Folie 1 > Vortrag > AutorDokumentname > 21st April 2009

DLR/GSOC – Security related missions

Martin Pilgram, DLR-GSOCApril, 21 at Colorado Springs, USA

DLR/GSOC – Experience from security related missions - Martin Pilgram - page 2 21st April 2009 at CCSDS spring meeting, Colorado Springs

Overview

DLR supports up to now three different kinds of security related missions:

Leop for military imaging and comms missions Emergency support for military imaging mission Routine operations for military comms mission Leop and Routine Operations for scientific

imaging missions underlying the SatDSiG (german law on securing high precision imaging missions)

DLR/GSOC – Experience from security related missions - Martin Pilgram - page 3 21st April 2009 at CCSDS spring meeting, Colorado Springs

Experience (general)

Setup for LEOPs:

- No encryption and authentication

- Only authentication

Setup for routine operations

- Different levels for TC authentication/encryption

- TM encryption for all TM or only for imaging data

- Clear mode possible/not possible

Encryption algorithms:

- Private

- AES

DLR/GSOC – Experience from security related missions - Martin Pilgram - page 4 21st April 2009 at CCSDS spring meeting, Colorado Springs

Experience (general-2)

Ground Crypto Unit:

- bypass possible/not possible

- automatic redundancy switching

- different handling of keys for the crypto units

- lifetime for keys predefined/not predefined

Key distribution:

- SFTP is used for key distribution

Key management plan

- Not specific document for key management. This is part of the operational procedures and/or described in the Crypto Unit Users Guide.

DLR/GSOC – Experience from security related missions - Martin Pilgram - page 5 21st April 2009 at CCSDS spring meeting, Colorado Springs

Experience (User Authentication)

Requirements

in projects like TerrarSAR-X (SATDSiG), Columbus (ESA) and some military projects lead to a strict user authentication for spacecraft operations.

Solutions:

Access control system to operational area via a HITAG I transponder Card and on top of that a finger-print terminal (where necessary). The cards for access control are also used for time recording of employees.

System authentication on a personal basis with a centralized LDAP (Lightweight Directory Access Protocol) supports user groups to transfer sessions between shift personal.For satellite mission the system is based on username/password/group, for Columbus the system is based on smart-cards. The smartcard feature is integrated in the access control card. Added value: on leave the system will be locked.

DLR/GSOC – Experience from security related missions - Martin Pilgram - page 6 21st April 2009 at CCSDS spring meeting, Colorado Springs

Experience (User Authentication-2)

Products

Sefirot Smart Card Solution

Comtarsia SignOn for the LDAP connection

The Smart Card Solution supports:

Different levels of security (only login, permanant use)

Different OS: Windows and SUSE Linux (SLES-8, SLES-10)

multi screen solutions

Shift handover

Multi-Workstation-Multi-Account Logon

UNIcert PKI

Future features for smart-card solution:

Lifecycle manager, Kerberos support, proxy support