CCSDS [number]
WHITE BOOK
April 2005
Version: v3
CCSDS RECOMMENDATION FOR
AUTHORITY
Issue:Date:
Location:
This document has been approved for publication by the Management Council of the Consultative Committee for Space Data Systems (CCSDS) and represents the consensus technical agreement of the participating CCSDS Member Agencies. The procedure for review and authorization of CCSDS Recommendations is detailed in Procedures Manual for the Consultative Committee for Space Data Systems, and the record of Agency participation in the authorization of this document can be obtained from the CCSDS Secretariat at the address below.
This document is published and maintained by:
CCSDS Secretariat
Office of Space Communication (Code M-3)
National Aeronautics and Space Administration
Washington, DC 20546, USA
Statement of Intent
The Consultative Committee for Space Data Systems (CCSDS) is an organization officially established by the management of member space Agencies. The Committee meets periodically to address data systems problems that are common to all participants, and to formulate sound technical solutions to these problems. Inasmuch as participation in the CCSDS is completely voluntary, the results of Committee actions are termed Recommendations and are not considered binding on any Agency.
This Recommendation is issued by, and represents the consensus of, the CCSDS Plenary body. Agency endorsement of this Recommendation is entirely voluntary. Endorsement, however, indicates the following understandings:
– Whenever an Agency establishes a CCSDS-related standard, this standard will be in accord with the relevant Recommendation. Establishing such a standard does not preclude other provisions which an Agency may develop.
– Whenever an Agency establishes a CCSDS-related standard, the Agency will provide other CCSDS member Agencies with the following information:
• The standard itself.
• The anticipated date of initial operational capability.
• The anticipated duration of operational service.
– Specific service arrangements are made via memoranda of agreement. Neither this Recommendation nor any ensuing standard is a substitute for a memorandum of agreement.
No later than five years from its date of issuance, this Recommendation will be reviewed by the CCSDS to determine whether it should: (1) remain in effect without change; (2) be changed to reflect the impact of new technologies, new requirements, or new directions; or, (3) be retired or canceledcancelled.
In those instances when a new version of a Recommendation is issued, existing CCSDS-related Agency standards and implementations are not negated or deemed to be non-CCSDS compatible. It is the responsibility of each Agency to determine when such standards or implementations are to be modified. Each Agency is, however, strongly encouraged to direct planning for its new standards and implementations towards the later version of the Recommendation.
FOREWORD
This document describes key management techniques and their advantage and disadvantages, in particular key distribution methods or key exchange methods.
Key distribution techniques shall be explained and then its applicability to space and satellites shall be discussed.
Through the process of normal evolution, it is expected that expansion, deletion, or modification of this document may occur. This Recommendation is therefore subject to CCSDS document management and change control procedures which are defined in the Procedures Manual for the Consultative Committee for Space Data Systems. Current versions of CCSDS documents are maintained at the CCSDS Web site:
http://www.ccsds.org/
Questions relating to the contents or status of this document should be addressed to the CCSDS Secretariat at the address indicated on page i.
At time of publication, the active Member and Observer Agencies of the CCSDS were:
Member Agencies
– Agenzia Spaziale Italiana (ASI)/Italy.
– British National Space Centre (BNSC)/United Kingdom.
– Canadian Space Agency (CSA)/Canada.
– Centre National d’Etudes Spatiales (CNES)/France.
– Deutsches Zentrum für Luft- und Raumfahrt e.V. (DLR)/Germany.
– European Space Agency (ESA)/Europe.
– Instituto Nacional de Pesquisas Espaciais (INPE)/Brazil.
– Japan Aerospace Exploration Agency(JAXA)/Japan.
– National Aeronautics and Space Administration (NASA)/USA.
– Russian Space Agency (RSA)/Russian Federation.
Observer Agencies
– Austrian Space Agency (ASA)/Austria.
– Central Research Institute of Machine Building (TsNIIMash)/Russian Federation.
– Centro Tecnico Aeroespacial (CTA)/Brazil.
– Chinese Academy of Space Technology (CAST)/China.
– Commonwealth Scientific and Industrial Research Organization (CSIRO)/Australia.
– Communications Research Laboratory (CRL)/Japan.
– Danish Space Research Institute (DSRI)/Denmark.
– European Organization for the Exploitation of Meteorological Satellites (EUMETSAT)/Europe.
– European Telecommunications Satellite Organization (EUTELSAT)/Europe.
– Federal Science Policy Office (FSPO)/Belgium.
– Hellenic National Space Committee (HNSC)/Greece.
– Indian Space Research Organization (ISRO)/India.
– Institute of Space and Astronautical Science (ISAS)/Japan.
– Institute of Space Research (IKI)/Russian Federation.
– KFKI Research Institute for Particle & Nuclear Physics (KFKI)/Hungary.
– MIKOMTEK: CSIR (CSIR)/Republic of South Africa.
– Korea Aerospace Research Institute (KARI)/Korea.
– Ministry of Communications (MOC)/Israel.
– National Oceanic & Atmospheric Administration (NOAA)/USA.
– National Space Program Office (NSPO)/Taipei.
– Space and Upper Atmosphere Research Commission (SUPARCO)/Pakistan.
– Swedish Space Corporation (SSC)/Sweden.
– United States Geological Survey (USGS)/USA.
DOCUMENT CONTROL
Document / Title and Issue / Date / StatusKey Management Techniques v1 / 7/04/2005 / 1st Draft
Key Management Techniques v2 / 8/04/2005
Key Management Techniques v3 / 12/04/2005
Key Management Techniques v3.1 / 12/05/2006 / LogicaCMG amendments
CONTENTS
SECTION Page
1 Introduction 1-1
1.1 Purpose 1-1
1.2 scope 1-1
1.3 applicability 1-1
1.4 rationale 1-1
1.5 Document structure 1-1
1.6 abbreviations 1-1
1.7 references 1-2
2 overview 2-1
3 Symmetric Key Distribution 3-1
3.1 Wide-Mouth Frog 3-1
3.2 Needham-Schroeder 3-2
3.3 Kerberos 3-4
3.4 Otway Rees 3-7
3.5 Yahalom 3-8
3.6 Neuman-Stubblebine 3-9
3.7 Pairwise Shared Keys 3-11
3.8 Blom’s scheme 3-11
3.9 Single Network Wide Key 3-11
3.10 Advantages and Disadvantages of Symmetric Key Distribution 3-12
4 Public Key (Asymmetric) Key Distribution 4-14
4.1 Diffie-Hellman Key Exchange 4-14
4.2 Authenticated Diffie Hellman (Station-to-Station - STS protocol) 4-16
4.3 El Gamal Key Agreement 4-16
4.4 MTI/A0 4-17
4.5 Shamir’s Three-pass protocol 4-18
4.6 COMSET – COMunications SETup 4-20
4.7 Encrypted Key Exchange (EKE) 4-20
4.8 Interlock Protocol 4-21
4.9 Denning Sacco Public Key Exchange 4-21
4.10 Woo Lam Protocol 4-22
4.11 Advantages and Disadvantages of Asymmetric Key Distribution 4-24
5 Fortified Key Negotiation 5-26
6 Quantum key distribution (QKD) 6-28
7 Internet Key Exchange (IKE) 7-31
7.1 IKEv1 7-31
7.2 IKEv2 7-35
7.3 Benefits and Problems of IKE 7-38
8 Distributed Key Management 8-39
8.1 PGP – Pretty Good Privacy 8-39
9 Threshold Scheme 9-40
10 IBE – Identity Based Encryption 10-42
11 Contraints of space based systems 11-1
11.1 Transmission Delays 11-1
11.2 Available Bandwidth 11-1
11.3 Hardware Resources 11-1
11.4 Non-continuous Communications 11-2
11.5 Variable Communication Windows 11-2
11.6 Mission Lifetimes 11-2
12 Reccomendations 12-3
1 Introduction 1-1
1.1 Purpose 1-1
1.2 scope 1-1
1.3 applicability 1-1
1.4 rationale 1-1
1.5 Document structure 1-1
1.6 abbreviations 1-1
1.7 references 1-11-2
2 overview 2-1
3 Contraints of space based systems 3-1
3.1 Transmission Delays 3-1
3.2 Available Bandwidth 3-13-2
3.3 Hardware Resources 3-13-2
3.4 Non-continuous Communications 3-13-2
3.5 Variable Communication Windows 3-13-2
3.6 Mission Lifetimes 3-13-2
3.7 DATA Corruption 3-13-2
3.8 SPOOFING 3-13-2
3.9 Multi organisation vehicles and missions 3-13-3
3.10 Emergency communications 3-13-3
4 Symmetric Key Distribution 4-14-4
4.1 Wide-Mouth Frog 4-14-4
4.2 Needham-Schroeder 4-14-5
4.3 Kerberos 4-14-7
4.4 Otway Rees 4-14-10
4.5 Yahalom 4-14-11
4.6 Neuman-Stubblebine 4-14-12
4.7 Pairwise Shared Keys 4-14-14
4.8 Blom’s scheme 4-14-14
4.9 Single Network Wide Key 4-14-14
4.10 PRELOADED MASTER KEYS 4-14-15
4.11 Advantages and Disadvantages of Symmetric Key Distribution 4-14-15
5 Public Key (Asymmetric) Key Distribution 5-15-17
5.1 Diffie-Hellman Key Exchange 5-15-17
5.2 Authenticated Diffie Hellman (Station-to-Station - STS protocol) 5-15-19
5.3 El Gamal Key Agreement 5-15-19
5.4 MTI/A0 5-15-21
5.5 Shamir’s Three-pass protocol 5-15-22
5.6 COMSET – COMunications SETup 5-15-23
5.7 Encrypted Key Exchange (EKE) 5-15-23
5.8 Interlock Protocol 5-15-24
5.9 Denning Sacco Public Key Exchange 5-15-25
5.10 Woo Lam Protocol 5-15-26
5.11 Advantages and Disadvantages of Asymmetric Key Distribution 5-15-27
6 Fortified Key Negotiation 6-16-29
7 Quantum key distribution (QKD) 7-17-31
8 Internet Key Exchange (IKE) 8-18-34
8.1 IKEv1 8-18-34
8.2 IKEv2 8-18-38
8.3 Benefits and Problems of IKE 8-18-41
9 Distributed Key Management 9-19-43
9.1 PGP – Pretty Good Privacy 9-19-43
10 Threshold Scheme 10-110-44
11 IBE – Identity Based Encryption 11-111-46
12 A Unified Standard? 12-112-49
13 Recomendations 13-113-2
CCSDS [number] Page 13-2 [Month Year]
CCSDS RECOMMENDATION FOR
1 Introduction
1.1 Purpose
This document describes key management techniques and their advantage and disadvantages, in particular key distribution methods or key exchange methods.
Key distribution techniques shall be explained and itsthen its applicability to space and satellites shall be discussed.
1.2 scope
This document shall look at various techniques/protocols used for the establishment of keys and for the generation of shared secret keys.
1.3 applicability
This document is applicable to the members of the CCSDS Security Working Group. It provides background data on different key management techniques currently available in terrestrial systems. This information will help with the discussion of a standard for key management that will form part of the CCSDS Security Architecture.
1.4 rationale
The CCSDS Security Architecture will use encryption to protect communications. The use of encryption necessitates the need for encryption keys. A method is therefore needed to securely transport key material to all authorized parties, and to manage their use.
1.5 Document structure
This document is divided into 13 sections. Section 1 provides this introduction and definitions of commonly used terms. Sections 2 and 3 provides and introduction into the subject matter and the unique environmental factors that space missions have to deal with and how these will affect the different types of key management protocol. Sections 43 to 112 provides a detailed description of different key management protocols. Section 123 discusses whether one unified standard is desirablethe unique environmental factors that space missions have to deal with and how these will affect the different types of key management protocol. Section 134 makes recommendations on the type of key management protocol that should be used in the CCSDS Security Architecture.
1.6 abbreviations
DH Diffie Hellman (Key Exchange)
DOS Denial of Service
CA Certificate Authority
CRL Certificate Revocation List
IBE Identity Based Encryption
IKE Internet Key Exchange
IPSEC Internet Security Protocol
ISAKMP Internet Security Association Key Management Protocol
MAC Message Authentication Code
MIM Man-in-the-Middle
NONCE Number used ONCE
PKG Private Key Generator
PKI Public Key Infrastructure
PRF Pseudo Random Function
RA Registration Authority
SA Security Association
SKEME Secure Key Exchange MEchanismMechanism
STS Station To Station (protocol)
TTP Trusted Third Party
1.7 references
1. Schneier, B, Applied Cryptography, 2nd Edition 1996
2. Kuparinent M, ISAKMP and IKE, Nov 1998,
http://www.tml.hut.fi/Opinnot/Tik-110.501/1998/papers/16isakmp/isakmp.html#300
3. Reib, M, Key Agreement : Network Security Seminar
http://www.fmi.uni-passau.de/lehrstuehle/demeer/seminars/ss_04/NetSec_ss_04/Final-persentation/Key-agreement-max.pdf
4. Voltage Security, http://www.voltage.com/technology/ibe.htm
5. Key Agreement Protocols, http://www.cis.syr.edu/~royer/crypto/slides/keyagree.pdf
6. Thumann, M, PSK Cracking using IKE Aggressive Mode, http://www.ernw.de/download/pskattack.pdf
7. Kim, Y, Key Establishment Protocols, Sept 2001, http://sconce.ics.uci.edu/seminar/slides/chap12.pdf
8. IKE RFC 2049, http://www.faqs.org/rfcs/rfc2409.html
9. id Quantique company website http://www.idquantique.com/products.html
10. Royal Holloway, University of London, http://www.isg.rhul.ac.uk/msc/teaching/ic2/ic2.shtml
12. Encryption Issues, http://www.findarticles.com/p/articles/mi_m0BRZ/is_10_19/ai_57603705
13. Quantum cryptography, http://www.idquantique.com/files/quantis-mcu04.pdf
14. Quantum cryptography tutorial, http://www.cs.dartmouth.edu/~jford/crypto.html
15. Recommendations for Key Management: Part 1, NIST Special Publications 800-57, http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf
16. Recommendation for Space Data System Standard: SCPS-SP, http://public.ccsds.org/publications/archive/713x5b1.pdf
17. The Case For Elliptical Curve Cryptography, http://www.nsa.gov/ia/industry/crypto_elliptic_curve.cfm
18. ID-PKC: a new approach to Public Key Cryptography, http://www.cesg.gov.uk/site/ast/index.cfm?menuSelected=3&displayPage=3
19. An Efficient ID-KEM Based on the Sakai-Kasahara Key Construction, http://www.privatepost.com/ourtechnology/ID-KEMwhitepaper.pdf
CCSDS [number] Page 13-2 [Month Year]
CCSDS RECOMMENDATION FOR
2 overview
Security of data communications systems is a very important issue often not given enough attention. To date, most civil space missions have relied on their uniqueness and obscurity to deter unauthorized access. Some have ignored the issue entirely. However, this is changing due to increased international missions with cross-agency support and the potential use of public ground data networks to transfer mission control and monitoring data. Having said this, there is currently no trusted third party for these agencies.
Unprotected civil space mission communications systems are highly vulnerable due to increased reliance on ubiquitous networks. Furthermore they are a high profile target for malicious attackers to compromise a spacecraft just for fun. Also, spacecraft data may be sensitive from a commercial or operational perspective (e.g. commercial, space-based imagery; dual-use technologies) and therefore confidentiality, authentication, integrity, and access controls will be important considerations.
CCSDS missions must now address security. Military space systems have traditionally included a high level of built-in security whereas civil space missions have little, if any security.
With the general increasing level of security awareness in the information technology (IT) community, civil and scientific missions should not wait to act until after a security incident occurs. The continued expansion of network interconnectivity for data dissemination and science mission scheduling creates new and additional threats against civil space missions. Both intentional and accidental threats should be analyzed and protected against to provide protection of assets and critical services.
As a part of the ongoing drive to produce more secure systems the CCSDS Security working group are producing a recommended security architecture which will form a security framework for missions to use to develop their own security systems. The security architecture will include the use of encryption and as a result of this it has been recognised that a recommended key management system will be needed to manage the secure use and distribution of encryption keys. This document has be produced as a discussion aid and while it is not claimed that the list of protocols within this document are exhaustive it is intended that as many different protocols as possible are discussed within this document.
CCSDS [number] Page 13-2 [Month Year]
CCSDS RECOMMENDATION FOR SECURITY THREATS AGAINST SPACE MISSIONS
3 Contraints of space based systems
Spaced based communication systems have some unique environmental factors affecting them and these must be taken into account when deciding on what key management protocol should be used.
To further complicate matters, these environmental factors are dependant on the orbit of the spacecraft, so that a key management method used in Low Earth Orbit (LEO) might not be applicable for a deep space mission. For compatibility reasons it is recommended that a single key management method be adopted that can be used for all missions.
The constraints that therefore have to be considered when deciding on a key management systems are;
· Transmission delay
· Available bandwidth