Encryption and the migration to COTS technologies

Story

May 02, 2013

Armed forces around the world, and in particular the United States military, are striving for total information dominance over foreign adversaries. This new focus on information dominance has transformed the battle space, where all assets – unmanned aerial-, terrestrial-, and sea-based platforms; ground combat vehicles; precision guided weapons; handheld computers; and so on – are in constant communication and collaboration over a secure and reliable tactical network. This network is expanded through larger terrestrial networks and support systems in order to provide warfighters and commanders with the information needed for an accurate and real-time common operating environment.

Encryption of all this classified information, both during transmission (“data in motion”) or while it is stored (“data at rest”) is critical to ensure both military operations success and personnel safety. However, a military organization has to be able to communicate securely with its government and potentially other governments, as well as with nonmilitary organizations that might be involved. Using COTS hardware, standard encryption algorithms, key exchange, digital signatures, and hashing enable the timely sharing of classified information.

Encryption transitions to COTS, GOTS

Historically, military critical infrastructure relied on platforms and technologies specifically designed, developed, and delivered for military use. However, initiatives to streamline procurement, improve deployment times, and reduce cost led to the adoption of architectures that increasingly rely on Commercial Off-the-Shelf (COTS) products and technologies or slight derivatives customized for military use – Government Off-the-Shelf (GOTS). This focus on commercially derived technologies is currently seeing renewed emphasis, with these COTS and GOTS platforms leveraging the most advanced and forward-looking technologies and architectures in the industry – for example, virtualization, mobility, cloud computing, and so on.

The migration to COTS/GOTS systems increases the importance and complication of the role encryption plays for the warfighter. How do governments ensure that they can trust these devices to handle their most sensitive data, and how can individual vendors or industry partnerships provide technologies and platforms that facilitate the approved encryption processes?

In the United States, military cryptography is traditionally developed and maintained by the National Security Agency (NSA). Not only does the NSA develop secret crypto algorithms designated as “Type 1” or “Type A” cryptos for classified U.S. government communications, but its responsibilities also include the approval of all military communications and computing devices that implement encryption. As the requirements for military communications have grown rapidly over the past few years, installation, deployment, performance, obsolescence, and maintenance issues and rising costs are becoming an increasing concern. In 2005, the NSA and the U.S. DoD launched the Cryptographic Modernization Program to combat these issues.

Perhaps the most remarkable development of the Cryptographic Modernization Program has been the acceptance and adoption of nonclassified, industry-developed cryptographic algorithms. These so-called “Suite B” cryptos are more conducive to the military’s COTS/GOTS systems strategy.

Cryptographic algorithms are open standards-based

Suite B encrypted systems are based on open standards cryptographic algorithms. Governments such as that of the United States publish guidelines and standards that outline which algorithms may be used for classified and nonclassified information. The Federal Information Processing Standard FIPS 140-2 published by the National Institute of Standards and Technology (NIST) outlines the cryptography requirements for all devices used on a National Security System. Government/military agencies use the Common Criteria for Information Technology Security Evaluation (often referred to as simply Common Criteria or CC) international standard when they specify security requirements. Using a Common Criteria rating scale ranging from Evaluation Assurance Level (EAL) 1 through 7, the government can compare how rigorously particular devices have been tested to meet their security requirements. Implementing standard cryptographic algorithms and key exchange is not authorized on a National Security System until they have been tested and certified. Common Criteria evaluation and validation must be done by an accredited NSA/NIST testing laboratory.

It is important to point out that a higher EAL rating does not necessarily mean that one device is more secure than another – only that it has been tested more rigorously, suggesting a higher level of trust. Most hardware network devices carry an EAL rating between 1 and 4. GE’s RTR8GE rugged secure battlefield router, for example, runs a FIPS-certified version of Juniper Networks’ Junos network operating system and has achieved the Common Criteria EAL 4 rating, which states “methodically designed, tested, and reviewed” (Figure 1). Given the rapid growth in the number of devices going through the evaluation process and the time and cost involved in obtaining such a high rating, EAL 4 rated devices will likely be rare in the future. Most networking devices today only carry an EAL 2 rating, which designates that the solution was “structurally tested.”

 

Figure 1: GE’s RTR8GE secure battlefield router uses a FIPS-certified version of Juniper Networks’ Junos network operating system.

(Click graphic to zoom by 1.9x)

 

Encryption methodologies are evolving

The premise of public-key cryptography is that the mathematical problem that must be solved to decrypt the communication would take so long to solve that by the time it was solved, the information would no longer be useful. Suite B uses Elliptical Curve Cryptography (ECC), which has the advantage of using much smaller keys with an equivalent level of security, thereby reducing the computing power and bandwidth required. The efficiency of ECC enables a high level of security for the wide range of Internet Protocol (IP)-enabled devices available today.

There is no question that Internet Protocol is rapidly becoming the dominant network protocol used throughout military communications networks, and while it is still common to find specialized military- and application-specific protocols in the tactical battlefield environment, these are being replaced. Therefore, Internet Protocol Security (IPSec) (see Sidebars 1 and 2), a set of open standard Internet Engineering Task Force (IETF) standards, is used throughout military networks to configure encryption and secure sensitive communications. IPSec with the approved, tested, and validated encryption algorithms and key management can meet the FIPS 140-2 and Common Criteria requirements for encryption over IP networks.

 

Sidebar 1: IPsec key creation methods

(Click graphic to zoom by 3.0x)

 

 

Sidebar 2: Common FIPS-approved cryptographic algorithms and IPsec security protocols explained

(Click graphic to zoom by 3.0x)

 

IPSec is a point-to-point architecture that manages key exchange, verifies the integrity of data packets, negotiates crypto algorithms, and authenticates between two end-nodes on a network. However, regardless of the key management methodologies or security protocols implemented, IPsec might not be ideal for tactical military networks, particularly as they grow in size and complexity. Key distribution and management will likely represent serious challenges, and application performance, dynamic routing, reliability, and management might all suffer.

A group-based network encryption has evolved that promises to address the limitations of traditional IPSec point-to-point architectures. The standards-based Group Encrypted Transport (GET) integrates routing and encryption together in the network and alleviates the need to set up individual point-to-point connections. Since policies and keys are managed from a central point, key distribution and management are greatly simplified. Group Encrypted Transport is well suited to battlefield networks, given their dynamic and mobile nature, with diverse devices transmitting and receiving sensitive data over a large geographic area. Military network architects will likely prefer the flexibility afforded by GET over traditional IPsec tunneling.

Encryption faces new challenges

Server virtualization and hypervisor technologies have grown to enable cloud computing in the commercial/data center world, and these technologies are now finding their way onto the battlefield. Government agencies, including the DoD, continue to embrace emerging technologies such as cloud computing. In fact, cloud computing promises to address some of the DoD’s most pressing issues such as improving deployment time for new warfighter applications and technology, enabling data sharing between joint forces and allies, and simplifying and streamlining network management – all while reducing costs.

The basic concept behind the implementation of cloud computing, virtual machines, and virtual networks is to replace hardware devices with software. A single rugged multicore computing device installed in an unmanned platform, for example, could perform the function of mission computer, router, firewall, and sensor processor – an architecture that provides significant SWaP benefits, essentially replacing four individual devices.

However, this concept of a software-based appliance is challenged by the fact that government and DoD policies, procedures, certifications, and testing methodologies primarily revolve around hardware devices. Foundations have been laid by the NSA that would allow use of software-based Suite B crypto “devices” running in virtual machines, but the evaluation process needs to catch up. Since the benefits of cloud computing and virtualization are so compelling, industry and the DoD are working closely to address these procedural issues and we will likely see this addressed within the next few years.

Commercial users will follow

As the next phase of the Internet begins to develop with the Industrial Internet Revolution, the focus is shifting from communications between people to communication between machines, manufacturing plants, energy production facilities, logistics/shipping hubs and even aircraft engines. All these are transmitting, storing, and sharing data like never before. Other government agencies and Non-Governmental Organizations (NGOs) providing law enforcement and homeland security seek the benefits of cloud computing architectures to share critical and sensitive information as well.

However, many of these nonmilitary industries and applications are unprepared for the security implications that ubiquitous connectivity brings and therefore look to the military sector for the technology and procedures needed. Solutions that have a Common Criteria EAL rating are attractive in nonmilitary markets and, as the Industrial Internet grows, it is likely that more and more devices will embed the encryption algorithms, methodologies, and design principles that are common in military systems. It is safe to say that this will be an exciting arena to watch for many years to come.

Rubin Dhillon is Business Development Manager at GE Intelligent Platforms. He can be contacted at rubinder.dhillon@ge.com.

GE Intelligent Platforms

defense.ge-ip.com

Jim Kelly is Product Line Manager at Juniper Networks. He can be contacted at jkelly@juniper.net.

Juniper Networks

www.juniper.net