08 Jun CS6803 Information Security Management
Question
CS6803 Information Security Management
Information System Security
Engineering and Management
Module 13, Overview of:
13a. Government Crypto Devices and Policies
13b. Physical Security
13c. Information Security Audits
Spring 2011
CS6803 Information Security Management
Module 13a Objectives
o
o
o
o
To give an overview of some Department of Defense (DOD) networks,
particularly the “Global Information Grid,” where crypto is used
To discuss
n
The general principles used in National Security Agency (NSA) crypto
products
n
Some sample NSA crypto equipment
n
Government Key Management Policies and Practices
The focus of this talk in on topics for those who will be working for the US
Government, particularly the DoD, intelligence agencies, etc.
This material is required for the 4011 and 4013 certifications
Copyright 2011
CS6803 Information Security Management
Global Information Grid (GIG)
o
o
The GIG is essentially a secure intranet for the national security
community, including DoD, the Intelligence Community (IC), etc.
From an NSA website describing the GIG and Information
Assurance (IA):
n
The GIG will be a netcentric system operating in a global context to
provide processing, storage, management, and transport of
information to support all Department of Defense (DoD), national
security, and related Intelligence Community missions and functions
strategic, operational, tactical, and business in war, in crisis, and in
peace.
Copyright 2011
CS6803 Information Security Management
Global Information Grid (GIG)
o
o
o
The GIG concept has been in use since circa 2000, and is really an
integration of many existing and planned networks
Integration is at the level of the communications networks, the information
layer, and the management layer
IA is standardized, and is embedded into all aspects of the GIG
n
n
n
n
High assurance crypto on all links
Standard, high assurance multifactor authentication
Defense in Depth
NSA is responsible for GIG IA (security) through their GIG IA Portfolio Office
(GIAP)
Copyright 2011
CS6803 Information Security Management
Global Information Grid (GIG)
o
o
o
o
The GIG communications network includes very high bandwidth
fiber backbone (both leased from commercial providers and
government owned), satellite links, and terrestrial copper and
wireless components to the individual user.
The network is all IP, including voice and other media.
Legacy networks have been, or will be, transitioned into the GIG
architecture.
Note that “the grid” or “the global grid” has been adopted by many
in popular culture to refer generically to a/the set of devices and
sensors connected via the Internet
Copyright 2011
CS6803 Information Security Management
GIG Vision
o
o
The following slides are from a public NSA briefing a
few years ago, and provide more insight into the GIG
vision
Also read the NSA page on the GIG in the webliography
Copyright 2011
CS6803 Information Security Management
NAVIGATION
GEOPOSITIONING
Robust
Distributed
•
Inexpensive
SURVEILLANCE
•
•
INTEGRATED
INFORMATION
INFRASTRUCTURE
LOGISTICS SUPPORT
Just Enough
Just In Time
•
Fully Visible
•
•
INFORMATION
OPERATIONS
Defensive IW
Offensive IW
•
Assurance
•
Continuous
Global
•
High Resolution Imagery
•
Day/Night/All Weather
•
•
Information Services and
transport
•
Service Agents
•
Intelligent, integrated
communication intranetwork
•
Adaptive, dynamic resource
management
•
Secure
•
WEAPONS
Remote/Local
Accurate
•
Responsive
•
Inexpensive
•
•
COMMAND AND CONTROL
•
Commanders Internet
Situation Monitoring
•
Planning and Replanning
•
FORCE ENHANCEMENT
Mobile
Lethal
•
Sustainable
•
Flexible
•
•
Copyright 2011
•
CS6803 Information Security Management
An internetlike transport architecture
between space, air and ground nodes
–
–
–
–
–
Network of Networks
Integrated Space, Air and Ground Networks
Global access to deployed / mobile Users
(COTM)
Timely delivery of air and space data to
Theater and CONUS (AISR, SISR support)
Automated, dynamic, high assurance network
operations
Increased capacity and connectivity: RF and
laser communications network
Enable Future Innovations and Growth Through A Flexible Yet
Secure Network Architecture
Copyright 2011
CS6803 Information Security Management
Integrates mobile/tactical users and global intelligence services
via IP (optical comm links and EHF, Ka and Xband)
Copyright 2011
CS6803 Information Security Management
Aside on Fiber Backbone Communications
Protocols
o
The link and network layer protocols on fiber backbone networks are
different from the familiar ethernet, 802.11n, etc. Protocols used on
backbone fiber include:
n
n
n
o
o
o
Synchronous Optical Network (SONET) at the link layer
Asynchronous Transport Mode (ATM) over SONET at the network layer (ATM is also
used elsewhere)
Internet Protocol over fiber (usually IP over WDM or DWDM) for link and network layer
SONET and ATM are very common on high speed links, and require
special encryptors
SONET and ATM are lower in the ISO protocol stack than IP, which is
often carried on SONET and ATM, as well as Ethernet, WiFi, etc.
The next few slides discuss SONET and ATM very briefly
Copyright 2011
CS6803 Information Security Management
Aside on Fiber Backbone Communications
Protocols: SONET
o
Synchronous Optical Network (SONET)
n
n
n
n
Primary link layer optical backbone technology deployed today
Paths are switched in multiples of 155 Mb/s (OC3); 2.5 Gb/s (OC48)
and 10 Gb/s (OC192) trunks are the norm, and 40 Gb/s (OC768)
trunks are being deployed now.
SONET “frames” carry telephone circuits, T1, T3, ATM, IP directly,
and other protocols
Typically used to link facilities over dedicated or leased fiber links
o
o
Links may be the whole fiber or individual wavelengths (“lambdas”)
DoD facilities may be classified enclaves
Copyright 2011
CS6803 Information Security Management
Aside on Fiber Backbone Communications
Protocols: ATM
o
Asynchronous Transfer Mode (ATM)
n
n
n
n
n
n
“virtual circuits” (VCs) between endpoints (often routers, but also some
end user devices, video, sensors, etc.)
56 byte “cells” (similar to packets, but fixed size and small)
Usually carried over SONET
ATM VCs carry telephone circuits, IP packets, other protocols
Commonly used for router to router links
Sometimes gets “closer” to the end user; multiple ATM end points may
go out over the same SONET link
Copyright 2011
CS6803 Information Security Management
Aside on Fiber Backbone Communications
o
o
Fiber backbone connects single security level enclaves at different
locations: need Type I SONET, ATM backbone encryptors
IP encryptors also needed, especially when a facility is not at one security
level
n
n
n
o
MLS is needed for MLS endpoints
NonMLS used for single level endpoints and to link single level enclaves
Need higher speed IP encryptors in the near future
Current roadmap is a transition to IP directly over fiber with Wave Division
Multiplexing (WDW) for different paths (router to router)
n
Will need very high speed IP encryptors for IP directly over fiber, which are in
development
Copyright 2011
CS6803 Information Security Management
SIPRNet, NIPRNet
o
Two longstanding networks still in use are NIPRNet and SIPRnet
n
n
o
o
o
o
NIPRNet is the Nonsecure IP Router Network is for sensitive, but
unclassified (SBU) data, such as personnel, medical, etc. data
SIPRNet is the Secure IP Router Network is for Secret data (but nothing
higher)
Both are standard IP networks, and may connect to the public internet with
firewalls
SIPRNet is used within classified environments, and uses NSA approved
Type I encryption to tunnel through the internet where it is connected. It
cannot communicate directly with any nodes that are not on SIPRNet
Both of these are run by the Defense Information Systems Agency (DISA),
essentially the IT organization for DoD.
Other special networks are used for TS and higher information
Copyright 2011
CS6803 Information Security Management
Crypto for Classified Data
o
The rest of the slides in section a present an
overview of government crypto, particularly
NSA crypto for classified data.
Copyright 2011
CS6803 Information Security Management
Trends in Government Cryptography & Key
Management Technology and Policies
o
o
o
o
o
o
Evolving, particularly for classified information
Overall IT and network infrastructure is moving from expensive custom
equipment to COTS (Commercial off the shelf) products and standards
where feasible
Moving from point to point encryptors (T1, ATM, SONET, etc.) to more
modern and dynamic environments (e.g. IP networks, SecureXML, etc.),
but still using GOTS (Government Off The Shelf) crypto; may allow some
COTS products for Secret soon.
Policies and implementation complicated by need for controlled sharing
among very diverse military and intelligence coalitions
Also complicated by domestic homeland security coalitions
(CIA/NSA/FBI/DHS, FEMA, local law enforcement, etc.)
Things change slowly, so there is still a lot of legacy equipment in use now
and for the future
Copyright 2011
CS6803 Information Security Management
Status of Government Cryptography & Key
Management Policies
o
o
Recent “roadmaps” are being changed
Major technical and policy problems still unsolved, especially for
coalitions
n
Patriot Act allows the data sharing issue among “intelligence
community”, the FBI, DoD, and law enforcement, but they still have
different definitions for S, TS, etc. and systems are not interoperable
o
n
n
n
n
A new “Information Sharing Environment” is under development to
facilitate this.
Clearance and need to know are still important
Policies on data sharing and searching/correlating data from different
organizations are still being developed
Technology to enforce security for such such data sharing is still
needed
Crypto and PKI will have to fit into this environment
Copyright 2011
CS6803 Information Security Management
CAVEAT
o
This talk has the most recent information released to the general
public on the web
n
o
Some of the material is already out of date for new deployments
n
o
o
But basic design and policy principles are similar
Most of this is still currently in use in places
n
o
More information is available that can only be accessed from .mil or
.gov domains: such information is not in this lecture
Lots of legacy crypto is still used
Different departments and agencies interpret and enhance security
policies differently
When you start a federal job, find out what is in place for your
organization at the time you start
Copyright 2011
CS6803 Information Security Management
NSA Approved Cryptography
o
An NSAapproved cryptographic device consists of 3 certified
components:
n
n
n
o
o
An approved algorithm
An implementation that as been approved for the protection of
classified information in a particular environment
A supporting key management infrastructure
“Zeroize” button to securely erase keys and unencrypted
information (even after power loss) in an emergency on most
crypto devices
Cryptography and Key Management Policies
Copyright 2011
CS6803 Information Security Management
Traditional NSA/NIST Encryption Classes
o
o
Type 1 U.S. Classified
Type 2 U.S. Federal InterAgency
n
o
Type 3 Interoperable InterAgency (Federal, State and Local) &
Commercial Use
n
o
For Sensitive but Unclassified (SBU) government communications;
“Warner Amendment” unclassified data
NISTapproved data encryption standards (DES, AES, etc.)
Type 4 Proprietary
n
n
Not a federal standard, not used for federal info
Exportable, for Commercial & International use
NSA is responsible for Type 1, 2; NIST for Type 3 standards (FIPS
Standards)
Copyright 2011
CS6803 Information Security Management
NSA Approved Type I Devices
o
Algorithms
n
n
Last 2 decades: Baton (crypto), Skipjack (crypto), Firefly (Key exchange)
originally classified; some now declassified
Since 2003, AES is also allowed and recommended for new devices
o
o
o
128 bit and higher for Secret
192 bit and higher for TS and above
Keys
n
True random numbers needed
o
n
Generation based on physical phenomena; pseudorandom not strong enough
Historic: centrally generated and tested by NSA
o
o
n
Difficult distribution problem
Now used for special purpose keys
Session keys generated by NSA approved embedded hardware (e. g., leaky
resistor for random noise generation) in crypto devices
Copyright 2011
CS6803 Information Security Management
NSA Approved Type I Devices (continued)
o
o
o
Hardware design and implementation approved by NSA
Usually a separate hardware device (box, card) is required
Careful attention to “redblack” separation
n
n
n
n
n
Red == classified; black == unclassified (but classified information
that has been encrypted with an approved algorithm is considered
“black”)
Common Criteria Level 6 or higher (Orange Book B2) equivalent or
better assurance level
Rigorous check for covert channels, “sneak circuits”
Rigorous check for crosstalk (EMSEC)
Failure modes cannot allow for information leak from red to black
Copyright 2011
CS6803 Information Security Management
Government AES Usage Policy
o
o
NIST/FIPS approved for protecting sensitive (SBU) electronic data
Analyzed by NSA for use with classified data
n
n
o
NSA policy for use of AES with classified data:
n
n
n
o
Algorithm allowed for classified, unclassified, & commercial use
Crypto devices still need NSA approval for use with classified data
128bit key & above are suitable for SECRET info
TOP SECRET info requires 192 or 256 bits
See webliography for full policy statement
New Type I encyptors being developed with AES as a built in option
Copyright 2011
CS6803 Information Security Management
Sample Government Crypto Devices
o
o
o
The following slides and corresponding webliography links describe many
of the crypto devices still in use, but it is a far from exhaustive list.
You may find this information interesting to scan or browse through, but it
is not required for this course. This is just a bunch of snapshots in time
(including one old snapshot of a 10 year old Navy web site listing the
crypto gear that they used then).
Most of the links are to vendor web sites, so the gear there is still available,
even though it may seem very dated. Upgrading systems can be a very
long process in the government.
Copyright 2011
CS6803 Information Security Management
Sample Type I Devices: Legacy
o
o
Link encryptors, e. g. KG84, KG192, KIV… for T1, etc.
Still widely used by DoD
n
o
New technology used to emulate old devices for
compatibility
n
o
e. g. Secure IP Router Network (SIPRNet)
Smaller, lower power, more reliable, but still use the old
protocols and algorithms so they interoperate with the old
crypto’s still in use
Still need to support older key distribution methods
Copyright 2011
CS6803 Information Security Management
Recent Type I Devices: Network (SONET)
o
o
o
KG 189 SONET backbone encryptor (widely used, but GD has
rolled SONET capability into the KG 75, which was originally only
ATM)
KG 340 SafeNet SONET 10G encryptor (2008)
n
Note: SafeNet also sells a commercial SONET 10G encryptor
which is only EAL4 (pending), FIPS 1403 (pending) and not
approved for classified material
KG530 40G encryptor contract awarded 11/2009 (see
webliiograph)
Copyright 2011
CS6803 Information Security Management
Recent Type I Devices: Network (Examples)
o
o
o
KG 75 Fastlane Asynchronous Transfer Mode (ATM) virtual circuit
encryptor (see GD web site in webliography); new versions also
support SONET
KG 175 Taclane series “classic” IP (200 Mb/s) (see GD web site in
webliography)
KG 175D Taclane Micro—compact version of Taclane, also HAIPE
compatible (see later slide)
Copyright 2011
CS6803 Information Security Management
Recent Type I Devices: Endpoints (Examples)
o
o
o
o
o
KOV26 Talon PCMCIA card encryptor (L3 Communications) (Eternet, wifi,
HAIPE compliant)
SecNet WiFi card/encryptor (see Harris web site & look at the antenna on
the card!)
STE (L3 Communications) encrypting phone/fax/modem; secure mobile
phones for CDMA, GSM, satellite phones
Sectera (GD) series: wireline, GSM wireless, Sectera Edge Smartphone
Fortezza PCMIA card for crypto & credentials (holds multiple keys, identity
info, and has crypto engine, all in a tamper resistant package)
Copyright 2011
CS6803 Information Security Management
Some NSA Approved Crypto Products (Graphic Circa 2001, But
Devices Commonly In Use Today)
Copyright 2011
Fortezza® Card
CS6803 Information Security Management
o
PCMCIA hardware token for crypto processing and key storage
o
Implements NSA/NISTcompliant crypto standards for network security
o
11 character PIN; card disabled after 3 consecutive wrong pins
o
“tamperresistant”: destroys key if tampered with
o
Fortezza Plus card for secret level keys and encryption
Copyright 2011
CS6803 Information Security Management
Secure Terminal Equipment (STE)
o
o
o
o
ISDN phone (fax and modems also available)
Key materials & crypto hardware on Fortezza Card
Approved for Classified use
Phone not classified when card is removed
Copyright 2011
CS6803 Information Security Management
Sectera Edge Smartphone
o
o
o
Wireless voice to Top Secret; reportedly used by Obama
Wireless data access to SIPRNet (Secret IP Router Network—only to
Secret level)
$3500
Copyright 2011
CS6803 Information Security Management
Sample Type I Devices: Recent and Projected
o
High Assurance IP Encryption (HAIPE) program
n
n
n
n
o
Multiple products exist now and more are in development, going to
very high data rates: trend for most new crypto
NSA adaptation of IPSEC protocol for session setup, mutual
authentication, key exchange, and headers
“Hardened” protocol stack and Type I crypto algorithms
IPv6 versions under development: see webliography
L3 KG245 series 1 Gb/s and 10 Gb/s products available now.
Copyright 2011
CS6803 Information Security Management
Sample Type I Devices: Recent and Projected
(continued)
o
Secure VoIP phones
n
Lots of issues and different architectures proposed
o
o
n
Voice over Secure IP (i. e., VoIP on an already secure network)
Secure Voice over IP (i. e., a secure version of VoIP over an
unsecured network)
Some Voice over Secure IP already deployed
Copyright 2011
CS6803 Information Security Management
Classification of Keys
o
All key material (keys, seeds, etc.collectively called keys in this lecture) are
classified using the same classification scheme as other data data, and may include
additional codewords (e. g., “COMSEC”)
n
o
o
o
Key classification is primarily about access rights, not key length/strength, although there
are some broad policy rules given later
All keys used for Secret and above data come from NSA or approved NSA
equipment
Any equipment loaded with keys is classified at the level of the highest level key
(join of all the levels if nonlinear ordering)
Classified keys, keyed equipment, and anything with keys are handled and stored as
other classified equipment
n
n
n
n
n
Labeling
Physical access control, with storage in approved containers or facilities
Inventory management
Possible compromises reported to ISSO
Approved destruction
Copyright 2011
CS6803 Information Security Management
Classification of Keys (continued)
o
Key use:
n
n
o
o
Key must have classification level not lower than information encrypted
Crypto device must be of the appropriate class (Type 1, Type 2, etc.) or stronger required
for the level of the information
Key Management: key issuer and key user must have classification level not lower
than the key
When cryptos set up a secure communication path, endpoint crytpos mutually
authenticate and ensure that the other end is using a key of the same classification
level
n
When equipment can set up multiple communications paths (e. g., a KG175 ATM
encryptor), and the equipment is NSA endorsed as MLS, different paths may be at
different levels; then a key for a path’s classification level is used for that path, and is
verified by both endpoints
Copyright 2011
CS6803 Information Security Management
Key Storage on Cryptos
o
Most cryptos have multiple keys loaded, including
n
n
n
Authentication keys
“Key encryption keys” (KEKs) used only to encrypt keys for local storage or
transfer
Multiple communication keys
o
o
o
Currently active session keys
Keys are changed on a regular basis, and future keys may be preloaded on the
crypto
Emergency keys that are used in a crisis situation in place of the current key
Copyright 2011
CS6803 Information Security Management
Key Transfer: Physical Devices
o
o
Paper (human transcription), paper tape, mag tape (not used any more)
Electronic data storage examples
n
DS 101 Fill Device
o
o
o
n
CIKCrypto Ignition Key
o
o
o
o
n
Looks like a plastic key with metal contacts
“split key”: CIK is matched to a device, and half the key is stored on the device, half on the CIK
Device is not classified when CIK is not loaded
Used on earlier secure phones, etc.; some still in use
Fortezza PCMCIA card
o
o
n
Small device used to hold keys that plugs into a special socket on the the front panel of a crypto;
think of it as a precursor to a USB thumb drive for keys (but not using USB)
Used to load new keys from NSA
Used to reload keys in case they are zeroized
Stores multiple keys for various purposes
Used to store keys for current secure ISDN phones
DoD Common Access Card (SBU, unclassified only)
Copyright 2011
CS6803 Information Security Management
Key Transfer: OTAR
o
OTAR (Over the Air Rekeying)
n
o
o
o
Sending new keys to a remote crypto over the communications
link
Keys are encrypted with the KEK for transmission
Keys are automatically loaded onto the crypto devices
Typical method in recent and future cryptos
n
DS101 still used for initial keying and key backup
Copyright 2011
CS6803 Information Security Management
Government Identity Cards
o
DoD Common Access Card (CAC)
n
n
n
n
n
Required for all DoD personnel
“Smart Card” for Identification, physical access, and
computer/NIPERNet network access
Includes human readable and machine readable information,
certificate for PKI
See CAC Home Page, CAC FAQ, Jan. 2006 news story cited in
the webliography
NIPRNet is the primary DoD network for unclassified
information
Copyright 2011
CS6803 Information Security Management
Government Identity Cards
o
HSPD 12 (2004) (see webliography)
n
o
Mandated a common ID card for all government employees and
contractors
Personal Identity Verification (PIV) card now being
deployed in response to HSPD12
n
n
n
Functionally similar to CAC: for ID, physical access, computer/network
access
Smart card, human and machine readable; has certificate for PKI
Not CAC interoperable; move to a common standard for both
Copyright 2011
CS6803 Information Security Management
Federal Government PKI
o
Strong push to use PKI for all user access to federal systems
n
n
o
Separate Public Key Infrastructure policies for DoD (including classified) and
unclassified federal agency information
n
n
o
DoD requires the use of the Common Access Card (CAC) token (PKI) for access to the
NonClassified Internet Router Network (NIPRNet)
PIV for all civilian government employees, contractors
Both based on X.509 certificates
See webliography for detailed DoD and Federal policy documents
DoD has established four certificate assurance classes to be used in various
environments, with different policies for each class
n
n
Major points are summarized in the next slide
Details for some are in the following slides
Copyright 2011
CS6803 Information Security Management
DoD PKI Roadmap 2000
o
Still on the web, but due for a publicly released update :)
n
n
o
Part of the overall DoD Key Management Infrastructure (KMI)
n
o
o
o
KMI also includes generation and distribution of classified keys for Type I
encryptors
A framework for generation, production, distribution, control,
revocation, recovery, & tracking of public keys (certificates) & their
corresponding private keys
n
o
Basic concepts and designs still operative
Progress along the roadmap has been made
Uses CAW & Fortezza® cards for a X.509based PKI
Specially designed to suit DoD needs, maintained by DoD
Being implemented in phases
See webliography for roadmap details
Copyright 2011
CS6803 Information Security Management
DoD Certificate Assurance Classes
Cert. Class
To Protect
5
Classified Data on
Unprotected
Networks
Crypto
NSA certified Type
I
All crypto functions
in hardware tokens
5-7
Tokens
Common
Criteria EAL
User ID RA
In P…
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
About Writedemy
We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.
How It Works
To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Are there Discounts?
All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.
