Security profiles ams cfdp
Download
1 / 6

Security Profiles: AMS, CFDP - PowerPoint PPT Presentation


  • 70 Views
  • Uploaded on

Security Profiles: AMS, CFDP. Scott Burleigh NASA JPL 13 June 2006. AMS Security – General. Requirements Authentication of service providers and consumers Control of service access, at message subject granularity Message integrity and confidentiality Mechanisms

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Security Profiles: AMS, CFDP' - azana


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Security profiles ams cfdp

Security Profiles: AMS, CFDP

Scott Burleigh

NASA JPL

13 June 2006


Ams security general
AMS Security – General

  • Requirements

    • Authentication of service providers and consumers

    • Control of service access, at message subject granularity

    • Message integrity and confidentiality

  • Mechanisms

    • Asymmetric encryption of authenticators

    • Symmetric encryption of message content

    • Pre-placed keys and access control lists (MIB)

  • No dynamic key distribution or ACL update mechanism identified yet.


Ams security overview 1
AMS Security – Overview (1)

  • MAMS message header authenticator:

    • 4-byte “hood” (four randomly selected ASCII characters) in clear text.

    • Concatenation of hood plus a well-known message-type-specific name, encrypted in the private key of the sender.

  • Receiver of MAMS message decrypts the encrypted part of the authenticator using the public key of the sender, verifies it.

  • MIB at each node contains all relevant asymmetric keys.


Ams security overview 2
AMS Security – Overview (2)

  • MIB contains, for each message subject:

    • List of authorized senders.

    • List of authorized receivers.

    • Symmetric key for encryption/decryption of messages on this subject.


Cfdp security general
CFDP Security – General

  • Currently, none at all.

  • Tentative requirements:

    • Mutual authentication of CFDP entities

    • Metadata integrity and confidentiality

    • File data integrity and confidentiality

  • Proposed mechanisms

    • Optional inclusion of authenticator in Metadata PDU

    • Asymmetric encryption of Metadata

    • Symmetric encryption of file data

    • Pre-placed keys (MIB)


Cfdp security general 2
CFDP Security – General (2)

  • An alternate proposal:

    • Implement security at the PDU level rather than the file level.

      • A better fit for users that want to make immediate use of partially received data, i.e., individual PDUs. Unaffected by loss of Metadata PDU.

    • Add per-segment metadata (an LV) to each file data segment PDU:

      • Brief authenticator, as for AMS.

      • Pre-placed keys in MIB, one per known CFDP entity:

        • Asymmetric keys for encryption/decryption of authenticator

        • Symmetric key for encryption/decryption of segment data


ad