Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CCSDS Security Working Group Spring Meeting – Rome Key Management June 13 th 2006.

Published byRaymond Carpenter Modified over 9 years ago

Similar presentations

Presentation on theme: "1 CCSDS Security Working Group Spring Meeting – Rome Key Management June 13 th 2006."— Presentation transcript:

1 1 CCSDS Security Working Group Spring Meeting – Rome Key Management June 13 th 2006

2 2 Agenda Key Management Requirements Constraints & Bonuses Types of Key Management Issues – Emergency Commanding Q&A

3 3 Requirement To securely distribute key material to every communications node in a space system. To do so efficiently. –Use minimal bandwidth overhead –Use minimal processing & storage overhead. –Use minimal handshaking

4 4 Constraints Transmission delay Available bandwidth Processing and memory resources of remote platforms. Communications are non-continuous. Communication windows are variable –(and short in case of LEO) Mission lifetimes can last for years. 3 rd Parties are a long way away!

5 5 Bonuses Number of times session keys need to be changed is minimal Data rates are low Man-in-the-middle attacks are hard/impossible to do.

6 6 Types of Key Distribution Symmetric Asymmetric (Public Key) Quantum Key Distribution IKE Identity Based Encryption Distributed Key Management (PGP) Threshold Scheme (many non-trusted parties) Fortified Key Negotiation (Variation on DH) Pre-load

7 7 Symmetric Key Distribution Wide mouth frog Needham-schroeder Kerberos Otway Rees Yahalom Neuman-Stubblebine Pairwise Shaired Keys Blom’s Scheme Need access to a central server Variation of Pre-Load

8 8 Asymmetric Diffie-Hellman Key Exchange El Gamal Key Agreement (variation of DH) MTI/A0 (variation of DH) Shamir’s Three-pass protocol (uses RSA algorithm) COMSET – COMunications SETup Encrypted Key Exchange (EKE)(Uses pairwise keys) Interlock Protocol (Uses half-messages) Denning Sacco Public Key Exchange (Uses TTP) Woo Lam Protocol (uses TTP)

9 9 Quantum Key Exchange Based on the physical properties of photons. Very secure Currently limited range. Not compatible with RF communications.

10 10 IKE Developed by the IETF as the Key Management system for IPSec. Based on combination of symmetric and asymmetric techniques. IKE v1 was extremely complex to implement. IKE v2 is now been agreed. IKE v2 much simpler than v1 however still has a lot of handshaking. IKE was designed for Network Key Management, may not be suitable for other forms of encryption.

11 11 Identity Based Encryption Relatively new scheme Similar to PKI, however any arbitrary string can be used as public key. No need for certificate management. Does need access to a trusted 3 rd Party Cannot be used for authentication. Patented

12 12 Issues No current scheme (apart from pre-load) was developed with the unique needs of a space environment in mind. Can one key management technique be used for all 3 encryption schemes proposed in the Security Architecture? If not, can similar supporting infrastructure be used – thus reducing resource footprint. Due to the hostile nature of the space environment would it be sensible to recommend the use of a primary key agreement mechanism and a backup scheme? Should we only concentrate on a Key Management system for space use as whatever the “latest” method is, can be used for ground systems as these are relatively easily changed.

13 13 Questions

Download ppt "1 CCSDS Security Working Group Spring Meeting – Rome Key Management June 13 th 2006."

Similar presentations

Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –

Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Pairwise Key Agreement in Broadcasting Networks - 2005.11.11 - Ik Rae Jeong.

Pairwise Key Agreement in Broadcasting Networks Ik Rae Jeong.
Modelling and Analysing of Security Protocol: Lecture 14 Some Real Life Protocols Tom Chothia CWI.

Modelling and Analysing of Security Protocol: Lecture 14 Some Real Life Protocols Tom Chothia CWI.
1 CCSDS Security Architecture Key Management 13 th April 2005 Athens.

1 CCSDS Security Architecture Key Management 13 th April 2005 Athens.
1 Programa de Engenharia Elétrica - PEE/COPPE/UFRJ Universidade Federal do Rio de Janeiro A Review of Anomalies Detection Schemes for Smart Grids Andrés.

1 Programa de Engenharia Elétrica - PEE/COPPE/UFRJ Universidade Federal do Rio de Janeiro A Review of Anomalies Detection Schemes for Smart Grids Andrés.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Authentication & Kerberos

Authentication & Kerberos
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.

1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.

A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Similar presentations

Ads by Google