Overview of CCSDS Cloud Certificate Authority (CA) and Operational Concept
Explore the CCSDS Cloud Certificate Authority (CA) infrastructure, including the Architecture, IGCA Bridge CA, and certification processes. Learn about the Next Steps for an IGCA for space and the Operational Concept involving control of VMs, webpages, and email interfaces. Discover how IGCA will enhance connection times and the NASA and CNES registration processes.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
CCSDS Cloud Certificate Authority (CA) CCSDS Inter-governmental (IGCA) for space Red book 05/13/2021 CCSDS Glenn Research Center (GRC) CHARLES SHEEHE, GRC Point of Contact 1
Architecture IGCA Bridge CA signed by the IGCA Root CA a. managed by the IGCA PKI service contract b. This Bridge CA cross-certifies with other agency/organization/corporation CAs IGCA Root CA a. b. Trust anchor that all participants can chain to Managed by the IGCA PKI service contract IGCA Policy Root Agency A Root Root CA level Rapid Update rate Issuing CA level IGCA Issuing CA a. IGCA Issuing CA Managed by the IGCA PKI service contract This CA would issue certificates to devices/users for smaller participant groups do not have their own PKI nor resources to stand one up b. Agency A Issuing CA 1 year certs Agency B Root Bridge Member CAs a. The cross-certified external partners CAs b. Issue certificates to their end- entities c. This cross-certified CA, A CA below the external partners, issuing CA Agency B Issuing CA 1 year certs USER B USER A
Currently out for review; feedback Updated references Cleaned up ambiguous Included 1 year and 3 year certs
Next steps for an IGCA for space Start new Activity within the Security Working Group! Draft red book, started Review draft Survey of affected working groups like DTN and SLE. Survey of agencies as to expected requirements and perceived needs. Determine must haves and must nots. Rework draft red book. Review changes and rework draft red book. Agreed to draft. Promote to Systems Engineering Area (SEA) Area Director. Re-work as needed Promote to CCSDS Engineering Steering Group (CESG). Promote to CCSDS Management Council (CMC). Implementation?
IGCA will speed up connection times CCSDS Network Layer Adaptation Profile-IPsec tunnel CCSDS Authentication Credentials. WWW NASA CNES CNES CA/RA NASA CA/RA CNES NASA Satellite Satellite CCSDS Cloud CA IGCA
Operational concept Control of VM Webpage/ E-mail interface Cloud certificate sever Virtual Machine (VM) hosted in the public cloud with a web page and e-mail client to register agencies and provided their CCSDS compliant X.509 V3 certificates. SANA will determine the agreeable service provider NASA Requesting certs Updating certs White and black lists CNES Requesting certs Updating certs White and black lists NASA Registration Account CNES Registration Account WWW CNES NASA CNES NASA Satellite Satellite https://sanaregistry.org/ https://public.ccsds.org/default.aspx
Clo ud CA Clo ud CA Clo ud CA Clo ud CA
