Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security WG: Report of the Fall 2005 Meeting

Published byGodfrey Long Modified over 6 years ago

Similar presentations

Presentation on theme: "Security WG: Report of the Fall 2005 Meeting"— Presentation transcript:

1 Security WG: Report of the Fall 2005 Meeting
Atlanta GA September 16, 2004 Howard Weiss NASA/JPL/SPARTA

2 Planned Meeting Agenda
14 September 2005 : Welcome, opening remarks, logistics, agenda bashing, : Review results of Spring 2005 SecWG meeting in Athens Mtg Notes : RASDS Review wrt Security Architecture (Kenny telecon) : coffee break : Security Architecture Document Discussions (Kenny telecon) : Lunch :Review CNES Mission Security Req Development using EBIOS (Pechmalbec/Belbis) : Encryption Algorithm Trade Study (Weiss) : coffee break : Authentication/Integrity Algorithm Trade Study (Weiss) 15 September 2005 : Key management discussion (Kenny) : Coffee break : Identity Management, Spacecraft IDs (Weiss) : CNES Interconnection Rules (Pechmalbec/Belbis) : Lunch : CNES Security Development Process (Pechmalbec/Belbis) : Security Policy Document/Common Criteria (Weiss)

3 Attendance Name Company Email Address Howie Weiss NASA/JPL/SPARTA
Martin Pilgram DLR Stephane Pechmalbec CNES Ed Criscuolo NASA/GSFC/CSC Clayton Sigman NASA/GSFC Daniel Fischer ESA/ESOC Peter Shames NASA/JPL Gavin Kenny (telecon) BNSC/LogicaCMG Fred Stillwagen (telecon) NASA/Langley (SCAWG/SAST)

4 Executive Summary Attendees from CNES, BNSC (telecon), NASA/GSFC, NASA/ Langley (telecon), NASA/GRC, ESA/ESOC, DLR, and NASA/JPL. First participation of an ESA/ESOC representative! Mario Merri mentioned that ESA/ESOC would also provide another representative in time for the next meeting! Discussed and revised the SecWG Security Architecture documents Discussed and accepted proposals for CCSDS standards for: Encryption (AES w/min 128-bit key, additional algorithms allowed) Authentication/integrity (Digital Signature Standard for public key-based authentication, HMAC-SHA1 for MAC-based authentication) Discussed CNES approach to developing security requirements and their use of the EBIOS tool Discussed the development of: Security Policy Framework Information Security Planning Guide Potential usage of Common Criteria to develop mission Protection Profiles Discussed issues from NASA DSWG – identity management, SCID “exposure” on SANA.

5 Summary of Goals and Deliverables
Security Green Book revision is complete and has been submitted to the CESG – poll has just closed – awaiting review comments Threat Document is completed and has been submitted to the CESG – poll has just closed – awaiting review comments. Security Architecture document has undergone another revision taking into account the previous comments – to be sent out for WG review/comments. Trade-off analysis of potential CCSDS encryption standards as a means of deciding on a recommendation was completed and WG recommends distributing as a Green Book for the Encryption Algorithm Blue Book. Trade-off analysis of potential CCSDS authentication standards as a means of deciding on a recommendation was completed and WG recommends distributing as a Green Book for the Authentication Algorithm Blue Book. CCSDS key management standard still in process – controversy regarding public key exchanges vs. shared, symmetric keys. Policy Framework and Mission Planners Guides still in process. Continue to work with other Areas and their WGs with respect to security.

6 Progress Achieved Attended and participated in the High Rate Uplink BOF, CisLunar WG, and a splinter group of the SLS participants concerning how the Internet protocols work and can be used. Reviewed the latest incarnation of the Security Architecture document and its relationship with the final version of the RASDS. Area of contention within the Security Architecture revolves around key management issues: architecture is heavily slanted towards public key technologies that may not be universally applicable. Also issues revolving around how to do emergency commanding. More review to occur. Reviewed the security algorithm trade studies Encryption: must use AES-128 w/128-bit key at min; additional algorithms may be used at mission/agency/govt discretion. Authentication/Integrity: dual standards that must be used Digital Signature Algorithm (DSA) for public key-based authentication Hash-based Message Authentication Code (HMAC) using SHA-1 for shared secret-based authentication Other hashing algorithms (e.g., MD5, SHA256, SHA384, UMAC) may be used Discussed the beginning of the Security Policy Framework Guide – attempt a CCSDS re-write of the NIST Guide (800-47) and a starting point and re-affirmed the adaptation of the NIST document for CCSDS use. Again discussed the potential use of the Common Criteria for development of mission Protection Profiles. CNES makes heavy use of the CC but does not produce full-blown PPs. The WG did not want to develop PPs (too much boilerplate, too large, too hard to read, etc) but did agree it makes sense to use the CC as a basis for developing mission security requirements and this will be introduced in the mission planners guide that remains to be written. CNES described their level of security involvement in mission development. CNES has an independent security organization that works hand-in-hand with mission planners to develop the mission security requirements, the threat study, the trade studies, and the security life-cycle. They also discussed the risk analysis tool (available as open source), EBIOS, that they use to develop the mission security requirements. This needs to be examined for potential use by others and maybe to be introduced as a CCSDS recommended practice.

7 comment: Working Group is advancing and producing good products.
SEA Area MID-TERM REPORT SUMMARY TECHNICAL STATUS Security WG Goal: Working Status: Active __X_ Idle ____ Summary progress: Three documents actively being produced (Security Green Book, Security Architecture, Threat). All docs green. Green Book to CESG. Progress since last meeting: Completed Green Book, completed Threat, completed Encryption and Authentication Trade Studies – agreed on algorithms Problems and Issues: Resources – need to ensure continued participation from all member agencies status: OK CAUTION PROBLEM comment: Working Group is advancing and producing good products. Docs OK. New work OK. Resources – but things are looking much better. ESA/ESOC has now provided someone and promises 1 more.

8 Near-Term Schedule Deliverable Milestone Date Green Book revisions
Completed – awaiting CESG poll comments Threat Document CCSDS Security Architecture (5nd Draft) Publish a draft document (White Book) Red Book-1 Red Book-2 Blue Book-1 Done 12/05 03/06 07/06 Encryption Algorithm Trade Study completed Agreement to adopt algorithm Blue Book to be written 06/05 09/05

9 Schedule (cont) Authentication/Integrity Trade study completed
Agreement reached on algorithm adoption Blue Book to be written 08/05 09/05 02/06

10 Schedule (cont) Key Management document
Revise trade analysis for conclusions and recommendations 12/05 First draft Security Policy Guide Develop a rough draft Security Policy Guide based on NIST 01/06 Mission Planners Security Guide Look at the tailoring of the CCToolbox to develop mission protection profiles 06/06

11 Open Issues Key management white book Public vs. symmetric keying
Number of round-trips required for public key negotiations Caching of public keys if not on-line negotiation

12 Action Items Item Number Action Item: Assigned to: Date Due:
SecWG0905:1 Add three types of security (file encryption, TLS, and network layer) to the security architecture document. Gavin Kenny 12/05 SecWG0905:2 Ensure that integrity-only mechanisms in the security architecture are in concert with the authentication algorithm blue book SecWG0905:3 Add examples of how the security architecture can be used. SecWG0905:4 Ensure that the latest Security Architecture document has been distributed to the working group and posted to CWE Howie Weiss ASAP

13 Action Items (2) SecWG0905:5 Investigate “standard” AES modes (e.g., CBC, ECB) for inclusion in the encryption algorithm blue book. Howie Weiss 11/05 SecWG0905:6 Reconcile AES with the security architecture’s allowance of a NULL encryption algorithm Gavin Kenny 12/05 Write a blue book to adopt FIPS 197 as a CCSDS encryption algorithm recommendation. SecWG0905:8 Formulate a resolution to have the CMC clarify the mandatory security section wording. ASAP SecWG0905:9 Write an authentication algorithm blue book 02/06

14 Action Items (3) SecWG0905:10 Submit the encryption algorithm and authentication algorithm trade studies as Green Books (accompaniment to the yet to be developed blue books). Howie Weiss 02/06 SecWG0905:11 Memo to Peter Shames regarding SecWG discussions on SANA visible information (e.g., SCIDs) and identify management. 09/05

15 Resource Problems Resources are adequate to perform the current tasks.
Resources are increasing: ESA/ESOC has provided a new SecWG participant and has promised an additional person by the Spring meeting.

16 Risk Management Update
Must ensure that the current trend of additional resources remains and that resources don’t shrink.

17 Cross Area WG / BOF Issues
Security is a cross-cutting discipline that needs to be included in many other Areas and WGs. In the plenary, we asked that the CESG be alerted that other Areas and WG should request support from the Security WG (in addition to the SecWG being proactive). We believe that the mandatory security section in documents will force the other Areas and WG to seek out help! Met with high rate uplink BOF regarding security concerns. Met with CisLunar Maybe provide a SecWG overview briefing at the Spring meeting opening plenary to cover everyone at one time? Security 101 and SecWG initiatives within CCSDS?

18 Resolutions to be Sent to CESG and Then to CMC
Several concerns: SecWG is concerned with the lack of feedback from the CESG and CMC. For example, the SecWG sent a resolution up requesting that every CCSDS document contain a standard security section. The return flow indicated this was passed. More than a year later we learn that the language was changed (only blue books, resource problems allow provide a waiver, etc). We believe that the WG need a view into the outcome of the CESG and CMC meetings that does not appear to currently exist. Clarify what the current security section resolution means, what is required, in what books, what waivers are allowed? Standard security section resolution should be modified to include ALL CCSDS documents – not just Blue Books. Or at least Orange and Magenta books should be included and maybe also Green books.

19 New Working Items, New BOFs, etc.
Encryption algorithm blue book. Authentication algorithm blue book. Security Architecture red book. Key Management red book. Security Policy Framework based on NIST Mission Planning Guide.

Download ppt "Security WG: Report of the Fall 2005 Meeting"

Similar presentations

1 CCSDS Security Working Group Fall 2008 Meeting 15-16 October 2008 Berlin Germany.

1 CCSDS Security Working Group Fall 2008 Meeting October 2008 Berlin Germany.
11 Authentication Algorithm Trade Study CCSDS Security WG Fall 2005 Atlanta, GA USA Howard Weiss NASA/JPL/SPARTA +1-410-872-1515 September.

11 Authentication Algorithm Trade Study CCSDS Security WG Fall 2005 Atlanta, GA USA Howard Weiss NASA/JPL/SPARTA September.
0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/SPARTA (a Parsons Company) +1.443.430.8089 15 October.

0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/SPARTA (a Parsons Company) October.
PS 1 16 June 2006 SEA CESG SUMMARY Rome, Italy, 16 June 2006.

PS 1 16 June 2006 SEA CESG SUMMARY Rome, Italy, 16 June 2006.
Security WG: Report of the Winter 2007 Meeting Colorado Springs, CO USA January 20, 2007 Howard Weiss NASA/JPL/SPARTA +1-443-430-8089.

Security WG: Report of the Winter 2007 Meeting Colorado Springs, CO USA January 20, 2007 Howard Weiss NASA/JPL/SPARTA
Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS +1-443-430-8089.

Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS
CCSDS Security WG Management Remarks Martin Pilgram - DLR RB-KOB > Management Remarks on Sec WG > 15-04-2013www.DLR.de/rb Slide 1.

CCSDS Security WG Management Remarks Martin Pilgram - DLR RB-KOB > Management Remarks on Sec WG > www.DLR.de/rb Slide 1.
1 Security Policy Framework & CCSDS Common Criteria Use CCSDS Security WG Fall 2005 Atlanta, GA USA Howard Weiss NASA/JPL/SPARTA +1-410-872-1515.

1 Security Policy Framework & CCSDS Common Criteria Use CCSDS Security WG Fall 2005 Atlanta, GA USA Howard Weiss NASA/JPL/SPARTA
Security WG: Report of the Fall 2014 Meeting BSI, London UK 14 November 2014 Howard Weiss NASA/JPL/PARSONS +1-443-430-8089.

Security WG: Report of the Fall 2014 Meeting BSI, London UK 14 November 2014 Howard Weiss NASA/JPL/PARSONS
Delta-DOR SIG: Report of the Fall 2007 Meeting Heppenheim, Germany October 5th, 2007 Roberto Maddè ESA/ESOC

Delta-DOR SIG: Report of the Fall 2007 Meeting Heppenheim, Germany October 5th, 2007 Roberto Maddè ESA/ESOC
Security WG Status Review ESA European Space Operations Centre Darmstadt, Germany 16 April 2012 Howard Weiss NASA/JPL/SPARTA +1-443-430-8089.

Security WG Status Review ESA European Space Operations Centre Darmstadt, Germany 16 April 2012 Howard Weiss NASA/JPL/SPARTA
Security WG: Report of the Fall 2005 Meeting Atlanta GA September 16, 2004 Howard Weiss NASA/JPL/SPARTA.

Security WG: Report of the Fall 2005 Meeting Atlanta GA September 16, 2004 Howard Weiss NASA/JPL/SPARTA.
0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/SPARTA (a Parsons Company) +1.443.430.8089 15 April.

0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/SPARTA (a Parsons Company) April.
PS 1 12 June 2006 SEA Opening Plenary Rome, Italy, 12 June 2006.

PS 1 12 June 2006 SEA Opening Plenary Rome, Italy, 12 June 2006.
1 SecWG New Business Discussions CCSDS St-Hubert (Montreal) Canada Howard Weiss NASA/JPL/SPARTA +1-410-872-1515 May 2004.

1 SecWG New Business Discussions CCSDS St-Hubert (Montreal) Canada Howard Weiss NASA/JPL/SPARTA May 2004.
1 CCSDS Security Working Group Fall 2010 Meeting 26-27 October 2010 British Standards Institute London, UK Howard Weiss NASA/JPL.

1 CCSDS Security Working Group Fall 2010 Meeting October 2010 British Standards Institute London, UK Howard Weiss NASA/JPL.
Information Architecture WG: Report of the Winter 2007 Meeting January 20, 2007 Dan Crichton, Chair NASA/JPL.

Information Architecture WG: Report of the Winter 2007 Meeting January 20, 2007 Dan Crichton, Chair NASA/JPL.
Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA +1-443-430-8089.

Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA
0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/PARSONS +1.443.430.8089 10 November 2014 BSI, London.

0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/PARSONS November 2014 BSI, London.
1 CCSDS Threat Document Discussion CCSDS Security Working Group Fall 2004 Meeting CNES, Toulouse FR Howard Weiss NASA/JPL/SPARTA +1-410-872-1515.

1 CCSDS Threat Document Discussion CCSDS Security Working Group Fall 2004 Meeting CNES, Toulouse FR Howard Weiss NASA/JPL/SPARTA

Similar presentations

Ads by Google