish all the work currently on the schedule. ESA has provided representation from ESTEC (2 people) but with almost no level of effort and almost no representation at meetings or on the mailing list. One ESTEC person attended in Toulouse (first and only time). ESA has stated that they will add another person from ESOC. But the question is when and with what percentage of time? CNES has really stepped up with some very good people who have taken on action items. Currently, many SecWG members have only very small fractions of their time dedicated to CCSDS.
Risk Management Update It is still unclear if enough resources are available from the Agencies to perform the necessary jobs but things are looking much brighter now than in the past. But…
Cross Area WG / BOF Issues Security is a cross-cutting discipline that needs to be included in many other Areas and WGs. In the plenary, we asked that the CESG be alerted that other Areas and WG should request support from the Security WG (in addition to the SecWG being proactive). We believe that the mandatory security section in documents will force the other Areas and WG to seek out help! Met with SLS on security Potential joint work in the area of anti-jam and spread spectrum. This is mostly an SLS area of expertise but is a security area. SLS wants to continue to have joint meetings with SecWG Met with Service Management WG (actually the entire Cross Support Services Area) – reviewed the Service management security architecture but also gave a SecWG overview. Maybe provide a SecWG overview briefing at the Fall meeting opening plenary to cover everyone at one time?
Resolutions to be Sent to CESG and Then to CMC None
New Working Items, New BOFs, etc. Encryption trade-analysis. Authentication analysis. Key Management analysis. Security Policy Framework based on NIST Mission Planning Guide based on Common Criteria and CCToolbox.