Military Communications and Information Technology: A Trusted ...
Military Communications and Information Technology: A Trusted ... Military Communications and Information Technology: A Trusted ...
476 Military Communications and Information Technology... In the article we present the way of modification of management process which allows to improve the efficiency of ECDMS. II. Characteristics of special data protection systems and cryptographic data management systems in our considerations we take into account the special systems of data protection. The term “special systems” is quite general. For the purpose of our article we assume term “special systems” means systems processing classified information, that is information particularly important and sensitive. The priority is the security of their data, sometimes with cost of processing speed or ease of use. Below we will discuss the main features of the special systems, which directly determine the requirements for ECDMS. 1. Communication between any two elements of the system (users, devices) is protected by encryption with a unique key, called the session key. Session can be a single conversation. It can also be defined by the unit of time or the size of transmitted data. 2. Information must be protected not only currently but also a long time after use. The more sensitive information the longer period of protection is required. Implemented cryptographic mechanisms must therefore be strong enough to ensure the security now and in the future. 3. The conclusion above applies also to the protocol of the session key agreement. In many solutions the key is agreed using the Diffie-Hellman protocol. It can be considered sufficiently secure today, but there is no guarantee that it will be quite secure in the future. For this reason, such key agreement protocols can not be used in special systems. 4. Not all connections between system’s users are allowed e.g. in the army, where every person on any command level should be provided with communication with their immediate superiors, subordinates and people with the same level. 5. Development of the system that is adding new users (devices) must be strictly controlled. Taking above requirements into account the following principles of cryptographic data management can be specified: – session keys, instead of agreeing, should be derived from the base key; – base keys (relations keys) should be different for each pair of communicating devices; – establishing who with who can communicate in secret mode must be possible; the set of established relations determines the configuration of communication system; – relations key are being prepared for a fixed period, called the period of validity; after that period, they should be replaced by new keys; periodic
Chapter 4: Information Assurance & Cyber Defence 477 keys exchange enhances security and it is an opportunity to reconfigure the system; – cryptographic relations are established according to the needs known at the time of planning. In the moment keys comes to use or during the validity period, these needs may change. It must be possible to join the system devices that were not included in the communication plan. For this purpose, sets of spare data are prepared. Spare data, after uploading the devices, enable secret communication with all other devices: working or spare; – relations key should be supplied to the operation places in a reliable and secure way before beginning of validity period, which they have been prepared for, starts. From above assumptions it follows that ECDMS performs the tasks associated with planning, generation and distribution of cryptographic data. These processes must be executed sequentially. Result of one stage constitutes the input for the next stage. But the entire life cycle of the key includes the following key stages: needs analysis, preparation, waiting for entry to use, activation, work: session keys generation, deactivation, archiving or destruction. The process of preparing the data can be presented in a transparent way on the timeline. The essential points are: the beginning and end of the validity period (B and E), the beginning and end of the data preparation process (Bp and Ep). The period between Bp and B is designed to analyze the needs for secure communications to the next period. The period between Ep and E is the reserved time required against unexpected events. The shorter time of data preparation compared to the length of the validity period, the management is more flexible. During validity period the following steps are held simultaneously: data preparation for a future, using current data and destruction of the previous keys. III. Efficiency Speed of processing can be regarded as the measure of efficiency. The speed is connected with the time of the processing. Because of planning, generation and distribution are realized sequentially the time of date preparation is equal to total time of component processes. Time of planning depends on the planning method one applies: “according to the needs” or “each to each”. Time of generation depends on the number of established relations and the throughput of the source of keys – usually hardware random generator. Time of distribution depends on the kind of the distribution method, which can be courier (traditional) or electronic one. The kind of distribution is very essential for future conside-rations. In the case of the courier distribution, cryptographic data are delivered to the points of exploitation by persons (couriers). This process can last from several days to several
- Page 425 and 426: Chapter 4: Information Assurance &
- Page 427 and 428: Chapter 4: Information Assurance &
- Page 429: Chapter 4: Information Assurance &
- Page 432 and 433: 432 Military Communications and Inf
- Page 434 and 435: 434 Military Communications and Inf
- Page 436 and 437: 436 Military Communications and Inf
- Page 439 and 440: On Multi-Level Secure Structured Co
- Page 441 and 442: Chapter 4: Information Assurance &
- Page 443 and 444: Chapter 4: Information Assurance &
- Page 445 and 446: Chapter 4: Information Assurance &
- Page 447 and 448: Chapter 4: Information Assurance &
- Page 449 and 450: Chapter 4: Information Assurance &
- Page 451 and 452: Chapter 4: Information Assurance &
- Page 453 and 454: Chapter 4: Information Assurance &
- Page 455 and 456: Generation of Nonlinear Feedback Sh
- Page 457 and 458: Chapter 4: Information Assurance &
- Page 459 and 460: Chapter 4: Information Assurance &
- Page 461 and 462: Chapter 4: Information Assurance &
- Page 463: Chapter 4: Information Assurance &
- Page 466 and 467: 466 Military Communications and Inf
- Page 468 and 469: 468 Military Communications and Inf
- Page 470 and 471: 470 Military Communications and Inf
- Page 472 and 473: 472 Military Communications and Inf
- Page 474 and 475: 474 Military Communications and Inf
- Page 478 and 479: 478 Military Communications and Inf
- Page 480 and 481: 480 Military Communications and Inf
- Page 482 and 483: 482 Military Communications and Inf
- Page 485 and 486: Modern Usage of “Old” One-Time
- Page 487 and 488: Chapter 4: Information Assurance &
- Page 489 and 490: Chapter 4: Information Assurance &
- Page 491 and 492: Chapter 4: Information Assurance &
- Page 493 and 494: Chapter 4: Information Assurance &
- Page 495: Chapter 4: Information Assurance &
- Page 498 and 499: 498 Military Communications and Inf
- Page 500 and 501: 500 Military Communications and Inf
- Page 502 and 503: 502 Military Communications and Inf
- Page 504 and 505: 504 Military Communications and Inf
- Page 506 and 507: 506 Military Communications and Inf
- Page 508 and 509: 508 Military Communications and Inf
- Page 511 and 512: A Abut Fatih 161 Akcaoglu Ismail 11
476 <strong>Military</strong> <strong>Communications</strong> <strong>and</strong> <strong>Information</strong> <strong>Technology</strong>...<br />
In the article we present the way of modification of management process<br />
which allows to improve the efficiency of ECDMS.<br />
II. Characteristics of special data protection systems<br />
<strong>and</strong> cryptographic data management systems<br />
in our considerations we take into account the special systems of data protection.<br />
The term “special systems” is quite general. For the purpose of our article we<br />
assume term “special systems” means systems processing classified information,<br />
that is information particularly important <strong>and</strong> sensitive. The priority is the security<br />
of their data, sometimes with cost of processing speed or ease of use. Below<br />
we will discuss the main features of the special systems, which directly determine<br />
the requirements for ECDMS.<br />
1. Communication between any two elements of the system (users, devices)<br />
is protected by encryption with a unique key, called the session key. Session<br />
can be a single conversation. It can also be defined by the unit of time or<br />
the size of transmitted data.<br />
2. <strong>Information</strong> must be protected not only currently but also a long time<br />
after use. The more sensitive information the longer period of protection<br />
is required. Implemented cryptographic mechanisms must therefore be<br />
strong enough to ensure the security now <strong>and</strong> in the future.<br />
3. The conclusion above applies also to the protocol of the session key agreement.<br />
In many solutions the key is agreed using the Diffie-Hellman protocol.<br />
It can be considered sufficiently secure today, but there is no guarantee that<br />
it will be quite secure in the future. For this reason, such key agreement<br />
protocols can not be used in special systems.<br />
4. Not all connections between system’s users are allowed e.g. in the army,<br />
where every person on any comm<strong>and</strong> level should be provided with communication<br />
with their immediate superiors, subordinates <strong>and</strong> people with<br />
the same level.<br />
5. Development of the system that is adding new users (devices) must be<br />
strictly controlled.<br />
Taking above requirements into account the following principles of cryptographic<br />
data management can be specified:<br />
– session keys, instead of agreeing, should be derived from the base key;<br />
– base keys (relations keys) should be different for each pair of communicating<br />
devices;<br />
– establishing who with who can communicate in secret mode must be possible;<br />
the set of established relations determines the configuration of communication<br />
system;<br />
– relations key are being prepared for a fixed period, called the period<br />
of validity; after that period, they should be replaced by new keys; periodic