This preview shows page 1. Sign up to view the full content.
Unformatted text preview: necessarily open nature of most space data networks makes physical protection of the
entire network impractical. In this environment, the Data Protection mechanisms must permit
operation identical to "clear-text" communications flow through the mission's data networks
insofar as provision of normal network telecommunications services are concerned. The
CCSDS has therefore adopted two techniques which facilitate providing logical Data Protection
within the Telecommand System: these are ENCRYPTED AUTHENTICATION a nd
These techniques provide means to ensure that either:
(1) a command comes from an authorized source and that an unauthorized party cannot
modify the information which is conveyed within its structure (Encrypted
Authentication) and/or (2) that an unauthorized user cannot interpret its meaning (Data Encryption). A given system may use Encrypted Authentication only, or both Encrypted Authentication and
Data Encryption together.
(1) Encrypted Authentication
The CCSDS concept for providing Encrypted Authentication is that the sending end
of the authentication process generates a unique authentication word by sending an
encrypted block. This Encrypted Authentication word accompanies each clear-text
block (user data unit) that is transmitted. The receiving equipment recognizes the
Encrypted Authentication word by performing complementary decryption and
checking functions, thus fully establishing the authenticity of the received user data
unit. When Encrypted Authentication alone is used, the command application data
themselves are not modified.
The Encrypted Authentication word is attached to the user data unit before transport
to the spacecraft, and when received and recognized, an appropriate status message
must be telemetered in clear-text back to the sending end for verification. This
feature enables the system to recover from an interruption of the communications
channel. Issue 6 Page C-2 January 1987 CCSDS REPORT CONCERNING TELECOMMAND: SUMMARY OF CONCEPT AND SERVICE (2) Data Encryption
Data Encryption, which is a logical mechanism for providing Data Protection,
implies that the command application data are transformed (rendered secret) to make
them unintelligible to an unauthorized observer. A system using both Data
Encryption and Encrypted Authentication thus differs from a system using only
Encrypted Authentication since in the latter the application data are not transformed.
In a Data Encryption system, the telecommand application data are transformed by
applying special algorithms and can only be interpreted after processing by a
complementary process at the receiving end.
The CCSDS makes no recommendation for the choice of an Encrypted
Authentication or Data Encryption algorithm, or for the associated management
procedures. The choice of algorithms is therefore left to the participating Agencies.
However, the CCSDS does have some system-level requirements which are
intended to ensure that the Encrypted Authentication or Data Encryption system
characteristics are consistent with interoperability. Thes...
View Full Document
This document was uploaded on 03/06/2014.
- Spring '14