Secure Key Management for NASA Space ... - CiteSeerX

5 downloads 384 Views 227KB Size Report
Deployment of space-based networks, however, increases security risks [2]. ... Data Systems) have developed a standard for securing space communication ...
Secure Key Management for NASA Space Communication1 Aruna Balasubramanian, Sumita Mishra2 CompSys Technologies Inc. {arunab, mishra}@compsystech.com and Ramalingam Sridhar State University of New York, Buffalo [email protected]

Abstract NASA envisions advanced technologies and protocols for their missions using space-based networks. The space-based network technology considers the ground stations and the spacecrafts to be a part of one large network, where a spacecraft can potentially connect to a large number of ground stations during its orbit. However, the technology introduces easy access to the spacecraft from the ground, in turn increasing the security risks. Additionally, space-based networks are formed among heterogeneous network entities. Thus, a generic security solution for all communication components may not be well suited. In this work, we study the architecture of space-based networks, and provide a classification for the network entities based on their characteristics. Based on the requirements and limitations of the classification, we provide suitable key management solution for enhanced security and strong authentication.

1. INTRODUCTION The space-based network technology is gaining popularity because of its advantages [1]. These networks reduce the cost and delay in space communication, are scalable and can accommodate more space missions for a relatively small increase in infrastructure support and provide commercial services such as mobile communication and paging. Space-based networks can be envisioned as comprising of space sensors, ground nodes, terrestrial sensors and satellites that communicate amongst each other, using the wireless/satellite medium. Deployment of space-based networks, however, increases security risks [2]. The wireless medium is more susceptible to attacks and an intruder can eavesdrop on the on-going communication to illegally obtain mission critical information [3]. Additionally, the nodes on the ground can be compromised more easily, and this may lead to a compromise of the protected space network. Strong authentication of the communicating entities and preserving the integrity and the confidentiality of the transmitted data are necessary for the deployment of space-based networks. Very often, cryptographic protocols (that use secret keys) are employed to achieve security goals such as authentication, confidentiality and integrity [4]. A secure key management protocol, involving creating, distributing and managing the secret keys, is an 1 2

Supported in part by NASA SBIR Phase I grant Corresponding author

important component of a strong security solution. In a wireless/satellite medium, distributing and managing secret keys among the communicating entities is challenging. Additionally, a space-based network is heterogeneous in nature and consists of different devices and communication networks. Thus, a generic key management protocol cannot be used for distributing secret keys amongst the different communication entities. In this work, we identify three types of network components that are part of a spacebased network and provide key management solutions that specifically cater to the requirements and constraints of the identified networks components. 2. NETWORK ARCHITECTURE The components of the space-based network that are considered in this work are – space sensors, terrestrial sensors, ground nodes (connected to the Internet) and satellites [1]. An example of a space-based network is illustrated in Fig. 1.

Satellite High flying sensor Ground station Terrestrial sensors Low data rate

Figure 1: Example of a space-based network

High data rate

The terrestrial sensors communicate with the high flying sensors and relay information collected via sensing. This is a low rate communication link. The satellites can contact the ground stations directly, using a low rate communication link or download information on to the high flying sensors, which in turn relay the information to the ground stations, using a high rate communication link. The ground stations themselves communicate among themselves to relay data to the ground controller. Traditionally, a satellite communicates with a ground controller (where every satellite is assigned a specific ground node for controlling) directly using the satellite link. In spacebased networks, the satellite use the high flying sensors as relays, the information is relayed to a ground station closest to the sensor, and the ground station in turn transmits the information to the assigned ground controller via the ground network.

3. BACKGROUND The current security solution for space-based network is implemented in layer-3 of the protocol stack using the IPSec protocol [2]. CCSDS (Consultative Committee for Space Data Systems) have developed a standard for securing space communication called SCPS-SP (Space Communication Protocol Specification – Security Protocol), while IPSec is used for securing ground communication [7]. SCPS-SP is similar to IPSec in many aspects, except that it is bit-optimized. In this section, we will discuss the security of IPSec and the same can be applied to SCPS-SP. To implement the security protocol using IPSec, the source and the destination need to share a common key, called the encryption key. Additionally, there is a need for a security association (SA) between the source and the destination that specifies the length and type of the key and the encryption algorithm to be used, among other things. Traditionally, a central trusted server can be made responsible for key management, i.e. creating, distributing and managing the encryption keys and the security association. Since the availability and connectivity to a central server is questionable, the Internet community suggested the use of IKE (Internet Key exchange protocol), where keys can be exchanged between two parties without the need for a central authority [4]. The IKE provides a pair-wise key exchange protocol (Oakley) and a protocol for establishing security associations (ISAKMP). Pair-wise key exchange not only introduces very high overhead (because of the bandwidth constraint in space communication), but also affects scalability when the network size increases. An operational mode of IKE has been proposed, that reduces the bandwidth utilization [2]. However, when the operational IKE is used, the participating entities cannot be authenticated, which may affect the security of the solution. Also, in the current security solution, there is no provision to provide security at any other level, but at layer-3. Layer-3 encryption entails that every IP packet be encrypted and this may introduce additional overheads. Space-based networks are heterogeneous, where the capabilities of the different network entities vary. However, the same key management protocol is used for both ground and space communication. A common solution for all the network entities may entail some compromises. 4. CLASSIFICATIONS In order to provide specific security solutions for the different network components of the space-based network we classify them in terms of their limitations and security requirements. The parameters used to categorize the networks are, resource limitations, mobility, levels of security required and data rate of communication. For example, the ground-space communication entails higher security risks because the ground nodes are more susceptible to impersonation attacks. However, the ground nodes are not necessarily battery-operated devices and have less resource constraints, and thus can

spend more resources for security. Terrestrial sensors, on the other hand, have higher resource limitations and consequently, cannot implement computationally intensive security solutions. Table 1 illustrates the categorization of the different network entities based on the parameters discussed. Table 1: Classification of the network entities

Terrestrial sensors Space sensors Ground node Satellite

Level security High Low High Low

of Resource Constraint High Low Low Low

Mobility Low High Low Medium

Data rate of communication Low High High Low

In this work, we focus on three communication networks that are components of the space-based network, namely, between ground-ground, satellite – space sensor, and space sensor – terrestrial sensor. 5. KEY MANAGEMENT SOLUTION We propose key management approaches that specifically cater to the requirements and constraints of the networks identified. 5.1 Intra-ground communication As discussed earlier, communication between the satellite and the ground stations is multi-hop and a majority of the communication is performed by the ground nodes. Thus, it is important to secure the ground communication, and in turn to design a secure key management solution for the ground nodes. Since any ground node can potentially be designated as a receiving station, the availability or connectivity to a central server for key management cannot always be assumed. In our previous work, we have developed a cryptography solution using hybrid symmetric/asymmetric key generation, which provides a decentralized, scalable and robust framework [5]. The keys are however used to provide confidentiality and it is assumed that the nodes are already authenticated. In this work, we adapt the hybrid key management solution to provide strong authentication as well. The network is divided into non-overlapping clusters and a group key is created among the cluster nodes in a contributory manner (i.e., each node contributes to the formation of the group key). Each node creates a pair-wise secret key with all nodes in the cluster, without explicitly exchanging pair-wise keys, thus reducing communication cost. The nodes also create a (public, private) key pair. The pair-wise keys are used to provide confidentiality for intra-cluster communication using symmetric cryptosystem, while the

(public, private) key pair is used to secure inter-cluster communication using asymmetric cryptosystem. By restricting pair-wise key exchange to within the cluster and by using the expensive asymmetric key cryptosystem for inter-cluster communication, scalability is ensured at a reduced cost. To provide authentication, we implement the following algorithm, 1) The sender and receiver exchange authentication material, encrypted using the group key. 2) Nodes authenticate each other by verifying the authenticated material. This ensures that the node is authorized (because of the existence of the authentication material) and is currently participating in the network (because of the existence of the group key). However, an important component of a security solution that uses asymmetric cryptosystem is the presence of a decentralized and secure certification authority. A certification authority is a trusted third party that signs a certificate (certifying the public key of a node) using its own private key and this ensures that others can reliably obtain the public key of the node. We use threshold cryptography to achieve this, where the private key of the certification service (that is used to sign the certificate) is distributed in a K-out-of-N manner to all nodes in the cluster and each node has a share of the private key [6]. When a node requests for a certificate, any K nodes in the cluster provide certificates signed using their private key share. The certificate shares are combined to form the whole certificate. A cluster node will sign a certificate only if the requesting entity is authenticated. Thus, even though authentication is performed by the nodes within the cluster, the ground nodes outside the cluster can be sure of the authenticity of the node, if the node has a valid certificate. Cryptographic Details The parameters involved in key formation are: Number of nodes in the cluster: n; Contribution of Node i to the group key: Ni; Public exponent: G. All operations are performed using modular arithmetic, as mod p, where p is a prime chosen by the first node [5]. The protocol is executed in n steps, where the first n-1 steps involve collecting group key contribution from the n-1 nodes. Node 1 sends its contributory key to Node 2, Node 2 to Node 3 and so on. A message transfer from Node i to Node i+1 is as follows: Node i Zi = G ♦

(N1 * N2 *…Ni)

; C i, k = G

(N1 * N2 *…Ni)/Nk

Node i+1 ∀ k ∈ [1,i]

Node i generates its secret contribution Ni and receives the intermediate key Z i-1 from Node i-1. The intermediate key at step i is Zi and is calculated as (Z i-1) Ni.



Node i also receives C i-1,k, which is the set of the partial intermediate keys of the preceding i-1 nodes. The partial intermediate key of a Node k is the intermediate key without the contribution of Node k.

In the culminating step, Node n generates its secret share (Nn) and computes G …Nn) . The partial keys are then computed as C n, k = G (N1 * N2 *…Nn)/Nk ∀ k ∈ [1, n]

(N1 * N2 *

Every node calculates its group key as G (N1 * N2 *…Nn) , using the partial keys and its own contribution. The group key is not known to an intruder. The calculation of pair-wise symmetric keys and the asymmetric keys are described on our previous work [5]. Results This solution has been simulated in GloMoSim. The protocol was tested for performance, with respect to delay in key generation and authentication. The simulation environment is 1000 X 1000 m, with maximum node speed set to 5 m/s. The initialization time is the time for contributory key generation and distribution of the partial keys and subsequent authentication. Figure 2 shows that the algorithm scales well for large networks and the initialization process is completed within a reasonable time period. For this particular scenario, 90% of the nodes in the network are initialized within the first 100 seconds, while all the nodes are initialized within the first 150 seconds.

Figure 2: Percentage of nodes getting initialized

5.2 Satellite-space sensor communication The space sensors are used as relay networks for satellites. The advantage of this set up is that that the space sensors have a high data rate connection to the ground and can relay information from the satellite more efficiently. Here, we propose a key management solution where there is limited exchange of keys between satellite and the space sensors.

A satellite may communicate with several space-sensors during its orbit. We assume that the satellite has static keys to communicate with certain space sensors. During its orbit, it can communicate with a sensor, which may be 1) A node with which the satellite shares a key 2) A node with which the satellite does not share a key 3) A node with which the satellite shares a key, but the key needs to be refreshed In case 1, no key exchange needs to be performed. When the satellite communicates with a space sensor and does not share a key with it (case 2), the security association established between the previous sensor and the satellite is now re-established between the new sensor and the satellite. However, this transfer takes place via communication between the sensors (i.e. the old sensor transfers the security association and the secret key to the new sensor), thus reducing the overhead of satellite communication. Case 3 is similar to case 2. The key management for satellite-space sensor communication is in effect by delegating the responsibility of key exchange to the space sensors. This ensures that the satellites do not utilize bandwidth for key exchange. 5.3 Terrestrial sensor – space sensor communication The communication between space sensors and terrestrial sensors has low data rate and additionally terrestrial sensors have very low power. It is important to minimize the computational as well as the communication cost of the security solution proposed for the sensors. We assume that the terrestrial sensors have pre-distributed keys (static) with a small key length. Keys of small lengths can be used to implement security using certain cryptographic techniques and we will adapt one such technique. The terrestrial sensors store only one key that is shared with all the space sensors. Key refresh is performed by the space sensors and is communicated to the terrestrial sensor and all the space sensors periodically, to thwart dictionary attacks [4]. 6. CONCLUSIONS AND FUTURE WORK In this paper, we have discussed an architecture for space-based networks and the security risks introduced by these networks. The space-based networks are formed among network components that have different characteristics and varying security requirements. The existing security solution and the key management protocol have certain limitations. Additionally, a generic key management solution may not be suitable for the different communication networks. To address this, we provide key management approaches that specifically cater to the requirements and constraints of the identified network components. Preliminary analysis and simulation results indicate that the key management solutions are efficient and the resource constraints of each of the communication network are satisfied. In the future, we will extensively analysis the proposed key management solutions for different space-based network architectures.

REFERENCES 1. 2. 3. 4. 5. 6. 7.

William Ivancic, “Architecture study of space-based satellite network for NASA missions”, IEEE Aerospace Conference, Montana, March 2003. James Noles, K. Scott, M.j.Zukoski and H.Weiss, “Next-Generation Space Internet, 2nd ESA Workshop on Tracking Telemetry And Command Systems for Space Applications, 2001. Tom Karygiannis and Les Owens, “Draft: Wireless Network Security, 802.11, Bluetooth and Hand held devices”, National Institute of Standard and Technology. William Stallings, Cryptography and Network Security: Principles and Practice, 3rd edition, Prentice Hall, 2002. A. Balasubramanian, S.Mishra and R.Sridhar, “Analysis of a Hybrid Key Management Solution for MANETs”, IEEE Wireless Communication and Networking Conference, New Orleans, LA, March 2005 A.Shamir, “How to share a secret”, Communications of the ACM, vol. 22(11), pp. 612613, 1979. Space Communication Protocol Specification (SCPS) – Security Protocol (SCPS-SP), CCSDS 713-5-B-1, CCSDS, May 1999