Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss...
-
Upload
silvia-bryant -
Category
Documents
-
view
214 -
download
0
Transcript of Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss...
![Page 1: Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA hsw@sparta.com +1-443-430-8089.](https://reader036.fdocuments.us/reader036/viewer/2022082711/56649f125503460f94c25181/html5/thumbnails/1.jpg)
Security WG:Report of the Fall 2008
Meeting
DIN, Berlin GermanyOctober 17, 2008
Howard WeissNASA/JPL/SPARTA
[email protected]+1-443-430-8089
![Page 2: Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA hsw@sparta.com +1-443-430-8089.](https://reader036.fdocuments.us/reader036/viewer/2022082711/56649f125503460f94c25181/html5/thumbnails/2.jpg)
Meeting Agenda• 13 October 2008
– 08:00 – 09:00: CCSDS Plenary– 09:00 – 12:00: Systems Engineering Area (SEA) Plenary
• 14 October 2008 (09:00 – 12:00)– Space Data Link Layer Security BOF
• 15 October 2008 (09:00 – 17:00)– Welcome, opening remarks, logistics, agenda bashing, introduction for new
attendees + Review of document progress and results of Spring 2008 meeting– Document Status (encryption, authentication, key management, mission planners)– “Big Picture” discussions (Black)– 1200-1300: Lunch – Security Architecture Document Discussions (Black)– Mission Planner’s Guide (Biggerstaff)
• 16 October 2008 (09:00 – 17:00)– Key Management (Fischer)– Application Layer Security (Pajevski/Weiss) – 1200-1300: Lunch – Other discussions (from last meeting):
» “Color” of books (magenta vs. blue)» Encryption & authentication application-specific parameters» Common Criteria for mission security profiles (knit docs together)» Agency security implementations (approach, requirements, security services)
– Meeting with DTN BOF (tentative)• 17 October 2008
– 1300-1700: SEA Wrap-up Plenary
![Page 3: Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA hsw@sparta.com +1-443-430-8089.](https://reader036.fdocuments.us/reader036/viewer/2022082711/56649f125503460f94c25181/html5/thumbnails/3.jpg)
AttendanceName Organization Email Address
Howard Weiss (Chair) NASA/JPL/SPARTA [email protected]
Gordon Black BNSC/Logica [email protected]
Daniel Fischer ESA/ESOC [email protected]
Martin Pilgram DLR [email protected]
Stefano Zatti ESA/ESRIN [email protected]
Clayton Sigman NASA/GSFC [email protected]
Craig Biggerstaff NASA/JSC/Lockheed [email protected]
Paolo Chinetti ASI [email protected]
Ignacio Aguilar-Sanchez ESA/ESTC [email protected]
Sebastain Kuzminsky University of Colorado [email protected]
Steve Rader NASA/JSC [email protected]
Zhao Heping CAST [email protected]
Lee Pits NASA/MSFC [email protected]
![Page 4: Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA hsw@sparta.com +1-443-430-8089.](https://reader036.fdocuments.us/reader036/viewer/2022082711/56649f125503460f94c25181/html5/thumbnails/4.jpg)
Executive Summary
Attendees from BNSC, ESA/ESOC, ESA/ESRIN, ESA/ESTEC, DLR, ASI, CAST, NASA/GSFC, NASA/JSC, NASA/MSFC, and NASA/JPL. CNES did not attend (a baby is due).
NASA and ESA participation from multiple, respective Agency centers continues to be the norm.
Joint meeting held with Space Link to begin a BOF for Space Link Layer Security Standardization
Reviewed the comments on the latest revision of the SecWG Security Architecture. With respect to the ongoing work in the SLS-BOF, we will add link layer security to the architecture core.
Encryption document out for pre-review review. Authentication document completed w/security section and submitted t
o secretariat. Discussed application layer security. Discussed color of books. Reviewed key management green and magenta books. Reviewed mission planners guide. Discussed the use of Common Criteria to create “space” Protection Profi
les again Discussed future work areas.
![Page 5: Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA hsw@sparta.com +1-443-430-8089.](https://reader036.fdocuments.us/reader036/viewer/2022082711/56649f125503460f94c25181/html5/thumbnails/5.jpg)
Summary of Goals and Deliverables
1. Discussion on the “big picture” of what the SecWG is doing and plans to do.
2. Security Architecture document will be revised based: new link layer security column will be added to the “core” combinatorics table.
3. Continue making good progress on Key Management green book. Stuck on KM magenta book pending information on current KM schemes used by the Agencies.
4. Excellent progress continues on Mission Planners Guide.5. Good discussion on application layer security and what could be used t
o provide “security shims” including the potential application of security integrated into messaging frameworks (e.g., AMS, SM&C).
6. Still mixed opinions on the use of the Common Criteria to write unambiguous security documents using an ISO standard language and format. Backburner pending some demonstration of its use.
7. Continue to work with other Areas and their WGs with respect to security.v Joint mtg w/SLS to create space link layer security BOF v Joint mtg DTN-BOF
![Page 6: Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA hsw@sparta.com +1-443-430-8089.](https://reader036.fdocuments.us/reader036/viewer/2022082711/56649f125503460f94c25181/html5/thumbnails/6.jpg)
SEA Area MID-TERM REPORTSUMMARY TECHNICAL STATUS
1. Security WG
Goal:
Working Status: Active _X_ Idle ____
Summary progress: Four documents actively being produced (Security Architecture, Key Management (2), Mission Planners Guide). All docs green.
Progress since last meeting: Authentication doc completed. Positive movement on Security Architecture doc, mission planners guide and KM. Link layer sec proposal
Problems and Issues: Resources – Excellent right now but need to ensure continued participation from all member agencies
status: OK CAUTION PROBLEM
Comment: Working Group is advancing and producing good
products.
Docs OK. Architecture revisions needed.
![Page 7: Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA hsw@sparta.com +1-443-430-8089.](https://reader036.fdocuments.us/reader036/viewer/2022082711/56649f125503460f94c25181/html5/thumbnails/7.jpg)
Near-Term ScheduleDeliverable Milestone Date
CCSDS Security Architecture
• Revise & update per meeting 06/09 R10/09 M
Key Management Green Book
• Revise per meeting comments 01/09
03/09 G
Key Management Magenta Book
• Being revised and restructured per internal ESA reviews and WG comments
03/09
03/10 M
![Page 8: Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA hsw@sparta.com +1-443-430-8089.](https://reader036.fdocuments.us/reader036/viewer/2022082711/56649f125503460f94c25181/html5/thumbnails/8.jpg)
Near-Term Schedule (cont)
Mission Planners Security Guide
Work in progress 10/08 G1
03/09 G2
10/09 G
Common Criteria Protection Profiles
Just starting 03/09 (white paper)
Application Layer Security
Just starting 03/09 (white paper)
![Page 9: Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA hsw@sparta.com +1-443-430-8089.](https://reader036.fdocuments.us/reader036/viewer/2022082711/56649f125503460f94c25181/html5/thumbnails/9.jpg)
Open Issues
None
![Page 10: Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA hsw@sparta.com +1-443-430-8089.](https://reader036.fdocuments.us/reader036/viewer/2022082711/56649f125503460f94c25181/html5/thumbnails/10.jpg)
Action ItemsItem Number Action Item: Assigned to: Date Due:
SecWG1008:1 • Assign hard dates to outstanding documents & vet with document authors
Howard Weiss 10/30/08
SecWG1008:2 • Provide re-write Security Architecture document section 7.5.1 to Gordon Black
Howard Weiss 11/15/08
SecWG1008:3 • Update & distribute revised Security Architecture document for WG final review
Gordon Black 1/30/08
SecWG1008:4 • Modify architecture diagram for possible inclusion into Security Architecture document
Ignacio Aguilar-Sanchez 11/30/08
SecWG1008:5 • Provide existing key management schemes for KM Magenta document to Daniel Fischer
ALL 12/15/08
SecWG1008:6 • Set up a WebEx telecon to exclusively review the KM documents – Jan 7 2009 @ 10:00 EST, 16:00 CEST
Howard Weiss 10/30/08
![Page 11: Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA hsw@sparta.com +1-443-430-8089.](https://reader036.fdocuments.us/reader036/viewer/2022082711/56649f125503460f94c25181/html5/thumbnails/11.jpg)
Action Items (2)SecWG1008:7 • Provide comments/updates to KM green book ALL 12/1/08
SecWG1008:8 • Provide comments/updates to KM magenta book ALL 1/1/09
SecWG1008:9 • Investigate use case scenarios, define/categorize the application layer problem. Identify interoperability scenarios/issues. Investigate use of message systems (AMS).
Mike Pajevski 03/09
SecWG1008:10 • How does CFDP plan to meet security req when docs are revised? What missions are now using CFDP and plan to use it?
Howard Weiss 11/30/08
SecWG1008:11 • Revise Mission Planners Guide roadmap diagrams. Ensure that 20007 controls are correctly mapped into our document.
Craig Biggerstaff 01/30/09
SecWG1008:12 • Write “awareness” statement for algorithms to be integrated into Security Architecture and/or Mission Planners Guide
Daniel Fischer 11/1/08
![Page 12: Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA hsw@sparta.com +1-443-430-8089.](https://reader036.fdocuments.us/reader036/viewer/2022082711/56649f125503460f94c25181/html5/thumbnails/12.jpg)
Action Items (3)
SecWG1008:13 • Plan for next meeting in Colorado Springs – become familiar with existing standards that might be applicable to our work (e.g., Common Criteria, IATF, etc).
ALL 03/09
SecWG1008:14 • Create a Powerpoint template for briefings by the agencies on their specific security practices
Howard Weiss 11/15/08
![Page 13: Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA hsw@sparta.com +1-443-430-8089.](https://reader036.fdocuments.us/reader036/viewer/2022082711/56649f125503460f94c25181/html5/thumbnails/13.jpg)
Resource Problems
Resources appear to be adequate to perform the current tasks. Resources are increasing:
ESA has provided additional resources NASA has provided additional resources We keep seeing and getting more interest
![Page 14: Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA hsw@sparta.com +1-443-430-8089.](https://reader036.fdocuments.us/reader036/viewer/2022082711/56649f125503460f94c25181/html5/thumbnails/14.jpg)
Risk Management Update
Must ensure that the current trend of additional resources remains and that resources don’t shrink.
![Page 15: Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA hsw@sparta.com +1-443-430-8089.](https://reader036.fdocuments.us/reader036/viewer/2022082711/56649f125503460f94c25181/html5/thumbnails/15.jpg)
Cross Area WG / BOF Issues
Joint meeting with SLS to create a new dual-area BOF NASA (JSC, JPL, GSFC) proposal for link layer protocol
Joint meeting with DTN
![Page 16: Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA hsw@sparta.com +1-443-430-8089.](https://reader036.fdocuments.us/reader036/viewer/2022082711/56649f125503460f94c25181/html5/thumbnails/16.jpg)
Resolutions to be Sent to CESG and Then to CMC
Resolution from link layer security BOF to charter as WG (from Gilles Moury)
![Page 17: Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA hsw@sparta.com +1-443-430-8089.](https://reader036.fdocuments.us/reader036/viewer/2022082711/56649f125503460f94c25181/html5/thumbnails/17.jpg)
New Working Items, New BOFs, etc.
Common Criteria Protection Profiles (backburner) Joint SLS/SEC Space Link Security BOF -> WG