Presentation is loading. Please wait.

Presentation is loading. Please wait.

Space Data Link Secure Protocol Interoperability Testing Interfaces Definition Proposal Bruno Saba DCT/TV/IN 26/04/2010.

Published byCharity Townsend Modified over 9 years ago

Similar presentations

Presentation on theme: "Space Data Link Secure Protocol Interoperability Testing Interfaces Definition Proposal Bruno Saba DCT/TV/IN 26/04/2010."— Presentation transcript:

1 Space Data Link Secure Protocol Interoperability Testing Interfaces Definition Proposal Bruno Saba DCT/TV/IN 26/04/2010

2 SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 2 Interfaces between two distant simulators ■Data Interfaces  Connecting one or more « useful » data stream  TC or Forward link(s)  TM or Return link(s) ■Control Interfaces  Used for exchange of data relative to the simulators’ management  « Synchronisation » data –Simulation starting time –…  Others –Simulator results –Files for comparison –…

3 SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 3 CNES’ Proposals ■1st step of Interoperability Testing  Main goal : KEEP IT SIMPLE !  The objective is to validate the protocol, not to build a complex network system  Use UDP/IP for data streams  TC or Forward Link  TM or Return Link  UDP/IP is a well defined and well known protocol  No need for special hardware or software  Easy to implement  No flow control, some packets can be lost (like in the « real life » of the protocol)  Can be used on-line between two distant simulators, or off-line on localhost  Already used in CNES’ simulator

4 SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 4 CNES’ Proposals ■1st step of Interoperability Testing (cont’d)  On-line or Off-line simulations  On-line : direct communication via UDP/IP  Off-line : exchange of files  Use e-mails or telephone for control data  Simulations Starting time / Ending time scheduled by emails  File exchange by email –Transfer of data files for comparison purposes –Transfer of simulation results  Use of phone if needed…  Use of TCP/IP for synchronisation purposes only on the 2 nd step, only if needed

5 SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 5 What do we need to agree on ? ■Interfaces between simulators (easy…)  UDP/IP for data  Emails or phone for control ■First implementation of the SDLS protocol ! (not so easy…)  SDLS protocol baseline  Secure services (authentication, encryption, authenticated encryption)  Algorithm(s) and modes of operation  Security Association / Security Context convergence… DONE  Position of Security Layer (TC Link) DONE  Security header definition DONE  Security header position DONE  …

6 SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 6 First implementation of the SDLS protocol ■Services provided  Clear mode  Authentication only (AO)(TC,TM)  Authenticated Encryption (AE)(TC,TM)  Encryption Only (EO)(TM Only)  No switching management between services ■Algorithms and modes of operation (same algorithms for TC and TM)  AES GMAC (for AO)  AES GCM(for AE)  AES CTR (for EO) ■No special Key Management  Exchange of Keys between two simulators before simulation session ■No Security Association Dynamic Management  Agreement on the content of the SA to be used before simulation

7 SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 7 First implementation of the SDLS protocol ■TC link (or Forward link)  Transmission of the complete CLTU ?  Including Start Sequence (EB90) and Tail Sequence  This would allow future testing of hardware implementation of the protocol  COP-1 Implementation ?  May be useful to see possible interaction between COP-1 and SDLSP…  Position of Security Header  Just after the Transfer Frame Primary Header (as defined in 132.5-W1 Nov 2009)

8 SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 8 First implementation of the SDLS protocol ■TC link (cont’d)  Security Header Definition  Sequence Number : not needed, Initialization Vector and Authentication service providing anti-replay protection  Initialization Vector : 4 Bytes  Key Index : not needed for TC link  PAD length : not needed  Security Header total length : 6 Bytes  Trailer (Message Authentication Code) length : 16 Bytes

9 SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 9 First implementation of the SDLS protocol ■TC link (cont’d)  Security Association Definition  Each Security Association must contain –Global MAPID(s) to which it is assigned –Service provided (Clear, AO, AE) –Key  Initialisation Vector Management  4 byte counter  Generated by the ground segment  On-board control mecanism : new received IV must be greater than the previous one  Guarantees IV uniqueness  Also provides anti-replay service

10 SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 10 First implementation of the SDLS protocol ■TM link (or Return link)  Transmission of the complete CADU ?  Including Start Sequence (1ACFFC1D) and Tail Sequence  This would allow future testing of hardware implementation of the protocol  Position of Security Header  Just after Frame Secondary Header (if present) (as defined in 132.5-W1 Nov 2009)

11 SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 11 First implementation of the SDLS protocol ■TM link (cont’d)  Security Header Definition  Sequence Number : –Not needed if Encryption Only mode is not used, Initialization Vector and Authentication service providing anti-replay protection –When using EO mode, counter on IV provides anti replay protection  Initialization Vector : 6 Bytes ?  Key Index : 2 Bytes  PAD length : not needed  Security Header total length : 10 Bytes  Message Authentication Code (trailer) : 16 Bytes

12 SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 12 First implementation of the SDLS protocol ■TM link (cont’d)  Security Association Definition  Each Security Association must contain –Global Virtual Channel(s) to which it is assigned –Service provided (Clear, AO, AE, EO) –Key set (key selection by key index)  Initialisation Vector Management  6 byte counter  Generated on-board  On-board generation guarantees no regression : new IV sent is greater than the previous one (+1)  Guarantees IV uniqueness  Also provides anti-replay service

13 SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 13 Conclusion ■Development of the simulators can start as soon as everybody agrees on the first implementation of the SDLS Protocol ■Interoperability Testing would then begin step by step  TM Link  TC Link (no COP-1)  TM Link and TC Link  TM Link and TC Link with COP-1

14 SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 14 Thank you for your attention

Download ppt "Space Data Link Secure Protocol Interoperability Testing Interfaces Definition Proposal Bruno Saba DCT/TV/IN 26/04/2010."

Similar presentations

“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Why to learn OSI reference Model? The answer is too simple that It tells us that how communication takes place between computers on internet but how??

Why to learn OSI reference Model? The answer is too simple that It tells us that how communication takes place between computers on internet but how??
CCNA – Network Fundamentals

CCNA – Network Fundamentals
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Space Data Link Security Protocol Compatibility with other standards Bruno Saba DCT/TV/IN 26/10/2010.

Space Data Link Security Protocol Compatibility with other standards Bruno Saba DCT/TV/IN 26/10/2010.
SDLS impact on TM, AOS, TC Space Data Link Protocols Greg Kazz NASA/JPL Oct 16/17, 2012.

SDLS impact on TM, AOS, TC Space Data Link Protocols Greg Kazz NASA/JPL Oct 16/17, 2012.
A General Purpose CCSDS Link layer Protocol Next Generation Data Link Protocol (NGDLP) Ed Greenberg Greg Kazz 10/17/2012 1.

A General Purpose CCSDS Link layer Protocol Next Generation Data Link Protocol (NGDLP) Ed Greenberg Greg Kazz 10/17/
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Chapter 2 Network Models.

Chapter 2 Network Models.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.

Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
Protocols and the TCP/IP Suite

Protocols and the TCP/IP Suite
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Circuit Switching (a) Circuit switching. (b) Packet switching.

Circuit Switching (a) Circuit switching. (b) Packet switching.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
Chapter 2 Network Models.

Chapter 2 Network Models.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

Similar presentations

Ads by Google