security wg: report of the spring 2015 meeting caltech, pasadena ca usa 27 march 2015 howard weiss...
TRANSCRIPT
![Page 1: Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1-443-430-8089](https://reader036.vdocuments.us/reader036/viewer/2022082404/56649e105503460f94afba1f/html5/thumbnails/1.jpg)
Security WG:Report of the Spring
2015 MeetingCaltech, Pasadena CA USA
27 March 2015Howard Weiss
NASA/JPL/[email protected]
+1-443-430-8089
![Page 2: Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1-443-430-8089](https://reader036.vdocuments.us/reader036/viewer/2022082404/56649e105503460f94afba1f/html5/thumbnails/2.jpg)
Meeting Agenda
• 23 March 2015– 08:45 – 09:45: CCSDS Plenary (Beckman Institute)– 09:45 – 10:45: Systems Engineering Area (SEA) Plenary (Baxter 33)
– 13:30 – 17:30: Security WG (Baxter 33)– Welcome, introductions, logistics, agenda review
– Review results of Fall 2014 (London) meeting– Status of documents, action items– Future work areas for CWE Framework
– Charter review (if required)– Review the new programs list (all)– CCSDS Credentials (Shames/Weiss, all)
– Federation– Cloud Testing (all)– Threat book revision review (Weiss)– ESA Secure Software Development (Fischer)– Working Group Dinner
![Page 3: Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1-443-430-8089](https://reader036.vdocuments.us/reader036/viewer/2022082404/56649e105503460f94afba1f/html5/thumbnails/3.jpg)
Meeting Agenda (cont)• 24 March 2015 (08:45 – 17:30) (Baxter 303)
– Network Layer Security » IPsec Testing + Yellow Book Status (Sheehe/Airaud)» Network layer security for non-IP environments (Fischer/Aguilar-
Sanchez)– Key Management Blue Book (Fischer/Aguilar-Sanchez)
» KM for SDLS extended procedures (Fisher)» KM Green Book
– Link Layer Security Update Discussion (Biggerstaff/Weiss/Aguilar-Sanchez)
– Role-based authentication (FIPS 140) (Biggerstaff)– Proposed new areas of work – continuation of discussions– Other areas of discussion
• 25 March 2015– 08:45-17:30: Space Data Link Security WG (Dabney 110)
• 26 March 2015– 08:45-17:30: Space Data Link Security WG (Dabney 110)
• 27 November 2014– 08:45-12:30: DTN Security (Baxter 127)– 16:00-17:30: SEA Wrap-up Plenary (room 504)
![Page 4: Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1-443-430-8089](https://reader036.vdocuments.us/reader036/viewer/2022082404/56649e105503460f94afba1f/html5/thumbnails/4.jpg)
Attendance
Name Organization Email Address
Howard Weiss (Chair) NASA/JPL/PARSONS [email protected]
Gordon Black UK Space Agency/Qinetiq [email protected]
Daniel Fischer ESA/ESOC [email protected]
Ignacio Aguilar-Sanchez ESA/ESTEC [email protected]
Chuck Sheehe NASA/GRC [email protected]
Dorothea Richter DLR [email protected]
Julian Airaud CNES [email protected]
Mike Pajevski NASA/JPL [email protected]
Brandon Bailey NASA/GSFC [email protected]
Craig Biggerstaff NASA/JSC/Lockheed [email protected]
![Page 5: Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1-443-430-8089](https://reader036.vdocuments.us/reader036/viewer/2022082404/56649e105503460f94afba1f/html5/thumbnails/5.jpg)
Executive Summary Attendees from UK Space Agency, ESA/ESTEC, ESA/ESOC, DLR, CNES,
NASA/GRC, NASA/GSFC, NASA/JSC, and NASA/JPL. A minor change will be made to the WG charter to remove references to the
Common Criteria. We revisited our London discussion on SecWG future programs and edited and
adjusted the previous list. Elevated “credentials” work as #1 new work item. Reviewed action items from London. Carrying several forward and all others were
completed. Discussed cloud-based testing environment architectures and potential issues
surrounding its use. Reviewed ESA Secure Software Initiative. Reviewed revision of Threat GB. Minor changes. Plan is to incorporate the final
changes, send it out for final WG call, and then submit for publication. Reviewed Network Layer Security adaption profile testing. Testing is near
completion. Discussed Key Management and the SDLS key management “extended
procedures” documents. The WG has decided that the SecWG KM BB should be changed to a KM MB.
Discussed role-based access controls (FIPS 140-2) application to space. Discussed DTN Security plans and the streamlined Bundle Security Protocol at
DTN meeting. SDLS Red-4 document ready to progress to publication.
![Page 6: Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1-443-430-8089](https://reader036.vdocuments.us/reader036/viewer/2022082404/56649e105503460f94afba1f/html5/thumbnails/6.jpg)
Summary of Goals and Deliverables
1. Revised future SecWG programs list and elevated “credentials” program to #1.
2. KM will be changed in CWE from Blue to Magenta Book. SDLS KM document will be a BB (specifics from the SecWG doc)
3. Threat Green Book revision almost complete.
4. NASA/GRC and CNES Network Layer Security testing is completing.
5. SDLS Protocol Red-4 book ready for publication.
6. Engaged with DTN WG on DTN security.
7. Discussed issues surrounding cloud computing testing environment.
![Page 7: Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1-443-430-8089](https://reader036.vdocuments.us/reader036/viewer/2022082404/56649e105503460f94afba1f/html5/thumbnails/7.jpg)
SEA Area MID-TERM REPORTSUMMARY TECHNICAL STATUS
1. Security WG
Goal:
Working Status: Active _X_ Idle ____
Summary progress: documents actively being produced: Key Management MB, Threat GB revision, Network Layer BB. All docs green.
Progress since last meeting: threat GB rev, network layer security testing, KM MB progress.
Problems and Issues: None
status: OK CAUTION PROBLEM
Comment: Working Group is advancing and producing good
products.
Docs OK.
![Page 8: Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1-443-430-8089](https://reader036.vdocuments.us/reader036/viewer/2022082404/56649e105503460f94afba1f/html5/thumbnails/8.jpg)
Near-Term ScheduleDeliverable Milestone Date
Key Management Magenta Book
• Continue drafting next revision 11/15
Network Layer Profile
• Completed per testing results feedback
Threat Document Revision
• 5rd revised draft 05/15
Network Layer Yellow Book
• Final 05/15
![Page 9: Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1-443-430-8089](https://reader036.vdocuments.us/reader036/viewer/2022082404/56649e105503460f94afba1f/html5/thumbnails/9.jpg)
Future Work Areas
(1) Credentials (2016) Certificate management
(2) Secure Software GB (2016) (date TBR) (3) Network layer over space packets (2017) (4) Application layer security (protecting the app layer):
TLS; (2018) providing security services via the application layer (KM, etc)
eg., SM&C MOS (mission operation services). (2020) Link layer security for future unified space link protocol
(migration of SDLS). (2025) SDLS Extended Procedures Green Book (2017) SDLS Extended Procedures Yellow Book (2016) Network Layer (IP) Security Green Book DTN Security
![Page 10: Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1-443-430-8089](https://reader036.vdocuments.us/reader036/viewer/2022082404/56649e105503460f94afba1f/html5/thumbnails/10.jpg)
Open Issues See next slide:
![Page 11: Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1-443-430-8089](https://reader036.vdocuments.us/reader036/viewer/2022082404/56649e105503460f94afba1f/html5/thumbnails/11.jpg)
Resolutions to be Sent to CESG and Then to CMC
Resolution: The SecWG will be actively engaged in the review of all Red Books: Levels of involvement range from cursory examination of the
Red Books under development, to active involvement in the development of the books.
Response: AD will provide docs to the WG for review in parallel with AD review.
Resolution: All CCSDS document editors will reach out, early in the development of the book to the SecWG to reduce downstream security issues.
Response: AD will provide “pointers” to WGs for SecWG Resolution: Security shall be addressed in all new project
initiations. All new projects should consider the extent to which security is relevant. Considerations will be documented in the project initiation request.
Response: AD forwards new projects definitions to SecWG to analyze security implications & to work with the initiating WG.
![Page 12: Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1-443-430-8089](https://reader036.vdocuments.us/reader036/viewer/2022082404/56649e105503460f94afba1f/html5/thumbnails/12.jpg)
Action ItemsItem Number Action Item: Assigned to: Date Due:
SecWG0315:1 • Investigate if optical comm WG is addressing security
Howard Weiss 04/01/15
SecWG0315:2 • Remove Common Criteria reference from WG Charter and investigate what we meant by item #7
Howard Weiss 04/25/15
SecWG0315:3 • Decide/investigate if a network layer security green book is needed and if GRC and CNES are authorized to write it.
Chuck Sheehe, Julian Airaud
05/01/15
SecWG0315:4 • Open a new work item – credentials. Write white book and investigate which members of the WG will work on program.
Howard Weiss 05/01/15
SecWG0315:5 • Investigate when to start work on the Software Security program within the SecWG
Daniel Fischer 04/01/15
SecWG0315:6 • Write white paper on cloud testing for CCSDS (architecture, cloud computing issues, etc) [also action item for SDLS]
Brandon Bailey 07/01/15
SecWG0315:7 • Investigate Agency issues/sensitivities with cloud computing at ESA and CNES
Daniel Fischer, Julian Airaud
09/01/15
![Page 13: Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1-443-430-8089](https://reader036.vdocuments.us/reader036/viewer/2022082404/56649e105503460f94afba1f/html5/thumbnails/13.jpg)
Action ItemsItem Number Action Item: Assigned to: Date Due:
SecWG0315:8 • Revise Threat GB per WG comments, send out for last call.
Howard Weiss 06/01/15
SecWG0315:9 • Update CWE entry to change KM from Blue to Magenta book
Howard Weiss 04/15/15
SecWG0315:10 • Update the KM “magenta” book Daniel Fisher 10/15/15
SecWG0315:11 • Follow-up with Peter Shames re: WG resolutions from Noorwijk – feedback?
Howard Weiss 03/30/15
![Page 14: Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1-443-430-8089](https://reader036.vdocuments.us/reader036/viewer/2022082404/56649e105503460f94afba1f/html5/thumbnails/14.jpg)
Resource Problems
Resources had been adequate to perform the current tasks although personnel have only limited time percentage to apply to CCSDS tasks.
![Page 15: Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1-443-430-8089](https://reader036.vdocuments.us/reader036/viewer/2022082404/56649e105503460f94afba1f/html5/thumbnails/15.jpg)
Risk Management Update
Must ensure that the current trend of additional resources remains and that resources don’t shrink.
![Page 16: Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1-443-430-8089](https://reader036.vdocuments.us/reader036/viewer/2022082404/56649e105503460f94afba1f/html5/thumbnails/16.jpg)
Cross Area WG / BOF Issues
Joint meeting with Space Data Link Security (SDLS) WG Joint meeting with Disruption Tolerant Networking (DTN) WG
![Page 17: Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1-443-430-8089](https://reader036.vdocuments.us/reader036/viewer/2022082404/56649e105503460f94afba1f/html5/thumbnails/17.jpg)
New Working Items, New BOFs, etc.
Credentials.
![Page 18: Security WG: Report of the Spring 2015 Meeting Caltech, Pasadena CA USA 27 March 2015 Howard Weiss NASA/JPL/PARSONS howard.weiss@parsons.com +1-443-430-8089](https://reader036.vdocuments.us/reader036/viewer/2022082404/56649e105503460f94afba1f/html5/thumbnails/18.jpg)