Space Data Link Secure Protocol

Interoperability Testing

Interfaces Definition Proposal

Bruno SabaDCT/TV/IN26/04/2010

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 2

Interfaces between two distant simulators

■Data Interfaces Connecting one or more « useful » data stream

TC or Forward link(s) TM or Return link(s)

■Control Interfaces Used for exchange of data relative to the simulators’ management

« Synchronisation » data– Simulation starting time– …

Others– Simulator results– Files for comparison– …

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 3

CNES’ Proposals

■ 1st step of Interoperability Testing

Main goal : KEEP IT SIMPLE ! The objective is to validate the protocol, not to build a complex network system

Use UDP/IP for data streams TC or Forward Link TM or Return Link UDP/IP is a well defined and well known protocol No need for special hardware or software Easy to implement No flow control, some packets can be lost (like in the « real life » of the protocol) Can be used on-line between two distant simulators, or off-line on localhost Already used in CNES’ simulator

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 4

CNES’ Proposals

■ 1st step of Interoperability Testing (cont’d)

On-line or Off-line simulations On-line : direct communication via UDP/IP Off-line : exchange of files

Use e-mails or telephone for control data Simulations Starting time / Ending time scheduled by emails File exchange by email

– Transfer of data files for comparison purposes– Transfer of simulation results

Use of phone if needed…

Use of TCP/IP for synchronisation purposes only on the 2nd step, only if needed

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 5

What do we need to agree on ?

■ Interfaces between simulators (easy…) UDP/IP for data Emails or phone for control

■First implementation of the SDLS protocol ! (not so easy…) SDLS protocol baseline

Secure services (authentication, encryption, authenticated encryption) Algorithm(s) and modes of operation Security Association / Security Context convergence… DONE Position of Security Layer (TC Link) DONE Security header definition DONE Security header position DONE …

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 6

First implementation of the SDLS protocol■ Services provided

Clear mode Authentication only (AO) (TC,TM) Authenticated Encryption (AE) (TC,TM) Encryption Only (EO) (TM Only) No switching management between services

■ Algorithms and modes of operation (same algorithms for TC and TM) AES GMAC (for AO) AES GCM (for AE) AES CTR (for EO)

■ No special Key Management Exchange of Keys between two simulators before simulation session

■ No Security Association Dynamic Management Agreement on the content of the SA to be used before simulation

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 7

First implementation of the SDLS protocol■ TC link (or Forward link)

Transmission of the complete CLTU ? Including Start Sequence (EB90) and Tail Sequence This would allow future testing of hardware implementation of the protocol

COP-1 Implementation ? May be useful to see possible interaction between COP-1 and SDLSP…

Position of Security Header Just after the Transfer Frame Primary Header (as defined in 132.5-W1 Nov 2009)

TRANSFER FRAME

PRIMARY HEADER

(octets) 5

FRAME DATA

TC TRANSFER FRAME

SE

GM

EN

T H

EA

DE

R

1

SECURITY HEADER

2-64

EC

F(O

ptional)

2

MAC is computed over Primary Header, Segment Header, Security Header, and Frame Data.MAC is not computed over frame sync mark (not shown) or ECF.

Encryption is done on Pad field in Security Header and on Frame Data.

PADIVSEQSPILV MAC

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 8

First implementation of the SDLS protocol

■TC link (cont’d) Security Header Definition

VE

RS

ION

(‘01’)

SECURITYPARAMETER

INDEX

SEQUENCE NUMBER(Optional)

(bits) 2 6 8

INITIALIZATION VECTOR(Optional)

Variable

PAD(Optional)

SECURITY HEADER

SECURITYHEADERLENGTH

ManagedManaged

MESSAGEAUTHENTICATION

CODE(Optional)

Managed

Sequence Number : not needed, Initialization Vector and Authentication service providing anti-replay protection

Initialization Vector : 4 Bytes Key Index : not needed for TC link PAD length : not needed Security Header total length : 6 Bytes Trailer (Message Authentication Code) length : 16 Bytes

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 9

First implementation of the SDLS protocol

■TC link (cont’d) Security Association Definition

Each Security Association must contain– Global MAPID(s) to which it is assigned– Service provided (Clear, AO, AE)– Key

Initialisation Vector Management 4 byte counter Generated by the ground segment On-board control mecanism : new received IV must be greater than the previous

one Guarantees IV uniqueness Also provides anti-replay service

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 10

First implementation of the SDLS protocol

■TM link (or Return link)

Transmission of the complete CADU ? Including Start Sequence (1ACFFC1D) and Tail Sequence This would allow future testing of hardware implementation of the protocol

Position of Security Header Just after Frame Secondary Header (if present) (as defined in 132.5-W1 Nov 2009)

TRANSFER FRAME

PRIMARY HEADER

(octets) 6

TM TRANSFER FRAME

EC

F(O

ptional)

FRAME DATA

OC

F(O

ptional)

4 2

FRAMESECONDARY

HEADER(Optional)

Managed

SECURITY HEADER

2-64

MAC is computed over Primary Header, FSH, Security Header, Frame Data, and OCF.MAC is not computed over frame sync mark (not shown) or ECF.

Encryption is done on Pad field in Security Headerand on Frame Data.

PADIVSEQSPILV MAC

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 11

First implementation of the SDLS protocol

■TM link (cont’d) Security Header Definition

VE

RS

ION

(‘01’)

SECURITYPARAMETER

INDEX

SEQUENCE NUMBER(Optional)

(bits) 2 6 8

INITIALIZATION VECTOR(Optional)

Variable

PAD(Optional)

SECURITY HEADER

SECURITYHEADERLENGTH

ManagedManaged

MESSAGEAUTHENTICATION

CODE(Optional)

Managed

Sequence Number : – Not needed if Encryption Only mode is not used, Initialization Vector and Authentication service providing anti-replay protection– When using EO mode, counter on IV provides anti replay protection

Initialization Vector : 6 Bytes ? Key Index : 2 Bytes PAD length : not needed Security Header total length : 10 Bytes Message Authentication Code (trailer) : 16 Bytes

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 12

First implementation of the SDLS protocol

■TM link (cont’d) Security Association Definition

Each Security Association must contain– Global Virtual Channel(s) to which it is assigned– Service provided (Clear, AO, AE, EO)– Key set (key selection by key index)

Initialisation Vector Management 6 byte counter Generated on-board On-board generation guarantees no regression : new IV sent is greater than the

previous one (+1) Guarantees IV uniqueness Also provides anti-replay service

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 13

Conclusion

■Development of the simulators can start as soon as everybody agrees on the first implementation of the SDLS Protocol

■ Interoperability Testing would then begin step by step

TM Link TC Link (no COP-1) TM Link and TC Link TM Link and TC Link with COP-1

SDLS - Interoperability Testing - Interfaces Definition Proposal CNES B. Saba 14

Thank you for your attention