Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Association / Security Context Bruno Saba DCT/TV/IN 03/05/2010.

Published byPhoebe Edwards Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Association / Security Context Bruno Saba DCT/TV/IN 03/05/2010."— Presentation transcript:

1 Security Association / Security Context Bruno Saba DCT/TV/IN 03/05/2010

2 Space Data Link Secure Protocol Simulator CNES DCT/TV/IN B. Saba 14/04/2010 2 Security Association ■Defines cryptographic communication parameters to be used by both the sending and receiving ends of a Secure Channel ■Secure Channel =  One or more Global Virtual Channels (TM and AOS)  One or more Global VC/MAP (TC) ■SA uniquely identified by the Security Parameter Index (SPI) over a defined physical channel. The SPI is transmitted in each frame ■Up to 254 simultaneous SA per physical channel ■Each SA defines a cryptographic service :  Authentication Only (AO)  Encryption Only (EO)  Authenticated Encryption (AE) ■At least one cryptographic key associated to each SA ■SA can be pre-loaded prior to the launch, or dynamically created (mission dependant)

3 Space Data Link Secure Protocol Simulator CNES DCT/TV/IN B. Saba 14/04/2010 3 Security Context ■Defines cryptographic communication parameters to be used by both the sending and receiving ends of a Secure Channel ■Secure Channel =  One or more Global Virtual Channels (TM and AOS)  One or more Global VC/MAP (TC) ■SC uniquely identified by the Security Context Index (SCI) over a defined master channel. The SCI is transmitted in each frame ■Up to 255 simultaneous SC per master channel ■Each SC defines a cryptographic service :  Clear Mode  Authentication Only (AO)  Encryption Only (EO)  Authenticated Encryption (AE) ■No cryptographic key associated to the SC ■Key index transmitted in plaintext in the Security Header ■SC are pre-loaded prior to the launch, NOT dynamically created

4 Space Data Link Secure Protocol Simulator CNES DCT/TV/IN B. Saba 14/04/2010 4 Main Differences between SA / SC ■Security Associations can be dynamically created, Security Contexts are only pre-loaded before flight and can not be changed in flight  For SA, this is a mission dependant feature   If SA are pre-loaded before launch and not modified on flight, then no difference between SA and SC on this point ■Key management  Key directly associated with each Security Association  Key index transmitted in clear mode with Security Context concept  Max 254 pre-loaded keys with Security Association concept  Much more (K index length dependant) when using Security Context concept   If 254 pre-loaded keys is an acceptable limit, then no difference between SA and SC on this point  In each case, key management is to be defined (key revocation, key uploading, key activation, etc.)

5 Space Data Link Secure Protocol Simulator CNES DCT/TV/IN B. Saba 14/04/2010 5 Conclusion ■The main difference is in the key management  Key index transmitted in Security Header when using Security Context Concept  No key index transmitted when using Security Association concept  Less pre-loaded keys with Security Association concept  Max 254 pre-loaded keys when using SA  More key changes during satellite lifetime  Need to maintain a key change log file for deciphering old raw TM data  As the same SPI will be reused with different keys during satellite lifetime

6 Space Data Link Secure Protocol Simulator CNES DCT/TV/IN B. Saba 14/04/2010 6 Proposition ■Amend the proposed SDLS protocol standard  Add an additional attribute to SA : transmission of key index in-line or not. In this case, key index is no more an SA attribute  if key index transmitted in-line, add an additional field in security HDR (16-bit)

Download ppt "Security Association / Security Context Bruno Saba DCT/TV/IN 03/05/2010."

Similar presentations

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Assume that a file is transferred from a node A to a node B. The file has been fragmented in 5 frames (denoted as f0, f1, f2, f3, f4). Show the flow of.

Assume that a file is transferred from a node A to a node B. The file has been fragmented in 5 frames (denoted as f0, f1, f2, f3, f4). Show the flow of.
Assume that a file is transferred from a node A to a node B. The file has been fragmented in 5 frames. Frame 0 is corrupted, the ACK of frame 1 is corrupted,

Assume that a file is transferred from a node A to a node B. The file has been fragmented in 5 frames. Frame 0 is corrupted, the ACK of frame 1 is corrupted,
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Space Data Link Security Protocol Compatibility with other standards Bruno Saba DCT/TV/IN 26/10/2010.

Space Data Link Security Protocol Compatibility with other standards Bruno Saba DCT/TV/IN 26/10/2010.
SDLS impact on TM, AOS, TC Space Data Link Protocols Greg Kazz NASA/JPL Oct 16/17, 2012.

SDLS impact on TM, AOS, TC Space Data Link Protocols Greg Kazz NASA/JPL Oct 16/17, 2012.
GVCID parameter for Encapsulation - V2 - Oct2009 Encapsulation Service: Specifying the channel in the underlying Space Data Link Protocol Version 2/3 (Last.

GVCID parameter for Encapsulation - V2 - Oct2009 Encapsulation Service: Specifying the channel in the underlying Space Data Link Protocol Version 2/3 (Last.
A General Purpose CCSDS Link layer Protocol Next Generation Data Link Protocol (NGDLP) Ed Greenberg Greg Kazz 10/17/2012 1.

A General Purpose CCSDS Link layer Protocol Next Generation Data Link Protocol (NGDLP) Ed Greenberg Greg Kazz 10/17/
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Evaluate IEEE 802.11e EDCA Performance Tyler Ngo CMPE 257.

Evaluate IEEE e EDCA Performance Tyler Ngo CMPE 257.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.

1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.
Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.

Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
CCSDS october 2008 meeting – Berlin 1 Space Data Link Security BOF SEA/SLS October 14, 2008 meeting.

CCSDS october 2008 meeting – Berlin 1 Space Data Link Security BOF SEA/SLS October 14, 2008 meeting.

Similar presentations

Ads by Google