1 / 9

Cross Support Issues Gordon Black (UK Space Agency) Howie Weiss (NASA/JPL) May 2011

Cross Support Issues Gordon Black (UK Space Agency) Howie Weiss (NASA/JPL) May 2011. Background. Cross Support Issues: Email traffic (see subsequent slides) on the Security Working Group list in January 2011. Beginnings.

duff
Télécharger la présentation

Cross Support Issues Gordon Black (UK Space Agency) Howie Weiss (NASA/JPL) May 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cross Support Issues Gordon Black (UK Space Agency)Howie Weiss (NASA/JPL)May 2011

  2. Background • Cross Support Issues: • Email traffic (see subsequent slides) on the Security Working Group list in January 2011

  3. Beginnings Hi all - Can we start a discussion about sharing services (other than SLE) in a secure way — that does not require credentialing people in every system?There are various ways of architecting a solution that allows an organization to rely on the authentication credentials of another organization, but it always boils down to whether or not Org A can trust Org B’s credentialing system.  An approach can be used that does not require any organization to divulge their passwords to other organizations, while still allowing each other to rely on the other’s credentials.  The big problem is coming up with a way to determine if an organization can trust the credentials of another organization (e.g., like the way Certificate Policies are used to determine if one should trust a particular Certificate Authority).Is there any interest in pursuing this topic?Thank you,  Mike Pajevski  NASA/JPL/Caltech

  4. Scenario Hi Ignacio, Happy New Year too! A simple scenario is that a JPL Mars lander mission uses an ESA Mars orbiter relay like ExoMars or Mars Express to get data to/from a JPL control center. In order for the ESA teams for ExoMars & Mars Express to have access to JPL -provided information associated with the relay operations, JPL must give JPL usernames & passwords to the appropriate ESA team members. Similarly, JPL people must get the appropriate ESA/mission usernames & passwords if JPL team members need to access ESA-provided information/services. I am trying to think broadly about this problems - considering that it should be possible to architect software applications in a way that minimizes the need to "cross-credential" the users. Infrastructure security services, trust relationships, and other mechanisms can also come into play to support inter-organizational information exchanges without requiring "cross-credentialing". What do you think? V/r, Mike

  5. More Mike A while ago I had heard that someone/project was setting up a PKI within ESA to accomplish just what you are asking for. Also, the US DoD has had a long discourse in PKI interoperability/cross-certification which is only now seeing the fruits of their labors. See http://jitc.fhu.disa.mil/pki/pke_lab/partner_pki_testing/partner_pki_status.html for additional info. There is no reason why NASA, ESA, etc couldn't duplicate this sort of cross certification. All it takes is time, money, and people! Howie

  6. More Mike, Thanks for the info. For a better understanding some additional questions. Are you assuming that the ESA ExoMars control center would receive the JPL Mars lander data in a similar manner as TDRSS provides data to their users/customers (ground interface)? If this is the case then I can understand that for NASA to recover these data from ESA some access control is required. But I was wondering if it is also possible to establish a radio interface between JPL and ESA ExoMars in which case there could be a question for ESA of granting access to the ExoMars relay (i.e., assigning a radio channel). I think I need to have a more detailed picture of the communications architecture and operations concept for such scenario. In any case, it seems to me there are some security problems to be dealt with. To me it is a communications resource/network management question between agencies. It would make sense to formulate in some more detail both the comm architecture and ops concept and analyse a bit the security aspects. Surely someone has already faced/thought about these questions with the present and future Mars networks. Ignacio

  7. More All - While a trusted third-party is one way to go, it is not the only way. One desire is to allow people to use their home org credentials — not require them to go get more credentials from some third party. As Daniel notes below, the big issue is trust. Perhaps a good place to start is outlining the criteria that an organization can use to determine if they trust another organization’s credentials. And that’s just half of it. Depending on the type of credential, particularly plain passwords, an organization (e.g., Org A) must be able to determine if they trust another org (Org B) enough to let Org B have access to Org A’s credentials (i.e., the services/servers run by Org B could “see” the passwords of the users in Org A that use Org B’s services). Some of the discussion (outside this group) I’ve heard so far is based on the use of LDAP and (I assume) plain passwords for credentials. The PKI based approaches some have mentioned would be far more secure. Quite frankly, I am not sure which is the longer tent pole – agreeing on a reasonable set of trust criteria or maturing the various organizations’ credentialing systems up to a PKI based approach (including the case of using common PKI(s)). The latter is not a “must have” - but it would be preferable to working with LDAP/passwords. The former tent pole is a “must have” - for which we have models to follow, such as Certificate Policies for PKIs. Thx, Mike

  8. More Indeed the issue of trust is essential. Just to share a thought on this on a different but well known scenario for most us: Space Data Link security. While preparing for the London meeting I was considering (once more!) the pro's and con's of protecting full frames (all fields, no exception). One of the best pro arguments I found was that in this way the agency (A) sending/receiving TC/TM through a Ground Station of another agency (B) would not need to trust such agency (B). But then I considered that if such was the state of affairs that agencies could not trust each other it would be much easier for agency (B) to 'screw' agency (A) simply by blocking/delaying doing all sorts of tricks at 'availability' level. In conclusion, without trust between agency A and agency B the SDLS protocol would make no sense. And by the way, the same consideration applies to cross-support without security protocols. A proposed hypothesis: membership to CCSDS and cross-support agreements shall imply/enforce 'trust' between agencies. How is this done? Should we discuss this general 'trust' topic at the next meeting? Kind regards, Ignacio

  9. Discussion Points

More Related