ioag8 esa security authenticate briefing

100 %
0 %
Information about ioag8 esa security authenticate briefing

Published on October 29, 2007

Author: Nikita


Data Security and Authentication E. M. Soerensen OPS-ONV 21st July 2005:  Data Security and Authentication E. M. Soerensen OPS-ONV 21st July 2005 CCSDS STANDARDS:  CCSDS STANDARDS There are no approved standards for authentication or encryption at the CCSDS Data link Layer There are no approved standards for key management and distribution. TC Authentication – Centralised :  TC Authentication – Centralised TC Authentication – Centralised:  TC Authentication – Centralised Only CLTU service can be supported Security requirements and implementation is transparent to the cross supporting agency. There is no need to distribute the security key to the cross supporting agency The supporting agency does not require any knowledge of the security keys and security algorithms. This architecture would not require any changes to the current implementation already in place for cross support and should also not compromise spacecraft security requirements. TC Authentication – De-centralised :  TC Authentication – De-centralised TC Authentication – De-centralised:  TC Authentication – De-centralised All forward SLE transfer services are available for cross support like the Forward Space Packer Service and Forward CLTU All missions and ground station requiring for the cross support services must implement authentication units to a common specification. In particular, they most use the same authentication algorithm and use the same key length. As each mission will use a different key, the SLE service management must therefore ensure that the appropriate key is loaded for proper execution of the SLE forward data service. The Problem is KEY MANAGEMENT:  The Problem is KEY MANAGEMENT Key Management (1):  Key Management (1) Key generation - The requirements should identify the key production facility and the method of key generation. Key randomness - Key generation should be a random process. Lack of randomness effectively reduces the size of the key space. Key encryption algorithm - The requirements should identify the algorithm used for key encryption. Ideally, this should not be the same algorithm that is used for encryption of data. If the same algorithm is used it should be used in a different mode. Key transfer – The requirements should defined how the keys are to be distributed within the networks. This includes the key protocol and key updating. Note that if key material must be double encrypted if it is sent over untrusted networks or links that can be intercepted. Key Management (2):  Key Management (2) Key Period – The requirements should define the period of use for each key type. Key Storage – The requirements shall define how keys are to be stored within the system. Key Compromise – The requirements should define how the system is to recover from key compromise. Key Destruction – The requirements for key destruction must be specified. Keys must be destroyed securely. Key Re-use – Under normal operations a key should not be re-used after its period of use has expired. Key Roll-over – The change from a current key to the next key should be accomplished without interrupting any services. Conclusion:  Conclusion Cross support using SLE has been validated and is already in place for a number of missions. This cross support is based on the three basic services Forward CLTU for commanding and Return RAF and Return RCF for telemetry. The use of a centralised architecture for implementing security makes the use of these existing services transparent to the security implementation and security can be support today using the existing operational cross support systems.

Add a comment

Related presentations

Related pages

ESET Secure Authentication - ESET | Antivirus, Internet ...

This chapter describes how to secure a PPTP VPN with ESET Secure Authentication (ESA) ... The ESA Admins AD security group is not removed during ...
Read more

ITI Service Delivery Bidders’ Briefing - EMITS ...

ITI Service Delivery Bidders’ Briefing. Industry Briefing ... authentication • Printing, remote ... Compliance with ESA security policy and legal ...
Read more

SecurID – Wikipedia

Die SecurID ist ein Sicherheitssystem der Firma RSA Security zur Authentifizierung, also zur Überprüfung der Identität von Benutzern („Authentication ...
Read more

European Space Agency - ESA

The European Space Agency portal features the latest news in space ... DG Briefing ESA Director General Jan Woerner's media briefing at ESA ...
Read more

ESA Spoofed Mail Filtering - Cisco - Cisco Systems, Inc

This document describes a problem that is encountered in the Cisco Email Security Appliance (ESA) ... All versions of Cisco ESA; All versions of AsyncOS;
Read more

Download ESET Secure Authentication | ESET

Download ESET Secure Authentication. Already purchased? ... Simple, convenient Internet security protection for all your desktops, laptops, ...
Read more

ESET Secure Authentication - ESET | Antivirus, Internet ...

ESET Secure Authentication (ESA) adds Two Factor Authentication ... In the Security section, the Security Layer setting must be set to SSL (TLS 1.0) ...
Read more

Cisco IronPort AsyncOS 7.6.1 for Email Release Notes

This document contains release information for Cisco IronPort AsyncOS 7.6.1 for the Email Security ... For DKIM Authentication, ... ESA to use RSA EM ...
Read more