Typical TCP/IP Network
Dr. Bruce C. Gabrielson
Kaman Sciences Corporation
Alexandria, VA
October 1995
Introduction
Department of Defense organizations maintain both local area networks and wide area networks to allow the transfer of employee related personal information. This information is protected under The Privacy Act of 1974, and DoD Instructions.
The Privacy Act of 1974 (P.L. 93-579) applies to all Federal agencies in the Executive Branch of Government, and to any commercial contractor maintaining a system of records to accomplish a Government mission. The Act pertains to records from which information is retrieved by a personal identifier (i.e. name, SSN, fingerprint, photograph, etc.), and to records which contain personal information. This law forms the basis for the development of most subsequent network security products and requirements.
Network Configuration
Typical communications systems are often a baseband system connecting various TCP/IP protocol local area networks at a site (Figure 1). Access to the sensitive information is limited to those who have been given permission by an authorizing organization (AO). Accounts are password controlled and provide only work-related personal information (i.e. information which would not fall under privacy act) to the general user. Traffic between internal and external networks is related to both usage and type of link used.
Applicable Sensitive Area Connectivity
Authorized users with read/write privileges connect to sensitive databases from their individual machines, typically through a personal computer, Macintosh, or a DEC terminal. This is the usual method of access, and represents the majority of users. Dial-in Connectivity from a modem bank may also available.
Generic Network Protection
In addition to password access controls, direct protection of sensitive or classified data through encryption offers the best means of securing networks. Looking at software only, hardware only, or hardware and software combination schemes, security protection can be enhanced only by selective application of both hardware encryption devices and hardware.
Two approaches are dominant in securing local are networks: the single distributed system approach and the network component approach. The single distributed system approach is a homogeneous collection of workstations and servers that depend on the services of a secure operating system. The network component approach is much less dependent of the security features of single trusted AIS (a single user or workstation in this case). The resulting LANs may be more heterogeneous in terms of hardware and secure operating systems.
Figure 2 ilustrates a model of LAN security where it is desirable to incorporate untrusted (or less trusted) hosts at levels less than system high. To accomplish this objective, the LAN requires some form of access control over and above password protection. This control is generally incorporated in network components with an encryption device often referred to as a Trusted Interface Unit.
Trusted Interface Units (TIUs) are available for all levels of security. They insure the separation and correct labeling of information as it is read and written to the transmission medium. Label attachment and access control is the sole responsibility of the TIUs. The TIU may also provide some form of discretionary access control between hosts. The operational parameters of the TIU (the levels at which the units operate) and the key distribution system must be centrally administered by a network security officer. In this model, security is not a function of a single host operating system.
One of the major advantages of this approach is that existing untrusted hosts and unmodified host operating systems may be utilized without requiring operation at the network system high level. System high operation is a condition that would be unacceptable on most networks. For example, in the previous figure, because the TIU's insure that the hosts do not have access to user data, these hosts can be incorporated at a level less than the network's system high.
As the model is modified to allow additional resource sharing, a multilevel host may be added. At this point, the security of the network becomes dependent on both the security services provided by the trusted interface units as well as the security provided by the multilevel host. The multilevel host must be trusted to insure correct separation and labeling of two or more levels of information.
When Trusted LAN's are connected, additional security measures are imposed. Multiple access implies the support of multiple simultaneous virtual connections. The quantity and type of these connections is governed by the traffic handling requirements levied on the specific server. These items can be fine tunable by the Network Administrator as part of network management functions but also represent an additional overhead cost to the system.
Cryptology
Encryption is a technique that protects computer based files and transmissions from unauthorized access. Cryptography is the dominant means of securing data for transmissions. It can be categorized as either secret key cryptography or public key cryptography. Secret key cryptography uses a single cryptography key shared by two communicating parties. For secret key cryptography to be effective, the key must be kept secret and controlled only by the parties that have access to the key.
The Federal Information Processing Standard (FIPS) 46-1, Data Encryption Standard (DES), currently defines the secret key algorithm to be used by the government for encrypting unclassified federal information, particularly on digital networks. However, a new technologies have been developed by NSA incorporating an new standard in voice or data (telephone line) encryption called Clipper which is based on the Skipjack encryption algorithm. Clipper has received Government endorsement but lacks acceptance by users and industry as a replacement for DES.
FIPS Pub. 46, issued in 1977 initially, formed the basis for the introduction of the Data Encryption Standard (DES) as an agency approved method of securing unclassified but sensitive information. The current National Institute of Standards and Technology publication, 46-1, reaffirms NIST's approval and use of the DES algorithm through at least 1993.
Use of the DES in the Federal Government at present is applicable only to the protection of data communications, and mandated only after it has been determined that encryption is required. Federal Standard 1027, Telecommunications: Inter-operability and Security Requirements for use on the Data Encryption Standard, in the Physical Layer of Data Communications was issued in 1982. This standard required the implementation of the 1970's developed DES algorithm in the telecommunications environment. The algorithm is the code used in encrypting data. Since DES complies with FS 1027, it is, in effect, a Government endorsed standard applicable for use at DoD sites.
Another popular encryption approach employs a public key system. Public key cryptology uses a session key which is developed using a public key and the unique private keys from the two parties communicating. The public key protocol allows for secrecy of the message without requiring secrecy of the keys. Keys are exchanged electronically without user intervention in this approach.
Public key devices are effective in reducing the threat to commercial information, but are not approved for government communications at this time. However, when combined with DES, they are acceptable and widely used in key management systems. Secure, one time session keys are generated for bulk encryption of the data, using DES techniques. The session key is then secured for transmission using RSA public and private keys. RSA is a commonly used public key system.
Available Products
Many commercial products are available to secure information in the non-trusted network environment. In general, they have been designed to allow the sending of secure data over a local or wide area network, public, or private. Most set up the session in the clear then encrypt the files on the PC before they are sent. Once sent, only the authorized recipient can read the protected information. The primary drawback to most network encryption schemes is the operational overhead and slowdown created when encrypting.
The majority of network type products identified are designed to encrypt files prior to transmission, and do not allow multi-user interactive encrypted communications. The Andrew File System (AFS) currently used at many sites is such a system. AFS can support DES encrypted data within the packets for network file transfers. AFS no longer uses a whole file transfer approach, and it does not support byte-range locking which prevents multiple users from simultaneously accessing the database. A similar product, DFS, does support byte-range locking and encryption over the network (with the packet privacy option). However, its performance is currently slow and somewhat cumbersome.
Securing Connectivity
The following information describes the specific approaches applicable to networks. Users can be grouped, by method of connectivity, into one of four categories. These are:
Typical Solutions
There are several methods that when combined can achieve the necessary data security. No one method is applicable for all scenarios. Both end-to-end and link-by-link encryption (Figure 1) could be implemented. However, the cost of implementing link-by-link is significantly higher then end-to-end, making end-to-end the desirable approach for dedicated links.
Restricting on-site access to the privacy data on systems represents a significant cost burden and technical problem. Three potential methods are available to achieve overall protection as shown in Figure 3.
1. Encrypt files before transfer.
The first method can be implemented completely with software, and requires no special key management for on-line processing. Encrypting files prior to transfer does not provide for the on-line usage requirements and will not be considered further. However, this is the preferred approach for key distribution over networks, and can be implemented by software only.
Although implementing encryption on internal networks will create little additional operating burden for non-users, it will represent additional operator interaction at the individual terminal level.
2. Provide a secure gateway to the sensitive system.
This solution would support real time encrypted processing. However, only those machines using an equivalent encryption system located either on their own node or at their machine can access the sensitive data. No access to any sensitive data can be allowed without the encryption device. Installing an encryption device at the node level would burden normal node usage for other functions. Therefore, the only practical solution is to provide an encryption device at each machine requiring access.
3. Installing formal level of trust protection (including file encryption) for private information directly on the system containing the sensitive data.
In this scenario, only the specific data to be protected would be stored in an encrypted form. A less expensive secure gateway like approach 2 will still be required, but could be implemented at the user level. Possibly Kerberos would work instead of a gateway. Normal access to non-protected files would not be effected. However, the final solution could require software development. In this case, the encrypted link would first be established to the machine containing sensitive data. Once this machine recognized that a secure link was established, it would require a password before it provided decrypted data to the secure link for re-encryption and transmission.
The following sections identify potential solutions for the above three applications. Where applicable, costs are included for budgetary purposes. However, it should be understood that implementation of any off-site approach described would be shared between the internal LAN and the off-site locations. Only one of the solutions below, Kerberos, is applicable to DEC connectivity.
The Datacryptor 64E
The Datacryptor 64E encrypts data at speeds up to 64 Kbps using either DES or a proprietary algorithm. Data remains encrypted until it is decrypted at its destination. Only the data fields with packets are encrypted to facilitate proper network routing. A X.25 network requires a X.25 Datacryptor at each remote site and one X.25 Datacryptor at the central site. Data can be encrypted or sent in the clear depending on the destination. A Datacryptor and modem at each site would also work for dial-in applications.
The Datacryptor 64 E costs about $6500 per unit. It is available through Racal-Datacom, Inc., 1601 North Harrison Parkway, Sunrise, FL, 33323, 305-846-1601.
Network Encryption System
The Network Encryption System (NES) DoD LAN/Internet Application provides end-to-end security between hosts running DoD IP as the network layer, and both 802.2 LLC/802.3 MAC, and Ethernet versions 1 and 2 MAC as the link and physical protocols respectively, across DoD standard internetworks. The cost for a NES per site is about $17,000. It is available from Motorola Government Electronics Group, 82091 E. McDowell Rd, P.O. Box 1417, Scottsdale, AZ 85252-1417. 602-441-3685.
Network Security System
The Network Security System (NSS) employs the original communications lines, modems, routers, and bridges that were used before the encryption system was implemented. It provides end-to-end encryption which is transparent to the user.
The NSS consists of two components, the Network Security Center (NSC) and the Network Encryption Unit (NEU). The NSC is an automated system which eliminates the need for key servers. It does this by distributing unique access rights information to the NEU at each node. The NEUs then generate and distribute encryption keys among themselves.
The NEU is placed between the network and one or more nodes to be protected as shown in Figure 4. These nodes can be PCs, workstations, printers, servers, or mainframes. All data leaving or entering protected nodes must go through the NEU.
Costs to implement the NSS include a NSC for $17,000, a $1,600 for the Ethernet NES at each node, $1,900 for the TCP/IP and X.25 NES, and a $6,600 router. The NSS is available through Semaphore, 2040 Martin Ave., Santa Clara, CA 95050. 408-980-7750.
Kerberos
Kerberos is an authentification and encryption system widely used in the academic community. One advantage to using this approach is its familiarity with many potential users. It is recommended and supported by both the UNIX International and Open Software Foundation organizations. It is shareware that is widely available. However, PC/TCP Kerberos commands are U.S. Government restricted, and must be obtained through vendors (such as FTP Software).
Kerberos security requires registration of all users and servers. Users and server clients are called principals. Kerberos security assigns each principal a private key. For users, this key results from a one-way function applied to the user's password.
Figure 5 shows the interaction between Kerberos clients and servers. The Kerberos authentication server contains a database of Kerberos principals and their private keys. This server must be physically secured. Network services, as well as users, require Kerberos authentication. Tickets are granted by the Kerberos server for individual sessions or pre-specified time periods, or by default 8 hour periods. Setup commands are quickly initiated (three to six commands), and once the session is established, the message encryption function is transparent.
