Transcript SEA-SEC Report-Apr2016

Security WG:
Report of the Spring 2016
Meeting
NASA/GRC, Cleveland Ohio USA
8 April 2016
Howard Weiss
NASA/JPL/PARSONS
[email protected]
+1-443-430-8089
Meeting Agenda
•4 April 2016
–08:45 – 09:45: CCSDS Plenary
–09:45 – 10:45: Systems Engineering Area (SEA) Plenary
–13:30 – 17:30: Security WG
–Welcome, introductions, logistics, agenda review
–Meeting dates for Fall 2016 (Rome) meeting (all)
–Review results of Fall 2015 (Darmstadt) meeting
–Status of documents and action items
–Review future work areas list for CWE Framework
–Charter review (if required)
–Strategic Plan Review (all)
–SANA Registry Discussion (all)
–CCSDS Credentials Program (Weiss, Sheehe, others)
–Cloud Testing Update & Demonstration (Bailey/Fischer)
–Green Book Revisions
–Security Protocols (Weiss)
–Secure Interconnection Guide (Biggerstaff)
–DTN Security (Weiss, Sheehe)
–Working Group Dinner - adhoc
Meeting Agenda (cont)
• 5 April 2016 (08:45 – 17:30)
– Network Layer Security
» IPsec Testing + Blue and Yellow Book Final Review
(Sheehe/Airaud/Weiss)
– Analysis of CCSDS Documents wrt Security (Black)
– Hardware/Trusted Security (Sheehe)
– Key Management Blue Book (Fischer/Aguilar-Sanchez)
» KM for SDLS extended procedures (Fischer)
» KM Green Book
– Link Layer Security Update Discussion (Biggerstaff/Weiss/AguilarSanchez/Fischer)
– Proposed new areas of work – continuation of discussions
– Other areas of discussion
– Reception
– Working Group Dinner
• 6 April 2016
– 08:45-17:30: Space Data Link Security WG
• 7 April 2016
– 08:45-13:30: Space Data Link Security WG
• 8 April 2016
– 16:00-17:30: SEA Wrap-up Plenary
Attendance
Name
Organization
Email Address
Howard Weiss (Chair)
NASA/JPL/PARSONS
[email protected]
Gordon Black
UK Space Agency/Qinetiq
[email protected]
Daniel Fischer (D/Chair)
ESA/ESOC
[email protected]
Ignacio Aguilar-Sanchez
ESA/ESTEC
[email protected]
Chuck Sheehe
NASA/GRC
[email protected]
Dorothea Richter
DLR
[email protected]
Julian Airaud
CNES
[email protected]
Brandon Bailey
NASA/GSFC
[email protected]
Craig Biggerstaff
NASA/JSC/Lockheed
[email protected]
Sandra Johnson
NASA/GRC
[email protected]
Executive Summary











Attendees from UK Space Agency, ESA/ESTEC, ESA/ESOC, DLR, CNES,
NASA/GRC, NASA/GSFC, NASA/JSC, and NASA/JPL.
Reviewed action items from Darmstadt. Nearly all the assigned action items from
Darmstadt were completed. Several others have been carried forward from several
past meetings. We discussed the closeout of the cloud computing action and how
best to document it (e.g., Green or Yellow book, TBD)
As per “direction” from the CESG, we discussed the “CCSDS Strategic Plan” and the
consensus was that it was more of a program status report and not at all ‘strategic.’
We discussed the use of the SANA registry for the registration of CCSDS ‘standard’
algorithms for a first start.
We discussed the direction of the “credentials” program and the consensus was to
create a standard based on ISO 9594-8 with a “strong” option based on X.509
certificates and a “less strong” option based on “protected simple authentication” as
used by SLE.
We reviewed the potential revision of 350.0 (CCSDS Protocols to Secure Systems
which will be edited and distribute to the WG.
Reviewed Network Layer Security adaption profile testing. Testing is completed as is
the Yellow Book with the test results. As a result of testing, the BB will be revised and
forwarded to the AD and Secretariat for polling.
We discussed and had a live demo between NASA and ESA of the use of the “cloud”
for CCSDS testing.
We discussed the use of “trusted hardware” in concert with or as an adjunct to the
previously discussed trusted/secure software initiatives.
Reviewed analysis of security in other working groups (see spreadsheet)
Discussed the changes/restructuring of the Key Management Magenta Book.
Summary of Goals and Deliverables
1. KM Magenta Book is progressing.
2. Met with SDLS – successfully making forward progress on
extended procedures.
3. NASA/GRC and CNES Network Layer Security testing is
completed along with the Yellow Book testing results.
4. Cloud computing testing environment has been successfully
demonstrated. How best to publish and document….
5. Consensus on the constitution of the credentials program.
6. Reviewed the draft revisions to 350.0.
1.
SEA Area MID-TERM REPORT
SUMMARY TECHNICAL STATUS
Security WG
Goal:
Working Status: Active _X_ Idle ____
Summary progress: documents actively being produced:
Key Management MB, Network Layer BB, Cloud Testing.
All docs green.
status:
Comment: Working
Group is advancing
and producing good
products.
OK
CAUTION
PROBLEM
Docs OK.
Progress since last meeting: network layer security testing,
KM MB progress, DTN Security (CMS), Secure Protocol
revision.
Problems and Issues: None
Near-Term Schedule
Deliverable
Milestone
Date
Key Management
Magenta Book
•
Continue drafting next revision
04/30/16
Network Layer
Profile
•
Completed per testing results
feedback
05/15/16
Network Layer
Yellow Book
•
Final – deliver with Network
Layer Profile to Secretariat
05/15/16
Cloud Testing
•
White paper -> Yellow or Green
draft
06/15/16
Update Credentials
“draft” program
•
Need to identify and lock in
testers to get program approval
07/01/16
Future Work Areas









(1) Credentials (2016) (NASA, ESA, DLR, CNES)
 Certificate management (separate doc?)
(2) Secure Software GB (2016-2017) (to be reviewed) (ESA,
NASA)
(3) Link layer security for future unified space link protocol
(migration of SDLS). (2018)
(4) Network layer over space packets (2017) (ESA)
(5) Application layer security (protecting the app layer):
 TLS; (2018)
 providing security services via the application layer (KM, etc)
eg., SM&C MOS (mission operation services). (2020)
SDLS Extended Procedures Green Book (2017)
SDLS Extended Procedures Yellow Book (2016)
Network Layer (IP) Security Green Book
DTN Security (underway in DTN WG)
Open Issues



Cloud Testing document – Yellow? Green? Other?
Security in other working groups (see next slide)
Reminder re: WG review of Red Books (See subsequent slide)
Security in Other WGs
Space Internetworking Services Area
Security Analysis of Recent CCSDS Docs.xlsx
706.1-G-2
Motion Imagery and Applications
May-15
No
8 Various embedded references
Table 2.1 - Security Domains for Video (& section 2.2.3.5)
4.1b & 4.3 - personal security
722.1-M-1
Operation of CFDP over Encapsulation Service
Mar-14
No
0
730.1-G-1
Solar System Internetwork (SS) Architecture
Jul-14
No
17
734.1-B-1
Licklider Transmission Protocol (LTP) for CCSDS
May-15
Yes
36 3.9 - LTP Security
Annex D - Security Considerations
734.2-B-1
CCSDS Bundle Protocol Specification
Sep-15
Yes
28 Annex G - Security Considerations
766.1-B-1
Digital Motion Imagery
May-15
Yes
16 Annex B - Security Considerations
May-15
Yes
Cross Support Services
901.1-M-1
Space Communications Cross Support - Architecture
Requirements Document
902.0-G-1
Extensible Space Communications Cross Support Service Management - Concept
Sep-14
No
913.1-B-2
Space Link Extension - Internet Protocol for Transfer
Services
Sep-15
Yes
100 4.4 - Security Reqs for Services
5.4 - Security Reqs for Physical Elements
7.4 - Security Reqs for E2E Deployments
Annex A - Security Considerations
1 5.10 - resource conflicts !
22 2.7 - Security Aspects of the Internet SLE Protocol
Resolutions to be Sent to the CESG and Then to CMC:
To reiterate from Pasadena and Darmstadt

Resolution: The SecWG will be actively engaged in the review of
all Red Books:
 Levels of involvement range from cursory examination of the
Red Books under development, to active involvement in the
development of the books.
 Response: AD will provide docs to the WG for review in
parallel with AD review.
 Resolution: All CCSDS document editors will reach out, early in
the development of the book to the SecWG to reduce downstream
security issues.
 Response: AD will provide “pointers” to WGs for SecWG
 Resolution: Security shall be addressed in all new project
initiations. All new projects should consider the extent to which
security is relevant. Considerations will be documented in the
project initiation request.
 Response: AD forwards new projects definitions to SecWG
to analyze security implications & to work with the initiating
WG.
Action Items
Item Number
Action Item:
Assigned to:
Date Due:
SecWG0416:1
•
Provide Rome meeting date preferences to
Nestor Peccia
All
Completed
SecWG0416:2
•
Publish cloud testing document – color?
Brandon Bailey
07/15/16
SecWG0416:3
•
Document WG comments & consensus on
Strategic Plan discussion
Howard Weiss
05/30/16
SecWG0416:4
•
Update credentials program entry in CWE
Howard Weiss
05/15/16
SecWG0416:5
•
Petition GRC management for resources for
Chuck Sheehe to be the book editor for the
credentials book
Chuck Sheehe
05/30/16
SecWG0416:6
•
Petition respective management for resources
for either Weiss or Biggerstaff to be alternate
book editors for credentials book
Howard Weiss, Craig
Biggerstaff
05/30/16
SecWG0416:7
•
Discuss reasoning for the use of ‘protected
simple authentication’ in SLE book with Erik
Barkley
Howard Weiss
Completed
Action Items
Item Number
Action Item:
Assigned to:
Date Due:
SecWG0416:8
•
Ask Secretariat if a book’s title can be
changed when under revision
Howard Weiss
Completed
SecWG0416:9
•
Review the current secure interconnection
guide and provide
suggestions/comments/direction for revisions.
All
06/30/16
SecWG0416:10
•
Remove IPComp from Network Layer
Security Adaption Blue Book.
Howard Weiss
06/01/16
SecWG0416:11
•
Revise KM Magenta Book
Daniel Fischer
04/30/16
Resource Problems

Resources had been adequate to perform the current tasks
although personnel have only limited time percentage to apply
to CCSDS tasks.
Risk Management Update

Must ensure that the current trend of additional resources
remains and that resources don’t shrink.
Cross Area WG/BOF Issues

Joint meeting with Space Data Link Security (SDLS) WG
 SDLS joint meeting with USLP
New Working Items, New BOFs, etc.


Credentials
Green Book revisions