The DoD has identified the need for dynamic and efficient IP multicast services for crypto-partitioned tactical networks to enable effective and timely dissemination of mission critical information among tactical edge users. Architecture Technology Corporation is working on advanced routing protocols that will meet this need.
This technology overcomes major limitations of the existing IP multicast approaches. Specifically, we address issues of:
Our hybrid multicast routing protocols take into account real-time characteristics of the multicast environments for the most optimal delivery of multicast data, enabling efficient use of transmission resources in tactical networks. Our HAIPE-compliant multicast signaling, coupled with inter-HAIPE coordination, enables seamless integration of the red enclaves with the black core and allows end users across the networks to securely participate in multicast communications. We provide a scalable multicast architecture and secure multicast services that work across red-black boundaries. The software-based solution can operate within the existing COTS network infrastructure, providing a cost-effective solution to secure and efficient multicast in the tactical networks.
Our Crypto-Partitioning Aware PEPs for Tactical Networks (CAPTAIN) provides solutions to the problems associated with advanced network features and PEPs in crypto-partitioned network environments. This is the embodiment of a generalized approach to adapting advanced network protocols and functions, including PEPs, to a crypto-partitioned network environment. Our approach can also be thought of as a PEP Adapter or PEP Extender for existing PEPs in crypto-partitioned networks.
For example, we define signaling protocols to be employed by PEPs that straddle a HAIPE, as shown below. The CAPTAIN Plain Text or Red-side PEP (CR-PEP) views all plain text data as it enters or exits the HAIPE from the secure side of the network. The CAPTAIN Cipher Text or Black-side PEP (CB-PEP) views all IPSec encrypted packets coming to/from the Cipher-Text side of the public network.
CAPTAIN PEPs and the CAPTAIN Signaling Protocol (CSP) enable legacy applications in crypto-partitioned networks to derive the benefits normally associated with PEPs, without requiring any changes to these legacy applications or existing HAIPE functionality. In addition, CSP is intended to be an “open” protocol specification which will allow for the creation of new performance enhancements as desired, as an adapter for existing PEPs, and for the creation of interoperable PEP implementations by third party vendors.
The CAPTAIN software consists of a PT (plain–text) performance-enhancing proxy (PEP) and a CT (cipher-text) PEP straddling (or sandwiching) each HAIPE in the network. Optional CT PEPs (not shown above) may be resident on routers within the protected black core. The paired PT and CT proxies, associated with a HAIPE, observe all network traffic entering and leaving the enclave protected by that HAIPE. They implement novel functions that enable existing networking protocols (e.g., multicast, QoS signaling, DTN) and applications (e.g., TCP PEPs) to work unimpaired and optimally though the HAIPEs fronting the enclaves in tactical network. The CAPTAIN PT and CT PEPs accomplish their functions using the innovative CAPTAIN Signaling Protocol (CSP) that enables the paired proxies at each HAIPE to share necessary information with each other as well as to communicate with the remote proxies at other enclaves in a manner that complies with the crypto-isolation policies of the tactical network. Working together, the collection of CAPTAIN PT and CT PEPs implement the new capabilities needed to enable network optimized and mission assured operation of tactical applications.
Our approach has the following beneficial features:
The CAPTAIN software product can be easily integrated within existing HAIPE hardware as well as within existing routers, WAN optimization appliances, and radios, enabling cost-effective and rapid deployment of the technology within tactical networks.