Presentation is loading. Please wait.

Presentation is loading. Please wait.

CCSDS Security WG meeting October 2008, hosted by DLR at DIN premises (Berlin) 1 Data Link Security BOF An ESA contribution on Lessons Learned and Issues/Questions.

Published byBrittney Snow Modified over 8 years ago

Similar presentations

Presentation on theme: "CCSDS Security WG meeting October 2008, hosted by DLR at DIN premises (Berlin) 1 Data Link Security BOF An ESA contribution on Lessons Learned and Issues/Questions."— Presentation transcript:

1 CCSDS Security WG meeting October 2008, hosted by DLR at DIN premises (Berlin) 1 Data Link Security BOF An ESA contribution on Lessons Learned and Issues/Questions for the WG Charter I. Aguilar/D. Fischer

2 CCSDS Security WG meeting October 2008, hosted by DLR at DIN premises (Berlin) 2 Some lessons learned (1) Padding or no padding? –Consider the impact of data padding: A pseudo protocol required to handle padding generation at source and processing/removal at sink. Need to identify and define the length and position of padding data. Impacts throughput. Feasibility for very high data rates? –A solution: Choose cryptographic algorithms that eliminate the need for padding Key synchronization –Critical operational concern: how to make sure that both ends of the secured communication session achieve and maintain cryptographic key synchronization in all conditions. –A solution: Use data-driven synchronization; The transmitted message contains pointer to the key to be used; Telemeter on-board set pointer. Mirror on-board and on-ground key memories.

3 CCSDS Security WG meeting October 2008, hosted by DLR at DIN premises (Berlin) 3 Some lessons learned (2) Secure and clear modes management: accommodation and impacts –Presence or absence of security protocol may imply presence or absence of certain data structures. –Throughput needs to be adapted according to mode. –Change data rate: An obvious solution with significant implications on implementations, e.g., more complexity. –A preferred solution: Use data structures whose data length can be modulated (short for secure mode, long for clear mode). Exceptions –Critical operational concerns: COP-1 not always present. Telemetry not always present. –Still, Telecommand security has to work. Problem with anti-replay management and blind commanding. –A solution: Relax anti-replay management condition: rather than anti-replay parameter equality accept a window of parameter values. Caveat: security is degraded.

4 CCSDS Security WG meeting October 2008, hosted by DLR at DIN premises (Berlin) 4 Some lessons learned (3) Logical and physical placement interaction –Same protocol design can have different throughput impacts according to physical implementation. –Position before on-board segment processor: Timing and flow control between control and data frames managed with guard times. Strong throughput impact: up to 50% reduction. –Choice driven by industrial planning considerations. –Throughput penalty acceptable for that application (GSO telecom satellite). –Solution would not be acceptable for other applications (e.g., short contact times).

5 CCSDS Security WG meeting October 2008, hosted by DLR at DIN premises (Berlin) 5 Some lessons learned (4) Command authentication/decryption are Vital functions as defined by ESA. –function that is essential to mission success and that can cause permanent mission degradation if not executed when it should be, or wrongly executed, or executed in the wrong context. Need to have ALWAYS indication of TC authentication/decryption protocol status, regardless of spacecraft telemetry process. –Similar to CLCW with RF flags and COP-1. –Two free bits in CLCW (4 indications?).

6 CCSDS Security WG meeting October 2008, hosted by DLR at DIN premises (Berlin) 6 Some questions for the WG Charter (1) What does a Security Association comprise in our context? –Cryptographic algorithm and configuration. –Configuration implies mode of operation, IV, cryptographic key length. –Freshness parameter. Entities on the ground and entities on the spacecraft: typically 2 on each side. Implication: –at least 4 security associations. Protocol data structures shall support the identification of the ongoing security association between ground and spacecraft. –Ability for the ground to address a primary or secondary on- board security function. –Ability for the spacecraft to identify and manage all the security associations.

7 CCSDS Security WG meeting October 2008, hosted by DLR at DIN premises (Berlin) 7 Some questions for the WG Charter (2) Data Link Security protocol What does it mean to protect the data link? Which are the data structures within the data link format that would be protected/affected? –Input for the WG Charter: Options need to be identified and studied. –Preliminary work already reported in Green Book. –One proposal provided by NASA for this meeting. –Others were reported in various papers at ESA TT&C 2007 Workshop, ESA studies.

8 CCSDS Security WG meeting October 2008, hosted by DLR at DIN premises (Berlin) 8 Some questions for the WG Charter (3) Payload Data Encryption Very High Speed Downlink requires a multi- carrier signal ergo multiple parallel data streams. Multiple instances of encryption or a single instance before de-multiplexing? Where is the Data link de-multiplexed? Virtual Channel?

9 CCSDS Security WG meeting October 2008, hosted by DLR at DIN premises (Berlin) 9 Some questions for the WG Charter (4) Anti-replay management Freshness required on Authenticated Data. Freshness field shall be used not only for MAC generation but it shall also be transmitted. COP-1 assumptions? Freshness field length and key management: independent?

10 CCSDS Security WG meeting October 2008, hosted by DLR at DIN premises (Berlin) 10 Some questions for the WG Charter (5) Channel error propagation: relationship with security Security shall not multiply transmission channel errors. Does security protocol design need to consider a minimum channel error performance? Authentication Protects against intentional manipulation of data. Protection against random data manipulation (e.g., transmission channel errors) is the responsibility of other protocols. CRC and coding provides detection and sometimes correction of channel errors

11 CCSDS Security WG meeting October 2008, hosted by DLR at DIN premises (Berlin) 11 Some questions for the WG Charter (6) Interoperability/integration with COP-1 What are the COP-1 assumptions for the definition and operation of a Data Link Security protocol? AD mode? BD mode? BC mode? Should data link security protocol be concerned with COP-1 control frames?

12 CCSDS Security WG meeting October 2008, hosted by DLR at DIN premises (Berlin) 12 Some questions for the WG Charter (7) How to accommodate both secure and clear modes without impacting much the other protocol layers? Consider secured and clear modes management.

13 CCSDS Security WG meeting October 2008, hosted by DLR at DIN premises (Berlin) 13 Some questions for the WG Charter (8) Which implementation assumptions, if any, need to be considered? Experience has shown (see previous slides on lessons learned) that implementation constraints can drive protocol design. A protocol designed in full isolation of implementation realities is likely to fail to be adopted. Some implementation realities and constraints are Agency dependent. Is there a chance to find some common ground for the benefit of all Agencies?

Download ppt "CCSDS Security WG meeting October 2008, hosted by DLR at DIN premises (Berlin) 1 Data Link Security BOF An ESA contribution on Lessons Learned and Issues/Questions."

Similar presentations

Chapter 3 The Data Link Layer.

Chapter 3 The Data Link Layer.
The Data Link Layer Chapter 3. Data Link Layer Design Issues Services Provided to the Network Layer Framing Error Control Flow Control.

The Data Link Layer Chapter 3. Data Link Layer Design Issues Services Provided to the Network Layer Framing Error Control Flow Control.
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
VSMC MIMO: A Spectral Efficient Scheme for Cooperative Relay in Cognitive Radio Networks 1.

VSMC MIMO: A Spectral Efficient Scheme for Cooperative Relay in Cognitive Radio Networks 1.
FPGA Configuration. Introduction What is configuration? – Process for loading data into the FPGA Configuration Data Source Configuration Data Source FPGA.

FPGA Configuration. Introduction What is configuration? – Process for loading data into the FPGA Configuration Data Source Configuration Data Source FPGA.
Data Link Protocols(HDLC & PPP). Data Link Protocols The set of specifications used to implement the DLL. DLL Protocols Synchronous Protocols Character-oriented.

Data Link Protocols(HDLC & PPP). Data Link Protocols The set of specifications used to implement the DLL. DLL Protocols Synchronous Protocols Character-oriented.
HIGH-LEVEL DATA LINK CONTROL (HDLC) HDLC was defined by ISO for use on both point-to-point and multipoint data links. It supports full-duplex communication.

HIGH-LEVEL DATA LINK CONTROL (HDLC) HDLC was defined by ISO for use on both point-to-point and multipoint data links. It supports full-duplex communication.
SDLS impact on TM, AOS, TC Space Data Link Protocols Greg Kazz NASA/JPL Oct 16/17, 2012.

SDLS impact on TM, AOS, TC Space Data Link Protocols Greg Kazz NASA/JPL Oct 16/17, 2012.
A General Purpose CCSDS Link layer Protocol Next Generation Data Link Protocol (NGDLP) Ed Greenberg Greg Kazz 10/17/2012 1.

A General Purpose CCSDS Link layer Protocol Next Generation Data Link Protocol (NGDLP) Ed Greenberg Greg Kazz 10/17/
8-Reliability and Channel Coding Dr. John P. Abraham Professor UTPA.

8-Reliability and Channel Coding Dr. John P. Abraham Professor UTPA.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CCNA 1 v3.1 Module 6 Review. 2 What 3 things happen on an Ethernet network after a collision occurs? A backoff algorithm is invoked and transmission is.

CCNA 1 v3.1 Module 6 Review. 2 What 3 things happen on an Ethernet network after a collision occurs? A backoff algorithm is invoked and transmission is.
William Stallings Data and Computer Communications 7 th Edition Chapter 7 Data Link Control Protocols.

William Stallings Data and Computer Communications 7 th Edition Chapter 7 Data Link Control Protocols.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Embedded Systems Laboratory Informatics Institute Federal University of Rio Grande do Sul Porto Alegre – RS – Brazil SRC TechCon 2005 Portland, Oregon,

Embedded Systems Laboratory Informatics Institute Federal University of Rio Grande do Sul Porto Alegre – RS – Brazil SRC TechCon 2005 Portland, Oregon,
1 08 January 2015 Stephen Horan Cube Quest Kick-off: Communications Rules PI for Avionics Space Technology Mission Directorate.

1 08 January 2015 Stephen Horan Cube Quest Kick-off: Communications Rules PI for Avionics Space Technology Mission Directorate.
Adapted from Tanenbaum's Slides for Computer Networking, 4e The Data Link Layer Chapter 3.

Adapted from Tanenbaum's Slides for Computer Networking, 4e The Data Link Layer Chapter 3.
 The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization.

 The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization.
Gursharan Singh Tatla Transport Layer 16-May-2011 1

Gursharan Singh Tatla Transport Layer 16-May

Similar presentations

Ads by Google