Presentation is loading. Please wait.

Presentation is loading. Please wait.

John Trinidad Senior Systems Engineer Harris Corporation Rochester, NY (585) 242-3664 The Challenge in Developing an SCA Compliant.

Published byDwain Harper Modified over 8 years ago

Similar presentations

Presentation on theme: "John Trinidad Senior Systems Engineer Harris Corporation Rochester, NY (585) 242-3664 The Challenge in Developing an SCA Compliant."— Presentation transcript:

1 John Trinidad Senior Systems Engineer Harris Corporation Rochester, NY john.trinidad@harris.com (585) 242-3664 The Challenge in Developing an SCA Compliant Security Architecture that Meets Government Security Certification Requirements Ronald Bunnell Senior Systems Engineer The Boeing Company Anaheim, CA ronald.r.bunnell@boeing.com (714) 762-2838

2 2 Introduction The Joint Tactical Radio System is being developed to be Software Communication Architecture (SCA) version 2.2 compliant Open Architecture Open Standards Portability The JTRS is also being developed to provide secure communications for the US Military Meet Government security requirements Protect Voice, Data and Network

3 3 SCA Security Supplement The SCA Security Supplement (SS) version 1.1 defines a number of security require- ments for the SCA (approximately 260) Enhances Security Generic in nature Doesn’t address issues with classified systems Other Government Security Requirements total over 1300

4 4 SCA SS (cont’d) Some contradiction between requirements exist Multiple requirements documents generated by multiple authors Some requirements assume a specific implementation Challenge is to meet intent of SCA and still provide a secure system

5 5 Example Security Functions Encryption for confidentiality Authentication of users, commands, software, radio parameter files Integrity of keys, software, files Transmission security to protect the communications channel Protection of network topology

6 6 Approach

7 7 Implementation Approach Our Approach to meeting Multiple Single Levels of Security (MSLS) includes providing four channels, each with its own transceiver, cryptographic channel, and processors (RED and BLACK). The JTR allows for the capability to operate simultaneously four instantiated waveforms. Waveforms can be torn down or re-instantiated as required. Two radios connected together can provide for an 8 channel radio.

8 8 Functional Block Diagram

9 9 Joint Tactical Radio System Cluster One Security adapter components use Security APIs per the SCA Security Supplement Strict adherence to the SCA maximizes Waveform Application’s portability Adherence to the AEP Constraint of minimum CORBA Use of CF:Devices (i.e., Radio Devices) to interface with hardware Use of existing APIs

10 10 JTRS Cluster One (cont’d) A set of common Radio Security Services for non-waveform and waveform applications to use. Consists of SCA components that are persistent, SCA-compliant Resources or Devices that reside within the JTR Set and execute on a General Purpose Processor Compliance to the SCA to provide portability and reuse for other Clusters

11 11 Software Structure

12 12 Waveform Porting Security Architecture must support porting of waveforms Eleven legacy waveforms in addition to the WNW Design guidance given to waveform developers in meeting porting, bypass and other security related issues

13 13 Network Security JTRS is designed to provide transformational communications in the form of the JTRS Networking capability Waveforms provide tremendous connectivity to each Radio node With this improved connectivity, comes greatly increased exposure to threats. Threats now are also network centric and can affect JTRS nodes from anywhere on the planet.

14 14 Network Assurance SCA mandates separate network stacks (TCP/IP) for internal software transactions and for external waveform support Information Assurance approach must Prevent/Detect Network attacks Provide protection to Detection System

15 15 Defense in Depth Robust Waveform TRANSEC COMSEC Secured Protocols Jammers Detectors Traffic Analyzers Interceptors RF Traffic Analysis Disgruntled Inside Hackers Black (D)DoS Attacks Host Abuse Improper Management Red IP Network Black IP Network Packet Filtering Red Router Packet Filtering Black Router Risks Subversion of Resources O/S Red (D)DoS Attacks

16 16 Limitations Control placed on CORBA calls and other data bypass of the Cryptographic Unit Mainly concerned with Red to Black bypass Some concern with Black to Red Limits need to be placed on amount and type of Bypass data Limit free text for example

17 17 Cryptographic Bypass Four types of bypass: Header bypass Waveform control/status bypass System control/status bypass Plain text bypass Each Application will have a Bypass policy Guidelines for Applications established. Waveform developers are defining

18 18 Conclusion While providing a complete open architecture is not totally possible, given our need to protect data as well as the radio from attack, standards can be applied to the Security Architecture that support portability across a number of different platforms

Download ppt "John Trinidad Senior Systems Engineer Harris Corporation Rochester, NY (585) 242-3664 The Challenge in Developing an SCA Compliant."

Similar presentations

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.

1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Firewall Planning and Design Chapter 1. Learning Objectives Understand the misconceptions about firewalls Realize that a firewall is dependent on an effective.

Firewall Planning and Design Chapter 1. Learning Objectives Understand the misconceptions about firewalls Realize that a firewall is dependent on an effective.
Chapter 12 Network Security.

Chapter 12 Network Security.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) SriramGopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.

Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525.

5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525.

Similar presentations

Ads by Google