---------- Forwarded message ----------
>Subject: Crypto Equipment Guide -- Part Three of Three
>Date: Mon, 17 May 1999 16:10:30 -0500
----------------------------------------------------------------------------
----
SECURE TERMINAL EQUIPMENT
Secure Terminal Equipmet (STE) is the next generation STU-III being designed to
provide services far beyond the present STU-III devices. The STE offers
backward compatibility with STU-III, while taking advantage of digital
communications protocols like ISDN and future ATM. The initial release of STE
will be an ISDN terminal. STE is designed to take advantage of the key and
privilege management infrastructure developed under the Multi-level Information
Systems Security Initiative (MISSI) Fortezza Plus Cards. The cryptographics for
STE will be located on a removable Personal Computer Memory Card International
Associate (PCMCIA) card. This card will be procured seperately.
Secure Terminal Equipment serves as a secure voice and data communication. It
has been planned for use at all classification levels. The vendor is Lockheed
Martin and Motorola Government Systems.
----------------------------------------------------------------------------
----
Other Encryption Equipment
----------------------------------------------------------------------------
----
CONDOR
AT&T SECURE CONFERENCE SYSTEM
SSP3110 DATA STORAGE ENCRYPTOR
DATA TRANSFER DEVICE
----------------------------------------------------------------------------
----
CONDOR
The Condor is an effort to produce a security solution for commercial digital
wireless systems. This includes cellular, mobile satellite, and personal
communications systems. It is being designed to utilize the Fortezza Plus
cryptographic card.
The CONDOR provides secure communications for commercial wireless services
(CDMA cellular and Mobile Satellite). This product is currently under
development. The CDMA (dual mode cellular) will be completed in March, 1998,
Globalstar in August, 1998 and Iridium in August, 1998. The authorized vendor
and cost is undetermined at this time.
----------------------------------------------------------------------------
----
AT&T SECURE CONFERENCE SYSTEM
The AT&T Secure Conference System consists of a circuit board installed in a
personal computer, a STU-III terminal, and a switch box connected at the host
site. This configuration functions as a concentrator during a secure conference
call. The circuit board can be installed in a 386 or 486 personal computer. The
system requires a minimum of 640 K of RAM and MS-DOS 3.0 or higher to operate.
A telephone conference can be provided for up to four secure terminals per
circuit board. Multiple circuit boards may be installed in one computer to
raise the number of secure terminals to a maximum of 12 units. The AT&T Secure
Conference System can function with any STU-III devices at 2400 bps and 4800
bps in half duplex communication mode. Crypto-ignition keys are used at the
STU-III terminal as usual. The computer with the circuit board installed will
verify each participants clearance prior to initiating the conference.
This system is approved for use at all classification levels. The authorized
vendor is AT&T Secure Communications Products. Contact the vendor for the cost.
----------------------------------------------------------------------------
----
SSP3110 DATA STORAGE ENCRYPTOR
The SSP3110 encrypts sensitive data received from a host over the Small
Computer Systems Interface (SCSI) and wrties it to a storage medium such as a
floppy diskette, magnetic tape, or an optical disk. Stored data that is
encrypted using this device may be treated as "unclassified". The maximum
processing speed using the SSP3110 is 150 Kbps depending on the application.
Electronic keying is accomplished using KEKs on punched paper tape and TEKs on
Smart Keys. TEKs are derived from NSA-supplied floppy diskettes and written to
Smart Keys using a Key Management Loader. In pairs, TEKs are used for Two-
Stations transport aplications, shared TEKs are used for Multi-Station
transport applications, and Special Purpose TEKs are used for data storage
applications. KEK loading requires KOI-18 Tape Reader and DS-102 Signal
Converter.
The SSP3110 Data Storage Encryptor is approved for use at all classification
levels. Tractor Aerospace has developed the Secure Retrieval Processor (SRP),
which is a less expensive, decrypt-only, embeddable board-level companion to
the SSP3110. The cost for the SSP3110 is $11,995, Key Loader Key Manager
Software is $2,500, and Training is $3,000. The SRP price is not available.
----------------------------------------------------------------------------
----
DATA TRANSFER DEVICE
The Data Transfer Device (DTD) is an electronic fill device designed to replace
the existing family of common electronic fill devices. The DTD can be
programmed to store the secure transport of COMSEC and TRANSEC keys, Signal
Operating Instructions, frequency hopping radio parameters, net control
planning, and operating directions. The DTD is designed to be
backward-compatible with current COMSEC fill devices. It provides enhanced
security of communications and cryptographic keying material and simplifies the
planning communications. The DTD is configured by software input rather than
hardware modifications. An embedded crypto-ignition key allows flexibility in
securely storing and transporting communications data. The DTD uses a
replaceable keypad and is easily configured to work with either a standard
35-key keypad or a simplified 13-key keypad.
The Data Transfer Device is designed to replace the KYK-13, KYX-15 and KOI-18.
This device is approved for storing, transporting and transferring
cryptographic keys up to the Top Secret level. The authorized vendor is Group
Technologies Corporation. The cost for this device is between $510-$560.
----------------------------------------------------------------------------
----
MISSI Encryption Equipment
----------------------------------------------------------------------------
----
MULTI-LEVEL INFORMATION SYSTEMS
SECURITY INITIATIVE (MISSI)
The Multi-level Information Systems Security Initiative (MISSI) is an NSA
effort to make available products that could be used to construct systems that
would satisfy user Mutli-level Security (MLS) requirements. MISSI includes the
development of products in four categories: the Crypto Peripheral, Network
Security Management, Secure Network Server, and Workstation Security Applique.
These products will comprise the set of security components needed to construct
Automated Information System (AIS) that satisfy MLS requirements. MISSI
establishes the structure for the placement of the components to achieve MLS at
the workstation, LAN, or WAN levels as needed. This structure is designed to
(1) protect data from unauthorized disclosure and modification; (2) identify
and authenticate system users; (3) control access to data and system resources,
and; (4) support source authentication and non-repudiation of messages. MISSI
will be introduced in a four-phase release approach. Each release will provide
four operational capabilities exceeding those of the previous release along
with the required security services.
* Release 1 provides encryption and digital signature capability to protect
unclassified but sensitive electronic mail and file transfers.
* Release 2 provides the capability to secure electronic mail through
different level system-high environments with a multi-level range of
Unclassified to Secret.
* Release 3 provides the capability to handle information in the range of
Unclassified to Top Secret including file transfer.
* Release 4 adds performance improvements and robustness to the network
security management capabilities in order to address new AIS technologies
and large scale expansion.
The following paragraphs describe the features and characteristics of MISSI
products as they pertain to system performance, capabilities and
characteristics.
Operation
MISSI components will support mandatory access controls to provide hierarchical
(Unclassified, Confidential, Secret, Top Secret) and non-hierarchical
("compartmented") classifications. Discretionary access controls provide
additional "need-to-know" granularity. All data stored and processed by MISSI
components will be labeled with a designation of its criticality and
sensitivity through the use of the Common Internet Protocol Security Option
(CIPSO) labels and internal labels in a Trusted Computing Base (TCB).
The user operation requirements of MISSI hardware components will be compatible
with those required to operate the AISs they secure. At the workstation level,
a user's identity will be authenticated up to the Top Secret level with a local
name, a personal password, and a physical token inserted into a reader
associated with the workstation's MISSI component. The use of trusted software
and trusted operating systems will provide protection from unauthorized
interference or tampering. MISSI components will use CIPSO labels for mandatory
access controls and a database/directory scheme for discretionary access
controls. These access controls and those of the trusted operation system will
permit users to specify and control sharing of files and programs and provide
controls to limit the propagation of access rights.
Networks
Initial MISSI components will operate on DDN X.25, CCITT 1984 X.25, IEEE 802.3,
and Ethernet networks. Later releases are planned to evolve with communications
network protocols such as ATM. MISSI systems are intended to be protocol
independent below the lowest layer where security is applied. A Secure Network
Server (SNS) providing a guard/gateway function will provide CIPSO labeling to
route datagrams to the proper networks and prevent those labels from being
inadvertently or deliberately altered. MISSI components communicating on
Ethernet (TCP/IP based) networks will support Address Resolution Protocol
functions to provide logical addressing. MISSI components will also support
GOSIP X.25 protocols.
Keying
MISSI components will rely on the Electronic Key Management System (EKMS) for
keying and rekeying activities. Components will support FIREFLY technology.
Equipment
The reliability, availability, and maintainability of MISSI hardware and
software components will meet or exceed current industry standards for
commercial off-the-shelf office environment applications. Some of the MISSI
critical system characteristics are:
* MISSI hardware components designed for operation in a ground non-hostile
environment.
* MISSI components which meet the appropriate EMI, EMC, and TEMPEST
requirements consistent with supported networks.
* MISSI compoents handled according to Controlled Cryptographic Item (CCI)
requirements.
* Integrated Logistics Support requirements for MISSI are hardware components
that are maintainable at the organizational, intermediate, and depot
levels. The Mean-Time-To-Repair (MTTR) figure for organizational and
intermediate levels is 15 minutes. The MTTR figure for depot level
maintenance is 30 minutes.
* MISSI software and hardware components will undergo periodic health checks
automatically.
Product Development
The Information Security (INFOSEC) product evolution of MISSI, as defined in
the four-phased release approach and the four product categories previously
mentioned, is explained in more detail by the following graphics.
Mosaic
The Mosaic program is an implementation designed to support MISSI Release 1.
This program provides a Personal Computer Memory Card International Association
(PCMCIA) crypto card, which provides encryption of sensitive unclassified
electronic mail (E-mail) messages. Under the Mosaic program, a Commercial Off
The Shelf (COTS) networked workstation configured with a PCMCIA card bus or
separate reader performs the required MISSI Release 1 functions.
The Mosaic program supports X.400 or Simple Mail Transfer Protocol (SMTP)
E-mail on the Defense Message System, as well as other Department of Defense
(DoD) and Civil Agency applications. This system is currently designed to
operate at 1.5 Mbps encryption/decryption. The PCMCIA card is under going test
in the Mosaic program.
Workstation Security Applique (APPLIQUE)
The APPLIQUE is a low cost product that provides multi-level security services
for COTS networked workstations. It consists of both a software package and a
hardware device referred to as the Crypto Peripheral (CP). Capabilities include
security services to support writer to reader security for X.400 based E-mail
and peer-to-peer applications. The security services performed by the APPLIQUE
are: access control, audit, data confidentiality, data integrity,
identification, and authentication as well as non-repudiation. It consists
integrates with a wide variety of 386/486 based processor COTS workstations and
higher. The APPLIQUE consists of several basic elements that allow the user to
communicate in networked environments with multiple security levels. These
elements include: a communications security package, trusted computing base, CP
and a physical token.
The communications security package includes these ISO layer 3 and 7 security
protocols: Network Layer Security Protocol (NLSP1), Message Security Protocol
(MSP), and Key Management Protocol (KMP). The APPLIQUE will support both the
GOSIP and DoD (TCP/IP) protocol suites. The TMACH Security Monitor provides
multi-level security services to the workstation user. The CP with an estimated
minimum throughput rate of 10 Mbs/sec., performs FIREFLY key generation,
encryption, and digital signatures. The Crypto Peripheral can make use of a
PCMCIA device to provide the physical token and crypto-ignition key (CIK)
functionally as a means for user identification and authentication. It is
required to access security mechanisms in the CP.
Crypto Peripheral (CP)
The CP is a compact security product that provides encryption of E-mail
messages for COTS networked workstations. It is contained on a PCMCIA card and
interfaces directly to the workstation through a PCMCIA card bus or reader. The
CP is the workstation security product designed to support the MISSI Release 2
system, and to protect classified information up to Secret. The CP supports a
wide variety of COTS workstations that support X.400 mail packages. It is
specifically designed to support ISO layer 7 security protocols. Writer to
reader security protection is provided between both for Official Use Only
sensitive community of Release 1 and the Secret community served by Release 2,
as well as Top Secret communities served by Release 3 and above. The CP is
designed for a 10 Mbps throughput rate.
Secure Network Server (SNS)
The SNS is a computer system designed to allow simultaneous processing of
information from the Unclassified level up to Top Secret level. It combines the
highest levels of both Computer Security and COMSEC technology. The SNS will
allow the connection of two or more networks at different security levels and
as a MLS network file server, the SNS will allow files of different security
levels to be stored and accessed simultaneously. Application software being
developed for the SNS will allow it to function as a guard/downgrader. The SNS
will support the CP associated with an untrusted workstation during MISSI
Release 2. It insures the CP has been invoked before releasing an E-mail
message to an unclassified network and regrades E-mail by human review. In
MISSI Release 3, the SNS in conjunction with the Workstation Security Applique,
provides full E-mail security services including regrading and MLS file
storage. An EKMS compatible cryptographic function in the SNS allows all data
stored on non-removable media to be protected. This allows the SNS to be
treated as an unclassified Controlled Cryptographic Item (CCI) once the CIK is
removed. For the software applications developer, this MLS computer will
provide a POSIX compliant interface at the operating system level. Therefore,
it will be possible for the SNS to run existing UNIX based application
programs.
Network Security Management (NSM)
NSM provides network security management functions for the MISSI products.
These functions consist of key generator and distribution, access control
permissions, secure directory, and mail list services. It is a primary link to
other network management functions, such as configuration management, fault
management, accounting management, and performance management. The capabilities
of the security management components will be phased, along with the various
MISSI components. The NSM components needed to provide the above functions are
the Domain Security Manager, Local Authority Workstation (LAW), Audit Manager,
Rekey Agent (RKA), Secure Directory Server, and Mail List Agent. It is
anticipated that these components will be software application programs that
will run on COTS workstations equipped with a Workstation Security APPLIQUE.
Together they will provide the necessary services to securely manage and
operate the MISSI.
----------------------------------------------------------------------------
----
