BS ISO 21324-2016 Space data and information transfer systems Space data link security protocol《航天数据和信息传输系统 航天数据链路安全协议》.pdf

1、BS ISO 21324:2016Space data and informationtransfer systems Space datalink security protocolBSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06BS ISO 21324:2016 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of ISO 21324:2016.The UK part

2、icipation in its preparation was entrusted to Technical Committee ACE/68, Space systems and operations.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are

3、responsible for its correct application. The British Standards Institution 2016.Published by BSI Standards Limited 2016ISBN 978 0 580 93027 0 ICS 49.140 Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the authority of the Sta

4、ndards Policy and Strategy Committee on 30 November 2016.Amendments/corrigendum issued since publicationDate T e x t a f f e c t e dBS ISO 21324:2016Reference number ISO 21324:2016(E) ISO 2016INTERNATIONAL STANDARDISO 21324Space data and information transfer systems Space data link security protocol

5、 Systmes de transfert des donnes et informations spatiales Protocole de scurit de liaison de donnes spatiales First edition 2016-11-15BS ISO 21324:2016ISO 21324:2016(E) COPYRIGHT PROTECTED DOCUMENT ISO 2016 All rights reserved. Unless otherwise specified, no part of this publication may be reproduce

6、d or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. IS

7、O copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2016 All rights reservedBS ISO 21324:2016ISO 21324:2016(E) ISO 2016 All rights reserved iiiForeword ISO (th

8、e International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committ

9、ee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechn

10、ical standardization. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted

11、in accordance with the editorial rules of the ISO/IEC Directives, Part 2. www.iso.org/directives Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Deta

12、ils of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received. www.iso.org/patents Any trade name used in this document is information given for the convenience of users and does not constitute an endorse

13、ment. For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information ISO 21324 was prepare

14、d by the Consultative Committee for Space Data Systems (CCSDS) (as CCSDS 355.0-B-1, September 2015) and was adopted (without modifications except those stated in clause 2 of this International Standard) by Technical Committee ISO/TC 20, Aircraft and space vehicles, Subcommittee SC 13, Space data and

15、 information transfer systems. BS ISO 21324:2016CCSDS RECOMMENDED STANDARD FOR SPACE DATA LINK SECURITY CCSDS 355.0-B-1 Page ii September 2015 STATEMENT OF INTENT The Consultative Committee for Space Data Systems (CCSDS) is an organization officially established by the management of its members. The

16、 Committee meets periodically to address data systems problems that are common to all participants, and to formulate sound technical solutions to these problems. Inasmuch as participation in the CCSDS is completely voluntary, the results of Committee actions are termed Recommended Standards and are

17、not considered binding on any Agency. This Recommended Standard is issued by, and represents the consensus of, the CCSDS members. Endorsement of this Recommendation is entirely voluntary. Endorsement, however, indicates the following understandings: o Whenever a member establishes a CCSDS-related st

18、andard, this standard will be inaccord with the relevant Recommended Standard. Establishing such a standarddoes not preclude other provisions which a member may develop.o Whenever a member establishes a CCSDS-related standard, that member willprovide other CCSDS members with the following informatio

19、n:- The standard itself. - The anticipated date of initial operational capability. - The anticipated duration of operational service. o Specific service arrangements shall be made via memoranda of agreement. Neitherthis Recommended Standard nor any ensuing standard is a substitute for amemorandum of

20、 agreement.No later than five years from its date of issuance, this Recommended Standard will be reviewed by the CCSDS to determine whether it should: (1) remain in effect without change; (2) be changed to reflect the impact of new technologies, new requirements, or newdirections; or (3) be retired

21、or canceled.In those instances when a new version of a Recommended Standard is issued, existing CCSDS-related member standards and implementations are not negated or deemed to be non-CCSDS compatible. It is the responsibility of each member to determine when such standards or implementations are to

22、be modified. Each member is, however, strongly encouraged to direct planning for its new standards and implementations towards the later version of the Recommended Standard. ISO 21324:2016(E) ISO 2016 All rights reservedBS ISO 21324:2016CCSDS RECOMMENDED STANDARD FOR SPACE DATA LINK SECURITY CCSDS 3

23、55.0-B-1 Page iii September 2015 FOREWORD This document describes a protocol for applying security services to the CCSDS Space Data Link Protocols used by space missions over a space link. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent r

24、ights. CCSDS has processes for identifying patent issues and for securing from the patent holder agreement that all licensing policies are reasonable and non-discriminatory. However, CCSDS does not have a patent law staff, and CCSDS shall not be held responsible for identifying any or all such paten

25、t rights. Through the process of normal evolution, it is expected that expansion, deletion, or modification of this document may occur. This Recommended Standard is therefore subject to CCSDS document management and change control procedures, which are defined in Organization and Processes for the C

26、onsultative Committee for Space Data Systems (CCSDS A02.1-Y-4). Current versions of CCSDS documents are maintained at the CCSDS Web site: http:/www.ccsds.org/ Questions relating to the contents or status of this document should be sent to the CCSDS Secretariat at the e-mail address indicated on page

27、 i. ISO 21324:2016(E) ISO 2016 All rights reservedBS ISO 21324:2016CCSDS RECOMMENDED STANDARD FOR SPACE DATA LINK SECURITY CCSDS 355.0-B-1 Page iv September 2015 At time of publication, the active Member and Observer Agencies of the CCSDS were: Member Agencies Agenzia Spaziale Italiana (ASI)/Italy.

28、Canadian Space Agency (CSA)/Canada. Centre National dEtudes Spatiales (CNES)/France. China National Space Administration (CNSA)/Peoples Republic of China. Deutsches Zentrum fr Luft- und Raumfahrt (DLR)/Germany. European Space Agency (ESA)/Europe. Federal Space Agency (FSA)/Russian Federation. Instit

29、uto Nacional de Pesquisas Espaciais (INPE)/Brazil. Japan Aerospace Exploration Agency (JAXA)/Japan. National Aeronautics and Space Administration (NASA)/USA. UK Space Agency/United Kingdom. Observer Agencies Austrian Space Agency (ASA)/Austria. Belgian Federal Science Policy Office (BFSPO)/Belgium.

30、Central Research Institute of Machine Building (TsNIIMash)/Russian Federation. China Satellite Launch and Tracking Control General, Beijing Institute of Tracking and Telecommunications Technology (CLTC/BITTT)/China. Chinese Academy of Sciences (CAS)/China. Chinese Academy of Space Technology (CAST)/

31、China. Commonwealth Scientific and Industrial Research Organization (CSIRO)/Australia. Danish National Space Center (DNSC)/Denmark. Departamento de Cincia e Tecnologia Aeroespacial (DCTA)/Brazil. Electronics and Telecommunications Research Institute (ETRI)/Korea. European Organization for the Exploi

32、tation of Meteorological Satellites (EUMETSAT)/Europe. European Telecommunications Satellite Organization (EUTELSAT)/Europe. Geo-Informatics and Space Technology Development Agency (GISTDA)/Thailand. Hellenic National Space Committee (HNSC)/Greece. Indian Space Research Organization (ISRO)/India. In

33、stitute of Space Research (IKI)/Russian Federation. KFKI Research Institute for Particle and b) the procedures performed by the service provider. It does not specify: a) individual implementations or products; b) the implementation of service interfaces within real systems; c) the methods or technol

34、ogies required to perform the procedures; or d) the management activities required to configure and control the service. This Recommended Standard does not mandate the use of any particular cryptographic algorithm with the Security Protocol. Reference 4 provides a listing of algorithms recommended b

35、y CCSDS; any organization should conduct a risk assessment before choosing to substitute other algorithms. Annex E (non-normative) defines baseline implementations suitable for a large range of space missions. 1.3 APPLICABILITY This Recommended Standard applies to the creation of Agency standards an

36、d for secure data communications over space links between CCSDS Agencies in cross-support situations. The Recommended Standard includes comprehensive specification of the service for inter-Agency cross support. It is neither a specification of, nor a design for, real systems that may be implemented

37、for existing or future missions. The Recommended Standard specified in this document is to be invoked through the normal standards programs of each CCSDS Agency, and is applicable to those missions for which interoperability and cross support based on capabilities described in this Recommended Stand

38、ard is anticipated. Where mandatory capabilities are clearly indicated in sections of the ISO 21324:2016(E) ISO 2016 All rights reservedBS ISO 21324:2016CCSDS RECOMMENDED STANDARD FOR SPACE DATA LINK SECURITY CCSDS 355.0-B-1 Page 1-2 September 2015 Recommended Standard, they must be implemented when

39、 this document is used as a basis for interoperability and cross support. Where options are allowed or implied, implementation of these options is subject to specific bilateral cross support agreements between the Agencies involved. 1.4 RATIONALE The goals of this Recommended Standard are to: a) pro

40、vide a standard method of applying security at the Data Link Layer, independent of the underlying cryptographic algorithms employed by any particular space mission; b) preserve compatibility with existing CCSDS Space Data Link Protocol Transfer Frame Header and Trailer formats and frame processing i

41、mplementations so that, where appropriate, legacy frame processing infrastructure may continue to be used without modification; c) preserve compatibility with the CCSDS Space Link Extension (SLE) forward and return services; and d) facilitate the development of common commercial implementations to i

42、mprove interoperability across agencies. More discussion of the Security Protocols goals and design choices, including its interaction with other CCSDS services, may be found in reference D3. 1.5 DOCUMENT STRUCTURE This document is organized as follows: Section 1 presents the purpose, scope, applica

43、bility, and rationale of this Recommended Standard and lists the conventions, definitions, and references used throughout the document. Section 2 (informative) provides an overview of the Security Protocol. Section 3 (normative) defines the services provided by the protocol entity. Section 4 (normat

44、ive) specifies the protocol data units provided for these services and the procedures employed by the service provider. Section 5 (normative) specifies the constraints associated with these services for each of the supported Space Data Link Protocols. Section 6 (normative) lists the managed paramete

45、rs associated with these services. ISO 21324:2016(E) ISO 2016 All rights reservedBS ISO 21324:2016CCSDS RECOMMENDED STANDARD FOR SPACE DATA LINK SECURITY CCSDS 355.0-B-1 Page 1-3 September 2015 Section 7 (normative) specifies how to verify an implementations conformance with the Security Protocol. A

46、nnex A (normative) provides a Protocol Implementation Conformance Statement (PICS) proforma for the Security Protocol. Annex B (informative) provides an overview of security, SANA registry, and patent considerations related to this Recommended Standard. Annex C (informative) provides a glossary of a

47、bbreviations and acronyms that appear in the document. Annex D (informative) provides a list of informative references. Annex E (informative) defines baseline implementations suitable for a large range of space missions. 1.6 DEFINITIONS For the purposes of this document, the following definitions ap

48、ply. NOTE Generic definitions for the security terminology applicable to this and other CCSDS documents are provided in reference D5. Payload: Data input to be processed by a Security Protocol function. ApplySecurity Payload: Payload to the ApplySecurity function. ProcessSecurity Payload: Payload to

49、 the ProcessSecurity function. Authentication Payload: Part of the Transfer Frame to be authenticated. 1.7 CONVENTIONS 1.7.1 NOMENCLATURE The following conventions apply for the normative specifications in this Recommended Standard: a) the words shall and must imply a binding and verifiable specification; b) the word should implies an optional, but desirable, specification; c) the word may implies an optional specification; d) the words is, are, and will imply stat