Presentation is loading. Please wait.

Presentation is loading. Please wait.

CCSDS IPsec Compatibility Testing

Published byEthelbert Derrick Stephens Modified over 8 years ago

Similar presentations

Presentation on theme: "CCSDS IPsec Compatibility Testing"— Presentation transcript:

1 CCSDS IPsec Compatibility Testing
03/23/2015 OKECHUKWU MEZU CHARLES SHEEHE CCSDS GRC POC

2 IPsec Project Overview
Performing Encapsulating Security Payload (ESP) using pre-shared keys on a CCSDS Internet Protocol (IP) packet going from source node over a satellite in space to a destination node Why this is important Two independent compatible developments are required prior to acceptance NASA GRC IPsec implementation will satisfy one independent development CNES IPsec implementation will satisfy the second independent development Compatibility tests to ensure interoperability Compatibility test will be recorded in the CCSDS Y-1 book as official documentation of testing CCSDS IPsec NASA development and testing started November 2013

3 IPsec Project Process IPsec compatibility testing for CCSDS
Evaluate IPsec/CCSDS related standards Define CCSDS/IPsec approved parameters by CCSDS working group Develop Test Plan Approval of Test Plan Perform independent testing based on defined IPsec parameters Modify test plan test only IPV4 Perform Compatibility Testing Documentation of test results Document Lessons Learned Present results to CCSDS working group Key deliverable Test report in CCSDS format for inclusion in yellow book

4 NASA Internal IPV4 IPsec VPN Tunnel
Cisco 3825 Router Ground Station R1 CCSDS Satellite R2 GE 0/ GE 0/ GE 0/ GE 0/ GE 0/ GE 0/ IPsec VPN Legend GE – Gigabit Ethernet Receive Station R3 Internal IPsec IPv4 tests completed Linux Box Linux Box Tunnel represents a direct logical connection between R1 & R3 through R2. However, all communication between R1 & R3 go through R2 (representing a satellite/networked cloud)

5 NASA Internal IPV6 IPsec VPN Tunnel
Cisco 3825 Router Ground Station R1 CCSDS Satellite R2 GE 0/ :db8:1:1::1/64 GE 0/1 2001:db8:1:2::1/64 GE 0/0 2001:db8:1:2::2/64 GE 0/1 2001:db8:1:3::1/64 GE 0/1 2001:db8:1:4::1/64 GE 0/2 2001:db8:1:3::2/64 GE 0/0 2001:db8:1:X::X/64 GE 0/0 2001:db8:1:4::2/64 IPsec VPN Legend GE – Gigabit Ethernet Internal IPsec IPv4 tests completed Linux Box Linux Box Cisco 3825 Router Receive Station R3 Tunnel represents a direct logical connection between R1 & R3 through R2. However, all communication between R1 & R3 go through R2 (representing a satellite/networked cloud)

6 CCSDS IPV4 IPsec VPN Tunnel
Legend GE – Gigabit Ethernet NASA CNES NASA VPN Gateway CNES VPN Gateway 10.X.X.X IPsec VPN 10.20.X.X CNES host NASA host Cisco 3825 Router R1 CNES Router Current CCSDS IPv4 IPsec VPN Tunnel setup and configuration

7 Planned CCSDS Yellow Book IPsec Test Matrix
# IPV4/6 ESP Tunnel Integrity IPcomp Authenticated Encryption Confidentiality Manual Key Auto Key No Rekey 1 4 X 2 3 5 6 7 8 9 10 11 12 13 14 15 16 of 10

8 Modified* CCSDS Yellow Book IPsec Test Matrix
# IPV4 ESP Tunnel Integrity IPcomp Authenticated Encryption Confidentiality Manual Key Auto Key No Rekey 1 4 X 2 3 5 6 7 8 * Due to limited IPv6 support of 10

9 Lessons Learned Red Book should clearly define baseline parameters for future prototype testing.

10 Backup

11 Questions

Download ppt "CCSDS IPsec Compatibility Testing"

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Secure Mobile IP Communication

Secure Mobile IP Communication
CCSDS Security Working Group Spring 2014 Meeting 10 November – 13 November 2014 London, England Okechukwu Mezu, Charles Sheehe NASA/Glenn.

CCSDS Security Working Group Spring 2014 Meeting 10 November – 13 November 2014 London, England Okechukwu Mezu, Charles Sheehe NASA/Glenn.
IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.

Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implementing IP Addressing Services IPv6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implementing IP Addressing Services IPv6.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity

CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity
Lecture Week 7 Implementing IP Addressing Services.

Lecture Week 7 Implementing IP Addressing Services.
IPsec Performance Testing Terminology Document Michele Bustos, Ixia Tim VanHerck, Cisco Merike Kaeo, Merike Inc.

IPsec Performance Testing Terminology Document Michele Bustos, Ixia Tim VanHerck, Cisco Merike Kaeo, Merike Inc.
NetComm Wireless VPN Functionality Feature Spotlight.

NetComm Wireless VPN Functionality Feature Spotlight.

Similar presentations

Ads by Google