1. Security WG: Report of the Winter 2007 Meeting Colorado Springs, CO USA January 20, 2007 Howard Weiss NASA/JPL/SPARTA hsw@sparta.com +1-443-430-8089

2. Planned Meeting Agenda  19 January 2007  0900-0930: Welcome, opening remarks, logistics, agenda bashing  1000-1030: Introduction for new attendess + Review of document progress and results of Spring 2006 SecWG meeting in RomeRome  1030-1230: Security Architecture Document Discussions (Kenny)  1230-1330: Lunch (in Penrose House Garden Pavilion)  1400-1500: Encryption Algorithm Document (Weiss)  1500-1530: Coffee break  1530-1630: Authentication/Integrity Algorithm Document (Weiss)  1630-1700: Other Documents (Weiss)  20 January 2007  0900-1000: Joint meeting with SANA  1000-1230: Key Management (Fischer)  1230-1330: Lunch (in Penrose House Garden Pavilion)  1330-1430: Key Management (continued) (Fischer)  1430-1500:Charter and Workplan revision (forward directions, new work items, etc) (All)  1500-1730: SEA Wrap-up Plenary

3. Attendance NameOrganizationEmail Address Howard Weiss (Chair)NASA/JPL/SPARTAhoward.weiss@sparta.com Gavin Kenny (D/Chair)BNSC/LogicaCMGgavin.ia.kenny@logicacmg.com Daniel FischerESA/ESOCdaniel.fischer@esa.int Martin PilgramDLRmartin.pilgram@dlr.de Stefano ZattiESA/ESRINstefano.zatti@esa.int Peter ShamesNASA/JPLpeter.shames@jpl.nasa.gov Harry ShawNASA/GSFCharry.c.shaw@nasa.gov Clayton SigmanNASA/GSFCclayton.sigman@nasa.gov Kelvin NicholsNASA/MSFCkelvin.nichols@nasa.gov Freemon JohnsonNASA/GSFCfreemon.johnson@nasa.gov Mike PajevskiNASA/JPLmichael.j.pajevski@nasa.gov Lee PittsNASA/MSFCrobert.l.pitts@nasa.gov Boyd WellsNASA/JSCboyd.e.wells@nasa.gov Kevin RiceNASA/GSFC/GSTKevin.rice@gst.com

4. Executive Summary  Attendees from BNSC, ESA/ESOC, ESA/ESRIN, DLR, NASA/GSFC, NASA/MSFC, NASA/JSC and NASA/JPL. CNES and ASI were originally going to attend but were not able due to illness and programmatic issues.  Major participation by NASA from multiple centers including JSC.  Discussed and revised the SecWG Security Architecture. General consensus that this is a high priority document that should be issued as a Magenta book (a la RASDS). Assumes IP networking and allows security services at physical/link layer, network layer, and at application. Needs mission class use cases (a la the threat document) to be added with inputs from the SecWG members.  Discussed the encryption and authentication draft documents.  Agreed to publish as Magenta books after revising per ESTEC comments (on encryption book) and changes to hash algorithm as discussed (on authentication book).  Joint meeting held with SANA to discuss security implications of SANA registries and security registries (e.g., identity management).  Discussed key management document and proposal written by ESA  Discussed future work/documents

5. Summary of Goals and Deliverables 1. Secure Interconnection Guideline has been revised and submitted to the secretariat for editing and publication. 2. Security Architecture document will be revised based on meeting discussions. 3. Encryption and Authentication Algorithm documents will be revised per ESTEC comments, telecon discussions between NASA-ESA-BNSC, and meeting discussions. To be published as Magenta books. 4. Early discussions regarding potential security-related registries with SANA. 5. Excellent discussion and document on key management. 6. Generated a list of new work items/documents to be considered for future. 7. Continue to work with other Areas and their WGs with respect to security.

6. Progress Achieved  General agreement that the Security Architecture (as revised) is on the right path. With minor revisions and the addition of “use cases” for each of the mission classes (a la the threat document), the Security Architecture document should be good to go.  Reviewed the encryption and authentication algorithm documents.  Consensus that these documents should be issued as Magenta books. Encryption algorithm might be one of a suite of algorithms and/or modes Agreement that the authentication document should not require SHA- 1 in light of further work in breaking the algorithm and announcements: Microsoft is moving away from SHA-1 and NIST has issued guidance for the US Govt to move away from it by 2010. Document will now require SHA-256 and allow the use of other algorithms.  Joint meeting with SANA to discuss implications of security on registries and the creation of security registries (e.g., identity). At a minimum, there will need to be user identification, authentication, and access controls applied to the SANA registries. There probably needs to be some security registries (e.g., algorithm IDs, protocol IDs) but its less clear if there should be identity registries (e.g., PKI-like functionality, access control lists).  An excellent key management document was written and presented by ESA providing a good start on the path towards specifying a CCSDS key management document (Magenta, Blue, color not determined yet).

7. SEA Area MID-TERM REPORT SUMMARY TECHNICAL STATUS 1.Security WG Goal: Working Status: Active _X_ Idle ____ Summary progress: Five documents actively being produced (Security Architecture, Encryption, Authentication, Key Management, Secure Interconnection). All docs green. Progress since last meeting: Completed Threat, completed secure interconnection doc, consensus on Encryption and Authentication Algorithm documents, positive movement on Security Architecture doc. Problems and Issues: Resources – need to ensure continued participation from all member agencies status:OKCAUTIONPROBLEM Comment: Working Group is advancing and producing good products. Docs OK. New work (Key Mngt) OK.

8. Near-Term Schedule DeliverableMilestoneDate Threat Document Completed and posted to CCSDS web site. Done CCSDS Security Architecture Revise & update per meeting presentation and group consensus Add “use cases” per mission classes. 03/07 06/07 Encryption Algorithm Revise per meeting consensus and ESTEC comments 03/07 Authentication/ Integrity Revise per meeting consensus.04/07

9. Near-Term Schedule (cont) Key Management document Distribute to WG for comments. Revise per WG comments. 05/07 Secure Interconnection Guide Completed – work with secretariat on final editing 02/06 Mission Planners Security Guide JSC has taken this on.05/07 (1 st draft) 10/07 (red-1)

10. Open Issues  Key Management  Good start – need to ensure that resources remain available  Encryption and Authentication Algorithms  Magenta Books vice Blue Books

11. Action Items Item NumberAction Item:Assigned to:Date Due: SecWG0107:1Generate an outline for mission class “use cases” to integrate into the Security Architecture. Gavin Kenny02/07 06/07 (with use cases) SecWG0107:2Fill in use cases (per action item SecWG0107:1) per agency missions All members04/07 SecWG0107:3Revise Security Architecture per discussions at meeting and use case inputs Gavin Kenny06/07 SecWG0107:4Revise encryption document per discussions and ESTEC comments Howie Weiss03/06

12. Action Items (2) SecWG0107:5Revise the authentication document per the meeting discussions Howie Weiss04/07 SecWG0107:6Read and provide comments to Daniel Fischer and the WG on the key management document Working Group05/07 SecWG0107:6Write the first draft of an “Information Security Planning Guide for Mission Planners” Boyd Wells05/07 SecWG0107:7Poll the WG to see if an intermediate meeting in the late May or early June timeframe could be supported Howie Weiss02/07

13. Resource Problems  Resources appear to be adequate to perform the current tasks.  Resources are increasing:  ESA has provided additional resources  NASA has provided additional resources

14. Risk Management Update  Must ensure that the current trend of additional resources remains and that resources don’t shrink.

15. Cross Area WG / BOF Issues  Has the CESG/CMC taken up the SecWG resolution to require the mandatory security section for additional CCSDS documents (as proposed after the Rome mtg)?  Joint meeting held with SANA. Questions regarding necessary security services for registry as well as security registry items.  Suggestion from last two meetings: Maybe provide a SecWG overview briefing at the Fall meeting opening plenary to cover everyone at one time?  Security 101 and SecWG initiatives within CCSDS?

16. Resolutions to be Sent to CESG and Then to CMC  None

17. New Working Items, New BOFs, etc.  Encryption algorithm now to be a Magenta book.  Authentication algorithm now to be a Magenta book.  Security Architecture restructured and will result in Magenta book.  Key Management draft document.  Mission Planning Guide will be written by JSC.