Military Communications and Information Technology: A Trusted ...
Share Embed Flag
Download ePaper

Military Communications and Information Technology: A Trusted ...

Military Communications and Information Technology: A Trusted ... Military Communications and Information Technology: A Trusted ...

wil.waw.pl
22.01.2015 Views

476 Military Communications and Information Technology... In the article we present the way of modification of management process which allows to improve the efficiency of ECDMS. II. Characteristics of special data protection systems and cryptographic data management systems in our considerations we take into account the special systems of data protection. The term “special systems” is quite general. For the purpose of our article we assume term “special systems” means systems processing classified information, that is information particularly important and sensitive. The priority is the security of their data, sometimes with cost of processing speed or ease of use. Below we will discuss the main features of the special systems, which directly determine the requirements for ECDMS. 1. Communication between any two elements of the system (users, devices) is protected by encryption with a unique key, called the session key. Session can be a single conversation. It can also be defined by the unit of time or the size of transmitted data. 2. Information must be protected not only currently but also a long time after use. The more sensitive information the longer period of protection is required. Implemented cryptographic mechanisms must therefore be strong enough to ensure the security now and in the future. 3. The conclusion above applies also to the protocol of the session key agreement. In many solutions the key is agreed using the Diffie-Hellman protocol. It can be considered sufficiently secure today, but there is no guarantee that it will be quite secure in the future. For this reason, such key agreement protocols can not be used in special systems. 4. Not all connections between system’s users are allowed e.g. in the army, where every person on any command level should be provided with communication with their immediate superiors, subordinates and people with the same level. 5. Development of the system that is adding new users (devices) must be strictly controlled. Taking above requirements into account the following principles of cryptographic data management can be specified: – session keys, instead of agreeing, should be derived from the base key; – base keys (relations keys) should be different for each pair of communicating devices; – establishing who with who can communicate in secret mode must be possible; the set of established relations determines the configuration of communication system; – relations key are being prepared for a fixed period, called the period of validity; after that period, they should be replaced by new keys; periodic

Chapter 4: Information Assurance & Cyber Defence 477 keys exchange enhances security and it is an opportunity to reconfigure the system; – cryptographic relations are established according to the needs known at the time of planning. In the moment keys comes to use or during the validity period, these needs may change. It must be possible to join the system devices that were not included in the communication plan. For this purpose, sets of spare data are prepared. Spare data, after uploading the devices, enable secret communication with all other devices: working or spare; – relations key should be supplied to the operation places in a reliable and secure way before beginning of validity period, which they have been prepared for, starts. From above assumptions it follows that ECDMS performs the tasks associated with planning, generation and distribution of cryptographic data. These processes must be executed sequentially. Result of one stage constitutes the input for the next stage. But the entire life cycle of the key includes the following key stages: needs analysis, preparation, waiting for entry to use, activation, work: session keys generation, deactivation, archiving or destruction. The process of preparing the data can be presented in a transparent way on the timeline. The essential points are: the beginning and end of the validity period (B and E), the beginning and end of the data preparation process (Bp and Ep). The period between Bp and B is designed to analyze the needs for secure communications to the next period. The period between Ep and E is the reserved time required against unexpected events. The shorter time of data preparation compared to the length of the validity period, the management is more flexible. During validity period the following steps are held simultaneously: data preparation for a future, using current data and destruction of the previous keys. III. Efficiency Speed of processing can be regarded as the measure of efficiency. The speed is connected with the time of the processing. Because of planning, generation and distribution are realized sequentially the time of date preparation is equal to total time of component processes. Time of planning depends on the planning method one applies: “according to the needs” or “each to each”. Time of generation depends on the number of established relations and the throughput of the source of keys – usually hardware random generator. Time of distribution depends on the kind of the distribution method, which can be courier (traditional) or electronic one. The kind of distribution is very essential for future conside-rations. In the case of the courier distribution, cryptographic data are delivered to the points of exploitation by persons (couriers). This process can last from several days to several

476 <strong>Military</strong> <strong>Communications</strong> <strong>and</strong> <strong>Information</strong> <strong>Technology</strong>...<br />

In the article we present the way of modification of management process<br />

which allows to improve the efficiency of ECDMS.<br />

II. Characteristics of special data protection systems<br />

<strong>and</strong> cryptographic data management systems<br />

in our considerations we take into account the special systems of data protection.<br />

The term “special systems” is quite general. For the purpose of our article we<br />

assume term “special systems” means systems processing classified information,<br />

that is information particularly important <strong>and</strong> sensitive. The priority is the security<br />

of their data, sometimes with cost of processing speed or ease of use. Below<br />

we will discuss the main features of the special systems, which directly determine<br />

the requirements for ECDMS.<br />

1. Communication between any two elements of the system (users, devices)<br />

is protected by encryption with a unique key, called the session key. Session<br />

can be a single conversation. It can also be defined by the unit of time or<br />

the size of transmitted data.<br />

2. <strong>Information</strong> must be protected not only currently but also a long time<br />

after use. The more sensitive information the longer period of protection<br />

is required. Implemented cryptographic mechanisms must therefore be<br />

strong enough to ensure the security now <strong>and</strong> in the future.<br />

3. The conclusion above applies also to the protocol of the session key agreement.<br />

In many solutions the key is agreed using the Diffie-Hellman protocol.<br />

It can be considered sufficiently secure today, but there is no guarantee that<br />

it will be quite secure in the future. For this reason, such key agreement<br />

protocols can not be used in special systems.<br />

4. Not all connections between system’s users are allowed e.g. in the army,<br />

where every person on any comm<strong>and</strong> level should be provided with communication<br />

with their immediate superiors, subordinates <strong>and</strong> people with<br />

the same level.<br />

5. Development of the system that is adding new users (devices) must be<br />

strictly controlled.<br />

Taking above requirements into account the following principles of cryptographic<br />

data management can be specified:<br />

– session keys, instead of agreeing, should be derived from the base key;<br />

– base keys (relations keys) should be different for each pair of communicating<br />

devices;<br />

– establishing who with who can communicate in secret mode must be possible;<br />

the set of established relations determines the configuration of communication<br />

system;<br />

– relations key are being prepared for a fixed period, called the period<br />

of validity; after that period, they should be replaced by new keys; periodic

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!