Virtual Private Channel Using Software Defined Radio

1
Virtual Private ChannelUsing Software Defined
Radio

• Prithvi R Kumar
• September 13, 2001

Organization G022 Project 0701N090/0E
2
Purpose

• This briefing is intended to support the Software
  Radio Groups items to be included in the
  Request for Proposal (RFP)
• Virtual private channel (VPC) in ORB is one of
  the items proposed for inclusion in RFP
• Requirements necessary to establish and maintain
  a VPC in ORB and software defined radio are
  outlined

3
Summary

• End-to-end VPC security association establishes
  trust relationship between client and target
• Provides end-to-end security services such as
  privacy, authentication, access control at the
  ORB level
• Leverages CORBA policy management services to
  provide additional security
• Supports real-time operations
• Does not provide data separation for
  communications at different security levels
• VPC rides over radio-to-radio security services
• Type I services for U.S. military communications
• Type III services for U.S. government, national,
  and commercial communications
• Type III services for U.S.-approved multinational
  use
• Type IV services for exportable products
  supporting general multinational communications

4
Benefits to incorporating VPC in ORB

• VPC concept is similar to requirements for IPsec
  compliance
• IPsec (IPv6 compatible) Encapsulation using ESP
  Tunnel Mode
• VPC in ORB
• Leverages CORBA policy-based security management
• Real-time performance is predictable
• Impact of IPSec on real-time performance is
  difficult to model and manage
• Security policy can be loaded into a single
  software radio to enforce access control
  decisions
• Policy management can be made simple by using the
  radio to perform access control decisions versus
  targets making the access control decisions

5
Operational concept
End-to-end privacy is achieved via message
encryption at the client and target side
6
Operational threads

• Applicability
• Encryption technique provides end-to-end privacy
  between client and target systems
• All VPCs through a single radio channel handle
  data of the same security level
• Application of this technique to multinational
  operations needs further investigation with
  regard to sensitivity of data and applicable
  policies

7
Additional VPC security requirements

• CORBAsec. specifies many security services
• VPC feature would require additional security
  services
• Security association protocol
• Key distribution protocol
• Encryption algorithms
• Algorithm suite for Type III commercial
  non-exportable products used for unclassified but
  sensitive U.S. Government communications
• Algorithm suite for Type IV commercial exportable
  commercial products

8
VPC in ORB Potential applications

• Multiple clients connected to a software radio
  can set up VPC(s) to securely access target
  information base set forth by the security policy
• Some examples are
• Local Law Enforcement team investigating a crime
  scene can remotely access to national crime
  database through the radio
• Teams supporting a crisis operation can set up
  VPC through radio and exchange information
  between them
• Paramedics can access patients data from an
  ambulance