4 October 1997
http://www.bl.gordon.army.mil/bcblg/comsar/960214.htm [Excerpt] e. SECURITY PROOF OF CONCEPT KEYSTONE (SPOCK). On 6 Feb 96, Mr. Russell Dwire, BCBL(G) contractor, attended a SPOCK briefing presented by Mr. Terry Losonsky of the NSA V2 Office of Commercial Solutions and Enabling Technologies. Two FORE Systems Federal briefings were presented to the forum. The first presentation dealt with FORE Systems solution to the ATM environment. They gave a brief description of all their ATM compatible devices. These included devices from the single workstation up to software that monitors and assists with the configuration of the ATM network. FORE Systems has developed ATM switches that support a dynamic environment. If one of their ATM switches is pulled off the network and placed at another location, the ATM will automatically reconfigure itself without manual intervention. During the second presentation, FORE Systems briefed their MLS efforts. They were aware of some solutions to MLS, but they stated they couldn't solve all of the issues. They then requested guidance and assistance from SPOCK and the general audience on how to best solve the MLS issues pertaining to ATM. Information Resource Engineering, INC (IRE) then briefed their A400S, a Fortezza based modem, which is an external modem that connects to the serial port of a PC or laptop and then connects to a standard phone jack. The A400S is an encrypting modem using the FIPS 185, Escrowed Encryption Standard (SKIPJACK) algorithm. NSA has certified the IRE serial port Fortezza product as compliant with the Fortezza Standard. Fortezza has been approved to provide secure data transfer at the Secret level, therefore, IRE desires to use the modem to transfer classified information up to Secret as a low cost replacement to the STU III. IRE desires SPOCK to evaluate their device and V2 requests the BCBL(G) to participate in evaluating this product. (Mr. Russell J. Dwire, BCBL(G) contractor, 706-791-8333) ------------------------------------------------------------------- http://www.bl.gordon.army.mil/bcblg/comsar/960320.htm [Excerpt] a. GBS COMSEC. In an effort to investigate potential COMSEC solutions for the Global Broadcast System, BCBL(G) has contacted the NSA Thornton Program Office to inquire about potential applicability of the COMSEC/TRANSEC Integrated Circuit (CTIC) embeddable module. The CTIC is part of the NSA Family of Standard Embeddable Modules and could potentially be embedded in a GBS component to perform link encryption instead of the existing KG-194. The CTIC is a multi-purpose cryptographic module that is currently embedded in the Universal Modem System, SCAMP, SMART-T, E-MUT, AF Low Cost Terminal (LCT), JTIDS Commander's Tactical Terminal, and other products. It is capable of half-duplex encryption of up to 30 Mbps. Fortezza based encryption is not suitable for this application because of security concerns and throughput requirements. A CTIC Interface Control Document will be sent from NSA and then discussions will continue. (Mr Jack Kuerzi, CECOM REP, BCBL(G), 706-791-8253) -------------------------------------------------------------------- http://www.bl.gordon.army.mil/bcblg/comsar/960605.htm [Excerpt] b. SPOCK. Attended SPOCK Meeting in Columbia, MD on 4 June 1996. Discussed briefly with CPT Artiaga, NSA, the possibility of doing some SPOCK initiatives during JWID. GTE presented claims on the InfoGuard 100 to the SPOCK group. The InfoGuard 100 provides high speed encryption for ATM networks. Fisher International presented a briefing on their "Watchdog" and "Smart Disk". The "Watchdog" software is rated D2 (for personal computers, C2 functional equivalency) by the National Computer Security Center of the DoD. Watchdog provides a complete security solution. Fisher International was selected as the secure vendor of choice of Paperless Office Federal Transactions for a Public Pilot. Piloting more than 2000 units of "Smart Disk" for secure internet transactions with the Federal Government. Each Smart Disk works in the 3.5" drives, has it own microprocessor, and resident operating system. The Smart Disk provides a software solution and hardware solution for PCs and Macintosh computers with features such as: two factor access control; transparent encryption and decryption, master boot record virus detection, and secure screen saver. NSA presented a briefing on a firewall that they are developing for ATM. The vendor is NSC. The next meeting is scheduled for 2 July 1996. One of the briefings will be on Intrusion Detection Software. (James Widby, BCBL(G), 706-791-8344) -------------------------------------------------------------------- http://www.bl.gordon.army.mil/bcblg/comsar/960703.htm [Excerpt] (1) Encryption Demonstration. In June 1996, a DirectPC Encryption Demonstration was held at Hughes Aircraft Corporate Headquarters in Washington, DC. The demonstration was reviewed as part of the ACT-II WMBW Program. The HRB Systems SSP-3110 and SRP-AT Encryption Devices were used to encrypt and decrypt files delivered via the DirecPC System. -------------------------------------------------------------------- http://www.bl.gordon.army.mil/bcblg/comsar/960710.htm [Excerpts] (2) FORTEZZA ENCRYPTION. Initial tests of Fortezza Encryption were successful for the ruggedized laptops, but failed for the desktop suites. A new desktop hardware solution is being developed and will be tested in the next week. Encrypted files have been successfully pushed to receive suites and pulled down from the NOC database, decrypted and processed. Throughput measured was significantly slower than expected (200kbs or less) and further investigation of the limiting factors will be undertaken. ... b. DIRECTPC ENCRYPTION. The redeveloped Fortezza Encryption Architecture for DirectPC ACT II will be fully tested prior to a NSA SPOCK Assessment during the period 15-19 July. NSA is working on temporary approval to operate during JWID 96 so that DirecPC can be used as part of the SECRET HIGH network. The SPITFIRE, TDRSS and MSE backlink experiments will be conducted. A demonstration to the Topographical Engineering Center (TEC) at Fort Belvoir and the Engineer School at Fort Leonard Wood will be conducted to show the capability of DirecPC to support the broadcast and processing of battlefield topographical data. (MAJ Richardson, BCBL(G), 706-791-6878) -------------------------------------------------------------------- http://www.bl.gordon.army.mil/bcblg/comsar/960724.htm [Excerpt] b. FORTEZZA ENCRYPTION. An assessment of security claims made by Hughes Defense Systems on the basic DirecPC architecture and a Fortezza encryption architecture for JWID96 was carried out by NSA (SPOCK) during the period 16 - 18 Jul. The assessment was carried out at the Battle Lab with participation by ARSPACE and CECOM. Claims were successfully substantiated with the exception of Access Control (a management feature of the Germantown NOC), where proper elimination of a receiver from an existing community of receivers could not be satisfactorily demonstrated under all circumstances. This difficulty is being addressed by Hughes. The full Fortezza encryption architecture was successfully demonstrated and NSA has agreed to issue interim approval to operate for JWID 96. (MAJ Richardson, BCBL(G), 706-791-6878) -------------------------------------------------------------------- http://www.bl.gordon.army.mil/bcblg/comsar/970423.htm [Excerpt] (2) The Global Broadcast System (GBS) experiment, using the DirecPC Commercial System, was established for high data rate file and video broadcasts over the commercial (Galaxy IV) satellite. A Virtual Network Operations Center (VNOC) has been established adjacent to the Division Main cells to simulate an in-theater injection capability for the Mobile Strike Force. Data files were transferred to the GBS receivers located in the maneuver brigades. In addition, video mission briefings were accomplished once per day and provided the Brigade Commanders the opportunity to see and hear the D-Main Commander/Staff and receive training guidance, mission analysis, and operations planning. A conference call to the VNOC gave the GBS receivers the capability to talk back to the D-Main. The GBS experiment experienced a high failure rate of the Fortezza cards that were used to provide file encryption/decryption on the GETAC laptops located in the Brigades. Initial evidence indicates that the failures are possibly heat related. Further investigation is on-going. -------------------------------------------------------------------- http://www.bl.gordon.army.mil/bcblg/comsar/970521.htm [Excerpt] a. MULTI-LEVEL SECURITY (MLS). ITT conducted training on the configuration and operation of its Dragonfly In-line Encryption Device at BCBL(G) on 13 & 14 May 1997. The training was an integral part of BCBL(G)'s continuing effort to support the Army with operational and tactical expertise regarding data/communications security. The class was well received by the attendees. It provided practical training necessary to understand the initial configuration of Dragonfly hardware and the fortezza cards necessary for its operation. This included hands-on lessons in the operation of the Administration System (used for configuring the fortezza cards), normal operation of the Dragonfly Guard, corrective actions for faults, practical exercises, and more than ample question and answer sessions. (Mr. Casella, BCBL(G), 706-791-8293) -------------------------------------------------------------------- http://www.bl.gordon.army.mil/bcblg/comsar/970604.htm [Excerpt] a. MULTI-LEVEL SECURITY (MLS). Battle Command Battle Lab (Gordon) (BCBL(G)) began testing on the operation of the Dragonfly In-line Encryption Device on 2 June 1997. The testing is an integral part of BCBL(G)'s continuing effort to support the Army with operational and tactical expertise regarding data/communications security. The testing involved the tactical/deployed aspect of the Dragonfly. This involved connecting the device to MSE's deployed at Fort Gordon for the Desert Pine Operation and verifying the RARPing and registering capabilities of Dragonfly. (Mr. Ray Casella, BCBL(G), 706-791-8293) --------------------------------------------------------------------