Programmable Embeddable INFOSEC Product
- Accomplishments
- Research
- Directorates & Divisions
- Nanoscience Institute
- Laboratory for Autonomous Systems Research
- NRL Review
- 2011 NRL Review
- 2010 NRL Review
- 2009 NRL Review
- 2008 NRL Review
- 2007 NRL Review
- 2006 NRL Review
- 2005 NRL Review
- 2004 NRL Review
- 2003 NRL Review
- Featured Research
- Acoustics
- Atmospheric Science
- Chemical/Biochemical Research
- Electronics and Electromagnetics
- Energetic Particles, Plasmas & Beams
- Information Technology
- Materials Science and Technology
- Ocean Science and Technology
- Optical Sciences
- Remote Sensing
- Simulation, Computing, & Modeling
- Space Research
- 2002 NRL Review
- Future Naval Capabilities
- NRL Research Library
- Facilities
- Program Sponsors
- Accept the Challenge
- About NRL
- Doing Business
- Public Affairs & Media
- Field Sites
- Visitor Info
- Contact NRL
Information Technology Division
The Problem: Information critical to the defense of our country must be protected from exploitation and exposure. Information specific to military applications may include nuclear command and control launch codes, troop movements, deployments and locations, classified mission data, and other information that falls under the broad heading of "classified information." Examples of other, nonmilitary information that must be maintained and transmitted in a secure environment would include strategic information provided by agents of the U.S. Government, plans for handling situations of civil or military unrest among nations of strategic interest to the U.S. Government, and communications between and among U.S. Government top officials including the President of the U.S.
The Requirements: Protecting this information to ensure that the defense mission of this country is successful requires a flexible security system that will support backward compatibility with legacy hardware and software and accommodate new, emerging algorithms for future secure applications. Requirements include:
- A universal system that is not tied to one particular hardware implementation, i.e., will not become obsolete with the development of more advanced hardware.
- A flexible system that enables secure upgrades as more robust algorithms are developed to thwart an increasingly sophisticated hacker community and nation state attacks.
- A standardized system that can serve as the foundation on which additional application-specific functions may be built, incorporating all the security aspects of the core system.
Communications Security (COMSEC) Modernization Strategy: The COMSEC Systems Section of the Naval Research Laboratory (NRL) analyzed the existing state of the art and determined that a software-based approach would best meet the information security requirements with respect to flexibility for the future while supporting backward compatibility. A strategy was developed that involved providing all COMSEC users with a software-programmable system compatible with legacy operations. Upon development and validation of new cryptographic algorithms by the National Security Agency (NSA), these algorithms can be introduced in a unified COMSEC modernization scheme. Moreover, future upgrades can be accommodated using the same process.
The PEIP Solution: Primary goals in the development of the Programmable Embeddable INFOSEC Product (PEIP) are to design a single module that encapsulates most of the Information Systems Security (INFOSEC) requirements levied on a system in a well defined area, thus minimizing or completely removing INFOSEC requirements levied on the host system, and to provide the functionality essential in meeting the critical requirements defined above. The plan for achieving these goals was to complete the development of PEIP technology in two phases, with the second phase adding additional capabilities while remaining backward compatible with the first phase. This phased approach allows components of the architecture to be added in future revisions, thus increasing the flexibility built into the device, minimizing costs associated with initial developments, and increasing the robustness of the design.
The PEIP is a reprogrammable software cryptographic device that provides a single INFOSEC solution in a standard module format. In addition, PEIP implements existing cryptographic algorithms in software. Moreover, PEIP has been designed to accommodate new cryptographic algorithms as they are developed. The PEIP is adaptable to a variety of input/output (I/O) modules to allow implementation in applications as varied as aircraft, submarines, minuteman silos, and man-portable systems, to name a few. The PEIP can be configured to emulate multiple devices by associating algorithms and keys in cryptographic channels. PEIP currently supports up to 10 simultaneous channels.
The First Application—The KOV-17: The first application of the NRL PEIP technology occurred as a consequence of the need to find a successor to the KG-38, the cryptographic device used in the Navy submarine program. The KG-3X family of cryptographic devices is the workhorse cryptographic platform for the nuclear command and control (NC2) community. The KG-38 successor, the first pillar of the PEIP family, was developed in support of the Submarine Low-frequency/Very Low-frequency VMEbus Receiver (SLVR). This device, denoted the KOV-17, is a receive-only cryptographic unit, capable of being reprogrammed with new operational software, algorithms, and keys material in the field. These capabilities allow this device to maintain connectivity when installed in systems using current KG-38 capabilities while providing the capability to easily field a successor algorithm that can be used when the KG-38 algorithm reaches obsolescence. The programmable nature of the device also supports simultaneous support of both algorithms during a transition phase.
Maximizing the multichannel aspects of the PEIP has allowed the KOV-17 to provide the Fleet the ability to monitor 10 communications circuits concurrently, thus enhancing Fleet communications with submarines. The KOV-17 is currently used in the attack submarines (nuclear propulsion) (SSNs) and the ballistic missile submarines (nuclear propulsion) (SSBNs), and is scheduled for deployment aboard submarine tenders. A variant of the KOV-17, the KOV-17-1 is used by the Air Force in the Minuteman ballistic missile silos.
The KOV-17 implementation within SLVR provides the functionality of 10 KG-38s for each submarine platform. Each KG-38 weighs 37 lb, is 1230 in.3 in size, and consumes 57 W of power. A single KOV-17, which plugs into an SLVR chassis, is a 6u VME card weighing less than 2 lb and uses only 7 W of power. Figure 14 illustrates the benefits of the PEIP within SLVR.
Graphic illustration of the savings in size and complexity of the PEIP solution replacing KG-38s.
Summary: The PEIP has wide ranging cryptographic applications benefiting the Navy, the Air Force, NSA, and the Department of Defense (DOD). Because the PEIP provides functionality essential to emerging INFOSEC products, the PEIP technological solution has become critical to the future of Navy programs. Continued research in PEIP technology, defined as PEIP Phase II, will address additional features and functions such as support for transmit and Multiple Independent Levels of Security. The PEIP Phase II is a cornerstone component of the DOD Crypto Modernization Program and has been chosen as the cryptographic solution for the DOD Nuclear Command and Control Program.
[Sponsored by SPAWAR and NSA]