[CESG] NASA/ESA IOAG Security topic, was Re: [EXTERNAL] Agenda Item - CESG Topics

[Shames, Peter M (US 312B)]

Dear CMC members, et al,

During today’s CMC meeting I presented the first two pages of the attached presentation, which is what was presented to the IOAG a couple weeks ago.  These two pages were created as a collaboration between ESA and NASA to briefly describe what we could agree upon about the motivation and technical challenges in the context of multi-agency DTN deployments.  This stated, in a very abbreviated form, the key motivations and technical challenges for DTN interoperability.

The bottom line is that while the DTN protocols that are published have some key security features for authentication and encryption, a complete framework for secure DTN interoperability and management has yet to be standardized.  The consequence is that all arrangements for secure identity, key management, and network management must be handled as local matters, or shared privately between partners. This approach can be made to work, but it is not likely to result in a broadly interoperable framework.  This is a rather complicated set of technical topics, but also one that CCSDS must tackle, preferably with the support and concurrence of agency and mission security experts.  As Jonathan pointed out this security and identity framework could have much broader applicability for other spacecraft on-board services such as software authentication and instrument identification.

We all acknowledge, I believe, that this is a somewhat “delicate” topic because it must touch upon agency and mission security approaches.  At the same time, I wish to point out that we do have similar kinds of interoperable security mechanisms that are used terrestrially, by all agencies, to secure identities, provide access control, and perform routing and network management.   What we are proposing here is to do the work, now, to determine which, if any, of these widely used and understood terrestrial security approaches can be adopted or adapted for use in space.   This should not (really, must not) involve exposing any details of deeper agency security approaches.

I have included in this package the rest of the slides that I prepared, but at Klaus-Juergen’s request did not present. These are the work that I, and other CCSDS security, DTN, and system architecture experts did to more fully explore the motivations, issues, and approaches that might be adopted within CCSDS to provide standardized solutions to these challenges.  You may choose to only look at the first two pages, which are the joint ESA/NASA materials, or to read the entire package.  These materials are all aligned with concepts that have been identified in the existing IOAG Lunar and Mars comm architecture documents, but which CCSDS has yet to standardize.

The rest of the package goes into each of these subjects in more depth.  The entire package has been reviewed by NASA/JPL Export Control and is cleared for open, public, release.  You are free to share these with any of your CCSDS participants or with your own agency or mission security staff.  I would personally request that you do that and see what the analysis of your experts reveals.  This is not yet a “technical solution”, more like a deeper exploration of the challenges and the solution space.  Blame me for any errors or mis-statements.

Finally, as I requested at the end of the discussion, would you each try to find a way within your own agency constraints to identify a security expert who could meet with both our existing CCSDS Security and DTN WG experts, and each other, to start to discuss a possible set of acceptable solutions.  That would represent a huge step forward toward real space internetworking interoperability.  Even if the initial steps were just to identify a sort of “recommended practice cookbook” for the initial SSI Stage 1 deployments that would be a move toward creating and preserving interoperability in this growing segment of space operations.

Best regards, Peter


From: CESG <cesg-bounces at mailman.ccsds.org> on behalf of CESG <cesg at mailman.ccsds.org>
Reply-To: Michael Blackwood <MBlackwood at asrcfederal.com>
Date: Wednesday, June 15, 2022 at 5:38 AM
To: CMC <CMC at mailman.ccsds.org>
Cc: CESG <cesg at mailman.ccsds.org>
Subject: [EXTERNAL] [CESG] Agenda Item - CESG Topics

Dear CMC and CESG Members,

With the addition of an agenda item to discuss any CESG topics of interest to the CMC today, I have collected some topics, issues and concerns reported by the CESG yesterday. We may discuss some or all today and you can use this list for future reference.

Best regards,

Michael Blackwood
CCSDS Secretariat
mblackwood at asrcfederal.com<mailto:mblackwood at asrcfederal.com>
o: (301) 837-3901
7000 Muirkirk Meadows Drive, Beltsville, MD 20705
asrcfederal.com<https://urldefense.us/v3/__https:/www.asrcfederal.com/__;!!PvBDto6Hs4WbVuu7!YWKIKwO0h9yY1UoB3xZXMPnktVl_kTQXbYjDD0posIixDnhwa7thwrzsIQdDFD5DqPhZlGvR$> | Purpose Driven. Enduring Commitment.


________________________________

The preceding message (including attachments) is covered by the Electronic Communication Privacy Act, 18 U.S.C. sections 2510-2512, is intended only for the person or entity to which it is addressed, and may contain information that is confidential, protected by attorney-client or other privilege, or otherwise protected from disclosure by law. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error and destroy the original message and all copies.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/cesg/attachments/20220615/2c54715b/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CCSDS Collaborative Security WG 8June22 - adenda.pptx
Type: application/vnd.openxmlformats-officedocument.presentationml.presentation
Size: 640228 bytes
Desc: CCSDS Collaborative Security WG 8June22 - adenda.pptx
URL: <http://mailman.ccsds.org/pipermail/cesg/attachments/20220615/2c54715b/attachment-0001.pptx>