Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CCSDS Security Working Group Spring Meeting – Rome Key Management June 13 th 2006.

Similar presentations


Presentation on theme: "1 CCSDS Security Working Group Spring Meeting – Rome Key Management June 13 th 2006."— Presentation transcript:

1 1 CCSDS Security Working Group Spring Meeting – Rome Key Management June 13 th 2006

2 2 Agenda Key Management Requirements Constraints & Bonuses Types of Key Management Issues – Emergency Commanding Q&A

3 3 Requirement To securely distribute key material to every communications node in a space system. To do so efficiently. –Use minimal bandwidth overhead –Use minimal processing & storage overhead. –Use minimal handshaking

4 4 Constraints Transmission delay Available bandwidth Processing and memory resources of remote platforms. Communications are non-continuous. Communication windows are variable –(and short in case of LEO) Mission lifetimes can last for years. 3 rd Parties are a long way away!

5 5 Bonuses Number of times session keys need to be changed is minimal Data rates are low Man-in-the-middle attacks are hard/impossible to do.

6 6 Types of Key Distribution Symmetric Asymmetric (Public Key) Quantum Key Distribution IKE Identity Based Encryption Distributed Key Management (PGP) Threshold Scheme (many non-trusted parties) Fortified Key Negotiation (Variation on DH) Pre-load

7 7 Symmetric Key Distribution Wide mouth frog Needham-schroeder Kerberos Otway Rees Yahalom Neuman-Stubblebine Pairwise Shaired Keys Blom’s Scheme Need access to a central server Variation of Pre-Load

8 8 Asymmetric Diffie-Hellman Key Exchange El Gamal Key Agreement (variation of DH) MTI/A0 (variation of DH) Shamir’s Three-pass protocol (uses RSA algorithm) COMSET – COMunications SETup Encrypted Key Exchange (EKE)(Uses pairwise keys) Interlock Protocol (Uses half-messages) Denning Sacco Public Key Exchange (Uses TTP) Woo Lam Protocol (uses TTP)

9 9 Quantum Key Exchange Based on the physical properties of photons. Very secure Currently limited range. Not compatible with RF communications.

10 10 IKE Developed by the IETF as the Key Management system for IPSec. Based on combination of symmetric and asymmetric techniques. IKE v1 was extremely complex to implement. IKE v2 is now been agreed. IKE v2 much simpler than v1 however still has a lot of handshaking. IKE was designed for Network Key Management, may not be suitable for other forms of encryption.

11 11 Identity Based Encryption Relatively new scheme Similar to PKI, however any arbitrary string can be used as public key. No need for certificate management. Does need access to a trusted 3 rd Party Cannot be used for authentication. Patented

12 12 Issues No current scheme (apart from pre-load) was developed with the unique needs of a space environment in mind. Can one key management technique be used for all 3 encryption schemes proposed in the Security Architecture? If not, can similar supporting infrastructure be used – thus reducing resource footprint. Due to the hostile nature of the space environment would it be sensible to recommend the use of a primary key agreement mechanism and a backup scheme? Should we only concentrate on a Key Management system for space use as whatever the “latest” method is, can be used for ground systems as these are relatively easily changed.

13 13 Questions


Download ppt "1 CCSDS Security Working Group Spring Meeting – Rome Key Management June 13 th 2006."

Similar presentations


Ads by Google