WIXLIB

Cryptologic Systems Group“Ensuring Information Superiority and Agile Combat Support”FOR OFFICIAL USE ONLYSKL Wireless &Black Data Distribution SystemOverviewJack RogersAF Tier 3 Program Lead(210) 925-2428DSN 945-2428FOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #1

The Good, The Bad and The UglyLet’s Start WithTHE BADFOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #2

Top 5 Signs The Economy is Bad 1. A truck full of Americans got caughtsneaking into Mexico 2. People in Beverly Hills forced to firenannies and learn their children’s names 3. Motel 6 won’t leave the lights on 4. People in Africa are donating money toAmericansFOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #3

Top 5 signs the economy is bad 5. If the bank returns your check markedas “insufficient funds”, you have to callthem and ask if they meant you or themFOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #4

The UglyFOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #5

The GoodFOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #6

SKL –W Concept/UpdateFOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #7

Letter from ACC/A6 for F-22:3. Our experts from the aircraft maintenance units,communications unit, and staff have determinedin conjunction with input from National SecurityAgency (NSA), Air Force CommunicationsAgency (AFCA), Science ApplicationsInternational Corporation (SAIC), and CryptologicSystems Group (CPSG) that the followingrequirements are necessary to facilitate keyavailability world-wide and to the aircraft/system.a. Wireless SIPRNet access on the flight line to thecaircraft on the ramp. This will requirecommunications equipment and possiblypersonnel. No technical solution at this time.b. Internet protocol (IP) file transfer of key material.We believe we have the capability to deliver thisrequirement due to cooperation with all theagencies listed. However, it requires a policychange for the Air Force. We’ll work with AFCAto affect a policy change, but requirement stillneeds to be identified in appropriate documentsat Air Force level.FOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #8

UNCLASSIFIEDAF Capability Gap Operational suitability of benign fill exchange Operational impacts incurred due to multiplephysical trips Enhancements could cut tactical rekey time Can’t wait for single trip benign fill KMI CI-3 Redesign of ECUsUNCLASSIFIEDFOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #9

UNCLASSIFIEDArmy Capability Gap Army Deployed Operations Delivering Keys to forward deployed forces isdifficult and dangerous Leads to trips through potentially hazardous terrainexposing war fighters to ambush and IED’sFOBCOMSEC AccountUNCLASSIFIEDFOROFFICIAL USE ONLYFOBWarfighter“Securing the Global Information Grid (GIG)”Slide #10

Pilot Concept of OperationsWarfighterTier 3: Flight LineCentral FacilityTier 0: NSA802.11gSIPRNETACCESSPOINTPTFH/PTSATier 1: DoDSECNETDMDDS101SKLCOMSEC AccountTier 2: LMD/KPPhysical Trips Across the Air FieldDS101DMDF-22FOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #11

DMD-W Concept of OperationsClient /Server ApplicationWarfighterTier 3: Flight LineCentral FacilityTier 0: NSA802.11SIPRNETACCESSPOINTPTFH/PTSATier 1: DoDDMD WirelessCOMSEC AccountPhase IDS101Tier 2: LMD/KPDMDF-22FOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #12

SKL-W Concept of OperationsWarfighterTier 3: Flight LineCentral FacilityTier 0: NSA802.11SIPRNETACCESSPOINTPTFH/PTSATier 1: DoDCOMSEC AccountTier 2: LMD/KPPhase IISKLWirelessDS101DMDF-22FOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #13

SKL-Wireless Concept Integration of SECNET 11, DMD and SKL led tothe development of the SKL–WSECNET 11DMDSKL-WSKLFOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #14

SKL-WSLED Wireless Enclosure Army / Air Force IntegrationThis SKL-W version connects by: Removing SKL battery Attach the SKL-W Sled Attach the SKL battery to the back ofWireless device Enabling SKL wireless Sled totransmit Black and Benign FillMessages WirelesslySNC Proprietary InformationFOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #15

SLED SECNET 11 EnclosureOur enclosure design incorporates thefollowing features SN 11 dome extends above SKL formfactor Zeroize buttons under battery this isthe only way to reach the zeroizebuttons on the SN11 card Note - SN11 will also have s/w zeroizeover PCMCIA interface Two 3dBi dipole antennas Standard 6 pin audio fill port to keySN11 card POGO PIN interface to SKL and SKLbattery Light Pipes for SN11 Status SLED power on/off button for nonwireless SKL useSNC Proprietary InformationFOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #16

UNCLASSIFIEDPhase I Test Results Phase I has achieved the ACC/A6 10 min requirement CPSG will deliver the “Phase I DMDW” to the war fighter this year, CPSGwill provide operation andmaintenance of the software andhelpdesk support CPSG will provide the Secnet 11infrastructure to the most critical F-22bases as the Air Force CITS 2 Genprogram becomes operationalFOR OFFICIAL USE ONLYBaselineTimeRedball / RekeySKL 4.036min 44secRedball / RekeySKL 5.032min 03secWirelessTimeRedball / RekeySKL 5.016min 35secRedball / RekeySKL 5.0 –Requesting Creds16min 25secRedball / RekeySKL 5.0 – Loadingonly Master ECU8min 14sec“Securing the Global Information Grid (GIG)”Slide #17

Tyndall Test FlightlineFOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #18

SKL –W Concept/UpdateFOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #19

SKL –W Concept/UpdateFOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #20

SKL – Wireless Testing – 2009 Nellis AFB, Jul 22-31 Tyndall AFB, August 24-28 (tentative) Demonstration of Operational capability – LangleyAFB, Nov 2009FOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #21

Black Data Distribution System(BDDS) Cross Domain Solution Enable key distribution across multiple domains Direct connect of Secret COMSEC to SECRET platforms Concept allows for 24/7 key operations from geographically separatedlocations Direct connect to Tier I devise (LMD/KP). Eliminating manualprocessing Allows for key distribution to multiple Tier III devises i.e. SMEPED,DMD, SKL, SKL/W Proof of concept servers are built, and have been tested at ITEC labFOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #22

Black Data Distribution SystemKey Server Based on NRL NKMS Web Server Provides all automation for key distribution Data is relayed between LMD and SKL via access-limiteddrop points on the server (mailboxes / ftp directories / etc) Server allows for multiple Comsec accounts to be hostedand accessed by certified users across the globe Distributes black and benign fill key using a push and pullparadigmLMD/KPPULLPUSHPULLBLACK KEYSERVERPUSHTIER3 Can be a stand alone device or part of a integrated CrossDomain SolutionFOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #23

Black and Benign Fill Key ServerCross Domain SolutionWarfighterTier 3: Flight LineCentral FacilityTier 0: NSA802.11gPTFH/PTSATier 1: DoDSIPRNETNIPRNETACCESSPOINTCOMSEC AccountTier 2: LMD/KPCDSFOR OFFICIAL USE ONLYPhase IIIBlackKeyServer“Securing the Global Information Grid (GIG)”SKLWirelessDS101F-22Slide #24

Black Key ServerTier IIIDMD orSKL/WHighCARDSServerTGSGuardLowCARDSServerTIER IIFOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #25

Point to Point TerrestrialDeployable InfrastructureRequired H/WLab ConfigurationDMD PS (COMSEC)IP: 172.16.2.26Building on FlightlineBase COMSECTACLANE 1IP (R): 172.16.2.1IP (B):180 SectorAntenna(14 dBi)TACLANE 2IP (R): 172.16.1.1IP (B):SECNet11 WAPIP: 172.16.1.3SSID; SLEDDEMOFlightlineLightning ArrestorsDMD-PSLaptopLMDSKL-WIP: 172.16.1.5SSID: SLEDDEMOBi-Directional RFAmpsTACLANE1AirGapEthernetTACLANE 2SKL-WRFSECNET 11WAPEthernetDMD-WMiniGSA Class 5IPS SafeFOR OFFICIAL USE ONLYMiniGSA Class 5IPS Safe“Securing the Global Information Grid (GIG)”Slide #26

UNCLASSIFIEDQUESTIONS?UNCLASSIFIEDFOROFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #27

Black and BenignClient /Server Application (Phase I) Intelligent Store and Forward Server IP based Black Data and Benign Fill distribution Client Server communications can distribute to anyDMD connected to SIPRNET SPECS Windows Server 2003.NET FrameworkC SharpSQL 2005Can be formed as Server FarmSockets Connection but moving towards a morereliable connection due to inconsistent RFcommunications 6-9 Month Development producing two spirals Spiral 1 –Creation of single account server deliveredMarch 2008 Spiral 2 – Multiple account server delivered August2008Server FarmDMDSRVDMDDMDSRVDMDDMDSRVDMD Does not include C&AFOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #28

Black and Benign Fill Key ServerCross Domain SolutionWarfighterTier 3: Flight LineCentral FacilityTier 0: NSA802.11gSIPRNETNIPRNETPTFH/PTSATier 1: DoDACCESSPOINTCOMSEC AccountPhase IIITier 2: LMD/KPCDSFOR OFFICIAL USE ONLYBlackKeyServer“Securing the Global Information Grid (GIG)”SKLWirelessDS101F-22Slide #29

Black and BenignKey Server ArchitectureFOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #30

Cross Domain Solution “Official” Definition from theUCDMO – “A form of controlled interfacethat provides the ability tomanually or automaticallyaccess/transfer informationbetween security domains” The newest Cross DomainSolutions are tools thatattempt to allow the benefits ofCOTS software and servicesacross information sensitivitylevels.CDS ServiceInternal Data Guard LogicMultiple Clients CDS solutions can utilizeguard technologies, trustedsystems, and COTS softwareto provide contemporaryinformation services.* Derived from David Carroll’s CDS 101FOR OFFICIAL USE ONLYInternal ServicesNetwork“Securing the Global Information Grid ata)Slide #31

F-22 Key Management UpdateACC RequirementsRequirement #1 – Operational ZeroizationThreshold: Key Management Tier 2/3 systems shall bedeveloped to provide COMSEC system keys to the F22 End Cryptographic Units (ECU) during red ballzeroization within 10 minutes.Objective: Tier 2/3 systems shall be developed to provideCOMSEC system keys to the F-22 End CryptographicUnits (ECU) during red ball zeroization within 5minutes.FOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #32

F-22 Key Management UpdateACC RequirementsRequirement #2 – Annual Re-key InitializationThreshold: Key Management Tier 2/3 systems shall bedeveloped to support an annual COMSEC Re-Key ofall ECUs within the F-22 within 30 minutes or less.Objective: Management Tier 2/3 systems shall bedeveloped to support an annual COMSEC Re-Key ofall ECUs within the F-22 within 15 minutes or less.FOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #33

F-22 Key Management UpdateACC RequirementsRequirement #3 – New/Spare ECU InitializationThreshold: Key Management systems shall bedeveloped to provide COMSEC system keys to the F22 End Cryptographic Units (ECU) during ECUinitialization within 15 minutes. This requirement isrelated to a maintenance/replacement event whichcauses a new ECU to be re-keyed.Objective: Key Management systems shall be developedto provide COMSEC system keys to the F-22 EndCryptographic Units (ECU) during ECU initializationwithin 10 minutes or less. This requirement is related toa maintenance/replacement event which causes a newECU to be keyed.FOR OFFICIAL USE ONLY“Securing the Global Information Grid (GIG)”Slide #34