Presentation on theme: "CCSDS Security Working Group Spring 2014 Meeting 10 November – 13 November 2014 London, England Okechukwu Mezu, Charles Sheehe NASA/Glenn."— Presentation transcript:
CCSDS Security Working Group Spring 2014 Meeting 10 November – 13 November 2014 London, England Okechukwu Mezu, Charles Sheehe NASA/Glenn
IPsec Project Overview Performing Encapsulating Security Payload (ESP) using pre- shared keys on a CCSDS Internet Protocol (IP) packet going from source node over a satellite in space to a destination node Red book requires: – Two independent verifications of a specification are required prior to acceptance – Compatibility must be shown the IPV4 IPsec compatibility testing with CNES satisfies – CCSDS yellow book records the official documentation of testing and Compatibility test
NASA Internal IPV4 Network Connectivity Cisco 3825 Router Ground Station R1 Cisco 3825 Router CCSDS Satellite R2 GE 0/0 192.168.1.1 GE 0/1 192.168.2.1 GE 0/0 192.168.2.2 GE 0/1 192.168.3.1 GE 0/1 192.168.4.1 GE 0/2 192.168.3.2 192.168.1.2 192.168.4.2 IPsec VPN Legend GE – Gigabit Ethernet Cisco 3825 Router Receive Station R3 Tunnel represents a direct logical connection between R1 & R3 through R2. However, all communication between R1 & R3 go through R2 (representing a satellite/networked cloud) Linux Box
NASA Internal IPV6 Network Connectivity Cisco 3825 Router Ground Station R1 Cisco 3825 Router CCSDS Satellite R2 GE 0/0 2001:db8:1:1::1/64 GE 0/1 2001:db8:1:2::1/64 GE 0/0 2001:db8:1:2::2/64 GE 0/1 2001:db8:1:3::1/64 GE 0/1 2001:db8:1:4::1/64 GE 0/2 2001:db8:1:3::2/64 GE 0/0 2001:db8:1:X::X/64 GE 0/0 2001:db8:1:4::2/64 IPsec VPN Legend GE – Gigabit Ethernet Tunnel represents a direct logical connection between R1 & R3 through R2. However, all communication between R1 & R3 go through R2 (representing a satellite/networked cloud) Linux Box Cisco 3825 Router Receive Station R3
CCSDS Yellow Book IPsec Test Matrix # IP V4 /6 ESP Tu nn el Int eg rit y IP co m p Authenticated EncryptionConfidentialityManual Key Au to Ke y No Rek ey 1 4XXX X X 2 4XXXXX X 3 4XXX XX 4 4XXXX XX 5 4XXX XX 6 4XXXXX XX 7 4XXX X XX 8 4XXXX X XX 9 6XXX X X 10 6XXXXX X 11 6XXX XX 12 6XXXX XX 13 6XXX X XX 14 6XXXXX XX 15 6XXX X XX 16 6XXXX X XX
Proposed CCSDS IPsec Compatibility Testing Planned compatibility testing – Testing of IPv4 Linux CentOS 6.4 & Linux Umbutu – Testing for IPv6 Not performed Tests – #1 thru #8: IPV4. File transferred – La ligne de rang, nous allons ramer, de laisser rangée, laissé, Disons ramer le canot, Si doucement, si doucement, si doucement, Allons sur la mer.
Status as of Spring Meeting Acquired hardware and software. Tested Local connectivity IPV4 & IPV6
Steps Accomplished from spring Resolve IPsec/VPN issue A:secure a module router, B: CNES multi agency test, C: excess shopping again. A&C&B dependent on resources Develop yellow book test configurations. Publish yellow book to WG chair for edits of tests and approval to proceed Update document and tests as necessary. IPV4 ping test with CNES
To be completed IPV4 test 1-8 from matrix Publish test results in yellow book for review by WG. Update document and testing as necessary. Publish yellow book out of WG, for acceptance
Your consent to our cookies if you continue to use this website.