ccsds security working group program space it security standards products howard weiss sparta, inc....
TRANSCRIPT
CCSDS Security Working Group Program
Space IT Security Standards Products
Howard WeissSPARTA, Inc. (a Parsons Company)
Agenda
• Purpose• Problem statement• Example threats• Documents
– The Security Portfolio
Security WG Purpose
• Develop Security Recommendations• Develop security guides and informative
documents• Provide advice and guidance to all CCSDS WGs• Space Data Link Security Protocol (joint dev)• S/C monitor & Control, Space Link
– Encryption Protocols, – Authentication Protocols– Key Management Protocols
Problem Statement• “Low cost” acquisition and transmitting equipment and services• Unencrypted “cleartext” Commands and Telemetry
– What if the information is intercepted by unfriendly adversary• Replay commands at later time• Modify then replay commands at another time• Use your data against you (“unencrypted UAV syndrome”)
• Unauthenticated Telemetry and Commands– What if you don’t care if an adversary gets the data ; “It’s just science data!”
• Dual use technology• Did the command arrive unmodified? (authentic)
– Did authorized organization transmit it? (authenticated, not replayed)
• “Proprietary/Legacy” solutions lack cross support• Many security standards but so few work well in space environments.
Space Elements
• Space Debris• Replay• Link Jamming• Unauthorised Access• Software Threats
System / Network
• Replay• Link Jamming• Interception (theft)• Unauthorised Access• Software Threats• Traffic Analysis
Control
• Replay• Unauthorised Access• Software Threats• Social Hacking• Physical Attacks
Users
• Interception• Software
Threats• Social Hacking• Physical
Attacks
HardwareFailure
Example Threats
RF RF
DB
Relay Satellite owned By company B
RF
DB
Bus TT&C
Instrument owned by agency F
Instrument ownedby agency BOBD
H
Satellite owned by company A
RF
GSG
Owned by company BGround Tracking Network
DB
Spacecraft Control Centre
Owned by Agency A
Agency BInstrument
ControlCentre
DB
ScienceFacility
DB
University ASLE
SLE
FTP
• Jamming• Eavesdropping• Replay• Unauthorized Access• Traffic Analysis• Data Modification
• Denial of Service• Eavesdropping• Replay• Unauthorized Access• Traffic Analysis• Data Modification
• Replay• Unauthorised Access• Software Threats
• Replay• Unauthorised Access• Software Threats• Eavesdropping• Denial of Service• Data Modification
• Replay• Unauthorised Access• Software Threats• Denial of Service• Social Hacking
• Replay• Unauthorised Access• Software Threats• Denial of Service• Social Hacking
Security WG Document Tree
The Application of CCSDS Protocols to Secure Systems
CCSDS 350.0-G-2
Security Threatsagainst Space Missions
CCSDS 350.1-G-1
CCSDS Guide forSecure System Interconnection
CCSDS 350.4-G-0
Security Guide forMission Planners
CCSDS 350.7-G-1
CCSDS Recommended Practicefor a Key Management Scheme
CCSDS 351.0-W-x
Space MissionsKey Management Concept
CCSDS 350.6-G-x
Security Architecture for Space Data Systems
CCSDS 350.5-R-1
Design
Space Data Link SecurityConcept of Operation
CCSDS xxx.x-G-x
Space Data Link SecurityProtocol
CCSDS 132.5.W-1
ImplementationPlanning & Assessment
Companiondocuments
Companiondocuments
CCSDS Security Algorithms
CCSDS xxx.x-B-x
Security WG Document Conception
CCSDS Guide to SecureSystem Interconnection
CCSDS Recommended Practice for a Key
Management Scheme
Space Data Link SecurityConcept of Operation
Space Data Link SecurityProtocol
Space MissionsKey Management Concept
Security Threats Against Space Missions
Security Architecture for Space Data Systems
The Application ofCCSDS Protocolsto Secure Systems
CCSDS Security Algorithms
Security Guide forMission Planners
Network Layer Security(future work area)
Application Layer Security(future work area)
Security Protection Profiles(future work area)
Published Document Links• The Application of CCSDS Protocols to Secure Systems. Green Book. Issue 2.
January 2006. http://public.ccsds.org/publications/archive/350x0g2.pdf• Security Threats against Space Missions. Green Book. Issue 1. October 2006.
http://public.ccsds.org/publications/archive/350x1g1.pdf• Encryption Algorithm Trade Survey. Green Book. Issue 1. March 2008.
http://public.ccsds.org/publications/archive/350x2g1.pdf• Authentication/Integrity Algorithm Issues Survey. Green Book. Issue 1.
March 2008. http://public.ccsds.org/publications/archive/350x3g1.pdf• CCSDS Guide for Secure System Interconnection. Green Book. Issue 1.
November 2007. http://public.ccsds.org/publications/archive/350x4g1.pdf• Space Missions Key Management Concept. Green Book. Issue 1. November
2011. http://public.ccsds.org/publications/archive/350x6g1.pdf• Security Guide for Mission Planners. Green Book. Issue 1. October 2011.
http://public.ccsds.org/publications/archive/350x7g1.pdf