CCSDS Security WG Meeting Minutes
Fall 2011 CCSDS
Security Working Group Meeting Notes
University of Colorado
Boulder, Colorado USA
1-2 November 2011
Attendance:
Name / Organization / Email AddressHoward Weiss (Chair) / NASA/JPL/Cobham /
Gordon Black / UK Space Agency/Logica /
Daniel Fischer / ESA/ESOC /
Martin Pilgram / DLR /
Craig Biggerstaff / NASA/JSC/Lockheed /
Ignacio Aguilar-Sanchez / ESA/ESTEC /
Clayton Sigman / NASA/GSFC /
Dorothea Richter / DLR /
Discussions:
1. The CCSDS Security Working Group (SecWG) successfully met for 2 days at the CCSDS Fall 2011 meeting held at the University of Colorado in Boulder, Colorado. The meeting agenda appears in Appendix A. The action items resulting from the meeting appear in Appendix B. The following paragraphs describe the working group’s discussions and directions.
2. From the Document Editors Boot Camp - a reminder: all CCSDS documents must contain three mandatory sections: security, SANA (Space Assigned Numbering Authority), and patent issue. All standards track protocol documents (e.g., Blue Books) are also required to contain an ISO-conformant PICS Proforma (protocol implementation conformance statement). The PICS is intended to show conformance of an implementation (which is required for Blue Books) with respect to the specification requirements. A PICS is required only for protocol specifications. If a standards track document does not contain a protocol (e.g., the Algorithms Blue Book), a PICS is not required. Also from the boot camp session: CCSDS does not require a Yellow Book Test Plan. Rather, the requirement is for a Yellow Book documenting the testing results of the mandatory testing required to progress a Blue Book. Every specification contained in a Blue Book must be reflected as having been tested in the companion test results Yellow Book. Also noted, there are two new types of Blue Books: a utilization profile, and an adaptation profile. The Utilization Profile describes how various existing profiles get used together within CCSDS (e.g., IP over CCSDS). An Adaptation Profile describes how an existing protocol is to be used within CCSDS (e.g., IPsec usage within CCSDS). Finally, the status of all CCSDS documents is tracked by the Secretariat and is available in http://cwe.ccsds.org/cesg/docs in the Document Status file found in that folder.
3. We began the Security Working Group meeting by reviewing the agenda and the revised charter. The changes to the charter were finalized by the Working Group at the Spring 2011 meeting in Berlin and were entered into the CWE framework as a charter update. This should have automatically triggered a CESG review of the revisions, but it didn’t. However the charter review was accomplished and the new, revised Security WG charter has been approved by the CESG. It was pointed out that the updated charter did not discuss the network layer security work so it will have to be updated again to reflect this new work area.
4. We spent quite a bit of time reviewing and dispositioning the RIDS against the Security Architecture document. There were a total of 86 RIDS with about a third of them editorial. We worked on the disposition of the “hard” technical RIDS during the meeting and completed the entire set. The UK Space Agency will update the document in accordance with the RIDs and the document will be resubmitted to the CESG.
5. We reviewed the Security Glossary. As a result of the review, only one additional glossary term will be added and the order of the references will be changed. After the revisions, the document will be submitted to the AD for CESG polling.
6. The Algorithms Blue Book document was reviewed. The normative glossary will be removed in favor of a normative reference to the security glossary which we are confident will be published before this Blue Book. A security warning will be added to the document to not use unauthenticated encryption (although it is an allowed mode if required). It has been shown that encryption without authentication can be a very dangerous practice. The SANA and patent statements will be added to the annex. After these revisions are made, the book will be forwarded to the area director to progress it to Red-1 status.
7. We reviewed the second draft of a Yellow (testing) book to accompany the Algorithms document. A document number for this Yellow Book will be obtained from the Secretariat. For the GCM test cases, the test results will be updated to reflect not only a cipher text match but also a MAC (authentication) match. “Additional data” required for authentication will also be added to the tests as inputs. Everyone in the working group was given an action to review the normative references to determine if they are all needed and if they are all normative. We discussed which Agencies will be conducting testing. NASA/GSFC will try to initiate a testing program. Likewise, ESA/ESOC and DLR will try as well. The document will be revised and circulated to the working group for any final comments. This document does not get published until *after* the testing when it contains the test results.
8. The Algorithms Green Book was not reviewed but it was discussed. Much of the editorial prose that was excised from the standards track Algorithms document has been collected into a new file that will become the Green Book. Currently it is in very rough shape and is not reviewable. Additional work will be performed to flesh out this document.
9. The Key Management Green Book has completed CESG polling on 26 October 2011 and we await any comments resulting from the review process.
10. The Mission Planner’s Security Guide has undergone both CESG and CMC polling and has been published!
11. The Symmetric Key Management Blue Book is in process. No significant progress has been made on this document due to other workload priorities and resource constraints.
12. We reviewed the options that would make up the Network Layer Security “profile.” The various IPSec options discussed in Berlin were again reviewed as a sanity check. Given that a new “Adaptation Profile” Blue Book has been created by CCSDS, it would appear that this would be the best direction for this document. After updating and getting charter approval for this work area, the IPsec adaptation profile document will commence.
13. We quickly touched on the “cross support” topic previously discussed in Berlin (see the minutes from the Fall 2011 meeting for more details). However, no additional effort has been accomplished on this task but it will remain a topic for the future for the Security WG. We will further discuss this work with the SM&C Working Group and the Cross Support Services Area.
14. We spent time discussing and reviewing the CCSDS Threat Green Book. The existing Green Book is over five years old. Since it’s a Green Book we are not required to update it as would be the case for a standards track document. However, many of the Security WG members feel that it should be revised. The heritage of the existing document stems from a generic, high-level threat briefing created by NASA and (then) BNSC which was presented to the old CCSDS Technical Steering Group (TSG). In the meeting, we discussed how the document might be revised: who is the new audience for the document; should there be more details on threats and their mitigations; should external threat and risk analysis documents be referenced (e.g., NIST, ISO); should we have links to real-life examples? The difficulty is that threat documents can quickly become sensitive when too much detail is provided and we must be careful to not go down that route within CCSDS. We decided that several of us (Howie, Craig, and Gordon) will coordinate on a revision and come up with an outline for a new threat book.
15. We discussed possible new areas of work. One area that came up again is the need for spread-spectrum/frequency hopping. In addition, with the increasing use of software-defined radios, should we be looking at security issues with SDRs? We also have discussed the need to specify security for application layer as well.
16. We reviewed the progress of SDLS to keep the Security WG informed since not all members also attend the SDLS WG meetings.
- The next WG meetings will be held in the Spring during the week of 16 April 2012 sponsored by ESA to be held in Darmstadt, Germany.
· Appendix A – Fall 2011 CCSDS Security WG Agenda – University of Colorado, Boulder CO USA
• 1 November 2011 (09:00 – 17:00)
– Welcome, opening remarks, logistics, agenda bashing, introductions
– Review results of Spring 2011 (Berlin) meeting
– Status of documents
– Review newly updated CWE entries: charter, programs, schedules
– Security Architecture RID Disposition (Black)
– Algorithm Document review (Weiss)
– Algorithm Yellow Book review (Weiss)
– Glossary Review (Weiss)
• 2 November 2011 (09:00 – 17:00)
– Key Management (Fischer/Aguilar-Sanchez)
– Threat book review (All)
– Cross Support (All)
– SM&C Support (Fischer)
– Network Layer Security Update (Weiss)
– Link Layer Security Update (Biggerstaff/Weiss/Aguilar-Sanchez)
– Other areas of discussion
– New work areas
• 3 November 2011
– 09:00-17:00: Space Data Link Security WG
• 4 November 2011
– 09:00-12:30: Space Data Link Security WG
· Appendix B – Fall 2011 CCSDS Security Working Group Action Items
Item Number / Action Item: / Assigned to: / Date Due:SecWG1111:1 / • Update charter for Network Layer Security / Howard Weiss / 11/18/11
SecWG1111:2 / • Provide RID disposition feedback and revise Security Architecture document. / Gordon Black / 01/15/12
SecWG1111:3 / • Check the meaning of Security Architecture RID #17 with ESA author. / Daniel Fischer / 11/10/11
SecWG1111:4 / • Obtain a document number for the Information Security Glossary from the Secretariat Editor / Howard Weiss / 11/10/11
SecWG1111:5 / • Update the Information Security Glossary and submit final to AD / Howard Weiss / 12/2/11
SecWG1111:6 / • Update the Algorithm Blue Book and submit to AD / Howard Weiss / 12/16/11
SecWG1111:7 / • Update Algorithm Yellow Book per comments. / Howard Weiss / 01/16/12
SecWG1111:8 / • Check to ensure that all the Algorithm Yellow Book references are needed and are normative. / All / 01/16/12
SecWG1111:9 / • Obtain a number for the Algorithm Yellow Book from the Secretariat Editor / Howard Weiss / 11/10/12
SecWG1111:10 / • Determine SA Lifetimes for the Network Layer Security Profile / Howard Weiss / 01/16/12
SecWG1111:11 / • Coordinate Algorithm testing at NASA, ESA, and DLR. / Dorothea Richter,
Daniel Fischer,
Clayton Sigman / 01/16/12
SecWG1111:12 / • Determine if a threat registry exists. / Craig Biggerstaff,
Howard Weiss / 11/10/12
SecWG1111:13 / • Develop an outline/roadmap for revising the Threat Green Book. / Gordon Black,
Craig Biggerstaff,
Howard Weiss / 02/22/12
7 Nov 2011