Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CCSDS Security Architecture Key Management 13 th April 2005 Athens.

Published byJeremy Bagot Modified over 9 years ago

Similar presentations

Presentation on theme: "1 CCSDS Security Architecture Key Management 13 th April 2005 Athens."— Presentation transcript:

1 1 CCSDS Security Architecture Key Management 13 th April 2005 Athens

2 2 CCSDS Security Architecture Requirement To securely distribute key material to every communications node in a space system. To do so efficiently. –Use minimal bandwidth overhead –Use minimal processing & storage overhead. –Use minimal handshaking

3 3 CCSDS Security Architecture Constraints Transmission delay Available bandwidth Processing and memory resources of remote platforms. Communications are non-continuous. Communication windows are variable –(and short in case of LEO) Mission lifetimes can last for years. 3 rd Parties are a long way away!

4 4 CCSDS Security Architecture Bonuses Number of times session keys need to be changed is minimal Data rates are low Man-in-the-middle attacks are hard/impossible to do.

5 5 CCSDS Security Architecture Types of Key Distribution Symmetric Asymmetric (Public Key) Quantum Key Distribution IKE Identity Based Encryption Distributed Key Management (PGP) Threshold Scheme (many non-trusted parties) Fortified Key Negotiation (Variation on DH)

6 6 CCSDS Security Architecture Symmetric Key Distribution Wide mouth frog Needham-schroeder Kerberos Otway Rees Yahalom Neuman-Stubblebine Pairwise Shaired Keys Blom’s Scheme Need a Trusted 3 rd Party Variation of Pre-Load

7 7 CCSDS Security Architecture Asymmetric Diffie-Hellman Key Exchange El Gamal Key Agreement (variation of DH) MTI/A0 (variation of DH) Shamir’s Three-pass protocol (uses RSA algorithm) COMSET – COMunications SETup Encrypted Key Exchange (EKE)(Uses pairwise keys) Interlock Protocol (Uses half-messages) Denning Sacco Public Key Exchange (Uses TTP) Woo Lam Protocol (uses TTP)

8 8 CCSDS Security Architecture Quantum Key Exchange Based on the physical properties of photons. Very secure Currently limited range. Not compatible with RF communications.

9 9 CCSDS Security Architecture IKE Developed by the IETF as the Key Management system for IPSec. Based on combination of symmetric and asymmetric techniques. IKE v1 was extremely complex to implement. IKE v2 is now being agreed. IKE v2 much simpler than v1 however still has a lot of handshaking. Possible use of IKE v2 phase one only –just two challenge/response pairs.

10 10 CCSDS Security Architecture Identity Based Encryption Newly developed scheme Similar to PKI, however any arbitrary string can be used as public key. No need for certificate management. Cannot be used for authentication. Patented

11 11 CCSDS Security Architecture Recommendations Use variant of IKEv2 phase one for the exchange of sessions keys. Use public/private keys and certificates for authentication.

12 12 CCSDS Security Architecture END

Download ppt "1 CCSDS Security Architecture Key Management 13 th April 2005 Athens."

Similar presentations

ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.

ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.
Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –

Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Secure Mobile IP Communication

Secure Mobile IP Communication
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.

COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.
Course summary COS 433: Crptography -Spring 2010 Boaz Barak.

Course summary COS 433: Crptography -Spring 2010 Boaz Barak.
Pairwise Key Agreement in Broadcasting Networks - 2005.11.11 - Ik Rae Jeong.

Pairwise Key Agreement in Broadcasting Networks Ik Rae Jeong.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Modelling and Analysing of Security Protocol: Lecture 14 Some Real Life Protocols Tom Chothia CWI.

Modelling and Analysing of Security Protocol: Lecture 14 Some Real Life Protocols Tom Chothia CWI.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.

A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.

W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.

Similar presentations

Ads by Google