security profiles ams cfdp
Download
Skip this Video
Download Presentation
Security Profiles: AMS, CFDP

Loading in 2 Seconds...

play fullscreen
1 / 6

Security Profiles: AMS, CFDP - PowerPoint PPT Presentation


  • 71 Views
  • Uploaded on

Security Profiles: AMS, CFDP. Scott Burleigh NASA JPL 13 June 2006. AMS Security – General. Requirements Authentication of service providers and consumers Control of service access, at message subject granularity Message integrity and confidentiality Mechanisms

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security Profiles: AMS, CFDP' - azana


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security profiles ams cfdp

Security Profiles: AMS, CFDP

Scott Burleigh

NASA JPL

13 June 2006

ams security general
AMS Security – General
  • Requirements
    • Authentication of service providers and consumers
    • Control of service access, at message subject granularity
    • Message integrity and confidentiality
  • Mechanisms
    • Asymmetric encryption of authenticators
    • Symmetric encryption of message content
    • Pre-placed keys and access control lists (MIB)
  • No dynamic key distribution or ACL update mechanism identified yet.
ams security overview 1
AMS Security – Overview (1)
  • MAMS message header authenticator:
    • 4-byte “hood” (four randomly selected ASCII characters) in clear text.
    • Concatenation of hood plus a well-known message-type-specific name, encrypted in the private key of the sender.
  • Receiver of MAMS message decrypts the encrypted part of the authenticator using the public key of the sender, verifies it.
  • MIB at each node contains all relevant asymmetric keys.
ams security overview 2
AMS Security – Overview (2)
  • MIB contains, for each message subject:
    • List of authorized senders.
    • List of authorized receivers.
    • Symmetric key for encryption/decryption of messages on this subject.
cfdp security general
CFDP Security – General
  • Currently, none at all.
  • Tentative requirements:
    • Mutual authentication of CFDP entities
    • Metadata integrity and confidentiality
    • File data integrity and confidentiality
  • Proposed mechanisms
    • Optional inclusion of authenticator in Metadata PDU
    • Asymmetric encryption of Metadata
    • Symmetric encryption of file data
    • Pre-placed keys (MIB)
cfdp security general 2
CFDP Security – General (2)
  • An alternate proposal:
    • Implement security at the PDU level rather than the file level.
      • A better fit for users that want to make immediate use of partially received data, i.e., individual PDUs. Unaffected by loss of Metadata PDU.
    • Add per-segment metadata (an LV) to each file data segment PDU:
      • Brief authenticator, as for AMS.
      • Pre-placed keys in MIB, one per known CFDP entity:
        • Asymmetric keys for encryption/decryption of authenticator
        • Symmetric key for encryption/decryption of segment data
ad