Upload
tu-anh
View
215
Download
2
Embed Size (px)
Citation preview
CEALICIAN: Compact Encryption And Line-
Integrated Circuitry for Information Assurance in
Networking
Jose Romero-Mariona
SPAWAR Systems Center Pacific
San Diego, CA
Tom Nguyen
SPAWAR Systems Center Pacific
San Diego, CA
Mihail Schoolov
SPAWAR Systems Center Pacific
San Diego, CA
Tu-Anh Ton
SPAWAR Systems Center Pacific
San Diego, CA
Abstract—The Department of Defense (DoD), and in
particular various branches of our nation’s Armed Forces, are
increasingly utilizing unmanned platforms and unattended
systems for various C4ISR-related efforts. The underlying
systems often create, store, process, and/or transmit sensitive or
classified data, requiring advanced cryptographic protection to
assure data integrity, point-to-point authentication,
confidentiality, and non-deniability. Currently, no certified
solution exists that has been specifically developed for use in an
unmanned environment. Existing solutions are power-hungry,
not portable, and designed for large applications. CEALICIAN,
Compact Encryption And Line-Integrated Circuitry for
Information Assurance in Networking, is a low-power small-
form-factor encryption device that allows an unmanned or
unattended system to store and transmit classified data up to the
Secret level. CEALICIAN will be integrated into existing storage
and communications devices to encrypt and decrypt sensitive and
classified information at a high data rate. CEALICIAN will
encrypt both data-at-rest (DAR) and data-in-transit (DIT) using
NSA Type 1 Suite B encryption in a power-efficient FPGA-based
implementation.
Keywords—Unmanned cryptography; Autonomous cryptography; Power-efficient cryptography; DIT and DAR; SWaP.
I. INTRODUCTION
Existing common practices for handling classified data-at-
rest/-in-transit within unmanned platforms are often inefficient
and costly (both in terms of time and resources), resulting in
Intelligence Analysis that is based on stale, disjoint, and
incomplete data. Moreover, the billions of bits of information
that are collected each day from various unmanned and
autonomous sensors and platforms around the world can
contain highly sensitive data that if intercepted and processed
by an adversary, could significantly compromise our strategic
capabilities. Existing cryptographic solutions, like NSA-
approved HAIPE (high-assurance internet protocol encryptor)
devices [1], that are true-and-tested within conventional
network environments are not suitable for the majority of
unmanned platforms, due to size, weight, power consumption,
and risks associated with reverse-engineering Controlled
Cryptographic Items [2]. Our solution leverages advanced
technologies recently unveiled in the HAIPE development
community to bring NSA-Suite B cryptographic capabilities to
the Navy's UxVs. CEALICIAN, Compact Encryption And
Line-Integrated Circuitry for Information Assurance in
Networking, is an encryption system that provides protection
for Secret and below data using unclassified, commercially
available components and algorithms. Such a solution gives
the adversary no useful information from reverse-engineering
the system, making it ideal for operating in a high-risk
environment. To allow for rapid and efficient development
and transition of the said technology, our approach combines
FPGA and software development within an integrated
framework. The final product will provide Suite B
cryptographic functionality in systems with extremely
constrained power and size restrictions, in high-risk operating
environments.
CEALICIAN will benefit the cryptographic community as a
whole, DoD/other agencies, academia, and industry. The
benefits to the general DoD community include:
• Improvements in encryption technology.
• Improved focus on Data-In-Transit (DIT), which makes data immediately available to anyone using an unmanned vehicle to make real-time decisions instead of having to rely on post-mission analysis.
• Next generation solution for Data-At-Rest (DAR) problems.
2013 IEEE Military Communications Conference
978-0-7695-5124-1 2013
U.S. Government Work Not Protected by U.S. Copyright
DOI 10.1109/MILCOM.2013.52
260
• CEALICIAN will build various prototypes, as well as a finished product, with more modern and efficient technology with a focus on power-limited vehicles; this means that everyone will essentially be able to do more with less.
• CEALICIAN will be purpose-built with Size, Weight, and Power (SWaP) requirements in mind.
• CEALICIAN will focus on cost, and flexibility, which should provide a solution more versatile than what currently, exists while consuming less power.
• With the development of an encryption solution that can be used in a variety of smaller projects, the DoD will increase the diversification of its unmanned systems.
• By creating a go-to solution for unmanned systems for the storage and transmission of classified information, the DoD will increase its unmanned data processing capabilities, information dominance capabilities, and security posture of its systems.
Lastly, by developing CEALICIAN as a Cryptographic
High-valued Product (CHVP) [3], we can, with slight
modifications, create a product that can be used in industry for
non-military encryption needs. Further benefits to industry
include:
• Partnership with the CEALICIAN Development Team from the ground up as transition/manufacturing partners.
• Ability to develop a family of products.
• Provide an affordable solution for unmanned encryption.
The paper is organized as follows: section 2 provides
background on existing solutions and the application of
CEALICIAN; section 3 describes the development approach
as well as the requirements and cryptographic algorithms
used; section 4 details the current CEALICIAN prototype,
P1A; section 5 covers CEALICIAN’s next prototype and
future state, P2A; and lastly section 6 summarizes our
technology and concludes the paper.
II. BACKGROUND
There is no appropriate IA solution for unmanned systems data encryption. Most solutions available are not portable, power-hungry, and designed for large applications. Due to this, unmanned systems are unable to securely store and/or transmit sensitive data. This limits their data processing capabilities, information dominance capabilities, and our security posture. Ultimately, this lack of an encryption solution hinders the diversification of unmanned systems. [4]
Existing encryption devices were designed with the assumption that operator is present to operate the device and keep it secure. Due to the nature of an unmanned environment, no one is present to operate the encryption device, which necessitates a rethinking of the traditional design and operation for encryption devices in such an environment.
Most unmanned systems, particularly those targeted by CEALICIAN, operate on battery power, which is a scarce resource. These systems also have a limited payload capacity for on-board equipment. By using a traditional encryption device on the vehicle, precious resources are wasted. The size, weight, and power (SWaP) wasted by an encryption device on a UUV could instead be utilized to extend mission time, hold additional hard drives, processing systems, and sensors, or increase travel speed. Since SWaP is such a limiting factor in the unmanned environment, it is vital that an encryption device minimize such factors to whatever extent possible.
The risk of equipment loss to an adversary is much higher in an unmanned or unattended environment. Given that there are few options to completely eliminate such risk, it is necessary to mitigate the consequences of such a loss by eliminating the use of any hardware or algorithms on-board that would be useful to an adversary. As a CHVP encryption device, CEALICIAN will use publicly available cryptographic algorithms and hardware, making the device itself useless to an adversary if recovered.
An even greater concern than reverse engineering of hardware is the potential for recovery of the information stored within the encryption device. Whether CEALICIAN is operating in DAR or DIT mode, the stored data or network traffic is encrypted, and useless without the key. However, if an adversary is able to recover the encryption key from a lost device, then any encrypted traffic or stored data streams that they have captured within the lifetime of that key will become recoverable. Thus it is extremely important to ensure that the encryption key is zeroized in the event of device loss. Multiple zeroization triggers can be used to ensure that they key is fully erased in the event of equipment loss or tamper; triggers can include location, temperature, depth, etc.
The following examples describe a before/after picture application of CEALICIAN for autonomous/unmanned platforms.
A. Autonomous Sensors Example The Magnetometer Self-Recording Module (MSRM) is an
autonomous sensor system that collects and analyzes magnetometer data for submarine target detection. When multiple MSRMs are deployed, they function as a wirelessly-linked distributed detection field. In its present state, individual MSRMs monitor magnetic sensor data and send a contact report through a gateway buoy when a target is detected. No classified data can be transmitted. Thus, each individual MSRM sends only a contact report when it detects a target.
CEALICIAN would enable MSRMs to collaborate and help determine target position, velocity, and heading. DoD would have the capability of autonomous target tracking from a remote command station. Operators could recover the classified raw magnetometer data for post-mission processing and analysis.
261
Fig. 1. CEALICIAN Application to MSRMs
B. Unmanned Underwater Vehicle Example Navy explosive ordinance disposal (EOD) unmanned
underwater vehicles (UUVs) are used to gather sonar imagery of the ocean floor. This imagery is then manually reviewed by an operator to visually identify any potential targets. Detection rates are limited by human error in the review process. Imagery is available from a single viewing angle. Additionally, EOD UUVs traditionally follow a “predetermined” search route, without being aware of what they are collecting.
With CEALICIAN, UUVs could store a classified database of acoustic mine signatures on-board. This database would be used to perform automatic target recognition (ATR) on the sonar imagery, giving the operator a comprehensive picture of any potential threats immediately upon the vehicle’s return, removing the need for tedious manual review of the gathered imagery in lower-resolution form. Additionally, UUVs could use the on-board ATR for instant classification of target mines. UUVs could then alter course for multiple viewing angles of the target, increasing accuracy of detection, as shown in Figure 2.
Fig. 2. CEALICIAN Application to EOD UUVs
C. Unmanned Aerial Vehicle Example Present state: The DoD uses Unmanned Aerial Vehicles
(UAVs) extensively for ISR missions, and their use is increasing as the technology evolves. One key deficit in current UAVs is the lack of a suitable encryption solution. When sensitive data on-board UAVs is left unencrypted, adversaries could access the data in the event that a UAV gets shot down. DoD UAVs are in need of a low-power NSA-approved encryption solution for securely storing sensitive data. Additionally, today’s solutions for securely transmitting sensitive data are limited by their bandwidth, thus limiting their applications in the type of data that they can reasonably transmit.
Future state: CEALICIAN can be used with any existing transmission channel, eliminating any bandwidth issues inherent with secure communications solutions. CEALICIAN would be line-integrated between the output of the UAV data collection system and the input of the transmission system. CEALICIAN would be designed to operate at a high data rate to rapidly encrypt incoming data. These characteristics in an encryption device would fill the need for data encryption on UAVs.
D. Existing Solutions Existing encryption devices are bulky, expensive, and use
up a lot of power. In addition the typical encryption devices only address securing data in transit, over the network. The KG-240A [5], developed by L3 communications is 5.5” w, 1.61” h, 18.2” d, and weighs 6.9 lbs. It typically draws about 28Watts of power. Similarly the KG-250 [6], developed by ViaSat is 7.5” w, 1.68” h, 11.9” d, and weighs 6.5 lbs. The KG-250 draws about 13.7 Watts of power.
Currently, no solution exists that has been specifically developed for use in an unmanned system. Existing encryptors are power-hungry, not portable, and designed for large applications. In addition, existing solutions:
• Tend to focus on either DIT or DAR, rarely (if ever) both.
• Are outdated, in general, and they have not been built with the optimized technology to focus on SWaP requirements.
• Have been adapted to function in unmanned environments but have not being custom-built for them.
III. APPROACH
As indicated in previous sections, CEALICIAN leverages NSA’s Suite B cryptographic algorithms in order to provide DIT and DAR capabilities while reducing SWaP. CEALICIAN is being built through a series of prototypes. The initial prototype is comprised of commercial off the shelf (COTS) components, and is suited for a capability demonstration and requirements evaluation. The next iterations of prototypes will move to custom FPGA-based implementations to minimize SWaP and to implement additional features. Once the prototype has been refined, it will be given to our industry partner for manufacturing. The timeline for CEALICIAN is split across three separate, but related efforts: prototyping,
262
manufacturing, and certification. The CEALICIAN team is concentrating on the prototyping stage and will work with future partners on the manufacturing and certification of the technology. We expect these three stages to take between 42 and 60 months depending on various aspects about each stage. We are currently in the prototyping stage and will describe our current progress in the following subsections.
A. Requirements Requirements were gathered from various stakeholders in
the unmanned systems community. Parties expressed interest in a device that allowed their systems to store and/or transmit classified and sensitive information, while minimizing SWaP. Data throughput requirements were determined by calculation of high-end limits for typical usage scenarios, and by comparison to existing encryption devices (both available commercially as well as prototypes). Information Assurance requirements were compiled from documentation provided by the National Security Agency. In summary, the following sources have been used in order to develop a custom set of CEALICIAN requirements:
• CHVP Specifications [3]
• NSA HAIPE Specifications [7]
• NSA Render Useless Specifications.
• NSA subject matter expert (SME) input.
• Current commercially available encryptors.
• Suite B Encryption Algorithms Specifications [8]
• Potential end-user requirements.
While the complete set of CEALICIAN Requirements cannot be made available at this time, the following are major characteristics regarding the SWaP and throughput requirements that the final version of CEALICIAN will seek to fulfill:
• Size: 1”x3”x4”
• Weight: Under 12 ounces.
• Power: 5Watts or less.
• Throughput: 200Mbps (and above).
B. Suite B Algorithms CEALICIAN leverages new advances in Suite B
cryptographic algorithms [8] in order to further reduce the potential risks associated with securing unmanned/autonomous platforms as well as increase the interoperability with other devices. Suite B is a set of advanced cryptography algorithms for securing U.S. Government sensitive and unclassified communications. Suite B was developed to improve information sharing within the United States and its coalition partners. The use of strong public algorithms and open standards provide interoperability and allow for release to coalition partners or state and local governments. The protocols supported by Suite B cryptography are Elliptic Curve Diffie-Hellman (ECDH) [9] for key transport and agreement; the Elliptic Curve Digital Signature Algorithm (ECDSA) [10] for
digital signatures; the Advanced Encryption Standard (AES) for symmetric encryption [11]; and the Secure Hashing Algorithm (SHA) [12].
IV. CURRENT STATE- PROTOTYPE 1 (P1A)
The initial prototype was developed to show the proof of concept of how the CEALICIAN device would protect data at rest by storing encrypted data locally/internally and data in transit via an encrypted tunnel across the network.
A. Architecture The high-level architecture, represented in Figure 3,
consists of two network processors, one for the plain-text network and one for the cipher-text network, the Crypto Engine, and the Security Controller. The Crypto Engine encrypts and decrypts outgoing as well as incoming data. The Security Controller accesses the security database and routes the data packets based on certain fields of the data packet. It will store it locally/internally or send it through an encrypted network tunnel. Information arrives as data packets on the local network into the Plain-text network processor. In order to protect the data, each packet is encapsulated and sent through a secured tunnel on the Cipher-text network processor out to the network. Device configuration settings will determine whether the data is stored on a local storage device for DAR or forward to an external host on the network for a DIT solution. It is important to note that most network encryptors currently available do not address the DAR portion, they only encrypt and route the packets over the network.
Fig. 3. CEALICIAN Prototype 1 Architecture
B. Components The initial prototype, P1A, is designed around the
STM32F417-VG microcontroller. A custom circuit board has been developed to connect the microcontroller and peripherals (MicroSD card, USB, USART, Ethernet, 64Mbit or 128 Mbit Flash, and many others). Figure 4 shows a picture of the custom board developed for CEALICIAN’s P1A prototype.
Fig. 4. CEALICIAN P1A Custom Board
������������ �������������
������������ �������������
�������������������
�������������
����������������� ���������������
263
The software tools used for P1A development are as follow:
• Keil uVision 4 – Embedded C/C++ complier.
• Lightweight IP (LwIP) is used for TCP/IP stack. The benefit of using the LwIP is to reduce resource usage while still having a full scale TCP.
• STM Run-time library provides application programming interface (API) for the micro-controller STM32F417VG.
• FatFs is a generic FAT file system module for small-embedded systems. The FatFs is written in compliance with ANSI C and completely separated from the disk I/O layer. User will have to provide interface software that acting as a “glue layer” between FatFS and the data media.
Below are some of the main components of P1A.
1) Real-time cryptographic acceleration embedded in STM32F417VG micro-controller. This cryptographic
accelerator provides a set of hardware acceleration for the
advanced cryptographic algorithms usually needed to provide
confidentiality, authentication, data integrity and non-
repudiation when exchanging messages with a peer. In this
prototype, the algorithm is based on Cipher Block Chaining
(CBC) with 128-bit key.
2) Dual-port direct memory access (DMA) with 8 data streams each. They’re capable of managing memory-to-
memory, peripheral-to-memory and memory-to-peripheral
transfers. Adding a dedicated First-In-First-Out (FIFO)
stream for Advanced High-performance Bus (AHB) &
Advanced Peripheral Bus (APB) peripherals, this prototype is
capable of handling data burst transfer with maximum
bandwidth (~10.5 Mbits/sec). In addition, the two DMA
controllers can support circular buffer management, which
automates the use and switching of two memory buffers
without requiring any special code. (i.e. implemented circular
buffer for the “BLACK” side to handle FIFO stream from the
“RED”) .
3) Nested Vectored Interrupt Controller (NVIC). The
NVIC is low-latency interrupt processor. Every interrupt entry
can be restored on interrupt exit with no instruction overhead.
(i.e. the circular buffer management of the “BLACK” side and
the UDP dual-buffer management of the “RED” side are
utilizing NVIC to manage data transfer. On reset or exit, all
interrupt entries are restored for the next operation. 4) High speed Universal Synchronous/Asynchronous
Receiver Transmitters (USART 1 & 6). These can run on dual-
wire at speeds of up to 10.5 Mbit/s. Each provides hardware
management of the CTS (Clear to Send) and RTS (Ready To
Send) signals. In addition, the DMA controller can serve
them. (i.e. the communication between “RED” and
“BLACK” constitutes a dual-wire with DMA controller acting
as a server).
5) Ethernet interface with dedicated DMA and IEEE 1588 support. The STM32F417VG provides an IEEE-802.3-2002-
compliant media access controller (MAC) for Ethernet LAN
communications through industry-standard medium-
independent interface (MII). It requires an external physical
interface device (PHY) to connect to the physical LAN bus
(twisted-pair, fiber, etc.).
C. Functions The initial prototype has several main functions that adhere
to the architecture.
• The communication between the prototype and the outside is through multicast UDP socket connection. The data rate is fixed at 64Kbytes/sec. The prototype is designed to transmit/receive a series packages. Each package is currently set at 128-bit.
• Real-time encryption is based on Cipher Block Chaining (CBC) with 128-bit key. The data (packages) is automatically encrypted or decrypted right before it is transmitted or saved, without any user intervention.
• No data stored on an encrypted volume can be read (decrypted) without using the correct encryption key.
D. P1A Demonstration P1A is currently available for demonstration purposes; the
development team has designed a simple and controlled environment that utilizes two P1A boards, three laptops (send/receive/sniff), and miscellaneous connecting hardware. Figure 5 shows the main components involved in this initial demo.
������������
���� ����� ���� �����
������������
�������������
����������������
Fig. 5. CEALICIAN P1A Demonstration Setup
This initial P1A demo is intended to show CEALICIAN’s ability to 1) send data from Host-1 to Host-2 (DIT) and 2) send data from Host-1 to CEALICIAN-1’s internal storage (DAR). Bidirectional communication will be addressed in future demos.
V. FUTURE STATE- PROTOTYPE 2 (P2A)
The development team is currently working on CEALICIAN's second prototype (P2A). P2A is based on the Xilinx Zynq-7000 platform, which integrates a dual-core ARM
264
processor with an FPGA in a single chip. The ARM processor is used for processing, while the FPGA's programmable logic will house the cryptographic core. Data comes into the system via a number interfaces, the primary of which is RJ45 Gigabit Ethernet.
Top throughput is expected to be on the order of hundreds of megabytes per second; although this is currently limited by the throughput of the Gigabit Ethernet interface. When operating in DIT mode, the device's functionality will be similar to that of a typical HAIPE network encryptor. When operating in DAR mode, the device will send its data to an integrated storage device. In both modes, the Advanced Encryption Standard in Galois/Counter Mode (AES-GCM) is currently used to encrypt the data.
Work is currently underway to allow operation in XEX-based Tweaked Codebook mode with Ciphertext Stealing (AES-XTS) for DAR mode.
VI. CONCLUSIONS
CEALICIAN brings an encryption solution designed specifically for unmanned and autonomous use, focusing on minimizing power consumption and form factor while maximizing data throughput. CEALICIAN is capable of encrypting both data-in-transit (DIT) and data-at-rest (DAR), thus providing a solution to an intrinsically complex need.
Due to the risk of equipment loss in an unmanned environment, CEALICIAN uses publicly-available Suite B algorithms, and leverages COTS hardware with custom-developed code. CEALICIAN provides both DIT and DAR capabilities. For DIT, CEALICIAN leverages the HAIPE protocol, allowing it to communicate with a variety of existing HAIPE devices in use by the DoD. For DAR, CEALICIAN will contain an integrated storage device.
CEALICIAN’s design is extremely flexible, which will allow for various configurations in the future depending on different user needs. For example, slowing down the FPGA-
based cryptographic core can reduce power consumption if high speed is not required. The selection of an internal storage device is also flexible. A standard computer hard drive can store a large amount of data, but increase the size of the device. On the other hand, a flash-based storage solution, or none at all, will greatly reduce the device’s footprint. Given this flexibility in the design, CEALICIAN may ultimately become a family of products, each one tailored for a different class of systems.
REFERENCES
[1] Committee on National Security Systems. “National Policy Governing the Use of High Assurance Internet Protocol Encryptor (HAIPE)
Products,” http://www.cnss.gov/Assets/pdf/CNSSP-19.pdf
[2] Secretary of the Navy, “Department of the Navy Information Security
Program,” SECNAV M-5510.36, June 2006
[3] Committee on National Security Systems. “Cryptographic High Value Products,” http://www.cnss.gov/Assets/pdf/CNSSI-4031.pdf
[4] J. Karlin, S. Forrest, and J. Rexford: “Autonomous security for
autonomous systems,” Computer Networks 52(15): 2908-2923.
[5] L3 Communications. “KG-240A 100Mbps HAIPE IS v3.1.2,” www2.l-3com.com/cs-east/pdf/kg240a.pdf
[6] ViaSat, “AltaSec KG-250 IP Encryptor,”
http://www.viasat.com/government-communications/information-assurance/altasec-kg-250
[7] Committee on National Security Systems. “ National Policy Governing
the Use of High Assurance Internet Protocol Encryptor (HAIPE) Products,” http://www.cnss.gov/Assets/pdf/CNSSP-19.pdf
[8] National Security Agency, “NSA Suite B Cryptography,” http://www.nsa.gov/ia/programs/suiteb_cryptography/
[9] A. Enge, Elliptic Curves and Their Applications to Cryptography - An
Introduction, Kluwer Academic Publishers, 1999
[10] D. Johnson, A. Menezes, “The elliptic curve digital signature algorithm (ECDSA)”, Center of Applied Cryptographic Research, University of
Waterloo, Technical Report CORR99-34,1999.
[11] National Institute of Standards and Technology, “Advanced Encryption Standard (AES),” Federal Information Processing Standards 197, 2001,
http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
[12] J. Kim, et al. "On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1." Security and Cryptography for
Networks. Springer Berlin Heidelberg, 2006.
265