Space Data Link Secure Protocol Interoperability Testing Interfaces Definition Proposal Bruno Saba DCT/TV/IN 26/04/2010.

Slides:



Advertisements
Similar presentations
“Advanced Encryption Standard” & “Modes of Operation”
Advertisements

Why to learn OSI reference Model? The answer is too simple that It tells us that how communication takes place between computers on internet but how??
CCNA – Network Fundamentals
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Space Data Link Security Protocol Compatibility with other standards Bruno Saba DCT/TV/IN 26/10/2010.
SDLS impact on TM, AOS, TC Space Data Link Protocols Greg Kazz NASA/JPL Oct 16/17, 2012.
A General Purpose CCSDS Link layer Protocol Next Generation Data Link Protocol (NGDLP) Ed Greenberg Greg Kazz 10/17/
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Chapter 2 Network Models.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
Protocols and the TCP/IP Suite
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Circuit Switching (a) Circuit switching. (b) Packet switching.
K. Salah1 Security Protocols in the Internet IPSec.
Chapter 2 Network Models.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
CCSDS october 2008 meeting – Berlin 1 Space Data Link Security BOF SEA/SLS October 14, 2008 meeting.
G O D D A R D S P A C E F L I G H T C E N T E R 1 The Trade Between CCSDS and HDLC Framing on Global Precipitation Measurement David Everett and Jonathan.
Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.
OSI model Diego Abella. Before OSI model Small networks. Small networks. Incompatibilities between devices from different producers. Incompatibilities.
Presentation on Osi & TCP/IP MODEL
Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.
What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.
Characteristics of Communication Systems
Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
1 Chapter 16 Protocols and Protocol Layering. 2 Protocol  Agreement about communication  Specifies  Format of messages (syntax)  Meaning of messages.
1 Network Layer Security: Run over non-IP Protocol? Howie Weiss (NASA/JPL/Parsons) San Antonio, TX October 2013.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Network Protocol Hierarchies
Security Association / Security Context Bruno Saba DCT/TV/IN 03/05/2010.
TCP/IP Protocols Contains Five Layers
CCSDS Security WG meeting October 2008, hosted by DLR at DIN premises (Berlin) 1 Data Link Security BOF An ESA contribution on Lessons Learned and Issues/Questions.
Karlstad University IP security Ge Zhang
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
ESA UNCLASSIFIED – For Official Use Network Layer Security - Food for Thought D. Fischer, I Aguilar-Sanchez CCSDS Fall Meetings.
1 Kyung Hee University Chapter 2 Network Models. 2 Kyung Hee University 2.1 LAYERED TASKS We use the concept of layers in our daily life. As an example,
March 7, 2008Security Proposal 1 CCSDS Link Security Proposal Ed Greenberg Greg Kazz Howard Weiss March 7, 2008.
Transport Layer COM211 Communications and Networks CDA College Theodoros Christophides
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
CCSDS march 2008 meeting – Crystal City 1 TC/TM space links security SEA / SLS cross area meeting.
Chapter 2 Network Models
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
Space Data Link Secure Protocol Simulator Bruno Saba DCT/TV/IN 15/04/2010.
Protocol Layering Chapter 11.
Internet Security CSCE 813 IPsec. CSCE813 - Farkas2 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer.
WAN Transmission Media
OSI Model. Open Systems Interconnection (OSI) is a set of internationally recognized, non proprietary standards for networking and for operating system.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
Figure 2-6: Internal Organization of Protocol Entity (Sending End) Figure 4-14: Internal Organization of Protocol Entity (Sending End) MAP Packet Service.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
K. Salah1 Security Protocols in the Internet IPSec.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.
TCP/IP Protocol Suite Suresh Kr Sharma 1 The OSI Model and the TCP/IP Protocol Suite Established in 1947, the International Standards Organization (ISO)
Computer Network Lab. 1 3 장 OSI 기본 참조 모델 n OSI : Open System Interconnection n Basic Reference Model : ISO-7498 n Purpose of OSI Model ~ is to open communication.
The OSI Model Prof. Choong Seon HONG.
Bruno Saba DCT/TV/IN 26/04/2010
Chap. 2 Network Models.
Telemedicine.
Understand the OSI Model Part 2
CCSDS Link Security Proposal
Ed Greenberg Greg Kazz 10/17/2012
Chapter 3: Open Systems Interconnection (OSI) Model
16EC Computer networks unit II Mr.M.Jagadesh
Presentation transcript:

Space Data Link Secure Protocol Interoperability Testing Interfaces Definition Proposal Bruno Saba DCT/TV/IN 26/04/2010

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 2 Interfaces between two distant simulators ■Data Interfaces  Connecting one or more « useful » data stream  TC or Forward link(s)  TM or Return link(s) ■Control Interfaces  Used for exchange of data relative to the simulators’ management  « Synchronisation » data –Simulation starting time –…  Others –Simulator results –Files for comparison –…

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 3 CNES’ Proposals ■1st step of Interoperability Testing  Main goal : KEEP IT SIMPLE !  The objective is to validate the protocol, not to build a complex network system  Use UDP/IP for data streams  TC or Forward Link  TM or Return Link  UDP/IP is a well defined and well known protocol  No need for special hardware or software  Easy to implement  No flow control, some packets can be lost (like in the « real life » of the protocol)  Can be used on-line between two distant simulators, or off-line on localhost  Already used in CNES’ simulator

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 4 CNES’ Proposals ■1st step of Interoperability Testing (cont’d)  On-line or Off-line simulations  On-line : direct communication via UDP/IP  Off-line : exchange of files  Use s or telephone for control data  Simulations Starting time / Ending time scheduled by s  File exchange by –Transfer of data files for comparison purposes –Transfer of simulation results  Use of phone if needed…  Use of TCP/IP for synchronisation purposes only on the 2 nd step, only if needed

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 5 What do we need to agree on ? ■Interfaces between simulators (easy…)  UDP/IP for data  s or phone for control ■First implementation of the SDLS protocol ! (not so easy…)  SDLS protocol baseline  Secure services (authentication, encryption, authenticated encryption)  Algorithm(s) and modes of operation  Security Association / Security Context convergence… DONE  Position of Security Layer (TC Link) DONE  Security header definition DONE  Security header position DONE  …

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 6 First implementation of the SDLS protocol ■Services provided  Clear mode  Authentication only (AO)(TC,TM)  Authenticated Encryption (AE)(TC,TM)  Encryption Only (EO)(TM Only)  No switching management between services ■Algorithms and modes of operation (same algorithms for TC and TM)  AES GMAC (for AO)  AES GCM(for AE)  AES CTR (for EO) ■No special Key Management  Exchange of Keys between two simulators before simulation session ■No Security Association Dynamic Management  Agreement on the content of the SA to be used before simulation

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 7 First implementation of the SDLS protocol ■TC link (or Forward link)  Transmission of the complete CLTU ?  Including Start Sequence (EB90) and Tail Sequence  This would allow future testing of hardware implementation of the protocol  COP-1 Implementation ?  May be useful to see possible interaction between COP-1 and SDLSP…  Position of Security Header  Just after the Transfer Frame Primary Header (as defined in W1 Nov 2009)

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 8 First implementation of the SDLS protocol ■TC link (cont’d)  Security Header Definition  Sequence Number : not needed, Initialization Vector and Authentication service providing anti-replay protection  Initialization Vector : 4 Bytes  Key Index : not needed for TC link  PAD length : not needed  Security Header total length : 6 Bytes  Trailer (Message Authentication Code) length : 16 Bytes

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 9 First implementation of the SDLS protocol ■TC link (cont’d)  Security Association Definition  Each Security Association must contain –Global MAPID(s) to which it is assigned –Service provided (Clear, AO, AE) –Key  Initialisation Vector Management  4 byte counter  Generated by the ground segment  On-board control mecanism : new received IV must be greater than the previous one  Guarantees IV uniqueness  Also provides anti-replay service

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 10 First implementation of the SDLS protocol ■TM link (or Return link)  Transmission of the complete CADU ?  Including Start Sequence (1ACFFC1D) and Tail Sequence  This would allow future testing of hardware implementation of the protocol  Position of Security Header  Just after Frame Secondary Header (if present) (as defined in W1 Nov 2009)

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 11 First implementation of the SDLS protocol ■TM link (cont’d)  Security Header Definition  Sequence Number : –Not needed if Encryption Only mode is not used, Initialization Vector and Authentication service providing anti-replay protection –When using EO mode, counter on IV provides anti replay protection  Initialization Vector : 6 Bytes ?  Key Index : 2 Bytes  PAD length : not needed  Security Header total length : 10 Bytes  Message Authentication Code (trailer) : 16 Bytes

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 12 First implementation of the SDLS protocol ■TM link (cont’d)  Security Association Definition  Each Security Association must contain –Global Virtual Channel(s) to which it is assigned –Service provided (Clear, AO, AE, EO) –Key set (key selection by key index)  Initialisation Vector Management  6 byte counter  Generated on-board  On-board generation guarantees no regression : new IV sent is greater than the previous one (+1)  Guarantees IV uniqueness  Also provides anti-replay service

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 13 Conclusion ■Development of the simulators can start as soon as everybody agrees on the first implementation of the SDLS Protocol ■Interoperability Testing would then begin step by step  TM Link  TC Link (no COP-1)  TM Link and TC Link  TM Link and TC Link with COP-1

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 14 Thank you for your attention

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.