The necessarily open nature of most space data

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: necessarily open nature of most space data networks makes physical protection of the entire network impractical. In this environment, the Data Protection mechanisms must permit operation identical to "clear-text" communications flow through the mission's data networks insofar as provision of normal network telecommunications services are concerned. The CCSDS has therefore adopted two techniques which facilitate providing logical Data Protection within the Telecommand System: these are ENCRYPTED AUTHENTICATION a nd DATA ENCRYPTION. These techniques provide means to ensure that either: (1) a command comes from an authorized source and that an unauthorized party cannot modify the information which is conveyed within its structure (Encrypted Authentication) and/or (2) that an unauthorized user cannot interpret its meaning (Data Encryption). A given system may use Encrypted Authentication only, or both Encrypted Authentication and Data Encryption together. (1) Encrypted Authentication The CCSDS concept for providing Encrypted Authentication is that the sending end of the authentication process generates a unique authentication word by sending an encrypted block. This Encrypted Authentication word accompanies each clear-text block (user data unit) that is transmitted. The receiving equipment recognizes the Encrypted Authentication word by performing complementary decryption and checking functions, thus fully establishing the authenticity of the received user data unit. When Encrypted Authentication alone is used, the command application data themselves are not modified. The Encrypted Authentication word is attached to the user data unit before transport to the spacecraft, and when received and recognized, an appropriate status message must be telemetered in clear-text back to the sending end for verification. This feature enables the system to recover from an interruption of the communications channel. Issue 6 Page C-2 January 1987 CCSDS REPORT CONCERNING TELECOMMAND: SUMMARY OF CONCEPT AND SERVICE (2) Data Encryption Data Encryption, which is a logical mechanism for providing Data Protection, implies that the command application data are transformed (rendered secret) to make them unintelligible to an unauthorized observer. A system using both Data Encryption and Encrypted Authentication thus differs from a system using only Encrypted Authentication since in the latter the application data are not transformed. In a Data Encryption system, the telecommand application data are transformed by applying special algorithms and can only be interpreted after processing by a complementary process at the receiving end. The CCSDS makes no recommendation for the choice of an Encrypted Authentication or Data Encryption algorithm, or for the associated management procedures. The choice of algorithms is therefore left to the participating Agencies. However, the CCSDS does have some system-level requirements which are intended to ensure that the Encrypted Authentication or Data Encryption system characteristics are consistent with interoperability. Thes...
View Full Document

This document was uploaded on 03/06/2014.

Ask a homework question - tutors are online