Secure Wireless

Secure Wireless

CAISI will secure IEEE 802.11b wireless connections for Army combat support personnel in the field, Pete Johnson says.

CAISI will cross the proverbial last mile from the battlefield to the Defense Department's wired networks.

Army ready to go wireless with combat support

The Army this spring will start beaming IEEE 802.11b wireless LAN connectivity to support troops in the field.
The Combat Service Support Automated Information System Interface will cross the proverbial last mile to the Defense Department's wired networks for maintenance, logistics and supply chain management systems.

'CAISI is a tactical wireless LAN,' said Pete Johnson, CIO for the Army's Program Executive Office, Enterprise Information Systems. 'It will provide wide area connectivity between the end users and the networks.'

The first batch of 11,000 CAISI gateways, using wireless access points and workgroup bridges from Cisco Systems Inc. of San Jose, Calif., is set to roll out in May.

'It's a multiyear effort,' Johnson said. 'We still have a couple more years of buying to do.' Deployment will keep pace with the schedules of the combat support units being equipped.

PEO-EIS buys and integrates commercial components to make turnkey enterprise systems with standard documentation, training and support. The office ruggedizes off-the-shelf products when necessary.

CAISI will secure the wireless links with encryption and access control technology from Fortress Technologies Inc. of Tampa, Fla. The program was held up last year because of security exposures found in IEEE 802.11b networks' Wired Equivalent Privacy protocol.

The wireless Ethernet standard uses the 2.4-GHz band at data rates up to 11 Mbps. Under WEP, all users of an 802.11b access point share one encryption key, and its weak encryption makes it easy to decipher. Also, wireless access depends on a user device's media access control layer address, which is easy to discover and spoof.

Those weaknesses could have compromised both network access and networked data. So the Army called a moratorium on wireless LAN use last year and in November issued a directive requiring Federal Information Processing Standard security on top of any Army 802.11b network.

'We had a small delay while we put in the security,' Johnson said. 'The level of traffic we are carrying is sensitive but unclassified, but securing the data as well as the network is of the utmost importance.'

PEO-EIS could find no FIPS-certified products that met CAISI requirements for simplicity, scalability and throughput.

Then Fortress in December announced its proprietary Wireless Link Layer Security architecture as a replacement for WEP. The company's AirFortress Security Solution combines encryption, hashing for authentication and compression.

AirFortress met CAISI requirements, said John Dow, Fortress vice president for business development, and the company committed itself to earning FIPS certification. The WLLS architecture is undergoing independent laboratory testing, and if it passes will move on to the National Institute of Standards and Technology for certification.

'Basically, it's a bulk encryptor,' Johnson said of AirFortress. Virtual private networks would not have worked for CAISI, he said, because VPN users must authenticate themselves when roaming from one server to another. That complicates configuration and mobility.

AirFortress consists of a secure client, which handles access control and encryption-decryption across the wireless LAN, plus a gateway between the wireless access point and the wired network.

The gateway can support multiple access points and acts as a firewall as well as supplying encryption-decryption services between clients and other gateways.

Not one network

CAISI will use the Triple Data Encryption Standard with AirFortress. The product also can employ the newer Advanced Encryption Standard, and CAISI could change to AES after its FIPS testing is completed.

CAISI will serve thousands of notebook and handheld computers, personal digital assistants and bar-code scanners, but its planned 11,000 access points will not form a single network. 'Think of them as end points hanging off a very large network,' Johnson said.

A final cost for the CAISI project is unavailable, but 'it's fairly inexpensive on a piece-by-piece basis' because of the off-the-shelf components, Johnson said.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above