Military Security

Military Security

Securing Communications

The military has stringent requirements for its communications security, so much so that the methods actually in use are closely guarded secrets. Thus very little information is available on this topic, so a general discussion of the issues involved in securing communications seems appropriate.

The military has several important design issues to concern itself with. The first is a reluctance to have any single point of failure. It was this desire that spawned TCP/IP, which has held up remarkably well under the tremendous strain of the Internet in the1990s. Clearly, redundancy is an important issue.

It is also important to have multiple ways of verification, to insure that communications are occurring with the people they are supposed to be occurring with, and with no one else. This would seem to require an identification system that would continue to work after one party has been captured.

These issues combine to create two conditions that are vital to a military security perspective:

1. Redundancy (Or no single point of failure)

2. Non-repudiable identity verification with ways to discover compromised identities.

Communication links must be protected in such a way that a casual (or not so casual) eavesdropper may not pick up useful information. One way to do this is to digitally encrypt all communications over links. When doing this, the keys used to encrypt must be protected. If all the encrypted links use public key encryption, this becomes much simpler. Assuming that the encryption is secure⁽¹⁾, the important task is to protect the encryption keys. Under consideration 1, above, this just requires that the be distributed in such a way that no single point can be compromised, and so compromise the entire security arrangement.

This strongly suggests the use of public key encryption to protect these communication channels. With this, authentication, through signing, and safe distribution of symmetric keys can be accomplished, yielding fast, simple encryption that can be implemented in hardware, with randomly generated symmetric keys, distributed in a slower, but secure manner. With a proper method for the generation of the public keys, this can yield a network in which no eavesdropper has a chance to ever get his hands on the actual communications.

The problem, thus, remains to distribute the public keys in a secure manner. The obvious solution would be to let the field devices generate their own keys. This has several problems, in that it forces an unnecessary complexity into devices that do not need it, and creates some authentication problems.

To prevent eavesdroppers from attacking, two possibilities exist:

1. Hide the existence of the data

2. Swamp the attacker with potential data.

In the military, the first of these generally implies using radio channels that are very low power, brief duration, or hidden inside of some other signal. This can include encrypted signals, and spread spectrum technologies.

The second option is actually used: In the Navy, a carrier battle group may decide not to try to maintain a low profile, rather, they turn on every piece of radar and communications equipment possessed in the battle group, put up lots of fighters, and just tell everyone in the world where they are, where they're headed, and that these 100 mile circle is in firm control by the battle-group.

Both work much better when all communications are encrypted. Since encrypted data tends to look very random, truly random data can be inserted into data streams as filler, just to maintain appearances.

¹ A reasonable assumption given current public encryption technology.