SEA-SEC Report-11-2014
Download
Report
Transcript SEA-SEC Report-11-2014
Security WG:
Report of the Fall 2014
Meeting
BSI, London UK
14 November 2014
Howard Weiss
NASA/JPL/PARSONS
[email protected]
+1-443-430-8089
Meeting Agenda
•10 November 2014
–08:45 – 09:45: CCSDS Plenary (room G1)
–09:45 – 10:45: Systems Engineering Area (SEA) Plenary (room 503)
–13:30 – 17:30: Security WG (room 505)
–Welcome, introductions, logistics, agenda review
–Review results of Spring 2014 (Noordwijkerhout) meeting
–Status of documents, action items
–Future work areas for CWE Framework
–Charter review (if required)
–Threat book revision review (Weiss)
–ESA Secure Software Development (Fischer)
–Working Group Dinner
Meeting Agenda (cont)
• 11 November 2014 (08:45 – 17:30) (room 505)
– Network Layer Security
» IPsec Testing + Yellow Book Status (Sheehe + others?)
» Network layer security for non-IP environments (Fischer/AguilarSanchez)
– Key Management Blue Book (Fischer/Aguilar-Sanchez)
» KM for SDLS extended procedures (Fisher)
» KM for DTN (Burleigh)
» KM for EUMETSAT (Texier)
– Link Layer Security Update Discussion (Biggerstaff/Weiss/AguilarSanchez)
– Physical Layer Security (Aguilar-Sanchez)
– Other areas of discussion
– Proposed new areas of work
– WG dinner?
• 12 November 2014
– 08:45-17:30: Space Data Link Security WG (room 514)
• 13 November 2014
– 08:45-17:30: Space Data Link Security WG (room 514)
• 14 November 2014
– 16:00-17:30: SEA Wrap-up Plenary (room 504)
Attendance
Name
Organization
Email Address
Howard Weiss (Chair)
NASA/JPL/PARSONS
[email protected]
Gordon Black
UK Space Agency/Qinetiq
[email protected]
Daniel Fischer
ESA/ESOC
[email protected]
Ignacio Aguilar-Sanchez
ESA/ESTEC
[email protected]
Chuck Sheehe
NASA/GRC
[email protected]
Dorothea Richter
DLR
[email protected]
Julian Airaud
CNES
[email protected]
Guillame Texier
EUMETSAT
[email protected]
Brandon Bailey
NASA/GSFC
[email protected]
Tomaso DeCola
DLR
[email protected]
Keith Scott
NASA/JPL/MITRE
[email protected]
Scott Burleigh
NASA/JPL
[email protected]
Executive Summary
Attendees from UK Space Agency, ESA/ESTEC, ESA/ESOC, DLR, CNES, EUMETSAT,
NASA/GRC, and NASA/JPL. Martin Pilgram (DLR) has retired and will be missed in the SecWG.
NASA/JSC did not attend due to funding issues (and was also missed).
No charter or framework changes were required. However, there was a discussion on SecWG
future programs per the CESG/CMC request for future work programs.
Reviewed action items from Noordwijerhout. Carrying several forward and all others were
completed.
Reviewed revision of Threat GB. A large amount of restructuring and rewrite was provided by
Daniel Fisher. The WG will review these changes and discuss them in a telecon on 12 Dec.
Discussed ESA Secure Software Initiative (Fischer)
Reviewed Network Layer Security adaption profile testing. The BB is essentially completed
awaiting testing results. NASA/GRC is writing the Yellow Book and will provide feedback into the
Blue Book. CNES has established a testing environment and there is a connection between GRC
and CNES to accomplish on-line testing.
An overview of the (cancelled) SUMO and its space cyber consortium was provided (Sheehe)
Discussed Network Layer security for non-IP environments (i.e., space packets). This would
provide IPSec-like functions directly over space packets when not in an IP environment. It was
decided that this will become a new work item.
Discussed and reviewed the SDLS key management “extended procedures” document which will
be an SDLS BB
Discussed SDLS interoperability testing at ESOC (Fischer)
Discussed DTN Key Management (Burleigh)
Discussed EUMETSAT key management (Texier)
Discussed DTN Security plans and the streamlined Bundle Security Protocol (Scott)
Discussed physical layer security (Aguilar-Sanchez)
Discussed the need for a cloud-based testing environment to eliminate the need for agency
“sandboxes” and hard-to-obtain external connections and firewall changes.
Summary of Goals and Deliverables
1. Discussed the long term set of programs that the SecWG would
like to tackle over the long term per CESG/CMC requests.
2. KM Magenta Book for symmetric KM is progressing in lock step
with the SDLS extended procedures KM Blue Book. Reviewed
DTN KM and EUMETSAT KM.
3. Major restructuring proposal for the Threat Green Book that has
to be reviewed in depth by the WG and discussed on 12 Dec.
4. NASA/GRC and CNES testing is progressing on Network Layer
Security.
5. Decided to request program start for Network Layer over space
packets.
6. Discussed Physical Layer Security.
7. Reviewed SDLS progress
8. Discussed DTN security.
9. The Algorithms GB is in CESG polling.
1.
SEA Area MID-TERM REPORT
SUMMARY TECHNICAL STATUS
Security WG
Goal:
Working Status: Active _X_ Idle ____
Summary progress: documents actively being produced:
Key Management MB, Threat GB revision, Network
Layer BB. All docs green.
status:
Comment: Working
Group is advancing
and producing good
products.
OK
CAUTION
PROBLEM
Docs OK.
Progress since last meeting: threat GB rev, network layer
security testing, KM MB progress.
Problems and Issues: None
Near-Term Schedule
Deliverable
Milestone
Date
Key Management
Blue Book
•
Continue drafting next revision
Network Layer
Profile
•
Completed per testing results
feedback
Threat Document
Revision
•
4rd revised draft
03/15
Network Layer
Yellow Book
•
Final
03/15 (or
earlier)
03/15
Future Work Areas
Network layer security over Space Packets (priority #1, 2017)
Application layer security (priority #2):
TLS adaptation (2018)
Security services in the application layer (2020)
Physical layer security (spread spectrum, frequency hopping,
coding) (priority #3, 2019)
Key Management Yellow Book
Network layer security Green Book
Mission Operations Security Guide (2018)
DTN Security (2018)
Secure Software Development Guide (2019)
Cross Support Security (2024)
Roadmap (2018)
Link layer security for USL (migration of SDLS) (2025)
Open Issues
None
Action Items
Item Number
Action Item:
Assigned to:
Date Due:
SecWG1114:1
•
Review Threat Green Book Restructuring
All
12/12/14
SecWG1114:2
•
Adapt non-IP network layer security
presentation into a White Book proposal.
Daniel Fischer
02/15/14
SecWG1114:3
•
Revise KM document for WG review
Daniel Fischer
02/15/14
SecWG1114:4
•
Look at NIST 800-152 for possible inclusion
into KM docs (carried from last mtg)
Daniel Fischer
01/15/15
SecWG1114:5
•
Update KM green book with EUMETSAT
inputs.
Guillame Texier
03/01/15
SecWG1114:6
•
Investigate how we provide assistance to
another WG when the SecWG does not
produce a document
Howard Weiss
12/1/15
SecWG1114:7
•
White paper on link layer security (from last
meeting). (carried from last mtg)
Ignacio Aguilar-Sanchez
03/01/15
Resource Problems
Resources had been adequate to perform the current tasks
although personnel have only limited time percentage to apply
to CCSDS tasks.
Loss of JSC member attendance hurts – hopefully this issue will
be resolved before the next meeting.
Risk Management Update
Must ensure that the current trend of additional resources
remains and that resources don’t shrink.
Cross Area WG / BOF Issues
Joint meeting with Space Data Link Security WG
SecWG meeting attended by DTN WG members (including
chair)
Resolutions to be Sent to CESG and Then to CMC
Resolution: The SecWG will be actively engaged in the review
of all Red Books:
Levels of involvement range from cursory examination of the
Red Books under development, to active involvement in the
development of the books.
Resolution: All CCSDS document editors will reach out, early in
the development of the book to the SecWG to reduce
downstream security issues.
Resolution: Security shall be addressed in all new project
initiations. All new projects should consider the extent to which
security is relevant. Considerations will be documented in the
project initiation request.
New Working Items, New BOFs, etc.
Network Layer Security for non-IP Environments.