Secure Communications Secure Communications Interoperability Protocols,
SCIPInteroperability Protocols,
SCIPSCIPSCIP
John S ColluraJohn S. [email protected]
Phone: +31 70 374 3578Fax: +31 70 374 3049
UNCLASSIFIED1
HFIA briefing 13 September 2005
SIGSALY Secure Voice System
Circa 1943, SIGSALY provided perfect security for secure voice communication among allies Twelve units were built and deployed in
UNCLASSIFIED2
communication among allies. Twelve units were built and deployed in Washington, London, Algiers, Brisbane , Paris ..
STU-I
Circa 1979, the STU-I used a digital signal processing computer. A few hundred units were eventually deployed
UNCLASSIFIED3
A few hundred units were eventually deployed.
Original STU-IIg
Circa 1982, the STU-II provided 2400 and 9600 bps secure voice. A few thousand units were eventually deployed.
UNCLASSIFIED4
Current SCIP Products
UNCLASSIFIED5
Historical Perspective on I t bilitInteroperability
Secure Voice & Data Communications Moderate Availability Between National Armed Forces, Unavailable Between Strategic and Tactical Operations,Unavailable Between Strategic and Tactical Operations,
and Unavailable Between NATO &/or Coalition Allies
NATO NBSV II Created Interoperability NATO NBSV-II Created Interoperability Based Upon common standards Four Suppliers Built NBSV-II compatible products
NATO k t i l f NATO i ti d NATO key material for NATO communications, and National key material for sovereign communications
NBSV-II is at the End of its Lifecycle
UNCLASSIFIED6
y
NATO Growth
Membership & Partners Membership & Partners From 16 to 26 nations North African Partners Middle East Partners?
Mission Responsibilities Former SFOR (now EU) Former SFOR (now EU) KFOR, IFOR ISAF IRAQ
Communities of Interest
UNCLASSIFIED7
Secure Communications Ch llChallenges
Key Managementy gFuture NATO deployments Brigade Example
InteroperabilityCommon Waveforms no interoperability
Net-CentricityC tifi t B d K E hCertificate Based Key Exchanges
UNCLASSIFIED8
Communications Security A hApproaches
Application Layer Security SolutionsApplication Layer Security SolutionsSCIP
Network Layer Security SolutionsNetwork Layer Security SolutionsIPSEC, HAIPE (US)
Link Encryption Security Solutionsyp y
UNCLASSIFIED9
Cryptographic Definitions - Iyp g p
Symmetric Key MaterialSymmetric Key Material
Asymmetric Key Exchangey y g
Certificates and Trusted Authorities
UNCLASSIFIED10
Cryptographic Definitions - IIyp g p
Electronic Key Management Systems (EKMS)( ) Automated ordering, generation, distribution,
storage, security accounting, etc. Flexibility Flexibility
account registration, management, access control to key & data functionscontrol to key & data functions
Speed DACAN provided EKMS or DEKMS
UNCLASSIFIED11
Cryptographic Definitions - IIIyp g p
Traffic Encryption Suites Suite A
S it B Suite B
Compromised Key ListsCompromised Key Lists
Certificate Revocation Lists
Communities of Interest
UNCLASSIFIED12
Communities Of Interest
NATO National Multi-lateral Coalition
U it d N ti United Nations European Union Emergency Responders Emergency Responders NGOs (Aid Agencies)
UNCLASSIFIED13
NATO Interoperabilityp y
Standards (STANAGS)
Success Stories NBSV-II (voice) Link-11 (data) HF-House series of STANAGs
Current ISAF Solution ()
UNCLASSIFIED14
Future NATO Interoperabilityp y
Electronic Key Management System SCIP IPSEC SCIP, IPSEC Session Keys Multinational Key ManagementMultinational Key Management Software Reconfiguration Tailored COIs Compromise Recovery
UNCLASSIFIED15
NATO SCIP Requirementsq
Need to capture NATO requirementsp qJoint AHWG/3 AHWG/6 document
AHWG/3 Signaling requirementsAHWG/6 INFOSEC i tAHWG/6 INFOSEC requirements
Feed requirements to the I-ICWGVendors must build to exactly the sameVendors must build to exactly the same standard
UNCLASSIFIED16
SCIP What is it?SCIP What is it?
Secure Communications Protocol forSecure Communications Protocol for InteroperabilityApplication LayerNetwork IndependentEnd-to-End SecurityCommon Call Setup andCommon Call Setup andCommon SignalingCommercial Standards & InfrastructureMultiple Cryptographic Solutions or COIs
NATO, Coalition, National Sovereign, Commercial, etc
UNCLASSIFIED17
etc.
Minimum InteroperabilityMinimum Interoperability Requirements
2400bps MELPe voice coding2400bps MELPe voice codingClear and secure MELPe2400bps synchronous data channel2400bps synchronous data channel
3000bps asynchronous data channelBlank and burst mode
UNCLASSIFIED18
Future DevelopmentsFuture DevelopmentsOptional Voice codersp
600bps MELPe1200bps MELPe16000bps CVSD16000bps CVSD
IP interoperabilityVoIP/MoIP
Gateway solutionsEurocomTACOMS POST 2000TACOMS POST-2000
Military RadiosProfessional Mobile Radios
UNCLASSIFIED19
Professional Mobile Radios
SCIP & IPSEC
Protocols Have Different ObjectivesApplication Layer vs. Network LayerN t k I d d t IP N t kNetwork Independent vs. IP Networks
Gateway OptionsRed or Black?Red or Black?
IP Protocols of InterestSTE, VoIP, ?
Secure Wireless LANsSECNET-11/54
UNCLASSIFIED20
Conclusions
Goal: Secure Interoperable Infrastructure National Policies must support vision National Policies must support vision SCIP key enabler for NNEC NNEC changing NATO & Nationalg g &
Develop Policy Design & Acquire Secure Communications
E i tEquipment
UNCLASSIFIED21
Questions?Questions?
UNCLASSIFIED22