[Sea-sec] Comment re: key sizes in Algorithm document

Mehmet Adalier madalier at antarateknik.com
Thu Jul 5 19:52:20 UTC 2018


Sea-sec,

This is my first posting. appreciate any comments.

I am part of a US based small R&D company, Antara Teknik LLC. We became a CCSDS industry associate late last year.

We do a fair amount of network-security based R&D and as of late we have been drafting/implementing a Cipher Suite for BPsec.

 

Symmetric key sizes of 256-bit and asymmetric key sizes of 4096-bit are substantially more secure than 128-bit and 2048-bit. 

For new systems ‘shall’ for these larger key sizes definitely is the right direction, to ensure higher security strength going forward.

 

However, 128-bit symmetric and 2048-bit asymmetric keys are still considered safe –at least in US. (see below chart based on published NIST SP).

Thus, my suggestion would be that for ‘existing systems that cannot be updated’ the shorter key lengths are ‘supported’ (i.e., ensure backwards compatibility), but for new systems the larger keys ‘shall’ be used. (with the implication that for new systems shorter keys may not be used)

 

Mehmet Adalier

Antara Teknik LLC

 

 

From: SEA-SEC <sea-sec-bounces at mailman.ccsds.org> on behalf of "Sheehe, Charles J. (GRC-LCN0)" <charles.j.sheehe at nasa.gov>
Date: Thursday, July 5, 2018 at 11:43 AM
To: "sea-sec at mailman.ccsds.org" <sea-sec at mailman.ccsds.org>
Subject: Re: [Sea-sec] Comment re: key sizes in Algorithm document

 

Hi

 

larger key size a "shall" but allow the smaller key sizes as "may" with a note strongly discouraging the smaller key sizes. 

 

I do not agree with allowing a "may".

 

The system will be a non-compliant system.

The system will lose secure interoperability with the large key systems and the loss of any presumed security over time and with the advent of Quantum computers in ~5 years.

It is understandable that older systems will age out of compliance with current security requirements.

It would be bad practice, if I do not strongly object and allow 128 bit key systems to be built knowing that its security will become markedly insecure during the lifetime of this document.

 

 

>From publically available document. 

 

These are my opinions and do not reflect the official position of NASA. 

 

 

Thanks

Chuck

 

 

 

Charles J. Sheehe III

Computer Engineer

Glenn Research Center

21000 Brookpark Rd

Cleveland, OH 44135

Charles.J.Sheehe at NASA.GOV

Office: 216-433-5179

 

“Omnia vero”

 

 

-----Original Message-----
From: SEA-SEC <sea-sec-bounces at mailman.ccsds.org> On Behalf Of Weiss, Howard
Sent: Thursday, July 5, 2018 1:37 PM
To: sea-sec at mailman.ccsds.org
Subject: [Sea-sec] Comment re: key sizes in Algorithm document

 

We currently have two documents in CESG polling for Agency Review.

 

 

 

 

On the Algorithms document, we have increased the minimum key sizes.  However we have a comment from Mario Merri (ESA):

 

 

 

 

"The main change is the strenghen of the authenticaltion keys. These have been increased, thus making implementations that followed the previous CCSDS recommentation not-compliant. Why has the document update not been made in a backward-compatible manner, still strongly recommending the new key lengths?"

 

 

 

 

Peter Shames suggested that we make the. This would satisfy Mario's backward compatibility issue.  

 

 

 

 

Any comments?  Any disagreements?  Any other suggestions?

 

 

 

 

Thanks.

 

 

 

 

regards

 

 

 

 

howie

 

 

 

 

 

 

 

________________________________

 

Howard Weiss, CISSP

 

PARSONS, Inc.

7110 Samuel Morse Drive

Columbia, MD 21046

443-430-8089 (office)

443-494-9087 (cell)

443-430-8238 (fax)

howard.weiss at parsons.com

www.parsons.com

 

Please consider the environment before printing this message

 

 

NOTICE: This email message and all attachments transmitted with it may contain privileged and confidential information, and information that is protected by, and proprietary to, Parsons Corporation, and is intended solely for the use of the addressee for the specific purpose set forth in this communication. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited, and you should delete this message and all copies and backups thereof. The recipient may not further distribute or use any of the information contained herein without the express written authorization of the sender. If you have received this message in error, or if you have any questions regarding the use of the proprietary information contained therein, please contact the sender of this message immediately, and the sender will provide you with further instructions.

_______________________________________________ SEA-SEC mailing list SEA-SEC at mailman.ccsds.org https://mailman.ccsds.org/cgi-bin/mailman/listinfo/sea-sec 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/sea-sec/attachments/20180705/d1694252/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 117152 bytes
Desc: not available
URL: <http://mailman.ccsds.org/pipermail/sea-sec/attachments/20180705/d1694252/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 55130 bytes
Desc: not available
URL: <http://mailman.ccsds.org/pipermail/sea-sec/attachments/20180705/d1694252/attachment-0001.png>


More information about the SEA-SEC mailing list