Security WG Status Review

ESA European Space Operations CentreDarmstadt, Germany

16 April 2012Howard Weiss

NASA/JPL/SPARTAhoward.weiss@sparta.com

+1-443-430-8089skype: hsweiss

Boulder Meeting Agenda

• 31 October 2011– 08:45 – 09:45: CCSDS Plenary– 09:45 – 12:00: Systems Engineering Area (SEA) Plenary

• 1 November 2011 (09:00 – 17:00)– Welcome, opening remarks, logistics, agenda bashing, introductions– Review results of Spring 2011 (Berlin) meeting

– Status of documents– Review newly updated CWE entries: charter, programs, schedules– Security Architecture RID Disposition (Black)– Algorithm Document review (Weiss)– Algorithm Yellow Book review (Weiss)– Glossary Review (Weiss)

Meeting Agenda (cont)

• 2 November 2011 (09:00 – 17:00)– Key Management (Fischer/Aguilar-Sanchez)– Threat book review (All)– Cross Support (All) ??– SM&C Support (Fischer) ??– Network Layer Security Update (Weiss)– Link Layer Security Update (Biggerstaff/Weiss/Aguilar-Sanchez)– Other areas of discussion– New work areas

• 3 November 2011 – 09:00-17:00: Space Data Link Security WG

• 4 November 2011– 09:00-12:30: Space Data Link Security WG– 13:00-17:00: SEA Wrap-up Plenary

Attendance

Name Organization Email Address

Howard Weiss (Chair) NASA/JPL/Cobham howard.weiss@sparta.com

Gordon Black UK Space Agency/Logica gordon.black@logica.com

Daniel Fischer ESA/ESOC daniel.fischer@esa.int

Martin Pilgram DLR martin.pilgram@dlr.de

Craig Biggerstaff NASA/JSC/Lockheed craig.biggerstaff-1@nasa.gov

Ignacio Aguilar-Sanchez ESA/ESTEC ignacio.Aguilar.Sanchez@esa.int

Clayton Sigman NASA/GSFC clayton.signman@nasa.gov

Dorothea Richter DLR dorothea.richter@dlr.de

Executive Summary Attendees from UK Space Agency, ESA/ESTEC, ESA/ESOC, DLR,

NASA/JSC, NASA/GSFC, and NASA/JPL. No attendees from ASI or CNES (CNES says they will attend in the Spring).

Reviewed charter updates as recorded on CWE. Need to add Network Layer Blue Book as new work area.

Reviewed and dispositioned the 86 RIDS against the Security Architecture document.

Reviewed Security Glossary. A few minor changes need to be made and then the document will be submitted to the AD.

Reviewed Algorithm Blue Book: a few more minor changes and the document will be submitted to AD.

Reviewed the updated version of the Algorithm Yellow Book. Discussed KM Blue Book. Minimal progress since last mtg due to

resource constraints. Reviewed network layer security profile – Adaptation Profile BB SDLS making good progress. SDLS papers being submitted to IEEE

Aero Conference (Big Sky) + SpaceOps.

Summary of Goals and Deliverables

1. Recent charter update didn’t include network layer security. Change made – some conflict resulted but has been cleared up.

2. Minimal changes to Algorithm document. Yellow Book for testing (2nd draft) discussed and will be revised with a few changes. ESA, DLR, GSFC potential testing sites.

3. Key Management green book submitted to AD. published

4. KM Blue Book for symmetric KM hit resource constraints.

5. Security glossary needs a few tweaks and then submit.

6. Network layer security for use of IPsec slated to be an “Adaptation Profile” Blue Book.

7. Cross Support & SM&C Security: discussed but no activity.

8. Reviewed & discussed revisions to the Threat Green Book.

Near-Term ScheduleDeliverable Milestone Date

Charter Update • Update for network layer security 11/11

Algorithm Blue Book

• Incorporate changes per mtg & submit to AD

12/11

Key Management Blue Book

• Continue drafting next revision 04/12

Network Layer Profile

• Layout of document 02/12

Threat Document Revision

• Determine revision contents 02/12

Information Security Glossary

• Final edits & submit to AD 12/11

Near-Term Schedule (cont)

Common Criteria Protection Profiles

On hold TBD

Application Layer Security

On hold TBD

Open Issues

Deciding what/how to revise Threat Green Book.

Action ItemsItem Number Action Item: Assigned to: Date Due: Status

SecWG1111:1 • Update charter for Network Layer Security

Howard Weiss 11/18/11 Complete

SecWG1111:2 • Provide RID disposition feedback and revise Security Architecture document.

Gordon Black 01/15/12 Complete

SecWG1111:3 • Check the meaning of Security Architecture RID #17 with ESA author.

Daniel Fischer 11/10/11 Complete

SecWG1111:4 • Obtain a document number for the Information Security Glossary from the Secretariat Editor

Howard Weiss 11/10/11 CCSDS 350.8-G

SecWG1111:5 • Update the Information Security Glossary and submit final to AD

Howard Weiss 12/2/11 Complete – submitted Nov 2011

SecWG1111:6 • Update the Algorithm Blue Book and submit to AD

Howard Weiss 12/16/11 Complete

Action Items (2)SecWG1111:7 • Update Algorithm Yellow Book per

comments.Howard Weiss 01/16/12 Complete

SecWG1111:8 • Check to ensure that all the Algorithm Yellow Book references are needed and are normative.

All 01/16/12 Complete

SecWG1111:9 • Obtain a number for the Algorithm Yellow Book from the Secretariat Editor

Howard Weiss 11/10/12 CCSDS 352.1-Y

SecWG1111:10 • Determine SA Lifetimes for the Network Layer Security Profile

Howard Weiss 01/16/12 Default appears to be 1 hour. Cisco allows up to 24 hrs or 10 Mb.

SecWG1111:11 • Coordinate Algorithm testing Dorothea Richter, Daniel Fischer, Clayton Sigman

01/16/12

SecWG1111:12 • Determine if a threat registry exists. Craig Biggerstaff, Howard Weiss

11/10/12 None found. closed

SecWG1111:13 • Develop an outline/roadmap for revising the Threat Green Book.

Gordon Black, Craig Biggerstaff, Howard Weiss

02/22/12 Open

New Working Items, New BOFs, etc.

Channel coding for security (based on Shannon codes) Security for software defined radios Continue to discuss security additions for SLE and SM&C.