[Css-dts] CCSDS -DTS Worging Group - Security Issues for SLE Books

Yves.Doat at esa.int Yves.Doat at esa.int
Mon Jul 5 12:06:35 EDT 2004 

Dear all,

As chairman of the DTS working group I triggered a discussion here in Europe
regarding the update of the 5 SLE books. Please find below the results of our
discussions.


During the last CCSDS DTS WG meeting in Montreal the following important items
were reported:
   The books sent in December to the CCSDS Secretariat were not processed at all
   without any notice to the editors of these books. As a consequence the DTS
   schedule slipped by 6 months.
   During the CCSDS DTS Spring meeting the WG sent to secretariat a set of  five
   books for which the CMC resolved (CMC-S04-R3 that these books shall be
   published for Agency review (Red and Pink Books)).
   ESA and DLR have started implementations on the basis of these new books in
   early 2004 to fulfil their mission requirements. Any changes of the
   specifications as they may result from the Agency review can only be injected
   into these ongoing implementations, if the review process is performed
   without any further delay.
   M.Pilgram (DLR representative in the DTS WG) participated in a Security WG
   meeting during the Montreal workshop. During that meeting, the potential need
   to modify the DTS books in order to adequately cover security issues was not
   reported to the DTS WG and thus the opportunity to tackle any such issue in a
   manner coordinated between the two WGs was missed.

After the spring meeting, the CCSDS Security WG recommended to address security
issues in all new CCSDS books in a uniform manner. Regarding SLE Data Transfer
Service specifications, the DTS WG would like to bring to the attention of the
CCSDS Management the following issues:
   Opening such a discussion after the spring meeting most probably implies that
   the Agency review cannot commence before the CCSSD Fall Meeting.
   Impact of this delay on the on-going implementation depends on the outcome of
   the review process and therefore it cannot be assessed at this time. However,
   the risk of non-compliances is quite serious for the on-going implementation.
   ESA and DLR therefore cannot tolerate any further delays in the publication
   of the SLE Books.

>From a technical point of view, the following points should be considered:
   The SLE Transfer Service books specify application layer protocols and
   services and intentionally and explicitly do not specify underlying
   communications services. We (ESA and DLR) are of the opinion  that
   application layer security aspects are adequately covered in the sections on
   access control and authentication and that the other security issues need to
   be covered by the underlying communications service rather than the
   application layer and are thus outside the scope of the SLE Transfer Service
   specifications.
   The criticised absence of a precise specification of the authencation
   mechanism is intentional. While the lack of an unambiguous specification and
   the resulting need for a bilateral agreement may be regarded an impediment to
   interoperability, a specification that conflicts with the security policy of
   an agency could prevent approval of the complete specification.
   The CCSDS WG recommended (See DTS spring meeting MOM) preparing an "SLE API
   Proxy" White Book. This book will address the complete mapping of the SLE
   Transfer Service application layer protocols onto ground communications
   services and therefore will also cover the security issues required by the
   Security WG.

To be in line with CMC decision, the Security WG should provide the wording to
be inserted in the SLE books, taking into account the technical considerations
addressed above. In order not to delay any further the publication such text
should be provided no later than the 10.07.2004.

Best regards.

Y.Doat
OPS-GIB
ESA/ESOC
Robert-Bosch str.5
D-64293 Darmstadt
Tel.: (+49)-6151-902288

More information about the CSS-dts mailing list