Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CCSDS Security Architecture Key Management 13 th April 2005 Athens.

Similar presentations

Presentation on theme: "1 CCSDS Security Architecture Key Management 13 th April 2005 Athens."— Presentation transcript:

1 1 CCSDS Security Architecture Key Management 13 th April 2005 Athens

2 2 CCSDS Security Architecture Requirement To securely distribute key material to every communications node in a space system. To do so efficiently. –Use minimal bandwidth overhead –Use minimal processing & storage overhead. –Use minimal handshaking

3 3 CCSDS Security Architecture Constraints Transmission delay Available bandwidth Processing and memory resources of remote platforms. Communications are non-continuous. Communication windows are variable –(and short in case of LEO) Mission lifetimes can last for years. 3 rd Parties are a long way away!

4 4 CCSDS Security Architecture Bonuses Number of times session keys need to be changed is minimal Data rates are low Man-in-the-middle attacks are hard/impossible to do.

5 5 CCSDS Security Architecture Types of Key Distribution Symmetric Asymmetric (Public Key) Quantum Key Distribution IKE Identity Based Encryption Distributed Key Management (PGP) Threshold Scheme (many non-trusted parties) Fortified Key Negotiation (Variation on DH)

6 6 CCSDS Security Architecture Symmetric Key Distribution Wide mouth frog Needham-schroeder Kerberos Otway Rees Yahalom Neuman-Stubblebine Pairwise Shaired Keys Blom’s Scheme Need a Trusted 3 rd Party Variation of Pre-Load

7 7 CCSDS Security Architecture Asymmetric Diffie-Hellman Key Exchange El Gamal Key Agreement (variation of DH) MTI/A0 (variation of DH) Shamir’s Three-pass protocol (uses RSA algorithm) COMSET – COMunications SETup Encrypted Key Exchange (EKE)(Uses pairwise keys) Interlock Protocol (Uses half-messages) Denning Sacco Public Key Exchange (Uses TTP) Woo Lam Protocol (uses TTP)

8 8 CCSDS Security Architecture Quantum Key Exchange Based on the physical properties of photons. Very secure Currently limited range. Not compatible with RF communications.

9 9 CCSDS Security Architecture IKE Developed by the IETF as the Key Management system for IPSec. Based on combination of symmetric and asymmetric techniques. IKE v1 was extremely complex to implement. IKE v2 is now being agreed. IKE v2 much simpler than v1 however still has a lot of handshaking. Possible use of IKE v2 phase one only –just two challenge/response pairs.

10 10 CCSDS Security Architecture Identity Based Encryption Newly developed scheme Similar to PKI, however any arbitrary string can be used as public key. No need for certificate management. Cannot be used for authentication. Patented

11 11 CCSDS Security Architecture Recommendations Use variant of IKEv2 phase one for the exchange of sessions keys. Use public/private keys and certificates for authentication.

12 12 CCSDS Security Architecture END

Download ppt "1 CCSDS Security Architecture Key Management 13 th April 2005 Athens."

Similar presentations

Ads by Google