Secure Military Messaging in a Network Enabled Environment

Transcription

1 Secure Military Messaging in a Network Enabled Environment BGen.Murat ÜÇÜNCÜ Chief of IS Dept. Turkish General Staff IT HAS ALWAYS BEEN DIFFICULT TO BE THE LAST SPEAKER IN AN EVENT LIKE THIS. IT IS DIFFICULT BECAUSE MOST OF THE DISTINGUISHED SPEKAERS BEFORE ME HAVE MENTIONED A LITTLE ABOUT WHAT I AM GONNA TALK ABOUT AND LEFT A LITTLE PORTION OF MY SPEECH UNTOUCHED. FUTHERMORE, I KNOW YOU ARE ALMOST READY TO LEAVE THE COFERENCE HALL AFTER STAYING IN YOUR CHAIRS FOR HOURS. HAVING NOTED THESE CIRCUMSTANCES, I WILL TRY MY BEST IN NEXT FIFTEEN MINUTES. 1

2 Outline Messaging NEC and NII Messaging in a Network Enabled Environment Properties of Secure Messaging Challenges Conclusion TODAY, I AM GONNA GIVE YOU A BRIEFING ABOUT SECURE MILITARY MESSAGING IN A NETWORK ENABLED ENVIRONMENT FOLLOWING THE REFLECTED OUTLINE ON THE CURTAIN. 2

3 Grades of Messaging critical information security integrity survivability non-repudiation important information security official correspondence reliability archiving ease of use assurance of delivery individuals assurance of delivery routine information individuals basic security cheapest & basic capability INTERNET MAIL MAY BE SUFFICINTLY RELIABLE FOR MANY COMMERICAL AND PERSONAL APPLICATIONS, BUT IT IS NOT DEFINITELY GOOD ENOUGH FOR SOME COMMUNITIES LIKE FOR INSTANCE MILITARY AND KEY GOVERNMENT AGENCIES. AS A RESULT OF THE ASSUMPTION, MESSAGING SERVICE IS USUALLY CATEGORIZED IN THREE DIFFERENT GRADES : HIGH, MEDIUM AND BASIC. A HIGH GRADE MESSAGING SERVICE IS A MECHANISM FOR EXCHANGING CRITICAL INFORMATION AN OFFICIAL CORRESPONDENCE THROUGHOUT AN ORGANIZATION AND ITS PARTNERS. THERE FORE THIS SERVICE SHOULD MEET STRINGENT REQUIREMENTS FOR SECURITY, ASSURANCE OF DELIVERY, INTEGRITY, RELIABILITIY, SURVIVABILITY, ARCHIVING, NON-REPUDIATION AND EASE OF USE. MEDIUM GRADE MESSAGING IS USUALLY DEFINED AS A MECHANISM FOR EXCHANGING IMPORTANT INFORMATION BETWEEN INDIVIDUALS THROUGHT AN ORGANIZATION AND ITS PARTNERS. SINCE IT IS ACCEPTED AS A SEMI OFFICIAL SERVICE, MEDIUM GRADE MESSAGING IS ALSO EXPECTED TO MEET ASSURANCE OF DELIVERY AND SECURITY TO A CERTAIN EXTENT. A MEDIUM GRADE MESSAGING IS A FIRE AND WATCH SERVICE BECAUSE ON ORGINATOR USING THIS SERVICE ACCEPTS RESPONSIBILITY FOR ENSURING DELIVERY HAVING BEEN ACHIEVED, WHILE A HIGH-GRADE MESSAGING IS A FIRE AND FORGET SERVICE. DIFFERENT FROM PREVIOUS TWO, A BASIC GRADE SERVICE IS A MECHANISM FOR EXCHANGING ROUTINE INFORMATION BETWEEN INDIVIDUALS THROUGHT AN ORGANIZATION AND ITS PARTNERS. THIS SERVICE IS ONLY REQUIRED TO DELIVER A BASIC CAPABILITY IN THE CHEAPEST WAY CONSISTENT WITH BASIC DEMANDS FOR SECURITY. FROM THIS DEFINITION, A BASIC GRADE MESSAGING CAN BE CATEGORIZED AS A FIRE AND HOPE SERVICE. 3

4 Military Messaging Service (MMS) The MMS is a service that provides electronic messaging to staff units and authorized individual users (i.e., message release authorities) in military organizations which fulfills established military requirements for messaging systems. ~ = IN THIS CONTEXT, THE MAIN OBJECT OF MY SPEECH IS GONNA BE A HIGH GRADE MESSAGING SERVICE, WHICH WE USALLY CALL MILITARY MESSAGING SERVICE. BOTH ACP 123 AND STANAG 4406 DEFINES THE MMS ALMOST IDENTICALLY AS A SERVICE THAT PROVIDES ELECTRONIC MESSAGING TO STAFF UNITS AND AUTHORIZED INDIVIDUAL USERS IN MILITARY ORGANIZATION AND THEY REQUIRE THE MMS MEETS ESTABLISHED MILITARY REQUIREMENTS FOR MESSAGING SYSTEMS. 4

5 Minimum Military Requirements for Military Messaging Service Availability Integrity Interoperability Confidentiality Authentication Non-repudiation Accountability Guaranteed Delivery Timely Delivery C2 Business Process Support Tactical Bearer Support Access Control Security Labeling THEN WHAT ARE THE MILITARY REQUIREMENTS WHICH ARE EXPECTED FORM A MESSAGING SYSTEM TO MEET? THE LIST OF MINIMUM MILITARY REQUIREMENTS MADE FOR THE NATO MESSAGING SYSTEM IS A GOOD EXAMPLE OF THESE EXPECTATIONS. SINCE NMS IS DESIGNED TO PROVIDE A HIGH GRADE MESSAGING SERVICE, IT SHOULDN T BE SURPRISING THAT THE MOST OF THE ITEMS REFLECTED ON THE SLIDE MATCHES WITH THE PROPERTIES OF A HIGH GRADE MESSAGING SERVICE DEFINED PREVIOUSLY IN MY SPEECH. 5

6 A Busy Network-Enabled Environment IN TODAY S CIS INFRASTRUCTURE, MILITARY MESSAGING SYSTEMS PLAY A VITAL ROLE BECAUSE OF THEIR INDISPENSABLE SUPPORT TO COMMAND AND CONTROL. BUT, HOW IS THE SAME FUNCTIOANLITY GONNA BE PROVIDED IN A NETWORK ENABLED ENVIRONMENT. AS A NEW CONCEPT, NETWORK ENABLED CAPABILITY INTRODUCES A COMMON APPROACH DEVELOPING THE ARCHITECTURES, STANDARDS, PROCESSES, AND PROCEDURES NECESSARY TO PROVIDE THE FLEXIBILITY AND AGILITY NEEDED TO CONDUCT FUTURE NETWORK-CENTRIC OPERATIONS IN A BUSY COALITION ENVIRONMENT LIKE THE ONE SHOWN IN THE CURRENT SLIDE. NOW, LET S HAVE A LOOK HOW MILITARY MESSAGING SERVICE WILL FIT IN THIS NEW PICTURE. 6

7 Networking and Information Infrastructure (NII) NII, a key requirement for NEC: A robust, secure and effective CIS infrastructure. SOA approach, Information & Integration (IIS) A ROBUST, SECURE AND EFFECTIVE CIS INFRASTRUCTURE IS UNDENIABLY A KEY REQUIREMENT TO ACHIEVE NETWORK ENABLED CAPABILITY. IN NNEC FEASIBILITY STUDY, THIS IS CALLED AS NETWORKING AND INFORMATION INFRASTRUCTURE, NII. THE INFORMATION AND INTEGRATION COMPONENT OF THE NII IS CHARACTERIZED BY THE USE OF SERVICE ORIENTED ARCHITECTURE TO EXPOSE SOFTWARE FUNCTIONS AS CONSUMABLE SERVICES THAT CAN BE DISCOVERED AND INVOKED ACROSS THE NETWORK. INFORMATION AND INTEGRATION SERVICES ARE ALSO KNOWN AS CORE ENTERPRISE SERVICES AND ONE OF THE PRIMARY PURPOSES OF THESE SERVICES IS TO SUPPORT THE IMPLEMENTATION AND USE OF SOA TO MEET THE NEEDS OF PRE-PLANNED AND AD-HOC COMMUNITY OF INTERESTS. 7

8 NNEC IIS Layered Model NNEC Feasibilty Study THE NNEC ISS LAYERED MODEL FROM THE 2005 FEASIBILITY REPORT DEFINES DIFFERENT TYPES OF SERVICES ON A SOLID TRANSPORT AND INFRASTRUCTURE LAYER TO MEET DIFFERENT TYPES OF REQUIREMENTS. 8

9 Current Scope of NII Military Messaging Service COI-Specific Commom COI Information and Integration / Core Enterprise Discovery Repository Mediation Information Assurance Service Discovery Information Discovery Infrastructure Application Enterprise Directory Metadata Registry Messaging Interaction Composition Translation Publish/ Subscribe Service Management & Control Storage Collaboration Transition Network/Transport NII THE PREVIOUS LAYERED MODEL HAS BEEN REFINED RECENTLY NARROWING THE SCOPE OF THE NII. IN THIS NEW DIAGRAM YOU CAN SEE THAT A MESSAGING SERVICE IS DEFINED AS A CORE SERVICE. BUT THIS IS IMPORTANT TO ARTICULATE THAT THIS MESSAGING SERVICE IS A GENERIC SERVICE INTERACTION MECHANISM USED BY OTHER SERVICES OR APPLICATIONS. THIS IS NOT THE SAME AS THE MMS DEFINED IN STANAG 4406 OR ACP 123, WHICH IS NOT A CORE ENTERPRISE SERVICE. RATHER, MMS MIGHT BE HANDLED AT THE COI OR COMMON COI SERVICES LAYER, WHICH MAKES USE OF THE CORE ENTERPRISE SERVICES. 9

10 MMHSs as Legacy Systems MMHSs, as legacy systems, provide MMS using standardized interfaces. NNEC Feasibilty Study IF WE GO BACK TO THE QUESTION OF WHERE MMS WOULD RESIDE IN NEC CONCEPT NOW WE CAN SAY THAT IT IS GONNA BE ONE OF THE COI SPECIFIC OR COMMON COI SERVICES. THIS IS VERY OBVIOUS FROM THE DEFINITION AND NATURE OF THE MMS, BECAUSE NOT EVERY USER IN THE NETWORK NEEDS THE SERVICE. BUT THE QUESTION OF HOW THIS SERVICE WOULD BE IMPLEMENTED IN NEC IS STILL UNANSWERED. NOW I AM GONNA TRY TO FIND AN ACCEPTABLE ANSWER TO THIS QUESTION. IT IS NOT POSSIBLE TO CREATE A NEW SET OF CAPABILITIES BASED ON NEW OPERATIONAL REQUIREMENTS STARTING FROM THE SCRATCH, THIS STATEMENT IS VALID IN THE COURSE OF ACHIEVING THE NEC GOAL AS WELL. AT ANY POINT OF TIME THERE WILL ALWAYS BE LEGACY SYSTEMS. SO THE INCORPORATION OF LEGACY SYSTEMS WILL ALWAYS BE A REQUIREMENT, AND NOT ONLY IN AN INITIAL TRANSITION PHASE. EVEN THOUGH THE TERM LEGACY IS OFTEN ASSOCIATED TO OLD OR OBSOLETE, LEGACY SYSTEMS REFER TO THOSE SYSTEMS THAT ARE CURRENTLY OPERATIONAL AND WILL BE SO FOR AS LONG AS THEIR CAPABILITIES ARE REQUIRED OR THEIR REPLACEMENT IS NOT POSSIBLE. FROM MY POINT OF VIEW, CURRENT STANAG 4406 COMPLIANT MESSAGING SYSTEMS WHICH PROVIDE MMS ARE THE EXAMPLES OF LEGACY SYSTEMS NEED TO BE INTEGRATED IN THE NEW ARCHITECTURE BY USING STANDARDIZED INTERFACES. IN THIS WAY THESE SOLID APPLICATIONS COULD SERVE AS SERVICES WITHIN A SOA CONCEPT UNTIL, THEIR EFFICIENT REPLACEMENT S BASED ON A NEWER TECHNOLOGY IS AVAILABLE. 10

11 Military Messaging in a Network Enabled Environment Need for seamless message exchange between: Tactical and strategic environments, Seperated security domains, Different services, COIs and organizations. Armed Forces Government Institutions Nations SINCE NEC IS BASED UPON A CONCEPT OF FEDERATION OF NETWORKS AND SYSTEM OF SYSTEMS, THERE IS AN AMBITIOUS REQUIREMENT FOR USERS AT ALL OPERATIONAL LEVELS TO EXCHANGE INFORMATION. THEREFORE USERS, FROM TACTICAL AND STRATEGIC LEVELS, FROM SEPARATED SECURITY DOMAINS, FROM DIFFERENT SERVICES, COIS AND ORGANIZATIONS WILL NEED TO SEAMLESSLY EXCHANGE MESSAGES WITH THEIR CORRESPONDENCES TO MEET THEIR OPERATIONAL REQUIREMENTS IN SUCH AN ENVIRONMENT. THIS REQUIREMENT IS A LITTLE BIT DIFFERENT FRoM THE ONES WE ARE USED TO FOR A LONG TIME AND BRINGS SOME DIFFICULTIES THAT I AM GONNA BRIEFLY TALK IN THE LAST PART OF BRIEFING. 11

12 Traditional Security X.800 Standards Confidentiality Integrity Availability Authentication Access control Non-repudiation SO FAR WE HAVE LOCATED THE MMS IN A NEC ENVIRONMENT AND CAME UP WITH A VIABLE SOLUTION TO INTEGRATE THE SERVICE IN TO THE NEW ARCHITECTURE. NOW IT IS TIME TO TALK ABOUT HOW TO MAKE THE SERVICE SECURE. REPRESENTING INFORMATION ASSURANCE AS A PILLAR SPANNING ALL OTHER SERVICE LAYERS POINTS OUT TO THE IMPORTANCE OF SECURITY IN A NETWORK ENABLED ENVIRONMENT. ASSUMING THAT X.800 STANDARDS TRADITIONAL SECURITY SERVICES WILL SUSTAIN THEIR IMPORTANCE AND MAY NOT CHANGE EVEN IN THE LONG TERM, IMPLEMENTING THESE SERVICES IN A NETWORK ENABLED ENVIRONMENT WOULD PROVIDE A CERTAIN LEVEL OF SECURITY FOR SERVICES DEPLOYED IN THE SAME ENVIRONMENT. OF COURSE, ONE OF THESE DEPLOYED SERVICES WILL BE THE MMS. 12

13 Confidentiality Encrypting the communication link from-end-toend. Using integrated PKI software to encrypt messages. Sydney B Steven Need to sniff in the messaging between them, but how? ONE OF THESE SECURITY SERVICES IS CONFIDENTIALITY. THIS CAN BE IMPLEMENTED IN DIFFERENT WAYS. HARDWARE AND SOFTWERE SOLUTIONS TO ADEQUATELY PROTECT INFORMATION ARE AVAILABLE. WHILE IT IS POSSIBLE TO ENCRYPT THE COMMUNICATION LINK FORM END-TO-END, USING AN INTEGRATED PKI SOFTWARE IN A MESSAGING SERVICE MAKES IT POSSIBLE TO ENCRYPT A SINGLE MESSAGE TO ACHIEVE ITS CONFIDENTIALITY BETWEEN ITS ORIGINATOR AND RECEIVER. 13

14 Integrity Hardware solution : IP-crypto devices Software solution : Digital signatures. Sydney Steven Need to change the messagie in the way, but how? ANOTHER SECURITY SERVICE IS INTEGRITY. LIKE CONFIDENTRALITY, INTEGRITY OF MMS CAN BE ACHIEVED BY IMPOSING BOTH HARDWERE AND SOFTWERE SOLUTIONS. OP-CRYPTO DEVICES ARE AND WILL BE USED IN THE FORESEEABLE FUTURE TO PROVIDE INTEGRITY AS FOR AS THE COMMUCITION LINK IS CORCERNED. IN ADDITION TO LINE ENCRYPTION DIGITAL SIGNATURES SHOULD BY USED TO SUPPORT MESSAGE INTEGRITY. 14

15 Availability Keeping the service operational, Making the service able to transfer messages for a high percentage of the work cycle. WAN AVAILABILITY OF THE MMS HAS UTMOST IMPORTANCE BECAUSE THE SERVICE IS USED TO EXCHANGE CRITICAL INFORMATION FOR THE ORGANIZATION. THIS MUST BE DONE BY BUILDING ROBUST AND RESILIENT SYSTEMS TO PROVIDE THE SERVICE. AVAILABILITY OF A MESSAGING SERVICE CANNOT BE ASSURED BY ONLY KEEPING IT OPERATIONAL, MAKING THE SERVICE ABLE TO TRANSFER MESSAGES FOR A HIGH PERCENTAGE OF THE WORK CYCLE IS ALSO REQUIRED TO FULFILL AVAILABILITY. 15

16 Authentication Strong authentication to protect information. Smart card use, Smart card password. Use at least 2 out of 3. Biometric devices Xcfrawe145& IN ORDER TO PROPERLY PROTECT ACCESS TO INFORMATION EXCHANGED VIA MMS, ALL USERS OF THE SERVICE SHOULD AUTHENTICATE AND THIS AUTHENTICATION SHOULD BE BASED ON A FORM OF STRONG AUTHENTICATION. UTILIZING SMART CARDS LOADED WITH USER CERTIFICATES AND CONFIRMING CARD HOLDER WITH A CARD PASSWORD TOGETHER IS A GOOD EXAMPLE OF AVAILABLE STRONG AUTHENTICATION METHODS THAT CAN BE INTEGRATED INTO A MILITARY MESSAGING SERVICE. 16

17 Access Control Authorized personnel only. Network access control via IP-encryption, Effective and interoperable identity management ACCES CONTROL IS NEEDED TO RESTRICT ACCESS TO THE MESSAGING SERVICES TO AUTHORIZED PERSONNEL ONLY. THIS CAN BE HANDLED BY THE IP ENCRYPTION DEVICES ON THE NETWORK LEVEL. IN ADDITION AN INTEROPERABLE IDENTITY MANAGEMENT SERVICE SHOULD BE DEPLOYED IN A NETWORK ENABLED ENVIRONMENT IN ORDER TO SUPPORT SECURELY ACCESS TO THE INFORMATION EXCHANGED BY THE MESSAGING SYSTEM. 17

18 Non-repudiation Sydney Provide assurance against repudiation. Digital signatures enabled by PKI technology. Steven NON-REPUDIATION PROVIDES ASSURANCE THAT SOMETHING CANNOT SUCCESSFULLY BE DISCLAIMED. NON-REPUDIATION IS CRUCIAL FOR A SERVICE BY WHICH OFFICAL CORRESPONDENCE IS EXCHANGED. DIGITAL SIGNATURES PROVIDED BY PKI TECHNOLOGY ARE USED TO SIGN MESSAGES EXCHANGED VIA A MESSAGING SERVICE TO ACHIEVE NON-REPUDIATION. 18

19 Challenges Harmonization of messaging requirements with web technologies. Low band-width constraints in tactical environment. Need for solid IPnetworks in the field. Efficient PKI usage. Need for a robust key management. An interoperable Identity Management. Cross domain security issues HAVING AND SECURING A CRITICAL SERVICE LIKE MILITARY MESSAGING IN A NETWORK ENABLED ENVIRONMENT IS NOT AN EASY JOB. THERE ARE CERTAIN OBSTACLES TO ACHIEVE THIS FUNCTIOANLITY AT THE LEVEL INTENDED AND EXPECTED. FOR THE TIME BEING, WEB TECHNOLOGIES IS THE MOST POWERFUL CANDIDATE TO IMPLEMENT SOA. THEREFORE SOLUTIONS SHOULD BE INVESTIGATED TO MEET MESSAGING REQUIREMENTS VIA THESE TECHNOLOGIES. ANOTHER CONSTRAINT WITHIN NEC IS CAUSED BY LOW BAND-WIDTHS ESPECIALLY IN TACTICAL DOMAINS. EFFCIENT IP-NETWORKS ARE NEEDED NOT ONLY AT STRATEGIC BUT ALSO AT OPERATIONAL AND TACTICAL LEVELS IN ORDER TO PROVIDE QUALITY OF SERVICE IN MESSAGING. PKI IS ONE OF THE KEY AREAS FOR ACHIEVING SECURITY IN NEC. HOWEVER, IT IS NOT A COMPLETE SOLUTION BY ITSELF AND POLICIES TO IMPLEMENT PKI ACROSS BORDERS ARE STILL IN THE PHASE OF DEFINITION BY QUALIFIED AUTHORITIES. IP-CRYTO DEVICES WILL BE A MAJOR MEANS TO IMPROVE SECURITY OF NETWORK IN THE FORESEEABLE FUTURE. IN PARALEL, SOLID KEY MANAGEMENT POLICIES AND IMPLEMENTATIONS WILL GAIN IMPORTANCE. IN MY OPINION THERE ARE STILL ISSUES TO EXPLORE IN THIS AREA AS WELL. IN ORDER TO MANAGE THE SERVICES AND MAINTAIN THE SECURITY ON THE NETWORK IT IS CRUCIALLY IMPORTANT TO KNOW WHO IS WHO IN A NETWORK ENABLED ENVIRONMENT. THIS IS ONLY BE ACHIEVED BY AN INTEROPERABLE AND ROBUST IDENTITY MANAGEMENT. EVEN THOUGH IT IS EASY TO SAY, IN REALITY TO PROVIDE A VALUABLE IDENTITY MANAGEMENT SERVICE IS ONE OF THE MOST GHALLENGING JOBS TO BE ACCOMPLISHED. 19

20 Conclusion NEC is a new era different from the one which we are in at the present time. Military messaging service is indispensible now and will be in the future. Major technology breakthroughs are required to cope with the challenges to accomplish the NEC goal