Secure Communications Secure Communications Interoperability Protocols,

SCIPInteroperability Protocols,

SCIPSCIPSCIP

John S ColluraJohn S. ColluraJohn.Collura@nc3a.nato.int

Phone: +31 70 374 3578Fax: +31 70 374 3049

UNCLASSIFIED1

HFIA briefing 13 September 2005

SIGSALY Secure Voice System

Circa 1943, SIGSALY provided perfect security for secure voice communication among allies Twelve units were built and deployed in

UNCLASSIFIED2

communication among allies. Twelve units were built and deployed in Washington, London, Algiers, Brisbane , Paris ..

STU-I

Circa 1979, the STU-I used a digital signal processing computer. A few hundred units were eventually deployed

UNCLASSIFIED3

A few hundred units were eventually deployed.

Original STU-IIg

Circa 1982, the STU-II provided 2400 and 9600 bps secure voice. A few thousand units were eventually deployed.

UNCLASSIFIED4

Current SCIP Products

UNCLASSIFIED5

Historical Perspective on I t bilitInteroperability

Secure Voice & Data Communications Moderate Availability Between National Armed Forces, Unavailable Between Strategic and Tactical Operations,Unavailable Between Strategic and Tactical Operations,

and Unavailable Between NATO &/or Coalition Allies

NATO NBSV II Created Interoperability NATO NBSV-II Created Interoperability Based Upon common standards Four Suppliers Built NBSV-II compatible products

NATO k t i l f NATO i ti d NATO key material for NATO communications, and National key material for sovereign communications

NBSV-II is at the End of its Lifecycle

UNCLASSIFIED6

y

NATO Growth

Membership & Partners Membership & Partners From 16 to 26 nations North African Partners Middle East Partners?

Mission Responsibilities Former SFOR (now EU) Former SFOR (now EU) KFOR, IFOR ISAF IRAQ

Communities of Interest

UNCLASSIFIED7

Secure Communications Ch llChallenges

Key Managementy gFuture NATO deployments Brigade Example

InteroperabilityCommon Waveforms no interoperability

Net-CentricityC tifi t B d K E hCertificate Based Key Exchanges

UNCLASSIFIED8

Communications Security A hApproaches

Application Layer Security SolutionsApplication Layer Security SolutionsSCIP

Network Layer Security SolutionsNetwork Layer Security SolutionsIPSEC, HAIPE (US)

Link Encryption Security Solutionsyp y

UNCLASSIFIED9

Cryptographic Definitions - Iyp g p

Symmetric Key MaterialSymmetric Key Material

Asymmetric Key Exchangey y g

Certificates and Trusted Authorities

UNCLASSIFIED10

Cryptographic Definitions - IIyp g p

Electronic Key Management Systems (EKMS)( ) Automated ordering, generation, distribution,

storage, security accounting, etc. Flexibility Flexibility

account registration, management, access control to key & data functionscontrol to key & data functions

Speed DACAN provided EKMS or DEKMS

UNCLASSIFIED11

Cryptographic Definitions - IIIyp g p

Traffic Encryption Suites Suite A

S it B Suite B

Compromised Key ListsCompromised Key Lists

Certificate Revocation Lists

Communities of Interest

UNCLASSIFIED12

Communities Of Interest

NATO National Multi-lateral Coalition

U it d N ti United Nations European Union Emergency Responders Emergency Responders NGOs (Aid Agencies)

UNCLASSIFIED13

NATO Interoperabilityp y

Standards (STANAGS)

Success Stories NBSV-II (voice) Link-11 (data) HF-House series of STANAGs

Current ISAF Solution ()

UNCLASSIFIED14

Future NATO Interoperabilityp y

Electronic Key Management System SCIP IPSEC SCIP, IPSEC Session Keys Multinational Key ManagementMultinational Key Management Software Reconfiguration Tailored COIs Compromise Recovery

UNCLASSIFIED15

NATO SCIP Requirementsq

Need to capture NATO requirementsp qJoint AHWG/3 AHWG/6 document

AHWG/3 Signaling requirementsAHWG/6 INFOSEC i tAHWG/6 INFOSEC requirements

Feed requirements to the I-ICWGVendors must build to exactly the sameVendors must build to exactly the same standard

UNCLASSIFIED16

SCIP What is it?SCIP What is it?

Secure Communications Protocol forSecure Communications Protocol for InteroperabilityApplication LayerNetwork IndependentEnd-to-End SecurityCommon Call Setup andCommon Call Setup andCommon SignalingCommercial Standards & InfrastructureMultiple Cryptographic Solutions or COIs

NATO, Coalition, National Sovereign, Commercial, etc

UNCLASSIFIED17

etc.

Minimum InteroperabilityMinimum Interoperability Requirements

2400bps MELPe voice coding2400bps MELPe voice codingClear and secure MELPe2400bps synchronous data channel2400bps synchronous data channel

3000bps asynchronous data channelBlank and burst mode

UNCLASSIFIED18

Future DevelopmentsFuture DevelopmentsOptional Voice codersp

600bps MELPe1200bps MELPe16000bps CVSD16000bps CVSD

IP interoperabilityVoIP/MoIP

Gateway solutionsEurocomTACOMS POST 2000TACOMS POST-2000

Military RadiosProfessional Mobile Radios

UNCLASSIFIED19

Professional Mobile Radios

SCIP & IPSEC

Protocols Have Different ObjectivesApplication Layer vs. Network LayerN t k I d d t IP N t kNetwork Independent vs. IP Networks

Gateway OptionsRed or Black?Red or Black?

IP Protocols of InterestSTE, VoIP, ?

Secure Wireless LANsSECNET-11/54

UNCLASSIFIED20

Conclusions

Goal: Secure Interoperable Infrastructure National Policies must support vision National Policies must support vision SCIP key enabler for NNEC NNEC changing NATO & Nationalg g &

Develop Policy Design & Acquire Secure Communications

E i tEquipment

UNCLASSIFIED21

Questions?Questions?

UNCLASSIFIED22