1. Security WG: Report of the Spring 2016 Meeting
NASA/GRC, Cleveland Ohio USA
8 April 2016
Howard Weiss
NASA/JPL/PARSONS

2. Meeting Agenda 4 April 2016 08:45 – 09:45: CCSDS Plenary
09:45 – 10:45: Systems Engineering Area (SEA) Plenary
13:30 – 17:30: Security WG
Welcome, introductions, logistics, agenda review
Meeting dates for Fall 2016 (Rome) meeting (all)
Review results of Fall 2015 (Darmstadt) meeting
Status of documents and action items
Review future work areas list for CWE Framework
Charter review (if required)
Strategic Plan Review (all)
SANA Registry Discussion (all)
CCSDS Credentials Program (Weiss, Sheehe, others)
Cloud Testing Update & Demonstration (Bailey/Fischer)
Green Book Revisions
Security Protocols (Weiss)
Secure Interconnection Guide (Biggerstaff)
DTN Security (Weiss, Sheehe)
Working Group Dinner - adhoc

3. Meeting Agenda (cont) 5 April 2016 (08:45 – 17:30)
Network Layer Security
IPsec Testing + Blue and Yellow Book Final Review (Sheehe/Airaud/Weiss)
Analysis of CCSDS Documents wrt Security (Black)
Hardware/Trusted Security (Sheehe)
Key Management Blue Book (Fischer/Aguilar-Sanchez)
KM for SDLS extended procedures (Fischer)
KM Green Book
Link Layer Security Update Discussion (Biggerstaff/Weiss/Aguilar-Sanchez/Fischer)
Proposed new areas of work – continuation of discussions
Other areas of discussion
Reception
Working Group Dinner
6 April 2016
08:45-17:30: Space Data Link Security WG
7 April 2016
08:45-13:30: Space Data Link Security WG
8 April 2016
16:00-17:30: SEA Wrap-up Plenary

4. Attendance Name Organization Email Address Howard Weiss (Chair)
NASA/JPL/PARSONS
Gordon Black
UK Space Agency/Qinetiq
Daniel Fischer (D/Chair)
ESA/ESOC
Ignacio Aguilar-Sanchez
ESA/ESTEC
Chuck Sheehe
NASA/GRC
Dorothea Richter
DLR
Julian Airaud
CNES
Brandon Bailey
NASA/GSFC
Craig Biggerstaff
NASA/JSC/Lockheed
Sandra Johnson

5. Executive Summary
Attendees from UK Space Agency, ESA/ESTEC, ESA/ESOC, DLR, CNES, NASA/GRC, NASA/GSFC, NASA/JSC, and NASA/JPL.
Reviewed action items from Darmstadt. Nearly all the assigned action items from Darmstadt were completed. Several others have been carried forward from several past meetings. We discussed the closeout of the cloud computing action and how best to document it (e.g., Green or Yellow book, TBD)
As per “direction” from the CESG, we discussed the “CCSDS Strategic Plan” and the consensus was that it was more of a program status report and not at all ‘strategic.’
We discussed the use of the SANA registry for the registration of CCSDS ‘standard’ algorithms for a first start.
We discussed the direction of the “credentials” program and the consensus was to create a standard based on ISO with a “strong” option based on X.509 certificates and a “less strong” option based on “protected simple authentication” as used by SLE.
We reviewed the potential revision of (CCSDS Protocols to Secure Systems which will be edited and distribute to the WG.
Reviewed Network Layer Security adaption profile testing. Testing is completed as is the Yellow Book with the test results. As a result of testing, the BB will be revised and forwarded to the AD and Secretariat for polling.
We discussed and had a live demo between NASA and ESA of the use of the “cloud” for CCSDS testing.
We discussed the use of “trusted hardware” in concert with or as an adjunct to the previously discussed trusted/secure software initiatives.
Reviewed analysis of security in other working groups (see spreadsheet)
Discussed the changes/restructuring of the Key Management Magenta Book.

6. Summary of Goals and Deliverables
KM Magenta Book is progressing.
Met with SDLS – successfully making forward progress on extended procedures.
NASA/GRC and CNES Network Layer Security testing is completed along with the Yellow Book testing results.
Cloud computing testing environment has been successfully demonstrated. How best to publish and document….
Consensus on the constitution of the credentials program.
Reviewed the draft revisions to

7. SUMMARY TECHNICAL STATUS
SEA Area MID-TERM REPORT
SUMMARY TECHNICAL STATUS
Security WG
Goal:
Working Status: Active _X_ Idle ____
Summary progress: documents actively being produced: Key Management MB, Network Layer BB, Cloud Testing. All docs green.
Progress since last meeting: network layer security testing, KM MB progress, DTN Security (CMS), Secure Protocol revision.
Problems and Issues: None
status: OK
CAUTION
PROBLEM
Comment: Working Group is advancing and producing good products.
Docs OK.

8. Near-Term Schedule Deliverable Milestone Date
Key Management Magenta Book
Continue drafting next revision
04/30/16
Network Layer Profile
Completed per testing results feedback
05/15/16
Network Layer Yellow Book
Final – deliver with Network Layer Profile to Secretariat
Cloud Testing
White paper -> Yellow or Green draft
06/15/16
Update Credentials “draft” program
Need to identify and lock in testers to get program approval
07/01/16

9. No changes from last meeting
Future Work Areas
No changes from last meeting
(1) Credentials (2016) (NASA, ESA, DLR, CNES)
Certificate management (separate doc?)
(2) Secure Software GB ( ) (to be reviewed) (ESA, NASA)
(3) Link layer security for future unified space link protocol (migration of SDLS). (2018)
(4) Network layer over space packets (2017) (ESA)
(5) Application layer security (protecting the app layer):
TLS; (2018)
providing security services via the application layer (KM, etc) eg., SM&C MOS (mission operation services). (2020)
SDLS Extended Procedures Green Book (2017)
SDLS Extended Procedures Yellow Book (2016)
Network Layer (IP) Security Green Book
DTN Security (underway in DTN WG)

10. Open Issues Cloud Testing document – Yellow? Green? Other?
Security in other working groups (see next slide)
Reminder re: WG review of Red Books (See subsequent slide)

11. Security in Other WGs Space Internetworking Services Area
 Security Analysis of Recent CCSDS Docs.xlsx
706.1-G-2
Motion Imagery and Applications
May-15 No 8
Various embedded references Table Security Domains for Video (& section ) 4.1b & personal security
722.1-M-1
Operation of CFDP over Encapsulation Service
Mar-14
730.1-G-1
Solar System Internetwork (SS) Architecture
Jul-14 17
734.1-B-1
Licklider Transmission Protocol (LTP) for CCSDS
Yes 36
3.9 - LTP Security Annex D - Security Considerations
734.2-B-1
CCSDS Bundle Protocol Specification
Sep-15 28
Annex G - Security Considerations
766.1-B-1
Digital Motion Imagery 16
Annex B - Security Considerations
Cross Support Services
901.1-M-1
Space Communications Cross Support - Architecture Requirements Document
100
4.4 - Security Reqs for Services Security Reqs for Physical Elements Security Reqs for E2E Deployments Annex A - Security Considerations
902.0-G-1
Extensible Space Communications Cross Support - Service Management - Concept
Sep-14 1
resource conflicts !
913.1-B-2
Space Link Extension - Internet Protocol for Transfer Services 22
2.7 - Security Aspects of the Internet SLE Protocol

12. Resolutions to be Sent to the CESG and Then to CMC: To reiterate from Pasadena and Darmstadt
Resolution: The SecWG will be actively engaged in the review of all Red Books:
Levels of involvement range from cursory examination of the Red Books under development, to active involvement in the development of the books.
Response: AD will provide docs to the WG for review in parallel with AD review.
Resolution: All CCSDS document editors will reach out, early in the development of the book to the SecWG to reduce downstream security issues.
Response: AD will provide “pointers” to WGs for SecWG
Resolution: Security shall be addressed in all new project initiations. All new projects should consider the extent to which security is relevant. Considerations will be documented in the project initiation request.
Response: AD forwards new projects definitions to SecWG to analyze security implications & to work with the initiating WG.

13. Action Items Item Number Action Item: Assigned to: Date Due:
SecWG0416:1
Provide Rome meeting date preferences to Nestor Peccia
All
Completed
SecWG0416:2
Publish cloud testing document – color?
Brandon Bailey
07/15/16
SecWG0416:3
Document WG comments & consensus on Strategic Plan discussion
Howard Weiss
05/30/16
SecWG0416:4
Update credentials program entry in CWE
05/15/16
SecWG0416:5
Petition GRC management for resources for Chuck Sheehe to be the book editor for the credentials book
Chuck Sheehe
SecWG0416:6
Petition respective management for resources for either Weiss or Biggerstaff to be alternate book editors for credentials book
Howard Weiss, Craig Biggerstaff
SecWG0416:7
Discuss reasoning for the use of ‘protected simple authentication’ in SLE book with Erik Barkley

14. Action Items Item Number Action Item: Assigned to: Date Due:
SecWG0416:8
Ask Secretariat if a book’s title can be changed when under revision
Howard Weiss
Completed
SecWG0416:9
Review the current secure interconnection guide and provide suggestions/comments/direction for revisions.
All
06/30/16
SecWG0416:10
Remove IPComp from Network Layer Security Adaption Blue Book.
06/01/16
SecWG0416:11
Revise KM Magenta Book
Daniel Fischer
04/30/16

15. Resource Problems
Resources had been adequate to perform the current tasks although personnel have only limited time percentage to apply to CCSDS tasks.

16. Risk Management Update
Must ensure that the current trend of additional resources remains and that resources don’t shrink.

17. Cross Area WG/BOF Issues
Joint meeting with Space Data Link Security (SDLS) WG
SDLS joint meeting with USLP

18. New Working Items, New BOFs, etc.
Credentials
Green Book revisions