CCSDS Security Working Group Application Layer Security Discussion Mike Pajevski NASA/JPL October 2008 10/14/20082 Intro Benefits of Application Layer Security Objectives for Application Layer Security Useful approaches Priorities 10/14/20083 Benefits of Application Layer Security Application layer security offers fine-grained access control Useful when different sources of commands or file service requests have differing rights Application layer security supports widest range of interaction patterns Application layer security can provide (additional) confidentiality protection i.e., over-and-above lower layer controls, or without lower layer confidentiality (depending on needs) Useful for highly sensitive data (e.g., keys) 10/14/20084 Objectives for Application Layer Security To provide fine-grained access control, the security mechanism must have access to the authenticated identity and security policy related details of the interaction (e.g., target subsystem of a command; filename and create/read/update/ delete action type; service interface name; operation name) Common identification and authentication data (and authorization policy data?) usable for multiple apps Extensible and self-describing protocols (e.g., for type of credential used) support evolution, federation, and diversity of systems Policy-based approach supports mission-specific rules Management policies support set up and remote updates Optional confidentiality protects sensitive data 10/14/20085 What approaches are useful? Integrate security into each application protocol? e.g., add authentication data fields (& encryption?) into CFDP protocol Benefit: Details needed for access control are contained within a single protocol Drawback: Details are specific to each application Use Delay Tolerant Networking (DTN) security Benefits: Defined standard ; Can be used under any application Drawback: The filename/action or subsystem information about the exchange is not part of this protocol thus cross-protocol interaction is needed to provide access control Use a common shim like TLS Benefits: Defined standard; Can be used under any application Drawbacks: The filename/action or subsystem information about the exchange is not part of this protocol thus cross-protocol interaction is needed to provide access control AND TLS requires handshaking to establish session keys Authentication credentials can be preplaced, but session keys are negotiated when sessions start Would a session key management protocol be useful? Note that TLS sessions can be resumed Message-based security e.g., Cryptographic Message Syntax (CMS), S/MIME, WS-Security Benefits: Defined standards Drawbacks: The filename/action or subsystem information about the exchange is not (usually) part of these protocols thus cross-protocol interaction is needed 10/14/20086 Priorities? What is most important e.g., incorporating security into CFDP or CxPs Data Exchange Message (DEM); or developing an approach for a common shim? What objectives are most important? e.g., diversity, federation, evolve-ability, confidentiality, flexibility, extensibility? When might this capability be needed? e.g., CxP Lunar Sortie or Surface Missions?