The National Security Agency (NSA) has spearheaded a number of initiatives to tackle the toughest network security problems ever, from Internet interoperability and network convergence to wireless vulnerabilities.
As the largest unprotected Internet-working environment on the globe, the Internet is a formidable security challenge. It represents to many the single largest security market today.
NSA has already overcome some interoperability hurdles through the implementation of an existing standard. To address network convergence and the growing dependence on IP-based networks, the agency created the High Assurance Internet Protocol Interoperability Standard (HAIPIS) to support future generations of IP-based network encryptors and a suite of secure, IP-based applications, such as Secure Voice Over IP.
“We see a definite convergence between the cell phone and the PDA network appliance world. We also see a heavy dependence on IP-based networks. The DoD and a lot of the carriers are going that way and we want to make sure that our future wireless security follows that trend,” said Russ Flowers, chief of the NSA Secure End Users Technology Office.
As disparate networks and their appliances have begun to converge, NSA has worked to build interoperability both within and between existing, secure communications and commercial infrastructures.
“The goal is to be able to go wireless to wireless securely, whether it’s GSM [Global System for Mobile Communications] or CDMA [Code Division Multiple Access], and to go from wireless IP-based data applications to the wired IP networks that the DoD has,” said Flowers.
These networks include the GSM and CDMA wireless networks, the Public Switched Telephone Network with Internet Protocol-based networks, and wireless with wired networks.
At a December 2003 NSA conference in Anaheim, CA, General Dynamics demonstrated a PDA hooked to a cell phone to retrieve e-mail securely from a Sectera Wireline Terminal. It was connected to a Windows-based e-mail server in Scottsdale, AZ.
“The encryption occurred in the security module on the cell phone and in the Sectera Wireline Terminal. The PDA was able to show the unencrypted version of e-mail after it had been transferred,” said Brad Bowles, General Dynamics product manager for Secure GSM phone, Sectera and Iridium Security Module products.
At the same show, Qualcomm introduced the QSec-2700, a streamlined CDMA wireless device that, upon government certification, will provide Type 1 secure-voice communications and secure-data connectivity. Operating over 800 MHz and 1900 MHz CDMA commercial wireless networks, the QSec-2700 handset functions like a feature-rich commercial wireless handset. In addition to security, it offers a variety of 3G CDMA2000 1X technology wireless features with clear data speeds up to 153 kilobits per second (kbps). The new form factor was engineered with future convergence applications in mind.
“The QSec-2700 mechanical design incorporates existing hardware to accommodate future software upgrades enabling features such as VOIP secure calls, clear and secure group dispatch communications, AES for non-Type 1 communications, and Assisted Global Positioning System technology to geographically track end-user position location with downloadable software upgrades,” said Vance Tester, senior director of government sales.
NSA achieved secure interoperability between some wired and wireless systems when it created an industry and government consortium that agreed on a common signaling protocol called the Future Narrow Band Digital Terminal (FNBDT).
Despite its name, however, FNBDT is no longer just narrow band, but also includes a common voice processing capability, a crypto-algorithm base and a key-management process. It has become the primary security standard for cell phones, military radios and emerging public safety communications devices for homeland security missions and first responders around the world.
NSA has certified numerous products based on FNBDT, and is hoping to achieve the same success with HAIPIS in the years to come.
“We’re now trying to make improvements to how well the products work with each other across commercial infrastructures,” said Flowers.
FNBDT products were designed to accept—and have accepted—secure software upgrades. For example, the General Dynamics Sectera Secure GSM phone, as well as the Qualcomm QSec-800 CDMA secure cell phone, have added upgrades that provide the ability to pass short messaging data.
Qualcomm demonstrated secure data by using the QSec-800 secure wireless phone and a camera connected to a laptop. Using the QSec-800 as the encryption engine, the company was able to send encrypted real-time photos over the commercial CDMA network to a similar setup on the receiving end. Both the QSec-800 and 2700 secure phones are able to demonstrate secure data versatility via cable using PDAs, satellite phones and various other wireless and wireline instruments.
Existing Sectera Secure GSM phone owners can upgrade their units with free software by purchasing a data cable that can be used for the software upgrade process. A secure data software upgrade is also available for the Sectera TalkSecure wireless phone, which is the commercial version of Sectera that uses the Advanced Encryption Standard (AES).
Although the data file transfers are limited to low bandwidth, the addition of secure voice and data interoperability in FNDBT mode is a first step toward the convergence of voice and data over secure wireless networks. “The data rate is limited to 9600 bits per second, so the initial step into data is a small but significant one. In the future, short messaging will happen at faster rates and, further out, secure video will be the killer application in third generation products. But there are still security issues that need to be resolved before that happens,” said Bowles.
Another accomplishment in FNBDT interoperability last year was the addition of electronic re-keying. To maintain a high level of security in products under use, it is necessary to re-key them in the field routinely. However, in the past, the only way to re-key was to physically locate a COMSEC custodian to perform a data transfer. This was time-consuming and inconvenient. Now users of the secure FNBDT products can simply auto-update a key by connecting the device back to the central management infrastructure over a secure call.
“We worked with all the vendors to achieve this common electronic re-keying capability,” said Flowers. FNBDT products such as L-3 Communications’ Secure Terminal Equipment (STE) family, Qualcomm’s QSEC-800 product and General Dynamics’ Sectera wireline terminal, as well as its GSM cell phone, now have this electronic re-keying capability.
NSA now maintains an FNBDT interoperability test bed that verifies vendor compliance with the current version of FNBDT specifications and tests interoperability among the current versions of all wireline and wireless products to verify secure, end-to-end interoperability.
Early this year, the FNBDT working group expanded its membership to include Britain, Canada, Australia and New Zealand, as well as NATO in a separate engagement, Flowers said. “We are introducing FNBDT to NATO standards working groups to examine and consider it as a basis for secure interoperability. We are hoping to get different nations to design to a commercial set of standards for interoperability to make sure we have the foundation for secure interoperability with our allies.”
The DoD uses the Iridium satellite constellation with secure military gateways for worldwide Type 1 wireless communications. To enable easier communication across Iridium network devices, General Dynamics will offer FNBDT in its Iridium Security Module (ISM) by the second quarter of this year. The ISM contains an NSA-certified, Type 1 algorithm and is similar in use to the Sectera module, in that it attaches behind the battery of the Iridium handset Model 9505. The General Dynamics Sectera Wireline Terminal will offer mobile FNBDT voice and data capability in a Black Digital Interface (BDI) to be used over the Iridium satellite constellation.
“The original ISM only offered secure voice, and it only interoperated with other ISM modules or with other STU-3 products through a gateway the government operates. This new capability with a BDI now allows ISM users to communicate through the
Iridium constellation with other FNBDT users,” said Bowles.
To achieve exclusively secure voice, users will utilize the ISM. To achieve FNBDT secure voice and data, users will switch to the BDI. They cannot use both at once. Since the FNBDT implementation in the ISM is based on the Sectera platform, it will be available for Type I military and government use as well as for non-Type I government or commercial use, he said.
While FNBDT is now a proven solution for voice and low-rate data, its encryption program is located on the Application layer, which is layer seven of the seven-layer Open Systems Interconnection (OSI) Reference Model. The Applications layer contains functions for particular applications services, such as file transfer and remote file access.
The OSI model is an internationally accepted framework of communications protocols, developed by the International Standards Organization, for communication between different systems made by different vendors.
Although it is possible to accomplish higher rates with the HAIPIS standard, Bowles pointed out that the encryption is located on the Transport Layer. The Transport Layer (layer four) defines rules for information exchange and manages end-to-end delivery of information between networks.
The question under review involves the merging of the existing FNBDT standard with the emerging HAIPIS standard. “How are we going to resolve the issue about where the encryption occurs when you are trying to merge these two together?” Bowles asked.
The goal of the HAIPIS government/industry group is to define a specification that will plot a way for vendors to handle encryption in different scenarios. “Where do you use FNBDT and where do you use HAIPIS, or are we going to create a new technology and standard in between?” asked Bowles.
“Once you get all the disparate groups to agree, then you can start to implement solutions. We bring in NSA as early as possible in systems design to work out any vulnerability issues. They will tell us what needs to be changed to account for any vulnerability,” he said.
After successful beta testing, NSA hopes by the end of the year to complete the final version of a Wireless Technology Vulnerabilities Database, which federal agencies will be able to check before buying commercial wireless products, according to an NSA spokesperson.
The primary goal is to create a relatively simple tool and make it available to the majority of U.S. government users who deal with classified information and want to use wireless products. Currently, policy makers seek advice from numerous technical experts scattered throughout the government. A goal of the database initiative is to consolidate information to help organizations and individuals in writing, updating or interpreting their policies or simply performing risk assessments, the spokesperson said.
The database will be available to anyone with access to the Secret Internet Protocol Router Network (SIPRNet). Users with a SIPRNet account will be able to query the database about specific technologies available in a device. The database will produce a report showing the vulnerabilities associated with each technology or combination of some technologies. It is then up to the users to employ this information properly to write or implement their agency policies. There are plans to periodically update the information in the database as new data on existing or new technologies is integrated into wireless products.
Information for populating the database originates from two main sources. The first is NSA’s own research, which results almost exclusively in classified findings. The second entails open source. Public information is a huge source, and NSA plans to continue to utilize it as much as possible.
To make further progress tackling complex convergence issues, NSA also recently created an internal, cross-matrix team of subject-matter experts to assess the mid- and long-term challenges of the secure mobile environment. The Secure Mobile Environment Integrated Products Team (SMEIPT) has brought together evaluators and vulnerability analysts with research engineers and product development to explore solutions, said Flowers.
SMEIPT will handle vulnerability discovery, research as well as product development and certification for the secure mobile environment.
Harris Corp., meanwhile, has been working with NSA under the Commercial COMSEC Endorsement Program (CCEP) to develop the SecNET 54 secure wireless LAN product, which expands IEEE 802.11b technology by providing broader band capability with a high degree of security for a wireless LAN.
SecNet 54 users will be able to operate at a higher data rate, compared with the 11 mbps limitation inherent in 802.11b technology, said Eric Petkus, Harris SecNet 11 chief technology officer. Further, the SecNet 54 will provide a Top Secret level security classification. The SecNet 54 is Ethernet-based, giving any computing platform with an Ethernet interface the ability to provide secure, mobile communications, he said.
In addition to higher data rates, the SecNet 54 also provides Over the Air ReKeying. The SecNet 54 will be a follow-on product to the SecNet 11, which has provided personal/individual wireless communications equipment to the Type 1 market. Harris enhanced the capabilities of the SecNet 11 recently by adding support for applications requiring a PCMCIA form factor.
As homeland security and first responder needs are addressed, yet another convergence, that of Type 1 communications with non-Type 1, has begun to grow. “One of our objectives for the future next-generation wireless products is to design them so that they can include Type 1 as well as Type IV Sensitive but Unclassified security types,” said Flowers.
Last year the National Institute of Standards in Technology (NIST) stated in the Federal Information Processing Standard (FIPS) 197 doctrine that AES is now the approved algorithm of choice to protect government communications below the Type 1 level.
“We’ve been encouraging standards capability in commercial assurance products. We want to see information assurance vendors move to AES because it is the new standard. And it’s important that the implementation of that algorithm, as well as other security features, be independently tested or evaluated either by NIST or NIAP [National Information Assurance Partnerships] labs,” said Flowers.
As a result of the NIST FIPS 197 doctrine, many vendors last year began to develop or offer AES in their non-Type 1 secure, wireless products. For example, the use of AES in the General Dynamics TalkSecure product was recently approved for export by the departments of State and Commerce, said Bowles. And last fall, Motorola added AES encryption to its Canopy platform, upgrading the security of its broadband wireless LAN offering from the product’s current use of Single Data Encryption Standard (DES).
In addition, Qualcomm is actively participating in industry interoperability discussions and plans to offer AES encryption on the QSec-2700 platform, according to Tester.
AES is more secure than other current methods of securing wireless LANs, such as the Wired Equivalent Protocol , Secure Sockets Layer, Transport Layer Security or the Single or Triple DES (3DES).
The addition of AES to wireless LAN products, such as the Motorola Canopy platform, could spur the use of its wireless LAN by government users who wish to expand on their networks using NIST or NSA-approved security without incurring the high cost of running fiber and building large Internet access systems.
For example, Last Mile Networks, a Fall City, WA-based systems integrator, has been installing the Motorola Canopy system in recent years. But prior to the addition of AES, the market was limited to deploying in unclassified areas. “It is sometimes difficult for us to get the military to look at using wireless devices because of the security issues associated with them. But the AES encryption that Canopy is offering makes them more willing to look at it,” said Steve Olson, Last Mile operations manager.
The Canopy system is easy to install and represents a cost and time savings compared with installing fiber cable between buildings, Olson said, adding that it is also highly mobile. “You can install it and then take it down, move it to another location and have it back up and running in a matter of hours. The Canopy system is easy to manage and at $3,500 for the whole system, it is comparatively inexpensive,” he noted.
The system includes a small subscriber module, which is attached to a building; access points that can be mounted on utility poles or water towers to distribute service to the surrounding community; and the backhaul unit, which is used to provide bulk connectivity from a remote network to the access point site. The Canopy system uses two types of transceivers—point-to-point and point-to-multipoint. “A point-to-point configuration can span distances as far as 35 miles,” said Greg Bedian, Canopy program manager.
Canopy includes Bandwidth Authentication Management (BAM) software and a Cluster Management Module (CMM) used to interface with access points. The CMM includes an Ethernet switch, with a WAN connection provided by one port on the Ethernet switch, a power supply and a GPS receiver. “We use the GPS signal as a common time reference for all the Canopy systems,” said Paul Odlyzko, a Canopy technical staff fellow.
Network traffic that comes in from the Ethernet connection is encrypted using AES in the backhaul unit before being transmitted over the air. “The fact that we carry Ethernet traffic transparently across the airwaves means we can use anyone’s devices,” said Chuck Macenski, Motorola Canopy software manager and a member of technical staff.
Motorola is able to span distances as far as 35 miles in its wireless LAN by the use of reflector dishes, which concentrate Radio Frequency power. Canopy customers can align the reflector dishes using a series of audio tones and cadences. “Customers don’t need special laser or optical equipment to perform the alignment. All they need is a pair of standard headphones,” said Bedian.
Motorola provides three parameters to indicate alignment, according to Canopy principal staff engineer Chris Fay. The three parameters include signal strength (the higher the pitch, the better the alignment), interference detection (as the interference is greater, the volume decreases) and periodic interruptions in tone to verify continuous synchronicity, Fay explained.
The heightened awareness of security has extended to satellite network systems vendors that are developing AES compliance in current or upcoming platforms. For example, Reston, VA-based iDirect Technologies, which provides the VSAT NetModem II Plus data and voice hub, will be AES-compliant in its next platform, scheduled for launch in the third quarter of this year.
The product currently has 3DES encryption, and the company is awaiting FIPS
140-2 certification for its 3DES solution. Rather than having to integrate a separate device, the encryption is built into the scalable NetModem II Plus satellite hub, which can hold 20 line cards. A line card is a hub modem card that provides the outbound carrier modulator and the inbound carrier demodulator in one card.
Because the system uses proprietary acceleration technology, there is no degradation of speed as a result of encryption demands, said Dave Bettinger, iDirect vice president of engineering.
iDirect works with Technical and Management Services Corp. (Tamsco) of West Long Branch, NJ, which has been providing contingency communications services to the Army and other DoD services. For Operation Iraqi Freedom, Tamsco provided a satellite connectivity network, using iDirect’s NetModem II Plus hub, to the Army’s Coalition Forces Land Component Command (CFLCC) in Kuwait for logistics tracking of equipment and parts.
“It provides a shared, high availability, broadband, IP system based on TDMA [Time Division Multiple Access] technology,” said Bettinger.
The CFLCC network started with 32 VSATs in Iraq, but is now expanding to an additional 20 VSATs, according to Richard Buckwalter, Tamsco business development manager.
The satellite system represents the military move in recent years away from custom protocols and toward Internet Protocol for satellite communications. The TDMA system allows users to take advantage of shared bandwidth systems, as opposed to dedicated bandwidth systems, which are both expensive and inefficient, Bettinger said.
It also represents the move toward convergence. “The NetModem II Plus was designed for Voice Over IP, but we found that the use of it for voice was heavier than we had expected,” said Bettinger. “There is no question that, as a result of the blending of networks, the future is in hybrid networks.”