1. Security WG: Report of the Spring 2008 Meeting Marriott Courtyard Crystal City, VA March 14, 2008 Howard Weiss NASA/JPL/SPARTA hsw@sparta.com +1-443-430-8089

2. Meeting Agenda 10 March 2008 – 08:00 – 09:00: CCSDS Plenary – 09:00 – 12:00: Systems Engineering Area (SEA) Plenary 11 March 2008 (09:00 – 17:00) – 09:00 – 10:30: Welcome, opening remarks, logistics, agenda bashing, Introduction for new attendees + Review of document progress and results of Fall 2008 meeting – 10:30 – 12:00: Joint meeting with Spacecraft Monitoring & Control – Document Status (encryption, authentication, key management, mission planners, security green book) – 1200-1300: Lunch – Authentication Document Discussion (HMAC replacement?) (All) – Security Architecture Document Discussions (Black) – CFDP Security (Pajevski) 12 March 2008 (09:00 – 17:00) – Key Management (Fischer) – Mission Planner’s Guide (Wells, Biggerstaff) – 1200-1300: Lunch – Other discussions (per Jan 2008 telecon): » “Color” of books (magenta vs. blue) » SCPS-SP » SLE security experiences » Encryption & authentication application-specific parameters » Review of CCSDS doc security sections » Threat doc review » Common Criteria for mission security profiles (knit docs together) » Agency security implementations (approach, requirements, security services) 13 March 2008 (09:00 – 12:00) – Joint meeting with SLS to discuss link-layer security BOF 14 March 2008 – 1300-1700: SEA Wrap-up Plenary

3. Attendance NameOrganizationEmail Address Howard Weiss (Chair)NASA/JPL/SPARTAhoward.weiss@sparta.com Gordon BlackBNSC/Logicagordon.black@logicacmg.com Daniel FischerESA/ESOCdaniel.fischer@esa.int Martin PilgramDLRmartin.pilgram@dlr.de Stefano ZattiESA/ESRINstefano.zatti@esa.int Clayton SigmanNASA/GSFCclayton.sigman@nasa.gov Craig BiggerstaffNASA/JSC/Lockheedcraig.biggerstaff-1@nasa.gov Boyd WellsNASA/JSCboyd.e.wells@nasa.gov Ignacio Aguilar-SanchezESA/ESTCignacio.Aguilar.Sanchez@esa.int Mike PajevskiNASA/JPLmike.pajevski@nasa.gov Kellep CharlesNASA/GSFCkellep.charles@nasa.gov Shea WilliamsU of Col-BoulderShea.Williams@Colorado.EDU Irene BibykNASA/HQirene.bibyk@nasa.gov Lorezno ChessaASIlorenzo.chessa@asi.it

4. Executive Summary  Attendees from BNSC, ESA/ESOC, ESA/ESRIN, DLR, ASI, NASA/GSFC, NASA/JSC and NASA/JPL. CNES did not attend.  NASA and ESA participation from multiple, respective Agency centers continues to be the norm.  Reviewed the comments on the latest revision of the SecWG Security Architecture. All resolved but one. May need to extend the architecture to reinforce the use of link-layer security since its becoming a “hot” topic  Delivered encryption documents to secretariat after WG last review.  Discussed the authentication document. Decided to keep HMAC but also add GMAC (as a “should”) and CMAC (as a “may”) to the doc.  Joint meeting held with SM&C to discuss their security architecture.  Discussed possible CFDP security extensions.  Discussed key management green and magenta books.  Discussed 2 nd draft of mission planners guide.  Discussed possible “revival” of SCPS-SP – decided no.  Discussed the use of Common Criteria to create “space” Protection Profiles and in particular the work that the FAA has done with PPs for the National Air Space (NAS)  Joint meeting held with Space Link to begin a BOF for Space Link Layer Security Standardization

5. Summary of Goals and Deliverables 1. Security Architecture document will be revised based on comment review and need to re-emphasize link-layer security. 2. Authentication document will be revised to include cipher-based message authentication codes: GMAC (“should”) and CMAC (“may) based on ESA-sponsored algorithm study. GMAC “won” but CMAC (and CBC-MAC predecessor) has been used. 3. Making good progress on Key Management documents. 4. Excellent progress continues on Mission Planners Guide. 5. Good discussion on CFDP security and the whole topic of application layer security in-general. 6. While the use of the Common Criteria met with general approval as a standardized means to generate mission security requirements, there were no volunteers to work on a PP and therefore this work will be on a “slow roll.” 7. Continue to work with other Areas and their WGs with respect to security. v Joint mtg w/SM&C to review their security architecture v Joint mtg w/SLS to create space link layer security BOF

6. SEA Area MID-TERM REPORT SUMMARY TECHNICAL STATUS 1.Security WG Goal: Working Status: Active _X_ Idle ____ Summary progress: Five documents actively being produced (Security Architecture, Authentication, Key Management (2), Mission Planners Guide). All docs green. Progress since last meeting: Encryption doc completed. Agree to revise authentication doc, positive movement on Security Architecture doc, mission planners guide and KM. Problems and Issues: Resources – Excellent right now but need to ensure continued participation from all member agencies status:OKCAUTIONPROBLEM Comment: Working Group is advancing and producing good products. Docs OK. Authentication revisions needed.

7. Near-Term Schedule DeliverableMilestoneDate CCSDS Security Architecture Revise & update per meeting06/08 R 10/08 M Authentication/ Integrity Revise per meeting consensus.06/08 10/08 Key Management Green Book Revise per meeting comments04/08 10/08 G

8. Near-Term Schedule (cont) Key Management Magenta Book Being revised and restructured per internal ESA reviews and WG comments 10/08 03/09 M Mission Planners Security Guide Work in progress10/08 G1 03/09 G2 10/09 G Common Criteria Protection Profiles Just starting07/08 (white paper)

9. Open Issues  Authentication Algorithms  Do we have too many options?  Mission planners guide just started but on the right path  Starting Common Criteria…. Slow roll  Joint work with SLS to create link layer security standards  Status of SCPS-SP  Shows up as Blue Book on web site  Not revised since 1999  SIS “think” it has been retired  Need to move to historical w/note regarding vulnerability if used in only integrity mode.

10. Action Items Item NumberAction Item:Assigned to:Date Due: SecWG0308:1Provide final comments on the SM&C security architecture ALLAs required by SM&C SecWG0308:2Update Authentication Document to include GMAC and CMAC cipher-based message authentication code algorithms Howard Weiss07/08 SecWG0308:3Revisit digital signature algorithm – currently specified as DSA – should this become RSA because of the prevalence of use in commercial products? ALL06/08 SecWG0308:4Harmonize section 3.6 of the Security Architecture with NIST Clayton Sigman & Gordon Black 06/08 SecWG0308:5Check how pre-shared key can be used with TLS per section 7.5.3 of the Security Architecture Howard Weiss06/08

11. Action Items (2) SecWG0308:6Create a concept paper “white book” discussing CFDP (in specific) and application layer security in general Mike Pajevski10/08 SecWG0308:6Review the ESA profile document ALL04/08 SecWG0308:7Obtain existing Agency key management schemes (as obtainable and releasable) for inputs into the magenta Key Management document ALL05/08 SecWG0308:8Add a document roadmap to the Mission Planners Guide illustrating the various security documents and how they are used. Craig Biggerstaff10/08 SecWG0308:9Can CCSDS “borrow” words from existing ISO documents (e.g., ISO 270002) for the Mission Planners Guide Howard Weiss08/08 SecWG0308:10Set up a WebEx Telecon for 4 June 2008, 10am EDT Howard Weiss5/08

12. Resource Problems  Resources appear to be adequate to perform the current tasks.  Resources are increasing:  ESA has provided additional resources  NASA has provided additional resources  We keep seeing and getting more interest

13. Risk Management Update  Must ensure that the current trend of additional resources remains and that resources don’t shrink.

14. Cross Area WG / BOF Issues  Joint meeting with SM&C to review their security architecture.  Joint meeting with SLS to create a new dual-area BOF  Create space link layer security standards (e.g., TM, TC, AOS, Prox-1 standard security mechanisms)

15. Resolutions to be Sent to CESG and Then to CMC  None

16. New Working Items, New BOFs, etc.  Authentication algorithm revisions  Common Criteria Protection Profiles  Joint SLS/SEC Space Link Security BOF  Already approved by SLS AD (who attended the meeting)  Needs approval by SE AD