John Trinidad Senior Systems Engineer Harris Corporation Rochester, NY (585) 242-3664 The Challenge in Developing an SCA Compliant.

Slides:



Advertisements
Similar presentations
 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
Advertisements

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
System Security Scanning and Discovery Chapter 14.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Firewall Planning and Design Chapter 1. Learning Objectives Understand the misconceptions about firewalls Realize that a firewall is dependent on an effective.
Chapter 12 Network Security.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
IS Network and Telecommunications Risks
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
NETWORK SECURITY.
Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.
SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Intranet, Extranet, Firewall. Intranet and Extranet.
COEN 252 Computer Forensics
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Presentation on Osi & TCP/IP MODEL
NETWORKING COMPONENTS By Scott H. Bowers. HUB A hub can be easily mistaken for a switch, physically there are no defining characteristics, both have power.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
COEN 252 Computer Forensics Collecting Network-based Evidence.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
© 2009 Research In Motion Limited Advanced Java Application Development for the BlackBerry Smartphone Trainer name Date.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)
CSC8320. Outline Content from the book Recent Work Future Work.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Living in a Network Centric World Network Fundamentals – Chapter 1.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Packet Capture and Analysis: An Introduction to Wireshark 1.
CS460 Final Project Service Provider Scenario David Bergman Dong Jin Richard Bae Scott Greene Suraj Nellikar Wee Hong Yeo Virtual Customer: Mark Scifres.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
SECURITY REQUIREMENTS AND MANAGEMENT: Presentation By: Guillermo Dijk.
IS3220 Information Technology Infrastructure Security
Version 4.0 Living in a Network Centric World Network Fundamentals – Chapter 1.
A presentation by John Rowley for IUP COSC 356 Dr. William Oblitey Faculty member in attendance.
Cryptography and Network Security
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Securing Interconnect Networks By: Bryan Roberts.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)
CompTIA Security+ Study Guide (SY0-401)
100% Exam Passing Guarantee & Money Back Assurance
Security in Networking
CompTIA Security+ Study Guide (SY0-401)
Firewalls Purpose of a Firewall Characteristic of a firewall
Firewalls Routers, Switches, Hubs VPNs
Presentation transcript:

John Trinidad Senior Systems Engineer Harris Corporation Rochester, NY (585) The Challenge in Developing an SCA Compliant Security Architecture that Meets Government Security Certification Requirements Ronald Bunnell Senior Systems Engineer The Boeing Company Anaheim, CA (714)

2 Introduction The Joint Tactical Radio System is being developed to be Software Communication Architecture (SCA) version 2.2 compliant Open Architecture Open Standards Portability The JTRS is also being developed to provide secure communications for the US Military Meet Government security requirements Protect Voice, Data and Network

3 SCA Security Supplement The SCA Security Supplement (SS) version 1.1 defines a number of security require- ments for the SCA (approximately 260) Enhances Security Generic in nature Doesn’t address issues with classified systems Other Government Security Requirements total over 1300

4 SCA SS (cont’d) Some contradiction between requirements exist Multiple requirements documents generated by multiple authors Some requirements assume a specific implementation Challenge is to meet intent of SCA and still provide a secure system

5 Example Security Functions Encryption for confidentiality Authentication of users, commands, software, radio parameter files Integrity of keys, software, files Transmission security to protect the communications channel Protection of network topology

6 Approach

7 Implementation Approach Our Approach to meeting Multiple Single Levels of Security (MSLS) includes providing four channels, each with its own transceiver, cryptographic channel, and processors (RED and BLACK). The JTR allows for the capability to operate simultaneously four instantiated waveforms. Waveforms can be torn down or re-instantiated as required. Two radios connected together can provide for an 8 channel radio.

8 Functional Block Diagram

9 Joint Tactical Radio System Cluster One Security adapter components use Security APIs per the SCA Security Supplement Strict adherence to the SCA maximizes Waveform Application’s portability Adherence to the AEP Constraint of minimum CORBA Use of CF:Devices (i.e., Radio Devices) to interface with hardware Use of existing APIs

10 JTRS Cluster One (cont’d) A set of common Radio Security Services for non-waveform and waveform applications to use. Consists of SCA components that are persistent, SCA-compliant Resources or Devices that reside within the JTR Set and execute on a General Purpose Processor Compliance to the SCA to provide portability and reuse for other Clusters

11 Software Structure

12 Waveform Porting Security Architecture must support porting of waveforms Eleven legacy waveforms in addition to the WNW Design guidance given to waveform developers in meeting porting, bypass and other security related issues

13 Network Security JTRS is designed to provide transformational communications in the form of the JTRS Networking capability Waveforms provide tremendous connectivity to each Radio node With this improved connectivity, comes greatly increased exposure to threats. Threats now are also network centric and can affect JTRS nodes from anywhere on the planet.

14 Network Assurance SCA mandates separate network stacks (TCP/IP) for internal software transactions and for external waveform support Information Assurance approach must Prevent/Detect Network attacks Provide protection to Detection System

15 Defense in Depth Robust Waveform TRANSEC COMSEC Secured Protocols Jammers Detectors Traffic Analyzers Interceptors RF Traffic Analysis Disgruntled Inside Hackers Black (D)DoS Attacks Host Abuse Improper Management Red IP Network Black IP Network Packet Filtering Red Router Packet Filtering Black Router Risks Subversion of Resources O/S Red (D)DoS Attacks

16 Limitations Control placed on CORBA calls and other data bypass of the Cryptographic Unit Mainly concerned with Red to Black bypass Some concern with Black to Red Limits need to be placed on amount and type of Bypass data Limit free text for example

17 Cryptographic Bypass Four types of bypass: Header bypass Waveform control/status bypass System control/status bypass Plain text bypass Each Application will have a Bypass policy Guidelines for Applications established. Waveform developers are defining

18 Conclusion While providing a complete open architecture is not totally possible, given our need to protect data as well as the radio from attack, standards can be applied to the Security Architecture that support portability across a number of different platforms

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.