<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I think it depends on the threat against which key verification is intended to protect. If the threat is intentional tampering (however that might be carried
out), then CRC verification is insufficient; an attacker easily could create a substitute key with CRC matching the original, if he knew it was necessary to match it. But if the threat is merely a failure in onboard key storage, then CRC verification should
still provide reasonably high confidence that the key onboard is the same as what was sent. The OTAR directive already protects keys during transmission from the ground.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Craig<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> sls-sea-dls-bounces@mailman.ccsds.org [mailto:sls-sea-dls-bounces@mailman.ccsds.org]
<b>On Behalf Of </b>Daniel.Fischer@esa.int<br>
<b>Sent:</b> Sunday, April 17, 2016 6:13 AM<br>
<b>To:</b> sls-sea-dls@mailman.ccsds.org<br>
<b>Subject:</b> [Sls-sea-dls] Key Verification using CRC<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Dear all,</span>
<br>
<br>
<span style="font-size:10.0pt;font-family:"Arial",sans-serif">I was discussing our new approach to key verification using the onboard-stored CRCs with David,</span>
<br>
<br>
<span style="font-size:10.0pt;font-family:"Arial",sans-serif">He came up with a keen observation. </span>
<br>
<br>
<span style="font-size:10.0pt;font-family:"Arial",sans-serif">The CRC-based key verification is somewhat weaker than one based on a challenge-response. The reason is that the CRC ensues you that the key at a certain slot is still OK in terms of integrity. In
contrast to the challenge-response approach it DOES NOT tell you that the key is the same as the key with same key ID on ground.</span>
<br>
<br>
<span style="font-size:10.0pt;font-family:"Arial",sans-serif">Is this an issue for us? What do you think? The only way we have to check key synchronisation is to use a key for actual traffic protection and see if it works.</span>
<br>
<br>
<span style="font-size:10.0pt;font-family:"Arial",sans-serif">What do you think?</span>
<br>
<br>
<span style="font-size:10.0pt;font-family:"Arial",sans-serif">Cheers</span> <br>
<span style="font-size:10.0pt;font-family:"Arial",sans-serif">Daniel</span> <br>
<span style="font-size:10.0pt;font-family:"Arial",sans-serif"><br>
<br>
<br>
<br>
Dr. Daniel Fischer<br>
----------------------------<br>
Data Systems Manager<br>
Ground Segment Engineering Support Office (OPS-GE)<br>
Ground Systems Engineering Department<br>
Directorate of Operations<br>
<br>
European Space Agency - ESOC<br>
Robert-Bosch-Str. 5<br>
D-64293 Darmstadt - Germany<br>
Tel: +49 (0) 6151 90 2718 - Fax: +49 (0) 6151 90 2718<br>
Web: </span><a href="http://www.esa.int/"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">http://www.esa.int</span></a><o:p></o:p></p>
<pre>This message and any attachments are intended for the use of the addressee or addressees only.<o:p></o:p></pre>
<pre>The unauthorised disclosure, use, dissemination or copying (either in whole or in part) of its<o:p></o:p></pre>
<pre>content is not permitted.<o:p></o:p></pre>
<pre>If you received this message in error, please notify the sender and delete it from your system.<o:p></o:p></pre>
<pre>Emails can be altered and their integrity cannot be guaranteed by the sender.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Please consider the environment before printing this email.<o:p></o:p></pre>
</div>
</div>
</body>
</html>