1. 0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1.443.430.8089 10 November 2014 BSI, London UK

2. 1 System Engineering Area Report Security WG Goals: - Develop security overview & threat assessment, security architecture, framework and related standards - Current focus (algorithms, key management, network layer security, threat/risk) Working Group Status: - Progress - Cryptographic Algorithms BB, Security Architecture MB, Information Security Glossary GB have been published - Algorithm Green Book in CESG polling - Key Management book is normative procedures and abstractions, will be MB, KM for SDLS extended procedures will be BB KM BB is delayed due to focus on SDLS BB - Revising Threat GB - Network Layer Security Adaptation Profile BB completed, awaiting testing results (Yellow Book) to progress (GRC & CNES testing) - Continuing good joint progress on SDLS WG, largely produced by SecWG members, reported in SLS 10 Nov, 2014

3. 2 The CCSDS Security WG is chartered to: Develop security recommendations: - Encryption, authentication, key management, etc Develop security guides and informative documents: - Security architecture, threat, secure interconnection guide, key management, security glossary of terms, etc Provide advice and guidance to other WGs - E.g., Spacecraft Monitoring & Control, Space Link OVERVIEW 10 Nov 2014

4. 3 Noorwijkerhout (April 2014) Progress: - Reviewed the revised Threat Green Book. Many comments and additional changes. Threat Presentations on additional threats provided by Chuck Sheehe. - Reviewed the Network Layer Security Adaptation Profile Blue Book with a re-written Section 2. Document was updated and is considered complete awaiting feedback from testing. - Discussed NASA/GRC IPsec testing for Network Layer Adaptation Profile. Need an additional agency to test (maybe CNES). - Reviewed Key Management SDLS extended procedures document. - SDLS WG continues making good progress: - discussed outstanding RID (IV & AAD) - reviewed the final protocol, extended procedures, and the green book. - Discussed possible future work areas: physical layer, CFDP security, application layer security, mission operations security guide, secure software development guide. STATUS 10 Nov 2014

5. 4 STATUS (cont) Current Progress: - Completed: - Algorithm Green Book (still in Secretariat editing queue) - Network Layer Security Adaptation Profile (awaiting testing results) - Continuing: - Key Management Blue Book - Key Management SDLS Extended Procedures (SDLS WG) - Threat GB revision (3 rd draft circulated to WG) - SDLS interactions - SM&C security consultations - DTN security consultations 10 Nov 2014

6. 5 Key Management Yellow Book Network Layer Security Green & Yellow Books Upper Layer Security - Application layer adaptation profile Physical Layer Security - Spread spectrum, bulk encryption Mission Operations Security Guide DTN Security Secure Software Development Guide Cross Support Issues - E.g., Cross realm identification, authentication, access control - Increased SLE security? - Increased SM&C security? Integrate Individual Documents - Roadmap? FUTURE WORK AREAS 10 Nov 2014

7. 6 AGENDA 10 November 2014 – 08:45 – 09:45: CCSDS Plenary (room G1) – 09:45 – 10:45: Systems Engineering Area (SEA) Plenary (room 503) – 13:30 – 17:30: Security WG (room 505) – Welcome, introductions, logistics, agenda review – Review results of Spring 2014 (Noordwijkerhout) meeting – Status of documents, action items – Charter review (if required) – Threat book revision review (Weiss) – ESA Secure Software Development (Fischer) – Working Group Dinner 10 Nov 2014

8. 7 AGENDA (cont) 11 November 2014 (08:45 – 17:30) (room 505) – Network Layer Security » IPsec Testing + Yellow Book Status (Sheehe + others?) » Network layer security for non-IP environments (Fischer/Aguilar- Sanchez) – Key Management Blue Book (Fischer/Aguilar-Sanchez) » KM for SDLS extended procedures (Fischer) » KM for DTN (Burleigh) – Link Layer Security Update Discussion (Biggerstaff/Weiss/Aguilar- Sanchez) – Other areas of discussion – Proposed new areas of work » Application Layer? – WG dinner 12 November 2014 – 08:45-17:30: Space Data Link Security WG (room 514) 13 November 2014 – 08:45-17:30: Space Data Link Security WG (room 514) 14 November 2014 – 16:00-17:30: SEA Wrap-up Plenary (room 504) 10 Nov 2014

9. 8 Action Items 10 Nov 2014 Item NumberAction Item:Assigned to:Date Due: SecWG0414:1Revise Threat GBHoward Weiss10/1/14 SecWG0414:2Revise Network Layer testing Yellow Book and provide feedback from testing to Network Layer Security profile BB Chuck Sheehe11/1/14 SecWG0414:3Revise Network Layer Security Adaptation Profile Howard Weiss07/15/14 SecWG0414:4Look at NIST 800-152 for possible inclusion into KM docs Daniel Fischer09/15/14 SecWG0414:5White paper on link layer security (from last meeting). Ignacio Aguilar-Sanchez11/1/14 SecWG0414:6Investigate CNES performing Network Layer Security testing (from last meeting) Julien Airaud11/1/14 SecWG0414:7Write white paper on ideas about network layer security for non_IP environments (from last meeting) Ignacio Aguilar-Sanchez & Daniel Fischer 07/1/14

10. 9 Additional Action Items 10 Nov 2014 Item NumberAction Item:Assigned to:Date Due: SecWG1012:9Investigate how role-based access, in compliance with FIPS 140-2, can be used by flight crypto systems. Craig Biggerstaff11/01/12 SecWG1012:12Write white paper on physical layer security as a future work area Ignacio Aguilar Sanchez 04/01/13 SecWG1012:13Re-open discussions re: security for SLEHoward Weiss03/01/13