Security WG:Report of the Spring

2015 MeetingCaltech, Pasadena CA USA

27 March 2015Howard Weiss

NASA/JPL/PARSONShoward.weiss@parsons.com

+1-443-430-8089

Meeting Agenda

• 23 March 2015– 08:45 – 09:45: CCSDS Plenary (Beckman Institute)– 09:45 – 10:45: Systems Engineering Area (SEA) Plenary (Baxter 33)

– 13:30 – 17:30: Security WG (Baxter 33)– Welcome, introductions, logistics, agenda review

– Review results of Fall 2014 (London) meeting– Status of documents, action items– Future work areas for CWE Framework

– Charter review (if required)– Review the new programs list (all)– CCSDS Credentials (Shames/Weiss, all)

– Federation– Cloud Testing (all)– Threat book revision review (Weiss)– ESA Secure Software Development (Fischer)– Working Group Dinner

Meeting Agenda (cont)• 24 March 2015 (08:45 – 17:30) (Baxter 303)

– Network Layer Security » IPsec Testing + Yellow Book Status (Sheehe/Airaud)» Network layer security for non-IP environments (Fischer/Aguilar-

Sanchez)– Key Management Blue Book (Fischer/Aguilar-Sanchez)

» KM for SDLS extended procedures (Fisher)» KM Green Book

– Link Layer Security Update Discussion (Biggerstaff/Weiss/Aguilar-Sanchez)

– Role-based authentication (FIPS 140) (Biggerstaff)– Proposed new areas of work – continuation of discussions– Other areas of discussion

• 25 March 2015– 08:45-17:30: Space Data Link Security WG (Dabney 110)

• 26 March 2015– 08:45-17:30: Space Data Link Security WG (Dabney 110)

• 27 November 2014– 08:45-12:30: DTN Security (Baxter 127)– 16:00-17:30: SEA Wrap-up Plenary (room 504)

Attendance

Name Organization Email Address

Howard Weiss (Chair) NASA/JPL/PARSONS howard.weiss@parsons.com

Gordon Black UK Space Agency/Qinetiq dgblack@qinetiq.com

Daniel Fischer ESA/ESOC daniel.fischer@esa.int

Ignacio Aguilar-Sanchez ESA/ESTEC ignacio.Aguilar.Sanchez@esa.int

Chuck Sheehe NASA/GRC charles.j.sheehe@nasa.gov

Dorothea Richter DLR dorothea.richter@dlr.de

Julian Airaud CNES julien.airaud@cnes.fr

Mike Pajevski NASA/JPL michael.j.pajevski@jpl.nasa.gov

Brandon Bailey NASA/GSFC brandon.t.bailey@nasa.gov

Craig Biggerstaff NASA/JSC/Lockheed craig.biggerstaff-1@nasa.gov

Executive Summary Attendees from UK Space Agency, ESA/ESTEC, ESA/ESOC, DLR, CNES,

NASA/GRC, NASA/GSFC, NASA/JSC, and NASA/JPL. A minor change will be made to the WG charter to remove references to the

Common Criteria. We revisited our London discussion on SecWG future programs and edited and

adjusted the previous list. Elevated “credentials” work as #1 new work item. Reviewed action items from London. Carrying several forward and all others were

completed. Discussed cloud-based testing environment architectures and potential issues

surrounding its use. Reviewed ESA Secure Software Initiative. Reviewed revision of Threat GB. Minor changes. Plan is to incorporate the final

changes, send it out for final WG call, and then submit for publication. Reviewed Network Layer Security adaption profile testing. Testing is near

completion. Discussed Key Management and the SDLS key management “extended

procedures” documents. The WG has decided that the SecWG KM BB should be changed to a KM MB.

Discussed role-based access controls (FIPS 140-2) application to space. Discussed DTN Security plans and the streamlined Bundle Security Protocol at

DTN meeting. SDLS Red-4 document ready to progress to publication.

Summary of Goals and Deliverables

1. Revised future SecWG programs list and elevated “credentials” program to #1.

2. KM will be changed in CWE from Blue to Magenta Book. SDLS KM document will be a BB (specifics from the SecWG doc)

3. Threat Green Book revision almost complete.

4. NASA/GRC and CNES Network Layer Security testing is completing.

5. SDLS Protocol Red-4 book ready for publication.

6. Engaged with DTN WG on DTN security.

7. Discussed issues surrounding cloud computing testing environment.

SEA Area MID-TERM REPORTSUMMARY TECHNICAL STATUS

1. Security WG

Goal:

Working Status: Active _X_ Idle ____

Summary progress: documents actively being produced: Key Management MB, Threat GB revision, Network Layer BB. All docs green.

Progress since last meeting: threat GB rev, network layer security testing, KM MB progress.

Problems and Issues: None

status: OK CAUTION PROBLEM

Comment: Working Group is advancing and producing good

products.

Docs OK.

Near-Term ScheduleDeliverable Milestone Date

Key Management Magenta Book

• Continue drafting next revision 11/15

Network Layer Profile

• Completed per testing results feedback

Threat Document Revision

• 5rd revised draft 05/15

Network Layer Yellow Book

• Final 05/15

Future Work Areas

(1) Credentials (2016) Certificate management

(2) Secure Software GB (2016) (date TBR) (3) Network layer over space packets (2017) (4) Application layer security (protecting the app layer):

TLS; (2018) providing security services via the application layer (KM, etc)

eg., SM&C MOS (mission operation services). (2020) Link layer security for future unified space link protocol

(migration of SDLS). (2025) SDLS Extended Procedures Green Book (2017) SDLS Extended Procedures Yellow Book (2016) Network Layer (IP) Security Green Book DTN Security

Open Issues See next slide:

Resolutions to be Sent to CESG and Then to CMC

Resolution: The SecWG will be actively engaged in the review of all Red Books: Levels of involvement range from cursory examination of the

Red Books under development, to active involvement in the development of the books.

Response: AD will provide docs to the WG for review in parallel with AD review.

Resolution: All CCSDS document editors will reach out, early in the development of the book to the SecWG to reduce downstream security issues.

Response: AD will provide “pointers” to WGs for SecWG Resolution: Security shall be addressed in all new project

initiations. All new projects should consider the extent to which security is relevant. Considerations will be documented in the project initiation request.

Response: AD forwards new projects definitions to SecWG to analyze security implications & to work with the initiating WG.

Action ItemsItem Number Action Item: Assigned to: Date Due:

SecWG0315:1 • Investigate if optical comm WG is addressing security

Howard Weiss 04/01/15

SecWG0315:2 • Remove Common Criteria reference from WG Charter and investigate what we meant by item #7

Howard Weiss 04/25/15

SecWG0315:3 • Decide/investigate if a network layer security green book is needed and if GRC and CNES are authorized to write it.

Chuck Sheehe, Julian Airaud

05/01/15

SecWG0315:4 • Open a new work item – credentials. Write white book and investigate which members of the WG will work on program.

Howard Weiss 05/01/15

SecWG0315:5 • Investigate when to start work on the Software Security program within the SecWG

Daniel Fischer 04/01/15

SecWG0315:6 • Write white paper on cloud testing for CCSDS (architecture, cloud computing issues, etc) [also action item for SDLS]

Brandon Bailey 07/01/15

SecWG0315:7 • Investigate Agency issues/sensitivities with cloud computing at ESA and CNES

Daniel Fischer, Julian Airaud

09/01/15

Action ItemsItem Number Action Item: Assigned to: Date Due:

SecWG0315:8 • Revise Threat GB per WG comments, send out for last call.

Howard Weiss 06/01/15

SecWG0315:9 • Update CWE entry to change KM from Blue to Magenta book

Howard Weiss 04/15/15

SecWG0315:10 • Update the KM “magenta” book Daniel Fisher 10/15/15

SecWG0315:11 • Follow-up with Peter Shames re: WG resolutions from Noorwijk – feedback?

Howard Weiss 03/30/15

Resource Problems

Resources had been adequate to perform the current tasks although personnel have only limited time percentage to apply to CCSDS tasks.

Risk Management Update

Must ensure that the current trend of additional resources remains and that resources don’t shrink.

Cross Area WG / BOF Issues

Joint meeting with Space Data Link Security (SDLS) WG Joint meeting with Disruption Tolerant Networking (DTN) WG

New Working Items, New BOFs, etc.

Credentials.