BS ISO 20215 pdf download – Space data and information transfer systems-cCsDScryptographic algorithms

BS ISO 20215 pdf download – Space data and information transfer systems-cCsDScryptographic algorithms.
2 OVERVIEW
2.1 GENERAL OVERVIEW
This document contains recommendations for CCSDS cryptographic security algorithms for encryption, authenticated encryption, and authentication. Adoption of standard algorithms which are properly implemented will enable secure interoperability as well as reduce costs for missions utilizing security services. These algorithms are required to provide confidentiality and authentication/integrity protection for mission systems data.
A ground network may support numerous. simultaneous space missions utilizing many support personnel. Likewise, a single ground station may support multiple missions, and several spacecraft might use the same communications frequencies (using spacecraft IDs or Internet Protocol addresses to demultiplex data streams). A single spacecraft might host instruments and experiment packages from various universities, corporations, space agencies. or countries. All of these separate entities may have individual security concerns and may require that their respective data or commands be protected but intermixed with others. The CCSDS cryptographic algorithms can be utilized by the missions to provide the required protections to avoid loss of data or total mission loss.
2.2 ENCRYPTION OVERVIEW
Confidentiality is defined as the assurance that information is not disclosed to unauthorized entities or processes. In other words, those who are not authorized are prevented from obtaining information from the protected data. Confidentiality can be accomplished by various physical mechanisms which prevent access to information: locks, guards, or gates. For communications systems, there are essentially two mechanisms: (1) transmission through a physically protected medium (e.g., wire encased in alarmed conduit) and (2) cryptography.
For the CCSDS community, confidentiality must be implemented by cryptography for protection of information between end points that may be located on the ground and in space. In civilian space missions, confidentiality may be employed to ensure non-disclosure of information as it traverses the ground network, as it is transmitted between the ground and the spacecraft, between the spacecraft and the ground, and even on-board a spacecraft.
For human.-crewed missions there are concerns regarding the confidentiality of medical information conveyed on-board, across the space link, and over ground communications infrastructures. Similarly, private communications between crew members and their families, such as voice and email, must also be afforded confidentiality.
CCSDS does not mandate at which layer the encryption algorithm is used. As is illustrated in the CCSDS document entitled The Application of CCSDS Protocols to Secure Systems, (CCSDS 350.O-G-2, reference [Bi]), there are multiple locations within the space communications layering model where an encryption algorithm can be employed. As is pointed out in reference [Bi]. there is no single right answer for positioning and employing encryption. Depending on the system.
2.3 AUTHENTICATIONIINTEGRITY OVERVIEW
2.3.1 GENERAL
Undetected data modification or corruption is a major concern. It could affect the integrity (correctness) of data received either on the ground from the spacecraft or on the spacecraft from the ground (i.e., what was received is exactly what was transmitted or any unauthorized modifications are detected and flagged). Modified or corrupted commands transmitted to the spacecraft could result in catastrophic results such as total mission loss. Modified or corrupted payload data from the spacecraft could result in erratic or wrong science. Modified or corrupted telemetry (e.g.. housekeeping or engineering data) might be acted, upon resulting in a catastrophic event (e.g. telemetry indicates incorrect high onboard temperatures resulting in controller actions that could harm the spacecraft). The spacecraft/instrument must have the ability to recognize and discard unauthorized commands.
Authentication algorithms provide the basis for implementing authentication and integnty services. Regardless of where or how the authentication services are applied, an authentication algorithm must be employed. Authentication can be used to uniquely identify a person or an entity. It can also be used to identify a ‘role that a person has taken on (e.g., the controller of instrument X). Or, for example, it can be applied to uniquely identify a workstation or a group of workstations making up a control center. In this way, anything received which is claimed to have been sent from an individual (e.g.. John Smith), an individual acting in a role (e.g., John Smith acting as the instrument X controller), or a facility (e.g., the mission control center) can be authenticated as actually having been sent by/from the claimed identity. The receiver is assured that the identity of the source of the data is authentic (e.g.. person, place, role) and the data itself has not been altered or modified in transit without authorization or notification.