Publications

Refine Results

(Filters Applied) Clear All

A compact end cryptographic unit for tactical unmanned systems

Summary

Under the Navy's Flexible Cyber-Secure Radio (FlexCSR) program, the Naval Information Warfare Center Pacific and the Massachusetts Institute of Technology's Lincoln Laboratory are jointly developing a unique cybersecurity solution for tactical unmanned systems (UxS): the FlexCSR Security/Cyber Module (SCM) End Cryptographic Unit (ECU). To deal with possible loss of unmanned systems that contain the device, the SCM ECU uses only publicly available Commercial National Security Algorithms and a Tactical Key Management system to generate and distribute onboard mission keys that are destroyed at mission completion or upon compromise. This also significantly reduces the logistic complexity traditionally involved with protection and loading of classified cryptographic keys. The SCM ECU is on track to be certified by the National Security Agency for protecting tactical data-in-transit up to Secret level. The FlexCSR SCM ECU is the first stand-alone cryptographic module that conforms to the United States Department of Defense (DoD) Joint Communications Architecture for Unmanned Systems, an initiative by the Office of the Secretary of Defense supporting the interoperability pillar of the DoD Unmanned Systems Integrated Roadmap. It is a credit card-sized enclosed unit that provides USB interfaces for plaintext and ciphertext, support for radio controls and management, and a software Application Programming Interface that together allow easy integration into tactical UxS communication systems. This paper gives an overview of the architecture, interfaces, usage, and development and approval schedule of the device.
READ LESS

Summary

Under the Navy's Flexible Cyber-Secure Radio (FlexCSR) program, the Naval Information Warfare Center Pacific and the Massachusetts Institute of Technology's Lincoln Laboratory are jointly developing a unique cybersecurity solution for tactical unmanned systems (UxS): the FlexCSR Security/Cyber Module (SCM) End Cryptographic Unit (ECU). To deal with possible loss of unmanned...

READ MORE

Leveraging Intel SGX technology to protect security-sensitive applications

Published in:
17th IEEE Int. Symp. on Network Computing and Applications, NCA, 1-3 November 2018.

Summary

This paper explains the process by which Intel Software Guard Extensions (SGX) can be leveraged into an existing codebase to protect a security-sensitive application. Intel SGX provides user-level applications with hardware-enforced confidentiality and integrity protections and incurs manageable impact on performance. These protections apply to all three phases of the operational data lifecycle: at rest, in use, and in transit. SGX shrinks the trusted computing base (and therefore the attack surface) of the application to only the hardware on the CPU chip and the portion of the application's software that is executed within the protected enclave. The SDK enables SGX integration into existing C/C++ codebases while still ensuring program support for legacy and non-Intel platforms. This paper is the first published work to walk through the step-by-step process of Intel SGX integration with examples and performance results from an actual cryptographic application produced in a standard Linux development environment.
READ LESS

Summary

This paper explains the process by which Intel Software Guard Extensions (SGX) can be leveraged into an existing codebase to protect a security-sensitive application. Intel SGX provides user-level applications with hardware-enforced confidentiality and integrity protections and incurs manageable impact on performance. These protections apply to all three phases of the...

READ MORE

Secure embedded systems

Published in:
Lincoln Laboratory Journal, Vol. 22, No. 1, 2016, pp. 110-22.

Summary

Developers seek to seamlessly integrate cyber security within U.S. military system software. However, added security components can impede a system's functionality. System developers need a well-defined approach for simultaneously designing functionality and cyber security. Lincoln Laboratory's secure embedded system co-design methodology uses a security coprocessor to cryptographically ensure system confidentiality and integrity while maintaining functionality.
READ LESS

Summary

Developers seek to seamlessly integrate cyber security within U.S. military system software. However, added security components can impede a system's functionality. System developers need a well-defined approach for simultaneously designing functionality and cyber security. Lincoln Laboratory's secure embedded system co-design methodology uses a security coprocessor to cryptographically ensure system confidentiality...

READ MORE

Secure architecture for embedded systems

Summary

Devices connected to the internet are increasingly the targets of deliberate and sophisticated attacks. Embedded system engineers tend to focus on well-defined functional capabilities rather than "obscure" security and resilience. However, "after-the-fact" system hardening could be prohibitively expensive or even impossible. The co-design of security and resilience with functionality has to overcome a major challenge; rarely can the security and resilience requirements be accurately identified when the design begins. This paper describes an embedded system architecture that decouples secure and functional design aspects.
READ LESS

Summary

Devices connected to the internet are increasingly the targets of deliberate and sophisticated attacks. Embedded system engineers tend to focus on well-defined functional capabilities rather than "obscure" security and resilience. However, "after-the-fact" system hardening could be prohibitively expensive or even impossible. The co-design of security and resilience with functionality has...

READ MORE

A usable interface for location-based access control and over-the-air keying in tactical environments

Published in:
MILCOM 2011, IEEE Military Communications Conf., 7-10 November 2011, pp. 1480-1486.

Summary

This paper presents a usable graphical interface for specifying and automatically enacting access control rules for applications that involve dissemination of data among mobile tactical devices. A specific motivating example is unmanned aerial vehicles (UAVs), where the mission planner or operator needs to control the conditions under which specific receivers can access the UAV?s video feed. We implemented a prototype of this user interface as a plug-in for FalconView, a popular mission planning application.
READ LESS

Summary

This paper presents a usable graphical interface for specifying and automatically enacting access control rules for applications that involve dissemination of data among mobile tactical devices. A specific motivating example is unmanned aerial vehicles (UAVs), where the mission planner or operator needs to control the conditions under which specific receivers...

READ MORE

Efficient transmission of DoD PKI certificates in tactical networks

Published in:
MILCOM 2011, IEEE Military Communications Conf., 7-10 November 2011, pp. 1739-1747.

Summary

The DoD vision of real-time information sharing and net-centric services available to warfighters at the tactical edge is challenged by low-bandwidth and high-latency tactical network links. Secured tactical applications require transmission of digital certificates that contribute a major portion of data in most secure sessions, which further increases response time for users and drains device power. In this paper we present a simple and practical approach to alleviating this problem. We develop a dictionary of data common across DoD PKI certificates to prime general-purpose data compression of certificates, resulting in a significant reduction (about 50%) of certificate sizes. This reduction in message size translates in to faster response times for the users. For example, a mutual authentication of a client and a server over the Iridium satellite link is expected to be sped up by as much as 3 sec. This approach can be added directly to tactical applications with minimal effort, or it can be deployed as part of an intercepting network proxy, completely transparent to applications.
READ LESS

Summary

The DoD vision of real-time information sharing and net-centric services available to warfighters at the tactical edge is challenged by low-bandwidth and high-latency tactical network links. Secured tactical applications require transmission of digital certificates that contribute a major portion of data in most secure sessions, which further increases response time...

READ MORE

ASE: authenticated statement exchange

Published in:
2010 9th IEEE Int. Symp. on Network Computing and Applications, 7 December 2009, pp. 155-161.

Summary

Applications often re-transmit the same data, such as digital certificates, during repeated communication instances. Avoiding such superfluous transmissions with caching, while complicated, may be necessary in order to operate in low-bandwidth, high-latency wireless networks or in order to reduce communication load in shared, mobile networks. This paper presents a general framework and an accompanying software library, called "Authenticated Statement Exchange" (ASE), for helping applications implement persistent caching of application specific data. ASE supports secure caching of a number of predefined data types common to secure communication protocols and allows applications to define new data types to be handled by ASE. ASE is applicable to many applications. The paper describes the use of ASE in one such application, secure group chat. In a recent real-use deployment, ASE was instrumental in allowing secure group chat to operate over low-bandwidth satellite links.
READ LESS

Summary

Applications often re-transmit the same data, such as digital certificates, during repeated communication instances. Avoiding such superfluous transmissions with caching, while complicated, may be necessary in order to operate in low-bandwidth, high-latency wireless networks or in order to reduce communication load in shared, mobile networks. This paper presents a general...

READ MORE

Showing Results

1-7 of 7