Security WG: Report of the Spring 2014 Meeting NH Hotel Leeuwenhorst Noordwijkerhout, The Netherlands 3 April 2014 Howard Weiss NASA/JPL/PARSONS skype: hsweiss
Meeting Agenda 31 March 2014 – 08:30 – 09:30: CCSDS Plenary – 09:30 – 12:30: Systems Engineering Area (SEA) Plenary – 13:30 – 18:30: Security WG – Welcome, introductions, logistics, agenda review – Review results of Fall 2013 (San Antonio) meeting – Status of documents, action items – Charter review (if required) – EUMETSAT Overview (Texier) – Threat book revision review (Weiss) – Additional Threats (Sheehe) – Working Group Dinner
Meeting Agenda (cont) 1 April 2014 (08:30 – 18:30) – Network Layer Security Draft Review (Weiss) » IPsec Testing + Yellow Book Status (Sheehe) » Network layer security for non-IP environments Fischer/Aguilar-Sanchez) – Key Management Blue Book (Fischer/Aguilar-Sanchez) » KM for SDLS extended procedures – Link Layer Security Update Discussion (Biggerstaff/Weiss/Aguilar- Sanchez) – Other areas of discussion » Physical Layer Security (Aguilar-Sanchez) – Proposed new areas of work 2 April 2014 – 08:30-18:30: Space Data Link Security WG 3 April 2014 – 08:30-12:30: Space Data Link Security WG – 15:00-18:00: SEA Wrap-up Plenary
Attendance NameOrganization Address Howard Weiss Gordon BlackUK Space Daniel Martin Craig Ignacio Chuck Dorothea Julian Guillame Taoming
Executive Summary Attendees from UK Space Agency, ESA/ESTEC, ESA/ESOC, DLR, CNES, China BITTT, EUMETSAT, NASA/JSC, NASA/GRC, and NASA/JPL. No charter or framework changes were required. However, discussion on SecWG involvement in document reviews (see resolutions). Reviewed action items from San Antonio. Carrying several forward and all others were completed. EUMETSAT provided overview presentation. Reviewed revision of Threat GB. Several presentations by Chuck Sheehe on additional threats to be included in revised document. Comments & discussions will be folded into next revision. Reviewed revised draft of Network Layer Security adaption profile. Section 2 was re-written per comments. A few more changes/refinements needed. NASA/GRC is writing the Yellow Book and will provide feedback into the Blue Book. CNES is still trying to establish a testing environment to test with NASA/GRC. Physical Layer Security discussion from ESA/ESTEC as a potential future endeavor. Discussed outstanding SDLS RID (re: IV and AAD) to find way forward for RID disposition. Reviewed Key Management Extended Procedures document. Discussed possible new work areas: physical layer; CFDP, application layer. SDLS: reviewed “final” protocol (Red-4v2), extended procedures, and GB.
Summary of Goals and Deliverables 1. Discussed SecWG role in ensuring other working groups are paying attention to and working towards secure protocols. 2. KM Magenta Book for symmetric KM is progressing (as is the KM Blue Book for SDLS). 3. Reviewed Threat Green Book revisions. Discussed new threats to be added to the document (cognitive radios, hosted payloads, supply chain management). 4. Reviewed network layer security “adaptation” profile draft. ESA will investigate how IPsec might be used over non-IP protocols (action carried over from last meeting). NASA/GRC to write Yellow Book and perform testing. CNES will hopefully also perform testing. 5. Discussed Physical Layer Security. 6. Reviewed SDLS progress and dispositioned IV related RID in SecWG 7. Introduction to EUMETSAT (and new member).
31 Mar, 2014
SEA Area MID-TERM REPORT SUMMARY TECHNICAL STATUS 1.Security WG Goal: Working Status: Active _X_ Idle ____ Summary progress: documents actively being produced: Key Management MB, Threat GB revision, Network Layer BB. All docs green. Progress since last meeting: threat GB rev, network layer security revision, KM MB progress. Problems and Issues: None status:OKCAUTIONPROBLEM Comment: Working Group is advancing and producing good products. Docs OK.
Near-Term Schedule DeliverableMilestoneDate Key Management Blue Book Continue drafting next revision11/14 Network Layer Profile 3 rd draft07/14 Threat Document Revision 3 rd revised draft10/14 Network Layer Yellow Book 1 st draft11/14
Near-Term Schedule (cont) Common Criteria Protection Profiles FutureTBD Application Layer Security FutureTBD SW Defined Radio Security FutureTBD Physical Layer Security (Channel Coding) FutureTBD Mission Operations document FutureTBD CFDP SecurityFutureTBD
Open Issues Status of CWE mailing lists: Most CWE mailing lists can be obtained by anyone w/o a CWE account WG’s should be encouraged to turn this off – or the secretariat should default this to off.
Action Items Item NumberAction Item:Assigned to:Date Due: SecWG0414:1Revise Threat GBHoward Weiss10/1/14 SecWG0414:2Revise Network Layer testing Yellow Book and provide feedback from testing to Network Layer Security profile BB Chuck Sheehe11/1/14 SecWG0414:3Revise Network Layer Security Adaptation Profile Howard Weiss07/15/14 SecWG0414:4Look at NIST for possible inclusion into KM docs Daniel Fischer09/15/14 SecWG0414:5White paper on link layer security (from last meeting). Ignacio Aguilar-Sanchez11/1/14 SecWG0414:6Investigate CNES performing Network Layer Security testing (from last meeting) Julien Airaud11/1/14 SecWG0414:7Write white paper on ideas about network layer security for non_IP environments (from last meeting) Ignacio Aguilar-Sanchez & Daniel Fischer 07/1/14
Resource Problems Resources had been adequate to perform the current tasks although personnel have only limited time percentage to apply to CCSDS tasks.
Risk Management Update Must ensure that the current trend of additional resources remains and that resources don’t shrink.
Cross Area WG / BOF Issues Joint meeting with Space Data Link Security WG SDLS has joint meeting with Next Generation Space Link WG Advice on hash revision to SLE (from SHA-1 to SHA-2) Continued interaction with DTN and Spacecraft Monitoring & Control although no joint meeting in Noordijkerhout.
Resolutions to be Sent to CESG and Then to CMC Resolution: The SecWG will be actively engaged in the review of all Red Books: Levels of involvement range from cursory examination of the Red Books under development, to active involvement in the development of the books. Resolution: All CCSDS document editors will reach out, early in the development of the book to the SecWG to reduce downstream security issues. Resolution: Security shall be addressed in all new project initiations. All new projects should consider the extent to which security is relevant. Considerations will be documented in the project initiation request.
New Working Items, New BOFs, etc. None.