Upload
marah-paul
View
34
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Security WG: Report of the Fall 2010 Meeting. BSI, London UK October 29, 2010 Howard Weiss NASA/JPL/Cobham [email protected] +1-443-430-8089 skype: hsweiss. Meeting Agenda. 26 October 2010 (09:00 – 17:00) - PowerPoint PPT Presentation
Citation preview
Security WG:Report of the Fall 2010
MeetingBSI, London UK
October 29, 2010Howard Weiss
NASA/JPL/[email protected]
+1-443-430-8089skype: hsweiss
Meeting Agenda
•26 October 2010 (09:00 – 17:00)–Welcome, opening remarks, logistics, agenda bashing, introduction for new attendees –Review results of Spring 2010 (Portsmouth) meeting–Security Architecture final words/status (Black)–UK Space Agency (Black)–Review CWE WG entries: charter, programs, schedules–Algorithm Document review (Weiss)
–testing for Yellow Book (all)–Additional Algorithms from ISO/IEC 19772 (Aguilar-Sanchez/Weiss)
–Glossary Review (Weiss)
Meeting Agenda (cont)
• 27 October 2010 (09:00 – 17:00)– Mission Planner’s Guide (Biggerstaff)– Key Management (Fischer/Sanchez-Aguilar)– Network Layer Security (Pajevski/Weiss)– Link Layer Security (Biggerstaff/Weiss/all)– Other areas of discussion– New work areas
• 28 October 2010 – 09:00-17:00: Space Data Link Security WG
• 29 October 2010– 09:00-12:30: Space Data Link Security WG– 13:00-17:00: SEA Wrap-up Plenary
AttendanceName Organization Email Address
Howard Weiss (Chair) NASA/JPL/Cobham [email protected]
Gordon Black BNSC/Logica [email protected]
Daniel Fischer ESA/ESOC [email protected]
Martin Pilgram DLR [email protected]
Craig Biggerstaff NASA/JSC/Lockheed [email protected]
Ignacio Aguilar-Sanchez ESA/ESTEC [email protected]
Marc Blanchet CSA/Viagenie [email protected]
Ed Birrane NASA/APL [email protected]
Zhang Liping BITTT/CLTC (China) [email protected]
Du Man BITTT/CLTC (China) [email protected]
Heping Zhao CNSA/CAST [email protected]
Marcin Gnat DLR [email protected]
Executive Summary Attendees from UK Space Agency, ESA/ESTEC, ESA/ESOC, DLR,,
CSA, NASA/JSC, and NASA/JPL. No attendees from CNES, ASI, and NASA/GSFC.
Discussed charter revisions: needs word-smithing + updated schedules.
Discussed status of the new UK Space Agency. Reviewed the Security Architecture: submitted to AD. Reviewed Algorithm Book: a few modifications. Reviewed Security Glossary: review in accordance with ISO definitions. Reviewed Mission Planners Guide – minor edits and then final. Reviewed Key Management Green Book: complete, send to AD. Discussed KM Blue Book. Making progress. Discussed network layer security. Not much progress on the “profile” to
date. Telecon to be held in Feb to discuss Key Management status. SDLS making good progress.
Summary of Goals and Deliverables1. Discussed and agreed upon charter updates.
2. Security Architecture submitted for secretariat editing & agency review.
3. Algorithm document additional comments/changes. Changed default authentication algorithm (because its “cheaper”). Need to get started on Yellow Book for testing.
4. Mission Planners Guide completed – to Secretariat.
5. Key Management green book – send to Secretariat.
6. KM Blue Book for symmetric KM making good progress. Discussed integration of KM w/SM&C.
7. Security glossary – need to coordinate with on-line CCSDS glossary. Also need to substitute ISO definitions where available.
8. Network layer security – behind schedule but making progress.
9. Discussed potential integration of security w/SLE.
10. SDLS BB reviewed in detail.
SEA Area MID-TERM REPORTSUMMARY TECHNICAL STATUS
1. Security WG
Goal:
Working Status: Active _X_ Idle ____
Summary progress: Seven documents actively being produced (Glossary, Key Management (2), Mission Planners Guide, Algorithms, Network Layer). All docs green.
Progress since last meeting: mission planners guide and KM Green completed final edits. Other books progressing.
Problems and Issues: Resources – Excellent right now but need to ensure continued participation from all member agencies
status: OK CAUTION PROBLEM
Comment: Working Group is advancing and producing good
products.
Docs OK.
Near-Term ScheduleDeliverable Milestone Date
Charter Revision
• Update work programs 12/10
Algorithm Blue Book
• Incorporate changes per mtg 01/11
Key Management Green Book
• Submit to Secretariat 11/10
Key Management Blue Book
• Continue drafting white book• Review for Berlin
03/11
Near-Term Schedule (cont)
Mission Planners Security Guide
• Final edits• Submit to Secretariat
Common Criteria Protection Profiles
On hold TBD
Application Layer Security
On hold TBD
Network Layer Security “Profile”
White Book (Green) 02/11
Security WG Overview & Capabilities Presentation
Create WG overview as basis for explaining capabilities to other WG
In process – draft completed
Open Issues
None
Action ItemsItem Number Action Item: Assigned to: Date Due:
SecWG1010:1 • Check with Eric Barkley re: integrating stronger security into SLS beyond what is there currently.
Howard Weiss 11/30/10
SecWG1010:2 • Check with SIS to determine if IPSec is planned to be integrated into the IP over CCSDS book.
Howard Weiss 11/30/10
SecWG1010:3 • Review current threat book for potential revisions (add as much detail as possible w/o compromising its public release).
All 02/28/11
SecWG1010:4 • Recertify those who have subscribed to the Security WG mailing list.
Howard Weiss 11/30/10
SecWG1010:5 • Write testing Yellow Book to accompany the Algorithms book (draft for Berlin mtg). Investigate contents of Yellow Books.
Howard Weiss 05/15/11
SecWG1010:6 • Obtain information on Agency testing plans for algorithms document.
All 02/28/11
Action Items (2)SecWG1010:7 • Resolve CNES comments/insertions in Mission
Planner’s Guide.Craig Biggerstaff 11/30/10
SecWG1010:8 • Send final version of Mission Planner’s guide to AD and Secretariat.
Howard Weiss 12/15/10
SecWG1010:9 • Send final version of Key Management Green Book to AD and Secreatariat
Howard Weiss 11/30/10
SecWG1010:10 • Key Management Symmetric Blue Book Interoperability: how do we perform testing across multiple implementations; how do we write an abstract document with enough specification to enable interoperability testing.
Daniel Fischer 12/15/10
SecWG1010:11 • Schedule a telecon in mid February to discuss Key Management
Howard Weiss 11/30/10
SecWG1010:12 • Check with Secretariat & SANA regarding the on-line CCSDS glossary and how the security glossary would be integrated
Howard Weiss 02/15/11
SecWG1010:13 • Trace security glossary definitions to ISO 7498-2 and ISO 27001. Where ISO definitions exist, use those in place of the various other definition sources.
Howard Weiss 03/01/11
Resource Problems
Resources are adequate to perform the current tasks. However, testing will require additional resources (or redirection
of current resources) Not clear which agencies will have resources to apply –
depending on level & detail of testing.
Risk Management Update
Must ensure that the current trend of additional resources remains and that resources don’t shrink.
Cross Area WG / BOF Issues
Joint meeting with Space Data Link Security WG Lunch-time meeting with SM&C Inputs to DTN on security
Resolutions to be Sent to CESG and Then to CMC
None
New Working Items, New BOFs, etc.
None