0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/PARSONS...
-
Upload
pierce-ford -
Category
Documents
-
view
214 -
download
0
Transcript of 0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/PARSONS...
![Page 1: 0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1.443.430.8089 10 November 2014 BSI, London.](https://reader036.fdocuments.in/reader036/viewer/2022082711/56649f125503460f94c2519c/html5/thumbnails/1.jpg)
1
CCSDS Systems Engineering Area:
Security Working Group
Howard Weiss
NASA/JPL/PARSONS
+1.443.430.8089
10 November 2014
BSI, London UK
![Page 2: 0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1.443.430.8089 10 November 2014 BSI, London.](https://reader036.fdocuments.in/reader036/viewer/2022082711/56649f125503460f94c2519c/html5/thumbnails/2.jpg)
2
System Engineering Area Report
• Security WG• Goals:
- Develop security overview & threat assessment, security architecture, framework and related standards
- Current focus (algorithms, key management, network layer security, threat/risk)
• Working Group Status:- Progress
- Cryptographic Algorithms BB, Security Architecture MB, Information Security Glossary GB have been published
- Algorithm Green Book in CESG polling- Key Management book is normative procedures and
abstractions, will be MB, KM for SDLS extended procedures will be BB• KM BB is delayed due to focus on SDLS BB
- Revising Threat GB- Network Layer Security Adaptation Profile BB completed,
awaiting testing results (Yellow Book) to progress (GRC & CNES testing)
- Continuing good joint progress on SDLS WG, largely produced by SecWG members, reported in SLS
10 Nov, 2014
![Page 3: 0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1.443.430.8089 10 November 2014 BSI, London.](https://reader036.fdocuments.in/reader036/viewer/2022082711/56649f125503460f94c2519c/html5/thumbnails/3.jpg)
3
•The CCSDS Security WG is chartered to:
• Develop security recommendations:- Encryption, authentication, key management, etc
• Develop security guides and informative documents:- Security architecture, threat, secure interconnection guide, key
management, security glossary of terms, etc
• Provide advice and guidance to other WGs- E.g., Spacecraft Monitoring & Control, Space Link
OVERVIEW
10 Nov 2014
![Page 4: 0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1.443.430.8089 10 November 2014 BSI, London.](https://reader036.fdocuments.in/reader036/viewer/2022082711/56649f125503460f94c2519c/html5/thumbnails/4.jpg)
4
• Noorwijkerhout (April 2014) Progress:- Reviewed the revised Threat Green Book. Many comments and
additional changes. Threat Presentations on additional threats provided by Chuck Sheehe.
- Reviewed the Network Layer Security Adaptation Profile Blue Book with a re-written Section 2. Document was updated and is considered complete awaiting feedback from testing.
- Discussed NASA/GRC IPsec testing for Network Layer Adaptation Profile. Need an additional agency to test (maybe CNES).
- Reviewed Key Management SDLS extended procedures document.
- SDLS WG continues making good progress:- discussed outstanding RID (IV & AAD)- reviewed the final protocol, extended procedures, and the
green book.- Discussed possible future work areas: physical layer, CFDP
security, application layer security, mission operations security guide, secure software development guide.
STATUS
10 Nov 2014
![Page 5: 0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1.443.430.8089 10 November 2014 BSI, London.](https://reader036.fdocuments.in/reader036/viewer/2022082711/56649f125503460f94c2519c/html5/thumbnails/5.jpg)
5
STATUS (cont)
• Current Progress:- Completed:
- Algorithm Green Book (still in Secretariat editing queue)- Network Layer Security Adaptation Profile (awaiting
testing results)
- Continuing: - Key Management Blue Book- Key Management SDLS Extended Procedures (SDLS WG)- Threat GB revision (3rd draft circulated to WG)- SDLS interactions- SM&C security consultations- DTN security consultations
10 Nov 2014
![Page 6: 0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1.443.430.8089 10 November 2014 BSI, London.](https://reader036.fdocuments.in/reader036/viewer/2022082711/56649f125503460f94c2519c/html5/thumbnails/6.jpg)
6
• Key Management Yellow Book
• Network Layer Security Green & Yellow Books
• Upper Layer Security- Application layer adaptation profile
• Physical Layer Security- Spread spectrum, bulk encryption
• Mission Operations Security Guide
• DTN Security
• Secure Software Development Guide
• Cross Support Issues- E.g., Cross realm identification, authentication, access control- Increased SLE security?- Increased SM&C security?
• Integrate Individual Documents- Roadmap?
FUTURE WORK AREAS
10 Nov 2014
![Page 7: 0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1.443.430.8089 10 November 2014 BSI, London.](https://reader036.fdocuments.in/reader036/viewer/2022082711/56649f125503460f94c2519c/html5/thumbnails/7.jpg)
7
AGENDA
• 10 November 2014– 08:45 – 09:45: CCSDS Plenary (room G1)– 09:45 – 10:45: Systems Engineering Area (SEA) Plenary (room 503)
– 13:30 – 17:30: Security WG (room 505)– Welcome, introductions, logistics, agenda review
– Review results of Spring 2014 (Noordwijkerhout) meeting– Status of documents, action items
– Charter review (if required)– Threat book revision review (Weiss)– ESA Secure Software Development (Fischer)– Working Group Dinner
10 Nov 2014
![Page 8: 0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1.443.430.8089 10 November 2014 BSI, London.](https://reader036.fdocuments.in/reader036/viewer/2022082711/56649f125503460f94c2519c/html5/thumbnails/8.jpg)
8
AGENDA (cont)
• 11 November 2014 (08:45 – 17:30) (room 505)– Network Layer Security
» IPsec Testing + Yellow Book Status (Sheehe + others?)» Network layer security for non-IP environments (Fischer/Aguilar-
Sanchez)– Key Management Blue Book (Fischer/Aguilar-Sanchez)
» KM for SDLS extended procedures (Fischer)» KM for DTN (Burleigh)
– Link Layer Security Update Discussion (Biggerstaff/Weiss/Aguilar-Sanchez)
– Other areas of discussion– Proposed new areas of work
» Application Layer?– WG dinner
• 12 November 2014– 08:45-17:30: Space Data Link Security WG (room 514)
• 13 November 2014– 08:45-17:30: Space Data Link Security WG (room 514)
• 14 November 2014– 16:00-17:30: SEA Wrap-up Plenary (room 504)
10 Nov 2014
![Page 9: 0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1.443.430.8089 10 November 2014 BSI, London.](https://reader036.fdocuments.in/reader036/viewer/2022082711/56649f125503460f94c2519c/html5/thumbnails/9.jpg)
9
Action Items
10 Nov 2014
Item Number Action Item: Assigned to: Date Due:
SecWG0414:1 • Revise Threat GB Howard Weiss 10/1/14
SecWG0414:2 • Revise Network Layer testing Yellow Book and provide feedback from testing to Network Layer Security profile BB
Chuck Sheehe 11/1/14
SecWG0414:3 • Revise Network Layer Security Adaptation Profile
Howard Weiss 07/15/14
SecWG0414:4 • Look at NIST 800-152 for possible inclusion into KM docs
Daniel Fischer 09/15/14
SecWG0414:5 • White paper on link layer security (from last meeting).
Ignacio Aguilar-Sanchez 11/1/14
SecWG0414:6 • Investigate CNES performing Network Layer Security testing (from last meeting)
Julien Airaud 11/1/14
SecWG0414:7 • Write white paper on ideas about network layer security for non_IP environments (from last meeting)
Ignacio Aguilar-Sanchez & Daniel Fischer
07/1/14
![Page 10: 0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1.443.430.8089 10 November 2014 BSI, London.](https://reader036.fdocuments.in/reader036/viewer/2022082711/56649f125503460f94c2519c/html5/thumbnails/10.jpg)
10
Additional Action Items
10 Nov 2014
Item Number Action Item: Assigned to: Date Due:
SecWG1012:9 • Investigate how role-based access, in compliance with FIPS 140-2, can be used by flight crypto systems.
Craig Biggerstaff 11/01/12
SecWG1012:12 • Write white paper on physical layer security as a future work area
Ignacio Aguilar Sanchez
04/01/13
SecWG1012:13 • Re-open discussions re: security for SLE Howard Weiss 03/01/13