Name of Group | 5.09 Space Data Link Security WG | Area | Space Link Services Area (SLS) | Chairperson | Gilles MOURY | Chairperson E-Mail Address | gilles.moury@cnes.fr | Chairperson Agency | CNES | Deputy Chairperson | Howard Weiss | Deputy Chairperson E-Mail Address | howard.weiss@sparta.com | Deputy Chairperson Agency | | Mailing List | sls-sea-dls@mailman.ccsds.org | Scope of Activity | The objectives of this SDLS WG is to develop a recommendation for a security protocol operating at the data link layer of CCSDS spacelinks. Target missions are civilian missions (science, earth observation, telecommunications, ...). This security protocol should provide authentication and/or encryption both for uplink and downlink. It should be compatible with CCSDS TM, TC and AOS data link protocols and be independant from any specific cryptographic algorithm.
An additional objective of the SDLS WG is to develop standard security mechanisms at the physical layer of CCSDS spacelinks to provide protection against jamming and denial of service.
| Rationale for Activity | Security of TC and TM space links has become a major concern for not only defense related missions but also for mainstream missions like science and commercial (telecommunications, earth observation, ...). Consequently, CCSDS has embarked on developing recommendations for security architectures, authentication/encryption algorithms, key management, ... that offer a framework and tools to develop standards track recommendations for security protocols at various layers.
New cooperative missions are emerging requiring interoperable security functions operating at data link layer or higher. More generally, it appears that governmental & commercial missions, with no defense related security constraints, would welcome an open standard and industry supported solution for TM/TC link security (in particular TC authentication and TM/AOS encryption) usable in a wide variety of civilian missions.
Implementation of security functions at network or application layers offers the advantage of providing end-to-end security which is desirable for multi-hop TM/TC link configurations (e.g. : earth to orbiter to lander to rover). On the other hand, most missions have only single hop TM/TC configurations. In that case, data link layer security will usually provide end-to-end security because transfer frames are generated in the control center and are validated in the TM/TC procesor on-board. As a consequence, this data link security solution centralizes the security functions in two entities only, minimizing development, validation and operational cost.
In response to the missions needs exposed above, a TM/TC data link security BOF has been formed at the CCSDS march 2008 meeting with the main objective of producing a User Requirement Document (URD) for a data link layer security protocol providing encryption and/or authentication, and compatible with CCSDS data link protocols. This URD has been finalized and accepted by all the agencies involved at the CCSDS october 2008 meeting. Therefore, the creation of a Space Data Link Security WG was proposed to develop a recommendation (blue book) for a data link layer security protocol fulfilling established URD. | Goals | The Space Data Link Security WG has the following goals :
1- Develop Data Link Security Protocol according to URD through the CCSDS standard track (white, red, blue book)
2- Validate Data Link Security Protocol through interoperability testing of at least two independant implementations
3- Develop a Data Link Security Protocol green book containing : rationale, justification of the design, user manual, mission profiles, discussion of performance, choice of cryptographic algorithm(s)
4- Develop a Physical Layer Security Recommendation specifying anti-jamming technique
The protocol development will be performed in 2 stages : build-1 and build-2 :
- build 1 : core protocol, including : definition of formats specific to the security layer, state machines, operations concept, ...
- build 2 : protocol extension, including : specification of the application in charge of security protocol configuration : key management, security associations management, ... | Survey of Similar Standards Efforts Undertaken in Other Bodies and elsewhere in CCSDS | No standard security protocol available nor in development for the CCSDS communication stack. | Patent Licensing Applicability for Future Standards | NA | Technical Risk Mitigation Strategy | User Requirements for the protocol having been agreed among participating agencies before the start of the protocol development, this development should be relatively straightforward if agencies invest in the frame of the CCSDS group, with a view of using it for one of their future missions. | Management Risk Mitigation Strategy | NA |
|