DARPA Order No. F390
| Objective: | The timely provision of information to and
from field forces enhances their operational abilities. The use of wireless
networks for communications is usually a requirement to maintain mobility.
This project will implement FORTEZZA cryptographic techniques to provide
security to both the information transported and the network routing itself.
An efficient, multicast key management system is needed to provide rapid
cryptographic key distribution for applications, such as real-time, multimedia
conferencing sessions, and for the network routing information. Research
efforts will also be directed to improving the evolving GloMo testbed at
CECOM through the implementation of technology from this and other GloMo
projects into early concept demonstrations.
Click here to view Quad Chart (77 kBytes) Click here to view the July 1998 slide presentation Click here to view the February 1999 slide presentation
|
||||||||||||||
| Approach: | We will approach the three main areas of effort
in the following manner:
Encryption of the Internet Protocol (IP) header information will prevent the discovery of network topology and command hierarchy from analysis of the routing information. This transmission security (TRANSEC) measure is complementary to the benefits of radio frequency waveform encoding to limit the detectability of the transmitted signal. The Wireless Internet Gateway System (WINGS) being developed by the University of California at Santa Cruz (UCSC) and Rooftop Communications (Rooftop) has been selected as the protocol and hardware to be protected by FORTEZZA cryptography. Cryptographic security will also be provided at the application level by incorporating FORTEZZA security into the voice, video, and mediaboard functionality of MASH, developed at the University of California at Berkeley (UCB). Encryption of multilayer video will allow multicast conferencing users to obtain performance commensurate with their available communications bandwidth. A multicast cryptographic key management system is being developed utilizing research on hierarchical topologies from the National Security Agency (NSA). Besides matching the hierarchical nature of the military command structure, this approach is primarily of interest because it permits the rapid distribution of session keys for a large number of users in a manner that efficiently uses the bandwidth-limited wireless medium. The GloMo Testbed has evolved from the initial InfoTech demonstration testbed with nodes at CECOM, Fort Monmouth, NJ, and at SRI, Menlo Park, CA. The testbed will be enhanced through the integration of technology from the GloMo-supported projects. SRI will also conduct research on transitioning wireless and security technology into such programs as PCS for the Soldier and the First Digitized Division. |
||||||||||||||
| Recent Accomplishments: | SRI has implemented IP header encryption on
the WINGS multicast, multihop wireless network on 100-MHz Pentium laptops
using Netwave 1-Mbps transceivers. Multimedia conferencing has been demonstrated
using MASH for voice, video, and mediaboard; high quality voice was provided
by a GSM encoder. The system is currently configured to encrypt both the
IP header and the data packet.
To support the IP header encryption effort, SRI developed a FORTEZZA cryptographic driver for the FreeBSD operating system to take advantage of the WINGS protocol code already developed for this operating system. SRI has developed a FORTEZZA encryption interface to the UCB MASH multimedia conferencing system. A simple mechanism for key generation and distribution has been developed to support testing of the applications mentioned above. It depends on electronic mail or file transfers of keys wrapped in the public key of the intended recipient. It has allowed discovery of characteristics of the FORTEZZA cryptography that will be useful in the upcoming hierarchical tree-based key distribution system. The CECOM testbed has been enhanced with web servers and wireless LAN technology. Several network configurations of secure tunneling through public and military networks have been demonstrated using the ITT Dragonfly Secure Guard and Dragonfly Companion technology. A Metricom Ricochet Wired Access Point (WAP) has been installed at the Myer Center to permit concept testing of wireless terminal technology in applications such as logistics support, military police, and mine clearing. |
||||||||||||||
| Current Plan: | We have recently undertaken an analysis of
the layered video coding functionality in the UCB MASH multimedia conferencing
tool. FORTEZZA encryption/decryption will be applied to the individual layers
when this process is fully understood. A system for layered video multicast
over both wired and wireless links of varying bandwidth will be developed
for testing.
The development of a real-time, multicast key management system will be the major effort for the next year. The architecture for such a system is under development, based on draft documents being formulated for future release to the IETF. We will first implement a small system to support testing of the encrypted layered video MASH system;. A large scale system to support layered video MASH or other applications, with the ability to recover from compromised keys, is our ultimate goal. |
||||||||||||||
| Technology Transition: | The SRI-developed FORTEZZA cryptographic driver
for the FreeBSD operating system (version 2.2.5) has been provided to the
Multilevel Information System Security Initiative (MISSI) Program Web site
at:
http://www.armadillo.huntsville.al.us/software/library/v152b/v152b.html
SRI staff have worked with the staff of Rooftop Communications on the interface to the WINGS system. We have shared a number of implementation and performance findings with Rooftop to complement their assistance to SRI in the development of IP header encryption for WINGS. The implementation of security into WINGS at an early stage has prevented some protocol implementation errors that might have been difficult to correct at a later stage in the development of the WINGS. The FORTEZZA-enabled MASH multimedia conferencing software is available to interested parties. It has been shared with MIT-Lincoln Laboratories. When work is complete on the incorporation of FORTEZZA encryption into the layered video component of MASH, that software will be made available to eligible GloMo investigators and through the MISSI Web site. The upcoming hierarchical tree-based key management system will be one of the first implementations of the multicast key distribution protocols being developed as Internet Engineering Task Force (IETF) draft standards. SRI will interact with the developers of the standard as our implementation proceeds to give feedback on the completeness of the standards for system development. The work on the CECOM testbed has had a direct impact on concept development and technology verification. Our efforts have been used by the C2-Protect Program and are expected to find application to the PCS for the Soldier Program and the First Digitized Division. |
||||||||||||||
Principal Investigator
|
|||||||||||||||
Copyright © 1999 SRI International, 333 Ravenswood Ave., Menlo
Park, CA 94025 USA.
All rights reserved.
