1 / 6

Security Profiles: AMS, CFDP

Security Profiles: AMS, CFDP. Scott Burleigh NASA JPL 13 June 2006. AMS Security – General. Requirements Authentication of service providers and consumers Control of service access, at message subject granularity Message integrity and confidentiality Mechanisms

azana
Download Presentation

Security Profiles: AMS, CFDP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Profiles: AMS, CFDP Scott Burleigh NASA JPL 13 June 2006

  2. AMS Security – General • Requirements • Authentication of service providers and consumers • Control of service access, at message subject granularity • Message integrity and confidentiality • Mechanisms • Asymmetric encryption of authenticators • Symmetric encryption of message content • Pre-placed keys and access control lists (MIB) • No dynamic key distribution or ACL update mechanism identified yet.

  3. AMS Security – Overview (1) • MAMS message header authenticator: • 4-byte “hood” (four randomly selected ASCII characters) in clear text. • Concatenation of hood plus a well-known message-type-specific name, encrypted in the private key of the sender. • Receiver of MAMS message decrypts the encrypted part of the authenticator using the public key of the sender, verifies it. • MIB at each node contains all relevant asymmetric keys.

  4. AMS Security – Overview (2) • MIB contains, for each message subject: • List of authorized senders. • List of authorized receivers. • Symmetric key for encryption/decryption of messages on this subject.

  5. CFDP Security – General • Currently, none at all. • Tentative requirements: • Mutual authentication of CFDP entities • Metadata integrity and confidentiality • File data integrity and confidentiality • Proposed mechanisms • Optional inclusion of authenticator in Metadata PDU • Asymmetric encryption of Metadata • Symmetric encryption of file data • Pre-placed keys (MIB)

  6. CFDP Security – General (2) • An alternate proposal: • Implement security at the PDU level rather than the file level. • A better fit for users that want to make immediate use of partially received data, i.e., individual PDUs. Unaffected by loss of Metadata PDU. • Add per-segment metadata (an LV) to each file data segment PDU: • Brief authenticator, as for AMS. • Pre-placed keys in MIB, one per known CFDP entity: • Asymmetric keys for encryption/decryption of authenticator • Symmetric key for encryption/decryption of segment data

More Related