Core Avionics Master Plan - NAVAIR - U.S. Navy

More documents

Recommendations

Info

Core Avionics Master Plan 2011 Appendix A-22. Funded Enhancements and Potential Pursuits.Cypher Text Backbone, IPv6/IPv4 dual stack, Converged IP/Enhanced QoS,Increased Bandwidth (ADNS III). (2016) ADNS increment III is the next generation ofADNS and is currently implemented in NCTAMS LANT and PAC and being fielded onships. The primary requirement being met by ADNS III is the GIG requirement toimplement a Cipher Text (CT) core, implemented via NSA approved IP Security (IPSec) standards known as High Assurance Internet Protocol Encryption (HAIPE). Inorder to maintain backward compatibility with Increment II platforms not implementingHAIPE, both increments will be operating in the shore infrastructure through 2015. IOCfor a switch over to Increment III is 2016. This increment will provide:CT Backbone (aka as „black core‟) routing in compliance with GIG requirement.IPv6/IPv4 dual stack (IPv6 in compliance with GIG requirements).Converged IP/Enhanced QoS – All traffic, voice, data and video, will be IP withdynamic QoS and bandwidth management.Load distribution over all RF links.Increased bandwidth 25 / 50 Mbps per platform (requires capable RF link).D. SecurityCommunications Security refers to capability to protect information at allclassification levels against unauthorized interception and exploitation. Two aspects ofsecurity related to information exchange (IE) are: COMSEC (cryptographic encryption ofinformation, both voice and data) to deny unauthorized individuals information derivedfrom telecommunications and to ensure the authenticity of information; andTransmission Security (TRANSEC), the component of COMCSEC resulting frommeasures designed to protect transmissions from interception and exploitation bymeans other than cryptanalysis. COMSEC is an important consideration in all three IEdomains: LOS communications, BLOS communications, and IP networking.1. Current capabilities.Single Channel Ground/Airborne Radio System (SINCGARS), HAVEQUICK,SATURN, TTNT and Link 16 all employ TRANSEC to provide jam resistance andprevent interception of data via frequency-hopping and direct sequence spreading usingNSA approved algorithms. They also employ NSA Type I approved crypto securityalgorithms (Crypto algorithms) for voice / data encryption. Current radios are limited tooperating at one level of security. HAIPE is an NSA trademarked IP Security (IPSEC)Type I encryption standard mandated by NSA for encryption of classified informationtraversing IP networks. The current HAIPE standard is version 1.3.5.2. Funded Enhancements and Potential Pursuits.NSA Compliant Secure Communications. (2012) Existing algorithms currentlysupport secure communications, but are being phased out because they are no longercompliant with NSA requirements. In support of the need for crypto modernization,many embedded COMSEC radios and stand-alone encryption devices are beingupgraded to support modern cryptographic algorithms. The Air Force‟s CryptologicA-2 Information Exchange 20
Core Avionics Master Plan 2011 Appendix A-2Systems Group (CPSG) is developing VINSON (KY-57/58) and ANDVT (AdvancedNarrow-band Digital Voice Terminal) Crypto Modernization (VACM) devices to replaceKY-57, KY-58, KY-99, KY-100 and KYV-5 stand-alone encryption devices. VACMdevices will be developed in accordance with the Tactical Secure Voice CryptographicInteroperability Specification (TSVCIS). The ARC-210‟s embedded COMSEC will beupgraded to meet the TSVCIS. Other applications will require other modern encryptionstandards, such as the Link Encryption Family Interoperability Specification (used by theKIV-7M) and HAIPE Interoperability Specification (used by HAIPE devices).Multiple Independent Level Security (MILS). (2012) MILS is a high-assurancesecurity accreditation allowing multiple security levels on the same terminal at separatetimes. When simultaneous operation is necessary, singular systems must operate withinone security controlled boundary. Data is moved between security domains throughtrustworthy monitors such as access control guards, "down-graders"/cross-domainsolutions, or crypto devices. Any MILS/MLS accreditation comparison should considerwhether the system accreditation can be limited to one security domain per singledeviceor if the application requires the accreditation of a single, more complex MLSkernel connecting multiple domains. The benefit of MILS accreditation is that mostapplications do not require maximal assurance between internal components as theyare in the same security domain.Programmable Crypto. (2013) NSA/Central Security Service (CSS) CryptographicModernization Initiative Requirements for Type 1 Cryptographic Products and NSAInformation Assurance (IA) Directorate policy expect that cryptographic engines for DoDequipment will have a software re-programmable capability. Future systems must meetcryptographic capabilities while eliminating the need to completely replace hardware.New programmable encryption devices will feature modular architectures with theprogrammability and scalability to accommodate a wide range of link and IP encryptionapplications.Stand-alone Encryption (VACM). (2013) VACM development is an Air Force ledeffort to provide a crypto mod compliant, drop in (Form, Fit & Function) replacement forthe KY-57, KY-99A, KY-58, KY-100 and CV-3591/KYV-5 stand alone encryptiondevices. Contract award is planned late FY10 with the expectation that NSA certificationwill occur in the FY13/14 timeframe.3. Advanced Research or Technology Development.Multi-Level Security (MLS). (2014-2017) MLS accreditation provides an interfacecapable of allowing a user to access and process content at multiple classification levelssimultaneously from a single system. MLS is implemented by separation mechanismsthat support both un-trusted and trustworthy applications through enforcement of one ormore internal security policies. These policies only authorize information flow betweenapplications/components in the same security domain.A-2 Information Exchange 21
Page 3 and 4:
Table of ContentsExecutive SummaryE
Page 5 and 6:
Core Avionics Master PlanExecutive
Page 7 and 8:
Core Avionics Master PlanPursue Per
Page 9 and 10:
I. INTRODUCTION.Core Avionics Maste
Page 11 and 12:
IV. RECOMMENDED PRACTICES.Core Avio
Page 13 and 14: Core Avionics Master Plan4. Define
Page 15 and 16: Core Avionics Master PlanAvCIP proc
Page 17 and 18: Core Avionics Master PlanSECNAVISNT
Page 19 and 20: Core Avionics Master PlanSimilar to
Page 21 and 22: Core Avionics Master PlanInterface
Page 23 and 24: Core Avionics Master PlanSECNAV Mem
Page 25 and 26: Core Avionics Master Plan 2011Appen
Page 27 and 28: Core Avionics Master Plan 2011 Appe
Page 43 and 44: EP-3EP-3CRQ-4AMQ-8BEP-8AP-8AAH-1WAH
Page 63: Core Avionics Master Plan 2011 Appe
Page 115 and 116:
Core Avionics Master Plan 2011 Appe
show all

Core Avionics Master Plan - NAVAIR - U.S. Navy

Create successful ePaper yourself

Delete template?

Save as template?