Security WG:Report of the Fall 2010

MeetingBSI, London UK

October 29, 2010Howard Weiss

NASA/JPL/Cobhamhoward.weiss@cobham.com

+1-443-430-8089skype: hsweiss

Meeting Agenda

•26 October 2010 (09:00 – 17:00)–Welcome, opening remarks, logistics, agenda bashing, introduction for new attendees –Review results of Spring 2010 (Portsmouth) meeting–Security Architecture final words/status (Black)–UK Space Agency (Black)–Review CWE WG entries: charter, programs, schedules–Algorithm Document review (Weiss)

–testing for Yellow Book (all)–Additional Algorithms from ISO/IEC 19772 (Aguilar-Sanchez/Weiss)

–Glossary Review (Weiss)

Meeting Agenda (cont)

• 27 October 2010 (09:00 – 17:00)– Mission Planner’s Guide (Biggerstaff)– Key Management (Fischer/Sanchez-Aguilar)– Network Layer Security (Pajevski/Weiss)– Link Layer Security (Biggerstaff/Weiss/all)– Other areas of discussion– New work areas

• 28 October 2010 – 09:00-17:00: Space Data Link Security WG

• 29 October 2010– 09:00-12:30: Space Data Link Security WG– 13:00-17:00: SEA Wrap-up Plenary

AttendanceName Organization Email Address

Howard Weiss (Chair) NASA/JPL/Cobham howard.weiss@sparta.com

Gordon Black BNSC/Logica gordon.black@logica.com

Daniel Fischer ESA/ESOC daniel.fischer@esa.int

Martin Pilgram DLR martin.pilgram@dlr.de

Craig Biggerstaff NASA/JSC/Lockheed craig.biggerstaff-1@nasa.gov

Ignacio Aguilar-Sanchez ESA/ESTEC ignacio.Aguilar.Sanchez@esa.int

Marc Blanchet CSA/Viagenie marc.blanchet@viagenie.ca

Ed Birrane NASA/APL edward.birrane@jhuapl.edu

Zhang Liping BITTT/CLTC (China) zhangliping@bittt.cn

Du Man BITTT/CLTC (China) wangbo@bittt.cn

Heping Zhao CNSA/CAST zhpcast@public3.bta.net.cn

Marcin Gnat DLR marcin.gnat@dlr.de

Executive Summary Attendees from UK Space Agency, ESA/ESTEC, ESA/ESOC, DLR,,

CSA, NASA/JSC, and NASA/JPL. No attendees from CNES, ASI, and NASA/GSFC.

Discussed charter revisions: needs word-smithing + updated schedules.

Discussed status of the new UK Space Agency. Reviewed the Security Architecture: submitted to AD. Reviewed Algorithm Book: a few modifications. Reviewed Security Glossary: review in accordance with ISO definitions. Reviewed Mission Planners Guide – minor edits and then final. Reviewed Key Management Green Book: complete, send to AD. Discussed KM Blue Book. Making progress. Discussed network layer security. Not much progress on the “profile” to

date. Telecon to be held in Feb to discuss Key Management status. SDLS making good progress.

Summary of Goals and Deliverables1. Discussed and agreed upon charter updates.

2. Security Architecture submitted for secretariat editing & agency review.

3. Algorithm document additional comments/changes. Changed default authentication algorithm (because its “cheaper”). Need to get started on Yellow Book for testing.

4. Mission Planners Guide completed – to Secretariat.

5. Key Management green book – send to Secretariat.

6. KM Blue Book for symmetric KM making good progress. Discussed integration of KM w/SM&C.

7. Security glossary – need to coordinate with on-line CCSDS glossary. Also need to substitute ISO definitions where available.

8. Network layer security – behind schedule but making progress.

9. Discussed potential integration of security w/SLE.

10. SDLS BB reviewed in detail.

SEA Area MID-TERM REPORTSUMMARY TECHNICAL STATUS

1. Security WG

Goal:

Working Status: Active _X_ Idle ____

Summary progress: Seven documents actively being produced (Glossary, Key Management (2), Mission Planners Guide, Algorithms, Network Layer). All docs green.

Progress since last meeting: mission planners guide and KM Green completed final edits. Other books progressing.

Problems and Issues: Resources – Excellent right now but need to ensure continued participation from all member agencies

status: OK CAUTION PROBLEM

Comment: Working Group is advancing and producing good

products.

Docs OK.

Near-Term ScheduleDeliverable Milestone Date

Charter Revision

• Update work programs 12/10

Algorithm Blue Book

• Incorporate changes per mtg 01/11

Key Management Green Book

• Submit to Secretariat 11/10

Key Management Blue Book

• Continue drafting white book• Review for Berlin

03/11

Near-Term Schedule (cont)

Mission Planners Security Guide

• Final edits• Submit to Secretariat

Common Criteria Protection Profiles

On hold TBD

Application Layer Security

On hold TBD

Network Layer Security “Profile”

White Book (Green) 02/11

Security WG Overview & Capabilities Presentation

Create WG overview as basis for explaining capabilities to other WG

In process – draft completed

Open Issues

None

Action ItemsItem Number Action Item: Assigned to: Date Due:

SecWG1010:1 • Check with Eric Barkley re: integrating stronger security into SLS beyond what is there currently.

Howard Weiss 11/30/10

SecWG1010:2 • Check with SIS to determine if IPSec is planned to be integrated into the IP over CCSDS book.

Howard Weiss 11/30/10

SecWG1010:3 • Review current threat book for potential revisions (add as much detail as possible w/o compromising its public release).

All 02/28/11

SecWG1010:4 • Recertify those who have subscribed to the Security WG mailing list.

Howard Weiss 11/30/10

SecWG1010:5 • Write testing Yellow Book to accompany the Algorithms book (draft for Berlin mtg). Investigate contents of Yellow Books.

Howard Weiss 05/15/11

SecWG1010:6 • Obtain information on Agency testing plans for algorithms document.

All 02/28/11

Action Items (2)SecWG1010:7 • Resolve CNES comments/insertions in Mission

Planner’s Guide.Craig Biggerstaff 11/30/10

SecWG1010:8 • Send final version of Mission Planner’s guide to AD and Secretariat.

Howard Weiss 12/15/10

SecWG1010:9 • Send final version of Key Management Green Book to AD and Secreatariat

Howard Weiss 11/30/10

SecWG1010:10 • Key Management Symmetric Blue Book Interoperability: how do we perform testing across multiple implementations; how do we write an abstract document with enough specification to enable interoperability testing.

Daniel Fischer 12/15/10

SecWG1010:11 • Schedule a telecon in mid February to discuss Key Management

Howard Weiss 11/30/10

SecWG1010:12 • Check with Secretariat & SANA regarding the on-line CCSDS glossary and how the security glossary would be integrated

Howard Weiss 02/15/11

SecWG1010:13 • Trace security glossary definitions to ISO 7498-2 and ISO 27001. Where ISO definitions exist, use those in place of the various other definition sources.

Howard Weiss 03/01/11

Resource Problems

Resources are adequate to perform the current tasks. However, testing will require additional resources (or redirection

of current resources) Not clear which agencies will have resources to apply –

depending on level & detail of testing.

Risk Management Update

Must ensure that the current trend of additional resources remains and that resources don’t shrink.

Cross Area WG / BOF Issues

Joint meeting with Space Data Link Security WG Lunch-time meeting with SM&C Inputs to DTN on security

Resolutions to be Sent to CESG and Then to CMC

None

New Working Items, New BOFs, etc.

None