Military Communications and Information Technology: A Trusted ...

22.01.2015 Views
152 Military Communications and Information Technology... Apart from this more subtle ways of data transmission have to be taken into account. Steganography is the art of hiding information inside other information in order to conceal the existence of the hidden message altogether. An overview of relevant definitions can be found in [5]. A well-known example is replacing the least significant bit of color information of pixels in an image file with the embedded message. A human observer is unlikely to notice the difference, but evading detection through statistical analysis will require more advanced techniques. Anderson explains several mechanisms in [6]. Covert channels are a related topic. They are used to transmit data from an object with a high classification (High) to one with a low classification (Low). In [6] a covert channel is defined as a mechanism not intended for communication which can be abused to communicate information from High to Low. In [7] the components of a covert channel, different examples and countermeasures are explained. A covert channel consists of a data variable and two synchronization variables, one sender-receiver (s-r) and one receiver-sender (r-s) synchronization variable. The first two variables are properties of the system which can be set by High and read by Low. The last one can be set by Low and read by High (Figure 2). High sets the data variable to a state representing the information to be transmitted. In the simplest case one of two states representing either 1 or 0 is set. High then uses the s-r variable to indicate that data can be received. Low reads the data variable and uses the r-s variable to inform High that it has received data. This process is repeated until all data has been transmitted. Figure 2. Covert channel components (see [7]) When a common time reference is used for instead of the synchronization variables, the channel is called a timing channel otherwise it is called a storage channel. Properties of shared resources can be used as variables. A simple example is a hard disk shared by High and Low with access control mechanisms in place to prevent Low from reading files owned by High. High can allocate almost all

Chapter 2: Communications and Information Technology for Trusted... 153 remaining disk space and then allocate the rest to represent a 1 or deallocate some space to represent a 0. Low can now try to allocate space and determine whether it fails or not. They can then repeat this synchronized by the system clock. Both steganography and covert channels can be used by malicious software in a classified network to send classified data to an unclassified network through a guard. Guard design has to take limiting covert channels to acceptable values into account. Acceptable values depend on the environment a guard is used in. As noted in [7], the risk of espionage by sending classified satellite images via a low data rate covert channel without being detected is low due to the large file sizes, while an encryption key vulnerable to transmission by covert channel is a serious problem unless the covert channel bandwidth is almost nonexistent. V. A guard for management data The CoNSIS architecture is designed to prevent unencrypted classified data from leaking to the TN by encrypting all data which leaves a CE and only accepting data originating from other CEs into a CE. Since the TN is a means to transport data and the users working on classified data operate inside the CEs, the fact that messages cannot be exchanged between a device in the TN and one in a CE does not pose a problem to regular applications. If we preclude all exchange of unencrypted data between TN and CE, we limit our options regarding network management. The management has to happen inside the TN. If instead we allow management data to be exchanged between TN and CE, users inside a CE can receive status information on the transport network and manage transport network segments if they are authorized to. This provides the users inside the CEs with the ability to adapt their transmission behavior to the available resources and manage the transport network according to their priorities. While devices connected to the TN could be physically located in reach of a CE user, this would mean manual control by the user and hardware replication. Passing messages between CE and TN means that these messages bypass the IPsec device and pass a filter to remove unwanted messages. Messages from CE to TN • must have legitimate management message syntax, • must not contain classified information and • must not allow transmission of classified information through covert channels. Messages from TN to CE • must not introduce malicious code. One has to balance the degree to which these goals are accomplished and the limitations enforced on legitimate traffic. This paper focuses on filtering messages from CE to TN using a guard.

Page 1 and 2: Military Communications and Informa

Page 3 and 4: Contents Foreword .................

Page 5: Contents 5 Methodology for Gatherin

Page 8 and 9: 8 Military Communications and Infor

Page 11 and 12: Building a Layered Enterprise Archi

Page 13 and 14: Chapter 1: Concepts and Solutions f




Page 21 and 22: Applying NAF for Performance Analys








Page 37 and 38: Openness in Military Systems Jessic






Page 49 and 50: The Concept of Integration Tool for






Page 61 and 62: CFBLNet: A Coalition Capability Ena





Page 71 and 72: Selected Aspects of Effective RCIED





Page 81: Chapter 1: Concepts and Solutions f

Page 84 and 85: 84 Military Communications and Info








Page 100 and 101: 100 Military Communications and Inf

Page 103: Chapter 2 Communications and Inform






















Page 149 and 150: Use of Cross Domain Guards for CoNS

Page 151: Chapter 2: Communications and Infor

Page 155 and 156: Chapter 2: Communications and Infor

Page 157 and 158: Chapter 2: Communications and Infor

Page 159: Chapter 2: Communications and Infor



















Page 199: Chapter 3 Information Technology fo



















Page 239 and 240: Run-Time Ontology on the Basis of E

Page 241 and 242: Chapter 3: Information Technology f






Page 253 and 254: A Robust and Scalable Peer-to-Peer






Page 265 and 266: Automatic Exploitation of Multiling








Page 281 and 282: Information Fusion Under Network Co






Page 293: Chapter 3: Information Technology f





Page 305 and 306: Commanding Multi-Robot Systems with






Page 317 and 318: Application of CID Server in Decisi







Page 331 and 332: Managing Lessons Learnt from Daily






Page 343: Chapter 3: Information Technology f

Page 347 and 348: Federated Cyber Defence System - Ap

Page 349 and 350: Chapter 4: Information Assurance &




Page 357: Chapter 4: Information Assurance &









Page 377 and 378: Development of High Assurance Guard









Page 395 and 396: Network Traffic Characteristics for










Page 415 and 416: Methodology for Gathering Data Conc











Page 439 and 440: On Multi-Level Secure Structured Co








Page 455 and 456: Generation of Nonlinear Feedback Sh














Page 485 and 486: Modern Usage of “Old” One-Time












Page 511 and 512: A Abut Fatih 161 Akcaoglu Ismail 11

communications

nato

communication

architecture

interoperability

cyber

networks

defence

processing

analysis

wil.waw.pl

Military Communications and Information Technology: A Trusted ...

Military Communications and Information Technology: A Trusted ... ... View more Military Communications and Information Technology: A Trusted ...

Delete template?

Save as template ?

Military Communications and Information Technology: A Trusted ... Military Communications and Information Technology: A Trusted ...