Secure Communications Interoperability Protocols, SCIP

1
Secure Communications Interoperability
Protocols,SCIP

• John S. Collura
• John.Collura_at_nc3a.nato.int
• Phone 31 70 374 3578
• Fax 31 70 374 3049

HFIA briefing
13 September 2005
2
SIGSALY Secure Voice System
Circa 1943, SIGSALY provided perfect security for
secure voice communication among allies. Twelve
units were built and deployed in Washington,
London, Algiers, Brisbane , Paris ..
3
STU-I
Circa 1979, the STU-I used a digital signal
processing computer. A few hundred units were
eventually deployed.
4
Original STU-II
Circa 1982, the STU-II provided 2400 and 9600 bps
secure voice. A few thousand units were
eventually deployed.
5
Current SCIP Products
6
Historical Perspective on Interoperability

• Secure Voice Data Communications
• Moderate Availability Between National Armed
  Forces,
• Unavailable Between Strategic and Tactical
  Operations, and
• Unavailable Between NATO /or Coalition Allies
• NATO NBSV-II Created Interoperability
• Based Upon common standards
• Four Suppliers Built NBSV-II compatible products
• NATO key material for NATO communications, and
• National key material for sovereign
  communications
• NBSV-II is at the End of its Lifecycle

7
NATO Growth

• Membership Partners
• From 16 to 26 nations
• North African Partners
• Middle East Partners?
• Mission Responsibilities
• Former SFOR (now EU)
• KFOR, IFOR
• ISAF
• IRAQ
• Communities of Interest

8
Secure Communications Challenges

• Key Management
• Future NATO deployments Brigade Example
• Interoperability
• Common Waveforms no interoperability
• Net-Centricity
• Certificate Based Key Exchanges

9
Communications Security Approaches

• Application Layer Security Solutions
• SCIP
• Network Layer Security Solutions
• IPSEC, HAIPE (US)
• Link Encryption Security Solutions

10
Cryptographic Definitions - I

• Symmetric Key Material
• Asymmetric Key Exchange
• Certificates and Trusted Authorities

11
Cryptographic Definitions - II

• Electronic Key Management Systems (EKMS)
• Automated ordering, generation, distribution,
  storage, security accounting, etc.
• Flexibility
• account registration, management, access control
  to key data functions
• Speed
• DACAN provided EKMS or DEKMS

12
Cryptographic Definitions - III

• Traffic Encryption Suites
• Suite A
• Suite B
• Compromised Key Lists
• Certificate Revocation Lists
• Communities of Interest

13
Communities Of Interest

• NATO
• National
• Multi-lateral
• Coalition
• United Nations
• European Union
• Emergency Responders
• NGOs (Aid Agencies)

14
NATO Interoperability

• Standards (STANAGS)
• Success Stories
• NBSV-II (voice)
• Link-11 (data)
• HF-House series of STANAGs
• Current ISAF Solution ()

15
Future NATO Interoperability

• Electronic Key Management System
• SCIP, IPSEC
• Session Keys
• Multinational Key Management
• Software Reconfiguration
• Tailored COIs
• Compromise Recovery

16
NATO SCIP Requirements

• Need to capture NATO requirements
• Joint AHWG/3 AHWG/6 document
• AHWG/3 Signaling requirements
• AHWG/6 INFOSEC requirements
• Feed requirements to the I-ICWG
• Vendors must build to exactly the same standard

17
SCIP What is it?

• Secure Communications Protocol for
  Interoperability
• Application Layer
• Network Independent
• End-to-End Security
• Common Call Setup and
• Common Signaling
• Commercial Standards Infrastructure
• Multiple Cryptographic Solutions or COIs
• NATO, Coalition, National Sovereign, Commercial,
  etc.

18
Minimum Interoperability Requirements

• 2400bps MELPe voice coding
• Clear and secure MELPe
• 2400bps synchronous data channel
• 3000bps asynchronous data channel
• Blank and burst mode

19
Future Developments

• Optional Voice coders
• 600bps MELPe
• 1200bps MELPe
• 16000bps CVSD
• IP interoperability
• VoIP/MoIP
• Gateway solutions
• Eurocom
• TACOMS POST-2000
• Military Radios
• Professional Mobile Radios

20
SCIP IPSEC

• Protocols Have Different Objectives
• Application Layer vs. Network Layer
• Network Independent vs. IP Networks
• Gateway Options
• Red or Black?
• IP Protocols of Interest
• STE, VoIP, ?
• Secure Wireless LANs
• SECNET-11/54

21
Conclusions

• Goal Secure Interoperable Infrastructure
• National Policies must support vision
• SCIP key enabler for NNEC
• NNEC changing NATO National
• Develop Policy
• Design Acquire Secure Communications Equipment

22
Questions?