C RYPTOGRAPHIC K EY I NFRASTRUCTURE FOR S E C U R I T Y S E R VI C E S P R O T E C T I N G TT&C A N D P A Y L O A D L I N K S O F S PA C E M ISSIONS ESTEC/CONTRACT NO. 4000103681 May 2011 – April 2014 MARCIO JULIATO, DEPT. OF ECE, UNIV. OF WATERLOO CATHERINE GEBOTYS, DEPT. OF ECE, UNIV. OF WATERLOO IGNACIO AGUILAR SANCHEZ, ESTEC, ESA 1 Table of Contents Table of Contents ............................................................................................................ 2 List of Acronyms ............................................................................................................. 5 List of Figures .................................................................................................................. 7 List of Tables .................................................................................................................... 8 Chapter 1 : Report Summary ................................................................................................. 9 1.1 Introduction ............................................................................................................... 10 1.2 Background ............................................................................................................... 10 1.3 Purpose and Scope ..................................................................................................... 12 1.4 Programme Outline .................................................................................................... 12 1.5 Output ....................................................................................................................... 15 1.6 Relevant References .................................................................................................. 16 Chapter 2 : Key Management Fundamental Requirements ................................................... 18 2.1 Scope ......................................................................................................................... 19 2.2 Space Mission Scenarios ............................................................................................ 20 2.2.1 Orbital Types and Associated Parameters ............................................................ 20 2.2.2 Communication Scenarios ................................................................................... 21 2.2.3 Summary of Parameters....................................................................................... 22 2.3 Key Roles, Scopes and Hierarchy .............................................................................. 23 2.3.1 Determining Key Roles and Scopes ..................................................................... 23 2.3.2 Proposed Key Hierarchy and Justification ........................................................... 24 2.4 Algorithms and Attacks ............................................................................................. 27 2.4.1 Assumptions on Threat and Trust Models ............................................................ 27 2.4.2 Attacks against AES ............................................................................................ 28 2.4.3 Related Key Attacks ............................................................................................ 29 2.4.4 Exhaustive Search Attacks................................................................................... 29 2.4.5 Successful Forgery .............................................................................................. 36 2.5 Cryptoperiods and Key Lengths ................................................................................. 38 2.5.1 Related Work ...................................................................................................... 38 2.5.2 Data Complexity in Related Key Attacks ............................................................. 40 2.5.3 Data Complexity of a Successful Forgery ............................................................ 41 2 2.5.4 Time Complexity of Attacks based on Exhaustive Search ................................. 42 2.5.5 Determining Key Lengths .................................................................................... 45 2.5.6 Defining Cryptoperiods ....................................................................................... 48 2.6 Instrument/Payload Data Distribution ........................................................................ 50 2.6.1 ESA-Controlled Data Distribution ....................................................................... 50 2.6.2 Direct Data Distribution with ESA Knowledge of Keys .................................... 50 2.6.3 Direct Data Distribution with User Key Management .......................................... 51 2.7 Over the Air Re-Keying ............................................................................................. 53 2.7.1 LEO (Sentinel-like) Missions .............................................................................. 53 2.7.2 GEO (Meteosat-like) Missions ............................................................................ 55 2.8 Appendix: Improved Bounds on CMAC Forgery Probability ..................................... 57 Chapter 3 : Key Management Fundamental Requirements (Supplement) and Trusted Platform Research ............................................................................................................... 58 3.1 Scope ......................................................................................................................... 59 3.2 Revisiting Authentication Cryptoperiods.................................................................... 60 3.2.1 Updated Equations for Authentication Mechanisms ............................................. 60 3.2.2 Computation of Pue for Reed-Solomon Codes..................................................... 60 3.2.3 Successful Forgery against Authentication Mechanisms ...................................... 61 3.2.4 Graphical Analysis of PErr and PForg for TC ......................................................... 62 3.2.5 Graphical Analysis of PErr and PForg for TM ........................................................ 64 3.2.6 Probability of Accepting Forged Data .................................................................. 65 3.2.7 Updated Authentication Cryptoperiods ................................................................ 67 3.2.8 Conclusions and Recommendations ..................................................................... 69 3.3 Trusted Platform to Support Key Management .......................................................... 71 3.3.1 Key Management Goals and Infrastructure .......................................................... 71 3.3.2 Related Work ...................................................................................................... 72 3.3.3 Communication Scenarios ................................................................................... 74 3.3.4 Secret and Keying Materials ................................................................................ 74 3.3.5 Rekeying Procedure with Hop-by-Hop Secrecy ................................................... 76 3.3.6 Rekeying Procedure with End-to-End Secrecy ..................................................... 84 3.3.7 Hop-by-Hop Onboard Integrity Check ................................................................. 90 3.3.8 End-to-End Onboard Integrity Check .................................................................. 94 3 3.3.9 Complexity Evaluation ........................................................................................ 96 3.3.10 Study Cases ..................................................................................................... 101 3.4 Appendix: Probability of Undetected Errors for Reed-Solomon Codes ..................... 108 Chapter 4 : Reconfigurable and Distributed Key Management ....................................... 111 4.1 Scope ....................................................................................................................... 112 4.2 Key Transport .......................................................................................................... 113 4.2.1 Original Key Transport Approach...................................................................... 113 4.2.2 Improved Key Transport based on Nonces ........................................................ 114 4.2.3 Improved Key Transport based on Timestamps ................................................. 116 4.3 Key Agreement ........................................................................................................ 118 4.3.1 Diffie-Hellman .................................................................................................. 118 4.3.2 Man-In-The-Middle Attacks .............................................................................. 118 4.3.3 Related Work .................................................................................................... 120 4.3.4 Password Authenticated Key Exchange ............................................................. 121 4.3.5 TPM-Supported Key Agreement Protocol ......................................................... 121 4.3.6 TPM-Supported Key Agreement Protocol with Timestamps .............................. 123 4.3.7 TPM-Supported Key Agreement Protocol with Control Center Reporting ......... 125 4.3.8 Discussions ......................................................................................................