Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Layer Security Howie Weiss (NASA/JPL/Cobham Analytic Solutions) Mike Pajevski (NASA/JPL) May 2010.

Published byNeil McKenzie Modified over 7 years ago

Similar presentations

Presentation on theme: "Network Layer Security Howie Weiss (NASA/JPL/Cobham Analytic Solutions) Mike Pajevski (NASA/JPL) May 2010."— Presentation transcript:

1 Network Layer Security Howie Weiss (NASA/JPL/Cobham Analytic Solutions) Mike Pajevski (NASA/JPL) May 2010

2 Agenda Review slides from Colorado Springs
What is network layer security? Benefits of network layer security CCSDS approaches to network layer security Decide on an approach for a CCSDS network layer security standard.

3 What is Network Layer Security?
Space extensions to FTP SCPS-FP FTP Features FTP Other Apps Space extensions to the Socket Interface SCPS-TP “TCP Tranquility” options TCP Options TCP UDP Space-optimized IPSec variant SCPS-SP IPSec Common Network- Layer Interface Space-optimized IP variant SCPS-NP IP Space Link Subnet: CCSDS Data Link The CCSDS protocol suite supports either “native” or “space enhanced” Internet services, at the discretion of the Project organization

4 Benefits of Network Layer Security
“Value-Added” network security Implement and certify (security-wise) once All upper layer applications are not aware of it Routable in an IP environment Underlying IP network is unaffected Saves cost and schedule Implement once vs. at each application Certify once vs. for each application Ensures correctness of implementation (done once with great scrutiny) End-to-End Protection

5 Drawbacks of Network Layer Security
No fine-grained access control Provides “all-or-nothing” access to a networked service (e.g., cannot control which file(s) can be accessed) Increased overhead (vs. link layer security) Really a protocol-specific issue A protocol with low bit overhead is possible More complex management (vs. link layer security) Depends on flexibility of the protocol A link layer solution could be just as complex Does not support non-network based communications Can impair some QoS, header compression, and smart routing techniques

6 CCSDS Approaches Do we care? YES Assuming we do care:
Adopt IPsec? (Constellation has already done so) ESP (RFC 4303) AH (RFC 4302) Both? Re-do/repair SCPS-SP? NO – decide at last mtg. Min 2 byte overhead vs. 10 bytes for IPSec Do we care about 64 extra bits/packet given the prevailing links?

7 Next Steps? Should the Security WG take this on as a new program of work? How should we approach this? Study? Just adopt IPsec? Any constraints/extensions needed? KM (aka IKE or others) Repair SCPS-SP? Write a new protocol? Go home and call it a day?  Conclusion: study IPSec and KM to start off and we’ll see where we go from there. What are the possible scenarios, interoperability use cases?

8 Network Layer Security Directions
IPSec is the current Internet international (IETF) standard Two parts: ESP (encrypted + authenticated), AH (authenticated-only). Do we want/need both? AH was developed to counter export control issues. There has been several attempts to deprecate it. Pro: it covers more of the header for integrity than does ESP w/integrity Lots of off-the-shelf implementations. SCPS-SP Its still an international standard (ISO via CCSDS) Flawed wrt integrity Lower overhead than IPSec No off-the-shelf implementations unlike IPSec KM issues IKE vs. manual key?

Download ppt "Network Layer Security Howie Weiss (NASA/JPL/Cobham Analytic Solutions) Mike Pajevski (NASA/JPL) May 2010."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.

IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.

By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.

Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.

1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.
Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.

Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.
1 Network Layer Security Howie Weiss (NASA/JPL/Cobham Analytic Solutions) Mike Pajevski (NASA/JPL) October 2010.

1 Network Layer Security Howie Weiss (NASA/JPL/Cobham Analytic Solutions) Mike Pajevski (NASA/JPL) October 2010.
1 Network Layer Security: Run over non-IP Protocol? Howie Weiss (NASA/JPL/Parsons) San Antonio, TX October 2013.

1 Network Layer Security: Run over non-IP Protocol? Howie Weiss (NASA/JPL/Parsons) San Antonio, TX October 2013.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.
6LoWPAN (Introduction, Problem Statement & Goals) Nandakishore Kushalnagar Intel Corporation.

6LoWPAN (Introduction, Problem Statement & Goals) Nandakishore Kushalnagar Intel Corporation.
RTP Encryption for 3G Networks Rolf Blom, Elisabetta Carrara, Karl Norrman, Mats Näslund Communications Security Lab Ericsson.

RTP Encryption for 3G Networks Rolf Blom, Elisabetta Carrara, Karl Norrman, Mats Näslund Communications Security Lab Ericsson.
IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.

IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.
Karlstad University IP security Ge Zhang

Karlstad University IP security Ge Zhang

Similar presentations

Ads by Google