1

CCSDS Systems Engineering Area:

Security Working Group

Howard Weiss

NASA/JPL/PARSONS

howard.weiss@parsons.com

+1.443.430.8089

10 November 2014

BSI, London UK

2

System Engineering Area Report

• Security WG• Goals:

- Develop security overview & threat assessment, security architecture, framework and related standards

- Current focus (algorithms, key management, network layer security, threat/risk)

• Working Group Status:- Progress

- Cryptographic Algorithms BB, Security Architecture MB, Information Security Glossary GB have been published

- Algorithm Green Book in CESG polling- Key Management book is normative procedures and

abstractions, will be MB, KM for SDLS extended procedures will be BB• KM BB is delayed due to focus on SDLS BB

- Revising Threat GB- Network Layer Security Adaptation Profile BB completed,

awaiting testing results (Yellow Book) to progress (GRC & CNES testing)

- Continuing good joint progress on SDLS WG, largely produced by SecWG members, reported in SLS

10 Nov, 2014

3

•The CCSDS Security WG is chartered to:

• Develop security recommendations:- Encryption, authentication, key management, etc

• Develop security guides and informative documents:- Security architecture, threat, secure interconnection guide, key

management, security glossary of terms, etc

• Provide advice and guidance to other WGs- E.g., Spacecraft Monitoring & Control, Space Link

OVERVIEW

10 Nov 2014

4

• Noorwijkerhout (April 2014) Progress:- Reviewed the revised Threat Green Book. Many comments and

additional changes. Threat Presentations on additional threats provided by Chuck Sheehe.

- Reviewed the Network Layer Security Adaptation Profile Blue Book with a re-written Section 2. Document was updated and is considered complete awaiting feedback from testing.

- Discussed NASA/GRC IPsec testing for Network Layer Adaptation Profile. Need an additional agency to test (maybe CNES).

- Reviewed Key Management SDLS extended procedures document.

- SDLS WG continues making good progress:- discussed outstanding RID (IV & AAD)- reviewed the final protocol, extended procedures, and the

green book.- Discussed possible future work areas: physical layer, CFDP

security, application layer security, mission operations security guide, secure software development guide.

STATUS

10 Nov 2014

5

STATUS (cont)

• Current Progress:- Completed:

- Algorithm Green Book (still in Secretariat editing queue)- Network Layer Security Adaptation Profile (awaiting

testing results)

- Continuing: - Key Management Blue Book- Key Management SDLS Extended Procedures (SDLS WG)- Threat GB revision (3rd draft circulated to WG)- SDLS interactions- SM&C security consultations- DTN security consultations

10 Nov 2014

6

• Key Management Yellow Book

• Network Layer Security Green & Yellow Books

• Upper Layer Security- Application layer adaptation profile

• Physical Layer Security- Spread spectrum, bulk encryption

• Mission Operations Security Guide

• DTN Security

• Secure Software Development Guide

• Cross Support Issues- E.g., Cross realm identification, authentication, access control- Increased SLE security?- Increased SM&C security?

• Integrate Individual Documents- Roadmap?

FUTURE WORK AREAS

10 Nov 2014

7

AGENDA

• 10 November 2014– 08:45 – 09:45: CCSDS Plenary (room G1)– 09:45 – 10:45: Systems Engineering Area (SEA) Plenary (room 503)

– 13:30 – 17:30: Security WG (room 505)– Welcome, introductions, logistics, agenda review

– Review results of Spring 2014 (Noordwijkerhout) meeting– Status of documents, action items

– Charter review (if required)– Threat book revision review (Weiss)– ESA Secure Software Development (Fischer)– Working Group Dinner

10 Nov 2014

8

AGENDA (cont)

• 11 November 2014 (08:45 – 17:30) (room 505)– Network Layer Security

» IPsec Testing + Yellow Book Status (Sheehe + others?)» Network layer security for non-IP environments (Fischer/Aguilar-

Sanchez)– Key Management Blue Book (Fischer/Aguilar-Sanchez)

» KM for SDLS extended procedures (Fischer)» KM for DTN (Burleigh)

– Link Layer Security Update Discussion (Biggerstaff/Weiss/Aguilar-Sanchez)

– Other areas of discussion– Proposed new areas of work

» Application Layer?– WG dinner

• 12 November 2014– 08:45-17:30: Space Data Link Security WG (room 514)

• 13 November 2014– 08:45-17:30: Space Data Link Security WG (room 514)

• 14 November 2014– 16:00-17:30: SEA Wrap-up Plenary (room 504)

10 Nov 2014

9

Action Items

10 Nov 2014

Item Number Action Item: Assigned to: Date Due:

SecWG0414:1 • Revise Threat GB Howard Weiss 10/1/14

SecWG0414:2 • Revise Network Layer testing Yellow Book and provide feedback from testing to Network Layer Security profile BB

Chuck Sheehe 11/1/14

SecWG0414:3 • Revise Network Layer Security Adaptation Profile

Howard Weiss 07/15/14

SecWG0414:4 • Look at NIST 800-152 for possible inclusion into KM docs

Daniel Fischer 09/15/14

SecWG0414:5 • White paper on link layer security (from last meeting).

Ignacio Aguilar-Sanchez 11/1/14

SecWG0414:6 • Investigate CNES performing Network Layer Security testing (from last meeting)

Julien Airaud 11/1/14

SecWG0414:7 • Write white paper on ideas about network layer security for non_IP environments (from last meeting)

Ignacio Aguilar-Sanchez & Daniel Fischer

07/1/14

10

Additional Action Items

10 Nov 2014

Item Number Action Item: Assigned to: Date Due:

SecWG1012:9 • Investigate how role-based access, in compliance with FIPS 140-2, can be used by flight crypto systems.

Craig Biggerstaff 11/01/12

SecWG1012:12 • Write white paper on physical layer security as a future work area

Ignacio Aguilar Sanchez

04/01/13

SecWG1012:13 • Re-open discussions re: security for SLE Howard Weiss 03/01/13