Download Technical Guideline SatDSiG PDF

TitleTechnical Guideline SatDSiG
LanguageEnglish
File Size2.3 MB
Total Pages62
Table of Contents
                            Table of contents
1 Introduction
	1.1 Objectives of this technical guideline
	1.2 Structure of this technical guideline
	1.3 Target audience
2 Infrastructures for high grade EOS
	2.1 System overview of high grade EOS
		2.1.1 Satellite-bus
		2.1.2 Payload
		2.1.3 Crypto modules
		2.1.4 Key Management Facility
		2.1.5 TT&C
		2.1.6 Payload ground stations
		2.1.7 Operator
		2.1.8 Data provider
		2.1.9 Customer
	2.2 Space segment
		2.2.1 Satellite system overview
		2.2.2 Mission operation (TT&C)
		2.2.3 Payload data management
	2.3 Ground segment
		2.3.1 Connection encryption
		2.3.2 Encryption configuration
		2.3.3 External ground stations
3 Satellite data security act of 2007
	3.1 Motivation and authorities
	3.2 Applicability
	3.3 License for operation
	3.4 License for dissemination of data
	3.5 Licensing conditions
4 Approach for the conformity evaluation
	4.1 Recognition of evaluation facilities
	4.2 Concept for the evaluation of the crypto concept
		4.2.1 Planning phase
		4.2.2 Building phase
		4.2.3 Operational phase
	4.3 IT-inspection procedure of the ground segment according to the IT-Grundschutz methodology
		4.3.1 Overview of the audit process
		4.3.2 Requirements on the part of the applicant
		4.3.3 Objectives and scope of the evaluation
		4.3.4 Roles and responsibilities
		4.3.5 Performance of the conformity evaluation
		4.3.6 Conformity evaluation report
		4.3.7 Conformity statement procedures
5 Part I – Evaluation of the crypto concept
	5.1 Introduction
		5.1.1 General information
		5.1.2 Scope of document
		5.1.3 Reference documents
		5.1.4 Terms & abbreviations
	5.2 System description
		5.2.1 System overview
		5.2.2 Relevant system components regarding SatDSiG
		5.2.3 Involved players and roles
		5.2.4 Security problem description
		5.2.5 Security boundaries
	5.3 Security objectives
	5.4 Assumptions on external factors
		5.4.1 Operational environment
		5.4.2 Organizational security measures
	5.5 Security requirements
		5.5.1 Cryptographic approach
		5.5.2 Cryptographic basics
			5.5.2.1 Algorithms
			5.5.2.2 Key-lengths
			5.5.2.3 Updates of algorithms after deployment
		5.5.3 Cryptographic implementation
			5.5.3.1 Key management
			5.5.3.2 Authentication
			5.5.3.3 Confidentiality
			5.5.3.4 Replay protection
			5.5.3.5 Time management
			5.5.3.6 Red/Black separation
			5.5.3.7 Physical protection
			5.5.3.8 Self test of cryptographic components
			5.5.3.9 Security audits
6 Part II – Inspection procedures for the ground segment
	6.1 Inspection criteria
	6.2 Audit phase 1: Analysis of the reference documents
		6.2.1 Overview documentary checks
		6.2.2 Verification of the approach and general aspects
		6.2.3 Reference documents
		6.2.4 IT-structure analysis
		6.2.5 Protection requirements determination
		6.2.6 Identification of threats and risks
		6.2.7 Result of the tailored security check
		6.2.8 Assessment of the satellite-system security concept according to the requirements of the SatDSiG
	6.3 Preparation of the on-site assessment
		6.3.1 Create an inspection plan for the OSV audit assessment
		6.3.2 Preparation of the assessment procedures
		6.3.3 Selection of safeguards (sampling)
	6.4 Audit phase 2: Inspections on-site
		6.4.1 Overview of the inspection activities
		6.4.2 Verification of the network plan
		6.4.3 Verification of the list of IT-systems
		6.4.4 Verification of the tailored security check
		6.4.5 Assessment of the risk treatment/-mitigation/-management
		6.4.6 Verification of IT-safeguards according to SatDSiG
	6.5 Subsequent improvements/repairs
	6.6 Creation of the evaluation report
	6.7 Final conformity result
7 Conformity statement
8 Annex for part II – Ground segment inspection
	8.1 Manufacturer's evidence of conformity / document lists
	8.2 Network plan (notes)
	8.3 Inspection schedule (on-site) template
	8.4 Outline of the inspection plan
	8.5 Outline of the inspection report
9 Bibliography
10 Glossary
                        
Document Text Contents
Page 1

Technical Guideline SatDSiG

Conformity assessment according to the satellite data security act (SatDSiG)

BSI TR-03140 (TR-SatDSiG)
Version 1.0 (2013)

Page 2

Authors

This technical guideline was written by:

IABG - Industrieanlagen-Betriebsgesellschaft mbH

• Christian Creter

• Dr. Stefan Baumann

BSI - Federal Office for Information Security

• Dr.-Ing. Andre Braunmandl

• Frank Christophori

• Dr. Manfred Lochter

• Wendel Lohmer

• Michael Krämer

Credits

We would like to thank all, who contributed to this technical guideline by proofreading and fruitful
discussions:

• Dr. Ernst Schulte-Geers, BSI

• Dr. Maximilian Gebhardt, BSI

• Wolfgang Schneider, BMWi

• Anke Reichardt, BAFA

• Thorsten Stahl, DLR

• Dr. Hanjo Kahabka, Infoterra GmbH

• Andreas Frömgen, Infoterra GmbH

• Michael Döberl, EADS Astrium

• Erwin Hirschmüller, EADS Astrium

• Dr. Rainer Rathje, OHB

Federal Office for Information Security
Post Box 20 03 63
53133 Bonn
Tel.: +49 22899 9582-0
E-Mail: [email protected]
Internet: https://www.bsi.bund.de
© Federal Office for Information Security 2013

Bundesamt für Sicherheit in der Informationstechnik
Postfach 20 03 63
53133 Bonn
Tel.: +49 22899 9582-0
E-Mail: [email protected]
Internet: https://www.bsi.bund.de
© Bundesamt für Sicherheit in der Informationstechnik 2013

Page 31

Part I – Evaluation of the crypto concept 5

5 Part I – Evaluation of the crypto concept
This section lists the relevant content that needs to be covered by the crypto concept. For this purpose a
document structure is described and for each chapter of the crypto concept the important relevant points
are clarified.

The evaluation of the crypto concept is a document check only, there is no physical implementation check
required.

5.1 Introduction

The crypto concept shall include an Introduction-chapter containing the following sub-chapters:

5.1.1 General information

The crypto concept shall provide at least:

• a short description of applicant (company profile)

• the contact details of the nominated POC of the applicant

• the contact details of the Local Security Officer of the applicant

• a list and short description of involved partners, subcontractors and external support (if applicable)

5.1.2 Scope of document

The scope of the document shall provide the inputs for the endorsement of a dedicated crypto concept for a
high grade EOS by BSI. This encompasses a description of all cryptographic measures regarding
communication with the satellite. Cryptographic measure regarding purely ground based communication
shall be covered by the mission security concept (cf. section 4.3.2).

The applicant shall describe in this sub-chapter his role and the role of involved partners, subcontractors
and external support (if applicable) w. r. t.:

• the development

• the manufacturing

• the operation

of the high grade EOS.

This sub-chapter shall include a description of the mission time-schedule (especially the expected mission
duration and the validity of crypto concept).

5.1.3 Reference documents

The crypto concept shall include a list with all reference documents used for its development and necessary
for its understanding.

5.1.4 Terms & abbreviations

The crypto concept shall include a list with all terms and abbreviations used within the document.

Federal Office for Information Security 31

Page 32

5 Part I – Evaluation of the crypto concept

5.2 System description

5.2.1 System overview

The crypto concept shall provide a system overview to give the readers an understanding of the overall-
system.

Figure 2 shall be used for a further refinement of the generic architecture of the high grade EOS. The level of
detail shall be appropriate to provide the basic background information, which are required to assess the
suitability of the crypto concept.

The system overview shall also address the types of data processed and their level of protection:

• Earth Observation data: sensitive data requiring e. g. a medium level of protection

• TT&C: sensitive data requiring e. g. a high level of protection

5.2.2 Relevant system components regarding SatDSiG

This sub-chapter of the crypto concept shall provide a description of the system-components as described
in section 2. Figure 3 shall be addressed for a further refinement.

This sub-chapter shall especially include a description of the storage of relevant data and the transmission
of relevant data.

The description shall distinguish between hardware- and software-components. Further, the description of
the hardware used shall identify whether the hardware is stationary or mobile.

5.2.3 Involved players and roles

This sub-chapter shall identify all internal and external players involved in:

• commanding of the orbital or transport system

• control of the sensor(s)

• control of the data transmission

• control of the data dissemination directly by the orbital or transport system

The involvement of the identified players includes:

• generation

• modification

• storage

• transmission

• erasure

of the relevant data.

The roles of the identified players w. r. t. security shall be defined, as well as the relationship between these
roles.

32 Federal Office for Information Security

Page 61

Glossary 10

Term/Abbreviation Explanation

PQM Project Quality Management Representative

SAN Storage Area Network

SAR Synthetic Aperature Radar

SatDSiG Satellitendatensicherheitsgesetz (Satellite Data Security Act)
“Act to give Protection against the Security Risk to the Federal
Republic of Germany by the Dissemination of High Grade Earth
Remote Sensing Data (Satellite Data Security Act — SatDSiG)„
2590 Federal Gazette (BGBl.) Year 2007 Part I No. 58, issued in
Bonn on 28 November 2007/
„Gesetz zum Schutz vor Gefährdung der Sicherheit der
Bundesrepublik Deutschland durch das Verbreiten von
hochwertigen Erdfernerkundungsdaten
(Satellitendatensicherheitsgesetz — SatDSiG) „
2590 Bundesgesetzblatt Jahrgang 2007 Teil I Nr. 58, ausgegeben zu
Bonn am 28. November 2007

SatDSiV "Statutory Ordinance to give Protection against the Security Risk
to the Federal Republic of Germany by the Dissemination of High
Grade Earth Remote Sensing Data (Satellite Data Security
Ordinance — SatDSiV)"
„Verordnung zum Satellitendatensicherheitsgesetz
(Satellitendatensicherheitsverordnung — SatDSiV)", V. v.
26.03.2008 BGBl. I S. 508 (Nr. 12); Geltung ab 05.04.2008

SFTP SSH File Transfer Protocol, Network protocol that provides file
access, file transfer, and file management functionalities over any
reliable data stream. [RFC 4251]
Not meant:
- Simple File Transfer Protocol
- Secure File Transfer Protocol (data transmission not encrypted!)

SiBe Sicherheitsbeauftragter (Security Officer)

SLA Service Level Agreement

S/N Signal to Noise ratio

SSL Secure Socket Layer

TC Telecommand

TDX Project TanDEM-X, (TerraSAR-X Add-oN for Digital Elevation
Measurement) is the name of TerraSAR's twin satellite.

TLS Transport Layer Security

Federal Office for Information Security 61

Page 62

10 Glossary

Term/Abbreviation Explanation

TMTC Telemetry, Tracking, Telecommand

TN Technical Note

TR Technische Richtlinie (Technical Guideline)

TSX Project TerraSAR-X, German earth observation satellite using SAR

TSXX Terra-SAR-X Exploitation

TT&C Telemetry, Tracking and Command

VPN Virtual Private Network

The terms Operator, Data, Data Provider, Sensor, Dissemination refer to the definitions in §2 (1) SatDSiG.

62 Federal Office for Information Security

Similer Documents