[Sea-sec] Comment re: key sizes in Algorithm document ==> Backward compatibility?

Gian.Paolo.Calzolari at esa.int Gian.Paolo.Calzolari at esa.int
Fri Jul 6 09:02:50 UTC 2018


Dear All,
        In the SLS Area we had a similar (bot identical) problem with the 
Telecommand Coding Standard..
If you look at https://public.ccsds.org/Pubs/231x0b3.pdf you will find the 
following clauses:

7.1.2 The   Physical   Layer   Operations   Procedures   (PLOPs)   specify 
  the   sequence   of   operations  performed  during  a  communications 
session. Two  procedures,  PLOP-1  and  PLOP-2, are currently defined. The 
selection of PLOPs is mission-specific. 
7.1.3 PLOP-2 shall be used for missions whose planning begins after 
September 2010. 
7.1.4 PLOP-1 may still be used in ground equipment for the support of 
legacy missions.

This is the best formulation we found as you know that flying dates can be 
much later than decisions dates.

My cent...................

Regards

Gian Paolo





From:   Daniel.Fischer at esa.int
To:     "sea-sec at mailman.ccsds.org" <sea-sec at mailman.ccsds.org>
Cc:     "Sheehe, Charles J. \(GRC-LCN0\)" <charles.j.sheehe at nasa.gov>, 
Mehmet Adalier <madalier at antarateknik.com>
Date:   06/07/2018 08:21
Subject:        Re: [Sea-sec] Comment re: key sizes in Algorithm document
Sent by:        "SEA-SEC" <sea-sec-bounces at mailman.ccsds.org>



Dear all, 

I think the approach proposed by Mehmet is sensible. 

I am just wondering if CCSDS offers a way to allow for old systems to 
still be operated in a CCSDS compliant way but mandates the new key sizes 
for all new developments but I don't think that is possible. 

If not, I would tend to go the way Chuck proposed. We have to consider 
that the standards of today are used to build space systems that will fly 
in 10 or more years, consider for example the Lunar Platform Gateway (or 
however it is called now). 

Cheers 
Daniel 

Dr. Daniel Fischer
Head of the Engineering Support Section, OPS-GES
Ground Systems Engineering Department 
Directorate of Operations 
ESA - ESOC
Robert-Bosch-Str. 5, D-64392 Darmstadt, Germany 
Tel. +49 6151 90 2718 |  E-mail: Daniel.Fischer at esa.int 



From:        Mehmet Adalier <madalier at antarateknik.com> 
To:        "Sheehe, Charles J. (GRC-LCN0)" <charles.j.sheehe at nasa.gov>, 
"sea-sec at mailman.ccsds.org" <sea-sec at mailman.ccsds.org> 
Date:        05/07/2018 21:52 
Subject:        Re: [Sea-sec] Comment re: key sizes in Algorithm document 
Sent by:        "SEA-SEC" <sea-sec-bounces at mailman.ccsds.org> 


Sea-sec,
This is my first posting. appreciate any comments.
I am part of a US based small R&D company, Antara Teknik LLC. We became a 
CCSDS industry associate late last year.
We do a fair amount of network-security based R&D and as of late we have 
been drafting/implementing a Cipher Suite for BPsec.
 
Symmetric key sizes of 256-bit and asymmetric key sizes of 4096-bit are 
substantially more secure than 128-bit and 2048-bit. 
For new systems ‘shall’ for these larger key sizes definitely is the right 
direction, to ensure higher security strength going forward.
 
However, 128-bit symmetric and 2048-bit asymmetric keys are still 
considered safe –at least in US. (see below chart based on published NIST 
SP).
Thus, my suggestion would be that for ‘existing systems that cannot be 
updated’ the shorter key lengths are ‘supported’ (i.e., ensure backwards 
compatibility), but for new systems the larger keys ‘shall’ be used. (with 
the implication that for new systems shorter keys may not be used)

 
Mehmet Adalier
Antara Teknik LLC
 
 
From: SEA-SEC <sea-sec-bounces at mailman.ccsds.org> on behalf of "Sheehe, 
Charles J. (GRC-LCN0)" <charles.j.sheehe at nasa.gov>
Date: Thursday, July 5, 2018 at 11:43 AM
To: "sea-sec at mailman.ccsds.org" <sea-sec at mailman.ccsds.org>
Subject: Re: [Sea-sec] Comment re: key sizes in Algorithm document
 
Hi
 
larger key size a "shall" but allow the smaller key sizes as "may" with a 
note strongly discouraging the smaller key sizes. 
 
I do not agree with allowing a "may".
 
The system will be a non-compliant system.
The system will lose secure interoperability with the large key systems 
and the loss of any presumed security over time and with the advent of 
Quantum computers in ~5 years.
It is understandable that older systems will age out of compliance with 
current security requirements.
It would be bad practice, if I do not strongly object and allow 128 bit 
key systems to be built knowing that its security will become markedly 
insecure during the lifetime of this document.
 

 
From publically available document. 
 
These are my opinions and do not reflect the official position of NASA. 
 
 
Thanks
Chuck
 
 
 
Charles J. Sheehe III
Computer Engineer
Glenn Research Center
21000 Brookpark Rd
Cleveland, OH 44135
Charles.J.Sheehe at NASA.GOV
Office: 216-433-5179
 
“Omnia vero”
 
 
-----Original Message-----
From: SEA-SEC <sea-sec-bounces at mailman.ccsds.org> On Behalf Of Weiss, 
Howard
Sent: Thursday, July 5, 2018 1:37 PM
To: sea-sec at mailman.ccsds.org
Subject: [Sea-sec] Comment re: key sizes in Algorithm document
 
We currently have two documents in CESG polling for Agency Review.
 
 
 
 
On the Algorithms document, we have increased the minimum key sizes. 
However we have a comment from Mario Merri (ESA):
 
 
 
 
"The main change is the strenghen of the authenticaltion keys. These have 
been increased, thus making implementations that followed the previous 
CCSDS recommentation not-compliant. Why has the document update not been 
made in a backward-compatible manner, still strongly recommending the new 
key lengths?"
 
 
 
 
Peter Shames suggested that we make the. This would satisfy Mario's 
backward compatibility issue. 
 
 
 
 
Any comments?  Any disagreements?  Any other suggestions?
 
 
 
 
Thanks.
 
 
 
 
regards
 
 
 
 
howie
 
 
 
 
 
 
 
________________________________
 
Howard Weiss, CISSP
 
PARSONS, Inc.
7110 Samuel Morse Drive
Columbia, MD 21046
443-430-8089 (office)
443-494-9087 (cell)
443-430-8238 (fax)
howard.weiss at parsons.com
www.parsons.com
 
Please consider the environment before printing this message
 
 
NOTICE: This email message and all attachments transmitted with it may 
contain privileged and confidential information, and information that is 
protected by, and proprietary to, Parsons Corporation, and is intended 
solely for the use of the addressee for the specific purpose set forth in 
this communication. If the reader of this message is not the intended 
recipient, you are hereby notified that any reading, dissemination, 
distribution, copying, or other use of this message or its attachments is 
strictly prohibited, and you should delete this message and all copies and 
backups thereof. The recipient may not further distribute or use any of 
the information contained herein without the express written authorization 
of the sender. If you have received this message in error, or if you have 
any questions regarding the use of the proprietary information contained 
therein, please contact the sender of this message immediately, and the 
sender will provide you with further instructions.
_______________________________________________ SEA-SEC mailing list 
SEA-SEC at mailman.ccsds.org 
https://mailman.ccsds.org/cgi-bin/mailman/listinfo/sea-sec 

_______________________________________________
SEA-SEC mailing list
SEA-SEC at mailman.ccsds.org
https://mailman.ccsds.org/cgi-bin/mailman/listinfo/sea-sec


This message is sent for information and/or discussion purposes only.
It shall neither be binding nor construed as constituting a commitment for 
ESA.
It is intended only for the recipient(s) named above.
It may contain proprietary information and/or protected content.
Any unauthorised disclosure, use, retention or dissemination is 
prohibited.
If you have received this e-mail in error, please notify the sender 
immediately.
ESA applies appropriate organisational measures to protect personal data.
In case of data privacy queries, please contact the ESA Data Protection 
Officer (dpo at esa.int).

Thank you.

_______________________________________________
SEA-SEC mailing list
SEA-SEC at mailman.ccsds.org
https://mailman.ccsds.org/cgi-bin/mailman/listinfo/sea-sec




This message is sent for information and/or discussion purposes only.
It shall neither be binding nor construed as constituting a commitment for ESA.
It is intended only for the recipient(s) named above.
It may contain proprietary information and/or protected content.
Any unauthorised disclosure, use, retention or dissemination is prohibited.
If you have received this e-mail in error, please notify the sender immediately.
ESA applies appropriate organisational measures to protect personal data.
In case of data privacy queries, please contact the ESA Data Protection Officer (dpo at esa.int).

Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/sea-sec/attachments/20180706/3bfc2607/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 117152 bytes
Desc: not available
URL: <http://mailman.ccsds.org/pipermail/sea-sec/attachments/20180706/3bfc2607/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 55130 bytes
Desc: not available
URL: <http://mailman.ccsds.org/pipermail/sea-sec/attachments/20180706/3bfc2607/attachment-0001.png>


More information about the SEA-SEC mailing list