1 / 14

Space Data Link Secure Protocol Interoperability Testing Interfaces Definition Proposal

Space Data Link Secure Protocol Interoperability Testing Interfaces Definition Proposal. Bruno Saba DCT/TV/IN 26/04/2010. Interfaces between two distant simulators. Data Interfaces Connecting one or more « useful » data stream TC or Forward link(s) TM or Return link(s) Control Interfaces

guy-shaw
Download Presentation

Space Data Link Secure Protocol Interoperability Testing Interfaces Definition Proposal

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Space Data Link Secure ProtocolInteroperability TestingInterfaces Definition Proposal Bruno Saba DCT/TV/IN 26/04/2010

  2. Interfaces between two distant simulators • Data Interfaces • Connecting one or more « useful » data stream • TC or Forward link(s) • TM or Return link(s) • Control Interfaces • Used for exchange of data relative to the simulators’ management • « Synchronisation » data • Simulation starting time • … • Others • Simulator results • Files for comparison • … SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba

  3. CNES’ Proposals • 1st step of Interoperability Testing • Main goal : KEEP IT SIMPLE ! • The objective is to validate the protocol, not to build a complex network system • Use UDP/IP for data streams • TC or Forward Link • TM or Return Link • UDP/IP is a well defined and well known protocol • No need for special hardware or software • Easy to implement • No flow control, some packets can be lost (like in the « real life » of the protocol) • Can be used on-line between two distant simulators, or off-line on localhost • Already used in CNES’ simulator SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba

  4. CNES’ Proposals • 1st step of Interoperability Testing (cont’d) • On-line or Off-line simulations • On-line : direct communication via UDP/IP • Off-line : exchange of files • Use e-mails or telephone for control data • Simulations Starting time / Ending time scheduled by emails • File exchange by email • Transfer of data files for comparison purposes • Transfer of simulation results • Use of phone if needed… • Use of TCP/IP for synchronisation purposes only on the 2nd step, only if needed SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba

  5. What do we need to agree on ? • Interfaces between simulators (easy…) • UDP/IP for data • Emails or phone for control • First implementation of the SDLS protocol ! (not so easy…) • SDLS protocol baseline • Secure services (authentication, encryption, authenticated encryption) • Algorithm(s) and modes of operation • Security Association / Security Context convergence… DONE • Position of Security Layer (TC Link) DONE • Security header definition DONE • Security header position DONE • … SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba

  6. First implementation of the SDLS protocol • Services provided • Clear mode • Authentication only (AO) (TC,TM) • Authenticated Encryption (AE) (TC,TM) • Encryption Only (EO) (TM Only) • No switching management between services • Algorithms and modes of operation (same algorithms for TC and TM) • AES GMAC (for AO) • AES GCM (for AE) • AES CTR (for EO) • No special Key Management • Exchange of Keys between two simulators before simulation session • No Security Association Dynamic Management • Agreement on the content of the SA to be used before simulation SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba

  7. First implementation of the SDLS protocol • TC link (or Forward link) • Transmission of the complete CLTU ? • Including Start Sequence (EB90) and Tail Sequence • This would allow future testing of hardware implementation of the protocol • COP-1 Implementation ? • May be useful to see possible interaction between COP-1 and SDLSP… • Position of Security Header • Just after the Transfer Frame Primary Header (as defined in 132.5-W1 Nov 2009) SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba

  8. First implementation of the SDLS protocol • TC link (cont’d) • Security Header Definition • Sequence Number : not needed, Initialization Vector and Authentication service providing anti-replay protection • Initialization Vector : 4 Bytes • Key Index : not needed for TC link • PAD length : not needed • Security Header total length : 6 Bytes • Trailer (Message Authentication Code) length : 16 Bytes SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba

  9. First implementation of the SDLS protocol • TC link (cont’d) • Security Association Definition • Each Security Association must contain • Global MAPID(s) to which it is assigned • Service provided (Clear, AO, AE) • Key • Initialisation Vector Management • 4 byte counter • Generated by the ground segment • On-board control mecanism : new received IV must be greater than the previous one • Guarantees IV uniqueness • Also provides anti-replay service SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba

  10. First implementation of the SDLS protocol • TM link (or Return link) • Transmission of the complete CADU ? • Including Start Sequence (1ACFFC1D) and Tail Sequence • This would allow future testing of hardware implementation of the protocol • Position of Security Header • Just after Frame Secondary Header (if present) (as defined in 132.5-W1 Nov 2009) SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba

  11. First implementation of the SDLS protocol • TM link (cont’d) • Security Header Definition • Sequence Number : • Not needed if Encryption Only mode is not used, Initialization Vector and Authentication service providing anti-replay protection • When using EO mode, counter on IV provides anti replay protection • Initialization Vector : 6 Bytes ? • Key Index : 2 Bytes • PAD length : not needed • Security Header total length : 10 Bytes • Message Authentication Code (trailer) : 16 Bytes SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba

  12. First implementation of the SDLS protocol • TM link (cont’d) • Security Association Definition • Each Security Association must contain • Global Virtual Channel(s) to which it is assigned • Service provided (Clear, AO, AE, EO) • Key set (key selection by key index) • Initialisation Vector Management • 6 byte counter • Generated on-board • On-board generation guarantees no regression : new IV sent is greater than the previous one (+1) • Guarantees IV uniqueness • Also provides anti-replay service SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba

  13. Conclusion • Development of the simulators can start as soon as everybody agrees on the first implementation of the SDLS Protocol • Interoperability Testing would then begin step by step • TM Link • TC Link (no COP-1) • TM Link and TC Link • TM Link and TC Link with COP-1 SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba

  14. Thank you for your attention SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba

More Related