Download presentation
Presentation is loading. Please wait.
1
ESA UNCLASSIFIED – For Official Use Network Layer Security - Food for Thought D. Fischer, I Aguilar-Sanchez CCSDS Fall Meetings
2
D. Fischer, I Aguilar-Sanchez | CCSDS Fall Meetings | Slide 2 ESA UNCLASSIFIED – For Official Use Space Mission Network Architecture
3
D. Fischer, I Aguilar-Sanchez | CCSDS Fall Meetings | Slide 3 ESA UNCLASSIFIED – For Official Use E2e Security – Network Security Objectives (1/2) 1.Protection of Service Data Unit (SDU) a.Integrity (message)/authentication (data origin), b.Confidentiality, c.Availability. Some key questions: Which is the SDU to be protected? –Space Packet, –other? Which other Protocol Data Units (PDUs) need protection? Unicast, multicast, broadcast?
4
D. Fischer, I Aguilar-Sanchez | CCSDS Fall Meetings | Slide 4 ESA UNCLASSIFIED – For Official Use E2e Security – Network Security Objectives (1/2) 2.Protection of Communications Path a.Integrity –Routing information, its generation, its transmission (if not inferred by routers); –PDU including routing support data (source address, end point address) as part of protocol stack supporting SDU transmission through the network; –Routing/forwarding process at routers. b.Confidentiality –Hidden routing information and SDU routing support data? c.Availability –Radio links; Physical layer/ D-L Layer security in addition to E2e –Node processors.
5
D. Fischer, I Aguilar-Sanchez | CCSDS Fall Meetings | Slide 5 ESA UNCLASSIFIED – For Official Use ISO/OSI Protocol Layer Analysis IPSec CCSDS IPSec Adaptation Profile Space Packet Security!
6
D. Fischer, I Aguilar-Sanchez | CCSDS Fall Meetings | Slide 6 ESA UNCLASSIFIED – For Official Use Space Packet Security – Multi Hop End to End Capability Data Link Layer Data Link Layer Data Link Layer Data Link Layer Network Layer Network Layer SDLS Network Layer Network Layer Security Routing Decision
7
D. Fischer, I Aguilar-Sanchez | CCSDS Fall Meetings | Slide 7 ESA UNCLASSIFIED – For Official Use CCSDS Network Layer Capabilities – Basic Principles 1.Addressing and Routing a.Network Layer Addressing Scheme: Application Id (APID) (not unique, maybe APID+ Spacecraft ID) –Addressing scheme allows routing capabilities –Routing algorithm specification? Currently assumed hardcoded routing tables 2.Packet Grouping a.Group Flags allow grouping of packets Indication that these packets belong together –Implication on routing? 3.Sequence Counter a.Associated with APID Counter for each application, not for packet sequences in general
8
D. Fischer, I Aguilar-Sanchez | CCSDS Fall Meetings | Slide 8 ESA UNCLASSIFIED – For Official Use Space Packet Structure - Relevant Fields Addressing Sequence Management Appl. Layer Info e.g. PUS services Sequence Counter
9
D. Fischer, I Aguilar-Sanchez | CCSDS Fall Meetings | Slide 9 ESA UNCLASSIFIED – For Official Use Space Packet Security General Arguments 1.Why? a.Allows better end-to-end security (identification via SCID+APID) –Support of individual security sensitive components and payloads –Easier support for user end-to-end security b.Allows end-to-end security routing with a SC as intermediate node –Two possible options: –Forwarding of encrypted packets in other packets (compare: IPSec Tunnel Mode) SDLS? –Forwarding of the packet using packet header information (compare: IPSec Transport Mode) 2.Why Not? a.Application Layer Security (e.g. PUS or MO Services/ DTN) may provide a better leverage on end-to-end security –However would probably not be that much interoperable b.Not sure that any mission so far has expressed interest in this –But the use case setup (multihop SC comms) is not a widely distributed scenario
10
D. Fischer, I Aguilar-Sanchez | CCSDS Fall Meetings | Slide 10 ESA UNCLASSIFIED – For Official Use Secure routing (1/2) 1.Authentication o Common authentication key Key management issue with distributed routers –Network blockage if router fails to synchronize key o Data payload for authentication As a minimum covering relevant networking PDU –Also driven by cryptographic algorithm (e.g. block size) –Could include the packet header as well (two authentication modes as well) o Anti-replay Counters not necessarily synchronized, Counter validation check: –Only greater than previous value Residual risks, like –Replay in different path. –Use of time and common time base (full sync) to avoid acceptance.
11
D. Fischer, I Aguilar-Sanchez | CCSDS Fall Meetings | Slide 11 ESA UNCLASSIFIED – For Official Use Secure routing (2/2) 2.Confidentiality o It could imply link-by-link encryption (e.g. data link security using SDLS in all involved links) in addition to E2e. o An alternative??: common security association, shared by routers, providing confidentiality to such data (same as authentication). PDU including routing data is ciphered with a common key shared by all routers. Key management issue with distributed routers –Network blockage if router fails to synchronize key o Data payload for ciphering As a minimum covering relevant networking PDU –Also driven by cryptographic algorithm (e.g. block size)
12
D. Fischer, I Aguilar-Sanchez | CCSDS Fall Meetings | Slide 12 ESA UNCLASSIFIED – For Official Use Network Layer Security Some Open Questions 1.Security and Routing - Is there a possible interaction that we will have to be aware of? a.What if two packets take different paths and the sequence numbers are not accurate anymore? -> How does this affect security? b.Intermediate Hop Authentication? Packets could be authenticated by intermediate nodes 2.Interaction with SLE protocols? a.F-CLTU should work properly b.F-SP should work properly, if no header fields are encrypted c.R-AF/R-CF/R-OCF should work properly d.Side note: SLE protection?
13
D. Fischer, I Aguilar-Sanchez | CCSDS Fall Meetings | Slide 13 ESA UNCLASSIFIED – For Official Use ESA Ground Segment Architecture – Everything based on packets TM Packets S2K TM Packets TM Packet Archive Prepares TM Packets 1)Amends TM Packets 2)Archives TM Packets 3)Processes TM Packets MCS Perm. Storage as amended TM packets TC Packets S2K TC Packets TC Packet Archive Processes TC Packets 1)Creates TC Packets 2)Archives TC Packets 3)Dispatches TC Packets MCS Perm. Storage as amended TC packets Note: S2K = SCOS-2000 is the ESA Mission Control System (MCS)
14
D. Fischer, I Aguilar-Sanchez | CCSDS Fall Meetings | Slide 14 ESA UNCLASSIFIED – For Official Use Ground Segment Analysis/ESA 1.Network Layer Security meets a functional gap in ESA ground segment security 2.(Amended) space packets are THE data structure in which all TC & TM information is stored and archived on ground a.S2K packet = Space Packet + S2K Header (including e.g. ground reception timestamp) 3.This means that network layer security a.Enables (selective) security of long-time packet archives b.Could enable selective display of TM packets (e.g. only the security unit expert would be able to see security unit HK TM on his console) c.Enables forwarding of secured packets to third-parties without need to add security again (e.g. Eumetsat) and potentially without ESA having the capability to access their contents
15
D. Fischer, I Aguilar-Sanchez | CCSDS Fall Meetings | Slide 15 ESA UNCLASSIFIED – For Official Use ESA Ground Segment/ S2K Processing Network Interface System Ground Station SLE F-CLTU (F-SP) R-AF R-CF R-OCF Generic Packetiser Command Releaser CLTUs or Packets TM Frames Commanding Sources Monitoring Applications Monitoring Applications Monitoring Applications Commanding Sources S2K Packets Packet Archive S2K Packets S2K Packets
Similar presentations
