dlr/gsoc – security related missions martin pilgram, dlr-gsoc april, 21 at colorado springs, usa
DESCRIPTION
DLR/GSOC – Security related missions Martin Pilgram, DLR-GSOC April, 21 at Colorado Springs, USA. Overview. DLR supports up to now three different kinds of security related missions:. Leop for military imaging and comms missions Emergency support for military imaging mission - PowerPoint PPT PresentationTRANSCRIPT
Folie 1 > Vortrag > AutorDokumentname > 21st April 2009
DLR/GSOC – Security related missions
Martin Pilgram, DLR-GSOCApril, 21 at Colorado Springs, USA
DLR/GSOC – Experience from security related missions - Martin Pilgram - page 2 21st April 2009 at CCSDS spring meeting, Colorado Springs
Overview
DLR supports up to now three different kinds of security related missions:
Leop for military imaging and comms missions Emergency support for military imaging mission Routine operations for military comms mission Leop and Routine Operations for scientific
imaging missions underlying the SatDSiG (german law on securing high precision imaging missions)
DLR/GSOC – Experience from security related missions - Martin Pilgram - page 3 21st April 2009 at CCSDS spring meeting, Colorado Springs
Experience (general)
Setup for LEOPs:
- No encryption and authentication
- Only authentication
Setup for routine operations
- Different levels for TC authentication/encryption
- TM encryption for all TM or only for imaging data
- Clear mode possible/not possible
Encryption algorithms:
- Private
- AES
DLR/GSOC – Experience from security related missions - Martin Pilgram - page 4 21st April 2009 at CCSDS spring meeting, Colorado Springs
Experience (general-2)
Ground Crypto Unit:
- bypass possible/not possible
- automatic redundancy switching
- different handling of keys for the crypto units
- lifetime for keys predefined/not predefined
Key distribution:
- SFTP is used for key distribution
Key management plan
- Not specific document for key management. This is part of the operational procedures and/or described in the Crypto Unit Users Guide.
DLR/GSOC – Experience from security related missions - Martin Pilgram - page 5 21st April 2009 at CCSDS spring meeting, Colorado Springs
Experience (User Authentication)
Requirements
in projects like TerrarSAR-X (SATDSiG), Columbus (ESA) and some military projects lead to a strict user authentication for spacecraft operations.
Solutions:
Access control system to operational area via a HITAG I transponder Card and on top of that a finger-print terminal (where necessary). The cards for access control are also used for time recording of employees.
System authentication on a personal basis with a centralized LDAP (Lightweight Directory Access Protocol) supports user groups to transfer sessions between shift personal.For satellite mission the system is based on username/password/group, for Columbus the system is based on smart-cards. The smartcard feature is integrated in the access control card. Added value: on leave the system will be locked.
DLR/GSOC – Experience from security related missions - Martin Pilgram - page 6 21st April 2009 at CCSDS spring meeting, Colorado Springs
Experience (User Authentication-2)
Products
Sefirot Smart Card Solution
Comtarsia SignOn for the LDAP connection
The Smart Card Solution supports:
Different levels of security (only login, permanant use)
Different OS: Windows and SUSE Linux (SLES-8, SLES-10)
multi screen solutions
Shift handover
Multi-Workstation-Multi-Account Logon
UNIcert PKI
Future features for smart-card solution:
Lifecycle manager, Kerberos support, proxy support