[Sis-ipo] Addressing Security in IP over CCSDS Space Links Magenta book

Greg Kazz greg.j.kazz at jpl.nasa.gov
Thu Feb 28 14:54:41 EST 2008 

Fellow SIS-IPO members,

Along with the review of the latest draft IP over 
CCSDS document, which I posted to the SIS-IPO 
directory last week (Feb 25), please take a look 
at the following security requirement from the 
CCSDS Management Council that we need to consider 
and discuss at the March 11 meeting.

Basically this WG needs to evaluate the Security 
template below and determine what parts need to 
be addressed in the IP over CCSDS specification.

Your comments are welcome before the meeting via 
email to sis-ipo at mailman.ccsds.org

The template follows below.

best regards,

Greg Kazz
Chairman SIS-IPO

CMC E-Poll Identifier:  CMC-P-2005-11-001 
Proposed resolution to augment requirement for 
security statement in CCSDS documents


CMC-R-2005-11-001: Augmentation of Requirement 
for Security Statement in CCSDS Documents

The Management Council of the Consultative Committee for Space Data Systems,

CONSIDERING that, in the spring of 2004, the 
Security WG (SecWG) conveyed a resolution through 
the CESG recommending that all CCSDS documents 
contain a security section, and that the SecWG 
resolution was changed in the responding CMC 
resolution to apply only to Blue Books and to provide a mechanism for waiver;

and NOTING that
– CCSDS must ensure that security is adequately 
addressed in its standards, and that
– the current wording in the CMC resolution is too weak;

and RECOGNIZING that the CESG has by resolution 
reiterated its recommendation that the CMC 
require inclusion of a mandatory security section 
in all future Blue, Orange, and Magenta Books;

AFFIRMS that all future Blue, Orange, and Magenta 
Books shall contain a security section the 
addresses at least the major security issues 
detailed in the template contained in resolution 
CMC-S04-R01, issued at the St-Hubert, Canada meeting of May 2004.



CMC Minutes - 25 May 2004, CSA, St Hubert, Canada



CMC-S04-R1.
CCSDS resolves to reaffirm its requirement for 
the inclusion of a security section in all future 
CCSDS Recommended Standards (Blue Books), 
including those that are in an advanced stage of 
development. To accomplish this, the CMC is asked 
to increase the resources for the Security WG to 
support an additional “Security Audit” function 
that will assist each WG in developing the 
rationale and explanation as to why or why not 
Security must be addressed in the CCSDS 
Recommended Standard, or to clearly state that 
Security has not been addressed owing to lack of resources.



In the event that Security is addressed, the 
Security Template includes the following information:



1.0 Security Background/Introduction
2.0 Statements of security concerns with respect to the
                 CCSDS document:
                 Data privacy
                 Data integrity
                 Authentication of communicating entities
                 Control of access to resources
                 Availability of resources
                 Auditing of resource usage
3.0 Potential threats and attack scenarios (how could someone
break the technology and why
4.0 Consequences of not applying security to the technology
(e.g., loss of life, loss of mission)

More information about the Sis-ipo mailing list