|
Introduction
Current and future US military operations require
information sharing by the Department of Defense (DoD)
community and coalition partners. Member nations and
non-governmental organizations of U.S.-led coalitions will
present a wide range of security classification and
releasability concerns. These have a profound effect on the
levels of information sharing possible in coalition
operations, and there are two fundamental aspects to
consider.
• How do you share information within a single
classification domain between coalition partners?
• How do you share information between classification
domains?
In the past, resolution of these issues focused only on
point solutions. This led to multiple non-interoperable
systems, frequently proprietary and expensive to procure,
train and maintain. These problems are not unique to the DoD,
but also afflict collaboration between other government
agencies. For example, the non-DoD elements of the US
Intelligence Community, DHS, FEMA, as well as local law
enforcement offices, all have similar needs to share
information and are faced with the same security issues when
in collaboration.
To overcome these issues, Collaboration Gateway solutions
are now available that provide open-standards-based turn-key
systems that secure text chat in high risk environments.
Trident Systems Inc. has designed a Collaboration Gateway
(CG) system for use by US military and Intelligence
Communities. Collaboration Gateway is integrated with certified guarding
technology, such as the BAE Systems Data Sync Guard (DSG),
to provide a secure cross-domain instant messaging solution.
This paper describes the unique benefits and components of
the Trident Collaboration Gateway solution.
CG Overview
Two important performance parameters are (1) enable secure
cross-domain collaboration and (2) provide for archival
search & retrieval of collaborative session data. While
Collaboration Gateway addresses both of these objectives, this paper will focus on
the former.
Essential considerations relate to users’ applications. In
order to provide cross-domain chat, the client chat tool
must be made aware of the security restrictions, including
mandatory classification markings in the User Interface, as
well as embedded in the chat message itself. A plethora of
Instant Messaging (IM) clients exist in the marketplace
today - including AIM, Yahoo, MSN, Sametime, IWS, Trillian,
and a handful of lesser known tools - but none of these
support the necessary security requirements. Moreover, most
of these IM systems are proprietary in nature and do not
interoperate.
Since it is not practical to modify all IM applications, nor
even a select few, a good alternative approach is to use
open standards for implementing cross-domain chat. The IETF
standard, eXtensible Messaging and Presence Protocol (XMPP),
commonly known as Jabber is an excellent choice. XMPP has
proven to be extremely flexible due to its underlying XML
foundation, and it allows for extensions to implement
requisite security mechanisms.
In addition to the open standard XMPP transport, CG
incorporates the World Wide Web Consortium (W3C) XML Digital
Signature and XML Encryption standards to provide strong
authentication and authorization, as well as confidentiality
and data integrity. Additionally, Collaboration Gateway supports the US
Intelligence Community (IC) metadata standard for
classification labeling of chat messages.
The system architecture, shown below, consists of four
parts:
1. A cross domain XML guard such as the DataSync Guard (DSG);
2. A XMPP-to-Guard Interface known as the Collaboration
Gateway (CG);
3. An XMPP Server such as the Jabber Inc. XCP server; and
4. An XMPP Client –either Transverse or InfoWorkSpace (IWS).
Collaboration Gateway
Functionality
The Collaboration Gateway provides the following functions:
1. Cross-Domain User Security Policy Enforcement;
a. User Authentication & Authorization;
b. Which users are allowed to chat cross-domain;
c. Which users are allowed in which MLS rooms;
2. Cross-Domain Message Security Policy Enforcement; and
a. Checks classification labels in message – forwards/blocks
accordingly;
b. Checks message integrity;
c. Checks digital signature for non-repudiation of message;
d. Identity transformation of messages;
e. Virus scan of messages.
3. Logging & Archive/Search/Retrieval Service;
a. All cross-domain messages logged & archived to local
database;
b. All administrative actions are logged to Log4J controlled
log files. New log files are created each day. Log files
must be manually deleted.
To help provide these
security features, Collaboration Gateway incorporates the W3C XML Digital
Signature and XML Encryption algorithms to provide strong
authentication and authorization, as well as confidentiality
and data integrity. Additionally, both CG and the DSG
support the US Intelligence Community (IC) metadata standard
for classification labeling of chat messages.
Collaboration Gateway features a modular,
plug-in architecture that supports any number popular
collaboration tools. CG currently supports the Transverse
and InfoWorkSpace (IWS) clients. Transverse is a Jabber
client modified by JFCOM to support the requisite
Intelligence Community (IC) security metadata standard. IWS
is the popular collaboration tool from Ezenia, who have
developed an XMPP capability for IWS, and have also made
enhancements to support the necessary security markings.
Data Sync Guard Overview
Trident’s system uses an XML Guard from BAE Systems
(formally DigitalNet) DataSync Guard (DSG). The DSG utilizes
the XTS-400 platform and runs the STOP/OS 6.1E operating
system. STOP/OS 6.1E has successfully completed Common
Criteria evaluation at the EAL 5+ level.
The DSG strictly enforces the security policies governing
the transfer of data between enclaves on separate
system-high networks operating at different
classification/sensitivity levels or needs-to-know. The DSG
implements policy enforcement in part by supporting XML
schema validation, classification label verification,
identity transformation, clean/dirty word checking and
additional content verification checks.
Additionally, the cross domain application for the
cross-domain chat solution will contain a special filter to
handle the Jabber/XMPP message traffic. Those messages that
pass the security rules of the filter will proceed to the CG
on the opposite side of the guard. Those messages that fail
the security rules of the filter will NOT proceed to the CG
on the opposite side of the guard. The failed messages will
be logged and a rejection notice given to the originating
CG.
For improved performance, the DSG uses sockets as its
connection mechanism. The DSG achieves near-real time data
transfers, enabling reliable synchronization of data across
domains. Moreover, the DSG performs most of its actions in
RAM, reducing transaction processing time even further by
eliminating the need for disk writes and reads.
XMPP Clients
The Collaboration Gateway supports XMPP as the standard for Instant Messaging.
A key advantage is that CG is not tied to any one single
chat tool, since any IM client may be extended to support
the XMPP protocol. A perfect example of this is Ezenia’s
InfoWorkSpace (IWS) application. IWS is the defacto
collaboration tool in the US Intelligence Community and
therefore has a large installed user base, but uses
proprietary technology. Nonetheless, it was in Ezenia’s best
interest to enable interoperability between IWS and other IM
tools, and as a result, IWS 3.0 now supports XMPP.¹
Trident Systems is working closely with Ezenia to enable IWS
to operate cross-domain. Specifically, Ezenia is developing
a Multi-Level Secure (MLS) module that allows IWS to
securely communicate with the Collaboration Gateway that
includes support for the digital signatures and requisite
classification markings.
JFCOM’s Transverse
In addition to the IWS tool, JFCOM has modified the open
source BuddySpace Jabber client from Open University, so
that may operate cross-domain and has recently renamed
TransVerse.
Similar to IWS, the
TransVerse application facilitates a virtual work team
community and its capabilities are similar to those found in
physical office environments. For example, most of the daily
tools that you use, and the places that you visit (e.g., HQs
and individual meeting rooms) are found within the
TransVerse server environment.
TransVerse provides
the following core functionalities:
• Instant messaging/chat
• Group Chat
• Presence
• Contact management
• File transfer
• Alerts
• Language Translation
• Text Monitoring
Figure 2 below shows the
graphic user interface (GUI) for the TransVerse
client. It is a good representation of the necessary GUI
modifications for cross-domain chat, including the security
banner, and drop-down menu for selecting the appropriate
classification marking for each message (it defaults to the
room classification level).
1
Ezenia Press Release, "Ezenia Inc. Announces Release of
InfoWorkSpace Version 3.0", March 27, 2006,
https://www.ezenia.com/recent_news.asp
Current Status
Under sponsorship from JFCOM, the
Collaboration Gateway and BAE Systems’
DataSync Guard, as part of the JFCOM Cross-Domain
Collaborative Information Environment (CDCIE), have
successfully completed the initial Certification Testing &
Evaluation (CT&E) by NSA. The CDCIE system is now undergoing
regression testing at NSA, Ft. Meade. The regression testing
is expected to be completed 4Q’06 (Calendar Year).
Summary
The Collaboration Gateway provides a much needed capability
for today’s Military, Intelligence Community and other
government agencies and their contractors for secure,
cross-domain collaboration.
The Trident System
Collaboration Gateway was developed under SBIR funding with
the Air Force Research Lab (AFRL) in Rome, New York, and the
Joint Forces Command (JFCOM) in Suffolk, VA.
Contact:
Sheldon
Shapiro
703-267-2302
|
