Navy tries dual-role PCs
Navy tries dual-role PCs
To many, the term user-friendly security is the ultimate oxymoron. But when you need to provide secure network access to front-line troops in combat situations, a system has to be simple enough that nontechnical users can access it and communicate rapidly. It also must be secure enough that data can't be compromised.
The Naval Research Office has tried to solve this dilemma with the Extending the Littoral Battlespace Advanced Concept Technology Demonstration, a program designed to secure notebook PCs deployed in operations on or near shore.
'We needed to provide an easier-to-use, user-friendly, identification and authorization method on mobile deployed assets, where traditional domain controllers proved inadequate to the task,' said Keith Rohwer, lead security engineer for the project. 'The desired systems had to be entirely transparent to end users and various off-the-shelf applications in use on mobile systems.'
The research office built the experimental program around ruggedized Panasonic CF-37 notebooks that unit leaders use as situational awareness and reporting tools. Custom military applications give sailors and Marines a clear and accurate picture of the battle they're fighting.Dual confrontation
The project addressed two challenges inherent in wartime notebook PC usage: an absence of physical security such as walls, guards and doors; and the fact that notebooks can be lost, stolen or captured. These dangers were compounded by the fact that encryption algorithms and radio channels were more difficult to use in frontline combat positions.
'The last mile between secure network access points and mobile infantrymen had to be traversed using the IEEE 802.11b wireless standard,' Rohwer said. 'As well as securing the laptops, we had to secure their means of transmission.'
Navy researchers planned to use a 128-bit encryption algorithm, but they found that the encryption could be cracked within 30 minutes. They turned to a virtual private network to add a further layer of security.
The notebooks connect to the network using commercial network interface cards with amplifiers for improved performance. These devices transmit on an encrypted frequency to airborne and ground-based wireless access points that relay the information using secure military radio lines. As a result, forces can communicate over the horizon.
In a test, the Pacific Command's flagship, the USS Coronado, operating from waters off San Diego, maintained reliable and secure contact with small Marine infantry units operating 140 miles inland.
For the system to work effectively, however, Navy developers had to make the PCs simple to operate. This is where developers combined the concepts of user-friendliness and security using Pointsec 4.0 from Pointsec Mobile Technologies Inc. of Walnut Creek, Calif.
Pointsec provides device access control by encrypting the operating system, all drives and resident data, including deleted files and unused space. It simplifies security procedures via a one-step log-in for multiple networks while giving security personnel the ability to track user entry and exit, and to deny access to the network remotely.Old methods
Before selecting Pointsec, the project's developers used the security procedures built in to systems using Microsoft Windows NT.
'The problem with that method was that it required you to be attached to a domain controller over the network before you could get into the laptop,' Rohwer said. 'Based on field tests, we found a staggering percentage of Marines who were unable to gain access.'
The new method of access removes the requirement of a network connection and simplifies the log-in procedure. Even if no network connection is available, data is uploaded and downloaded automatically when a connection to the network is re-established.
Further, should a notebook fall into the wrong hands, the data inside is fully encrypted.