115 November 2004CCSDS Security Architecture

CCSDS Security Architecture

15th November 2004

Toulouse

2 CCSDS Security Architecture

Security Principles

• Open standards based

• No protection by obscurity

• Expandable

• Flexible

• Includes Key Management

• Allows for fault management.

3 CCSDS Security Architecture

Mission Profiles

• Manned Space

• Weather– LEO

– GEO

• Communications– LEO Constellation

– GEO

• Science– Near Earth/ Earth Orbit

– Lunar

– Deep Space

• Navigation

• Mixed-organisational Vehicles

4 CCSDS Security Architecture

Communications Scenario

Satellite owned by company A

Instrument owned by Agency B

OBDH

RF

Relay Satellite owned by company B

RF RF

RF

SGSSpacecraft Control Centre

Owned by Agency A

Ground Tracking Network

SLE

Agency B

Instrument Control Centre

SLE

University A

Science FacilityFTP

Owned by Company B

Instrument owned by Agency F

Bus TT&C

Jammingeavesdropping

ReplayUnathorised access

Traffic analysisData Modification

ReplayUnathorised access

Software threatsEavesdropping

DoSData Modification

Jammingeavesdropping

ReplayUnathorised access

Traffic analysisData Modification

DoSeavesdropping

ReplayUnathorised access

Traffic analysisData Modification

DoSeavesdropping

ReplayUnathorised access

Traffic analysisData Modification

ReplayUnathorised access

Software threats

ReplayUnathorised access

Software threatsDoS

ReplayUnathorised accessSoftware threatsDoS

ReplayUnathorised accessSoftware threats

5 CCSDS Security Architecture

Architecture Requirements

• Systems resulting from the application of the security architecture should be modular.

• The architecture must support layering.

• The core architecture must be inexpensive to build and run.

• Systems resulting from the application of the security architecture must be upgradeable to allow for long lasting missions.

• Systems resulting from the application of the core architecture must make efficient use of available computing and communications resources.

• Architecture must support non-continuous communications links.

6 CCSDS Security Architecture

Architecture Requirements (Cont.)

• Architecture must support large delays in communication links.

• Architecture must be fault tolerant

• Architecture must allow for intermediate communication nodes - both planned and unplanned.

• Architecture must support mixed security domains onboard a spacecraft or ground facility.

• Architecture must support the use of common infrastructure.

• Architecture must be robust and reliable.

7 CCSDS Security Architecture

Proposed Architecture

• 3 Types of Security

– Discreet Message – based on PKI concepts, used for CFDP

– Streaming packet – based on SCPS

– Link level – Link level encryption

• All types can work independantly and be layered

• Core algorithms will be mandated

– However extra/new algorthims can be added

• Current decision on whether a null algorithm will be allowed for missions where the overhead is too high.

8 CCSDS Security Architecture

Key Management

• Pre-Load

– Needs prior planning – inflexible

• Key Agreement

– Very Flexible but takes time before each communication can occur.

• Public Key

– Flexible and efficient

• Identity based Encryption

– Almost limitlessly flexible but very new technology.

9 CCSDS Security Architecture

END