<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style>
<!--
@font-face
{font-family:Wingdings}
@font-face
{font-family:"Cambria Math"}
@font-face
{font-family:Calibri}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif}
a:link, span.MsoHyperlink
{color:#0563C1;
text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
{color:#954F72;
text-decoration:underline}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif}
p.msonormal0, li.msonormal0, div.msonormal0
{margin-right:0cm;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif}
span.EmailStyle19
{font-family:"Calibri",sans-serif;
color:windowtext}
span.EmailStyle21
{font-family:"Calibri",sans-serif;
color:windowtext}
.MsoChpDefault
{font-size:10.0pt}
@page WordSection1
{margin:72.0pt 72.0pt 72.0pt 72.0pt}
div.WordSection1
{}
ol
{margin-bottom:0cm}
ul
{margin-bottom:0cm}
-->
</style>
</head>
<body lang="EN-GB" link="#0563C1" vlink="#954F72">
<div style="direction:ltr">BPv7 supports 2 CRC algorithms. There are many other integrity algorithms and if you want to use others, a BPSec BIB can be used for integrity only.</div>
<div style="direction:ltr"><br>
</div>
<div style="direction:ltr">-Ed</div>
<div style="direction:ltr"><br>
</div>
<div>Sent with BlackBerry Work<br>
(www.blackberry.com)</div>
<br>
<br>
<div class="gw_quote" style="border-top:#b5c4df 1pt solid; padding-top:6px; font-size:14px">
<div><b>From: </b><span>SIS-DTN <<a href="mailto:sis-dtn-bounces@mailman.ccsds.org">sis-dtn-bounces@mailman.ccsds.org</a>> on behalf of: Felix Flentge via SIS-DTN <<a href="mailto:sis-dtn@mailman.ccsds.org">sis-dtn@mailman.ccsds.org</a>></span></div>
<div><b>Date: </b><span>Wednesday, Nov 23, 2022 at 2:34 AM</span></div>
<div><b>To: </b><span>sburleig.sb@gmail.com <<a href="mailto:sburleig.sb@gmail.com">sburleig.sb@gmail.com</a>>, 'Dr. Keith L Scott' <<a href="mailto:kscott@mitre.org">kscott@mitre.org</a>>, sea-sec@mailman.ccsds.org <<a href="mailto:sea-sec@mailman.ccsds.org">sea-sec@mailman.ccsds.org</a>>,
sis-dtn@mailman.ccsds.org <<a href="mailto:sis-dtn@mailman.ccsds.org">sis-dtn@mailman.ccsds.org</a>></span></div>
<div><b>Cc: </b><span>'Peter Shames' <<a href="mailto:peter.shames@jpl.nasa.gov">peter.shames@jpl.nasa.gov</a>></span></div>
<div><b>Subject: </b><span>[EXT] Re: [Sis-dtn] SIS-DTN BPsec Profile</span></div>
</div>
<br>
<div>
<div class="WordSection1">
<p class="MsoNormal"><span style="">Hi,</span></p>
<p class="MsoNormal"><span style=""> </span></p>
<p class="MsoNormal"><span style="">BPv7 alone (without BPSEC) can already provide integrity with the (optional) block CRCs. I guess this could be sufficient for Pluto Express.</span></p>
<p class="MsoNormal"><span style=""> </span></p>
<p class="MsoNormal"><span style="">Now, whether we need integrity without authenticity in BPSEC, I am not sure.
</span></p>
<p class="MsoNormal"><span style=""> </span></p>
<div>
<p class="MsoNormal">Regards,</p>
<p class="MsoNormal">Felix</p>
</div>
<p class="MsoNormal"><span style=""> </span></p>
<div>
<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> SIS-DTN <sis-dtn-bounces@mailman.ccsds.org>
<b>On Behalf Of </b>sburleig.sb--- via SIS-DTN<br>
<b>Sent:</b> 22 November 2022 20:33<br>
<b>To:</b> 'Dr. Keith L Scott' <kscott@mitre.org>; sis-dtn@mailman.ccsds.org; sea-sec@mailman.ccsds.org<br>
<b>Cc:</b> 'Peter Shames' <peter.shames@jpl.nasa.gov><br>
<b>Subject:</b> Re: [Sis-dtn] SIS-DTN BPsec Profile</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span lang="EN-US">My sense of integrity vs authority, which may well be wildly wrong, is that integrity can be provided by a checksum or CRC or by a signature computed in a symmetric key that everybody knows, but authority can only be
provided by a signature computed in the sender’s private key (verified in the sender’s known public key). I strongly suspect it’s not that simple, though.</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">Scott</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<div>
<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> SIS-DTN <<a href="mailto:sis-dtn-bounces@mailman.ccsds.org">sis-dtn-bounces@mailman.ccsds.org</a>>
<b>On Behalf Of </b>Dr. Keith L Scott via SIS-DTN<br>
<b>Sent:</b> Tuesday, November 22, 2022 11:04 AM<br>
<b>To:</b> <a href="mailto:sis-dtn@mailman.ccsds.org">sis-dtn@mailman.ccsds.org</a>;
<a href="mailto:sea-sec@mailman.ccsds.org">sea-sec@mailman.ccsds.org</a><br>
<b>Cc:</b> Peter Shames <<a href="mailto:peter.shames@jpl.nasa.gov">peter.shames@jpl.nasa.gov</a>><br>
<b>Subject:</b> [Sis-dtn] SIS-DTN BPsec Profile</span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">Greetings,</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">We have a joint meeting scheduled on Friday Dec 2. This is nominally one of the monthly meetings to discuss the new BPsec Green Book, but I’d like to propose taking the December 2 meeting to discuss the BPsec Blue Book
Profile.</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">I had a discussion w/ Howie the other day that resulted in a number of changes to the document:</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><b><span lang="EN-US">Authenticity</span></b></p>
<p class="MsoNormal"><span lang="EN-US">Antonias had several comments around authenticity and whether or not it made any sense to provide integrity without authenticity. I could envision a mission that wanted to provide data integrity on the science data it
was returning, but might not need/want to provide authenticity. The assumption here would be (I suppose) that it wouldn’t make sense for anyone to fake the data (e.g. a faked image purportedly from Pluto Express showing a sign on the surface “I want to be
a planet again.”?)</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">That said, it seems like the services missions might want to choose from / implement are:</span></p>
<ul type="disc" style="margin-top:0cm">
<li class="MsoListParagraph" style="margin-left:0cm"><span lang="EN-US">Integrity</span></li><li class="MsoListParagraph" style="margin-left:0cm"><span lang="EN-US">Authenticity</span></li><li class="MsoListParagraph" style="margin-left:0cm"><span lang="EN-US">Confidentiality</span></li></ul>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">[I’ll admit to being a bit confused by this; MY model for authenticity would be to use some sort of signed hash on the primary bundle block (which includes the source EID), though I suppose other mechanisms are possible].</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">In the document I tried to use “authenticity / integrity” where appropriate, and to otherwise mention authenticity where I thought it was appropriate. I’d be interested if folks think I got close to right.</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">I still need to add some text around the ‘pick-list’ notion of integrity / authenticity / confidentiality above.</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><b><span lang="EN-US">Security Contexts</span></b></p>
<p class="MsoNormal"><span lang="EN-US">I added some text about security contexts and moved other text around so that security contexts now show up earlier than they used to.</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><b><span lang="EN-US">Default Security Contexts</span></b></p>
<p class="MsoNormal"><span lang="EN-US">RFC9173 contains a set of default security contexts for BPsec:</span></p>
<ul type="disc" style="margin-top:0cm">
<li class="MsoListParagraph" style="margin-left:0cm"><span lang="EN-US">Integrity Security Context BIB-HMAC-SHA2</span></li><li class="MsoListParagraph" style="margin-left:0cm"><span lang="EN-US">Security Context BCB-AES-GCM</span></li></ul>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">I think the questions I’d like to get at at next week’s telecon is:</span></p>
<ul type="disc" style="margin-top:0cm">
<li class="MsoListParagraph" style="margin-left:0cm"><span lang="EN-US">Do we need a set of default security contexts for the CCSDS Profile of BPsec?</span>
<ul type="circle" style="margin-top:0cm">
<li class="MsoListParagraph" style="margin-left:0cm"><span lang="EN-US">I think so. Maybe not even mandatory to implement but at least a defined set that can be used for testing?</span></li></ul>
</li><li class="MsoListParagraph" style="margin-left:0cm"><span lang="EN-US">If the answer to the above is in fact ‘yes’ – what should we use for the default profiles? The current book has (I think) essentially RCC9172 pulled in, but then it looks like somebody
(apologies, the changes are only marked as ‘Author’) seems to have suggested changing some of the recommended key sizes.</span></li></ul>
<p class="MsoNormal"><span lang="EN-US">So, if we could at least start talking about a nominal set of security contexts for the profile I think that would get us a LOT further down the road to getting the book out.</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"> v/r,</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"> --keith</span></p>
</div>
This message is intended only for the recipient(s) named above. It may contain proprietary information and/or protected content. Any unauthorised disclosure, use, retention or dissemination is prohibited. If you have received this e-mail in error, please notify
the sender immediately. ESA applies appropriate organisational measures to protect personal data, in case of data privacy queries, please contact the ESA Data Protection Officer (dpo@esa.int).
</div>
</body>
</html>