[Sis-dtn] Securing the CCSDDS Bundle Protocol
Kiyohisa Suzuki
suzuki.kiyohisa at jaxa.jp
Tue Jun 23 01:39:07 UTC 2015
Keith and all,
My comments are attached as two spread sheets (comments and figures).
And it could be bit hard for me in Japan to participate for telecon,
Because starting time will be Thursday midnight (0AM-1AM, probably).
-Kiyo
On 2015/06/18 1:26, Scott, Keith L. wrote:
> At the Spring meeting we started the work on a security protocol for the
> CCSDS Bundle Protocol. While Dennis and Charles have been working that,
> we need to get some final consensus from the WG (and all the agencies we
> can) on what the actual requirements for the security services (in a
> protocol-agnostic way) are.
>
> To that end, below is a bag of possible services. Please look these
> over and let’s select / refine the set that we think we need to support
> for the CCSDS BP Security protocol. Note that this is not yet the trade
> of S/MIME vs. SBSP – first we need to establish the ‘what it is we want’.
>
> ·Protocol can distinguish between Sender of bundle and the Security-Sender
>
> ·Protocol provides security services which are; hop-by-hop basis
>
> ·Protocol provides security services which are; end-to-end basis
>
> ·Protocol provides security services which are hop-by-hop basis and
> End-to-end basis
>
> ·Protocol mechanisms secure information at rest
>
> ·Protocol provides a means to encrypt protocol elements so that messages
> in transit cannot practically be read
>
> ·Protocol supports pre-shared-keys (and/or known irrevocable certificates).
>
> ·Protocol provides a means to apply an integrity check to a bundle so
> that the identity of the security-sender can be established and changes
> in sensitive parts of the message can be detected.
>
> ·Protocol allows combination of confidentiality and integrity services
>
> ·Protocol prevents changing the intended destination
>
> ·Protocol prevents falsifying a bundle's source
>
> ·Protocol prevents changing a bundle's control fields
>
> ·Protocol prevents changing other block or payload fields
>
> ·Protocol prevents replay of bundles
>
> ·Protocol prevents copying or disclosing bundle data as it passes
>
> ·Protocol is a Standard
>
> ·Protocol has implementations
>
> We need to move out on this, so I’m going to ask people to comment by
> COB next Monday. You can say yes or no to the services above and/or
> propose new ones. I’ll set up a telecon at a mutually-inconvenient time
> next Tuesday.
>
> --keith
>
>
>
> _______________________________________________
> Sis-dtn mailing list
> Sis-dtn at mailman.ccsds.org
> http://mailman.ccsds.org/cgi-bin/mailman/listinfo/sis-dtn
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SBSP_comments_and_figure_JAXA.xlsx
Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Size: 19423 bytes
Desc: not available
URL: <http://mailman.ccsds.org/pipermail/sis-dtn/attachments/20150623/7647641d/attachment.xlsx>
More information about the SIS-DTN
mailing list