Crypto modernization transforms military communications

Embeddable cryptographic processors are enabling a host of new defense communications applications, such as smartphones and tablet computers for tactical use on the front lines, as well as secure tactical Wi-Fi, unmanned vehicle control, and real-time targeting.

BY John Keller

Almost everyone has a sense that embedded computing technology constantly is becoming more powerful and power efficient, while getting smaller and more lightweight. We also see the results of this evolution: cell phones with more computing horsepower and capability than the Apollo 11 moon mission; ubiquitous global positioning system (GPS) satellite navigation for cars, planes, and boats; and eReaders with instant access to thousands of books, magazines, and newspapers.

What some people might not realize, however, is the relentless forward progress of microprocessors, field-programmable gate arrays (FPGAs), digital signal processors (DSPs), small-form-factor single-board computers, and other advanced embedded computing technology also is making wireless communications safer and more secure. In fact, today’s small, fast, and power-efficient embedded computing is the primary enabling technology to a new generation of modernized cryptography that promises to provide secure wireless computing for military forces, even to the front lines of battle.

Modern cryptography equipment is enabling systems designers to embed security in handheld devices like small radios and smartphones to provide secure wireless communications on the battlefield.

U.S. military and national security authorities are in the midst of the largest and most significant program of crypto modernization in the past half-century. Not only is advanced embedded computing paving the way to wearable and handheld computing and wireless communications that are secure from enemy interception and eavesdropping, but it also is making the case for never-before-used approaches to modern cryptography to safeguard vital military computing and communications.

While previous generations of military cryptography mandated the use of secret algorithms and standalone encryption hardware, today’s encryption technology increasingly is using commercial off-the-shelf (COTS) crypto algorithms and processing hardware as perhaps the most effective way of fighting off the effects of technology obsolescence, enabling network-centric military operations, coping with a flood of data dissemination and data sharing, making imagery and video a central component of military intelligence and situational awareness, fielding new technology quickly, keeping the costs of developing and maintaining cryptographic technology to a minimum, inserting the latest cryptographic capability into legacy secure systems, and ensuring interoperability among U.S. and allied secure communications and computer systems.

Crypto history

The heart of U.S. military cryptography has been, and remains today, the National Security Agency (NSA) at Fort Meade, Md. Any military communications or computing system using security encryption is subject to approval by the NSA to certify that encryption is effective and implemented correctly. Until recent years, moreover, the NSA actually developed military encryption algorithms, and maintained each algorithm as a closely held secret. These classified crypto algorithms were designated “Type 1” security.

The Crypto Modernization program is developing small, fast crypto processors that save size and weight for front-line fighting forces.

While the NSA still creates and administers classified Type 1—or what today is called “Suite A”—crypto, what is new today is how the NSA amasses the nation’s arsenal of cryptographic technology. NSA over the past several years has begun accepting unclassified crypto algorithms created in private industry, as long as NSA experts can verify the effectiveness of these algorithms and certify them for deployed military systems. Industry- developed non-classified crypto algorithms most often are known as “Suite B” cryptography.

The NSA and U.S. Department of Defense (DOD) began the continuing Cryptographic Modernization Program in 2005 to solve problems in older crypto approaches, which included obsolescence, expensive maintenance, insufficient bandwidth, and difficult systems integration and systems upgrades.

Before the crypto modernization program began, “there hadn’t been many changes in how we developed and fielded crypto solutions,” explains Aaron Brosnan, director of tactical systems at military radio designer Thales Communications Inc. in Clarksburg, Md. “It was an obsolescence issue. We had crypto box solutions that were going obsolete and couldn’t be supported anymore.”

In addition, current needs for small electronic devices for applications such as unmanned vehicles or handheld devices is incompatible with legacy crypto technology, points out Don Turrentine, information assurance and core product manager at Rockwell Collins in Cedar Rapids, Iowa. “Back at the beginning of crypto modernization, the normal size of a cryptography subsystem might have been a 3-by-5-inch circuit board. There are now cryptographic subsystems on a chip about the size of your thumbnail.”

Compounding the problem today, Brosnan says, are more complex military communications, and the need for radio and crypto interoperability to communicate sensitive information with allied forces. “Nowadays everything is networked, and we need to use commercial solutions,” Brosnan says. “You can’t use point-to-point communications anymore, and we need to communicate with coalition forces.”

Rockwell Collins has developed a programmable crypto engine for military communications and embedded it in the company’s radios, such as the AN/ARC-210 airborne radio, shown above.

The case for crypto modernization

Data throughput in legacy crypto devices has failed to keep pace with modern military communications technology. “The previous generation of cryptographic equipment had throughput of less than 20 megabits per second, and that would cover all the devices,” says Rockwell Collins’s Turrentine. “Today, industry can provide to the DOD cryptographic throughput in the tens of gigabits, which allows quick encryption and decryption of streaming video. The military can analyze this information and get usable intelligence back to the warfighter in a matter of minutes. That same process previously would take hours, if not days.”

In the recent past, most U.S. military cryptography involved hard-coded devices that were difficult and costly to upgrade, points out Troy Brunk, senior director of airborne communications products at Rockwell Collins. “Now crypto is in the way of software-defined technology, loadable crypto, and loadable updates to crypto.”

Brunk says military networking, computer technology, and information flow has exploded in recent years, which drives home the realization that “we can’t afford to be in a stove-pipe mode. We have to be able to respond to the technology quicker, hence the software-definable and -loadable algorithms.”

Staying with a system in which the NSA creates and maintains all crypto algorithms is simply too expensive for the government, says David Kleidermacher, chief technology officer at real-time software specialist Green Hills Software in Santa Barbara, Calif. “NSA says it’s too expensive to rely on these proprietary standards, and needs to take advantage of the commercial market, as well as promote open standards that get closer to what they need.”

ITT Exelis is developing crypto-enabled secure smartphones and tablet computers for the battlefield using a secure network processor.

Modern crypto approaches

Now that NSA officials are allowing the use of unclassified, industry-developed crypto algorithms for certain kinds of military communications, the typical crypto approach today involves three components: Suite A crypto, which uses classified NSA-administered algorithms for the most secret and sensitive communications; Suite B crypto, which uses unclassified crypto algorithms developed in industry; and the so-called “layered COTS” approach that layers different security products from different commercial vendors in a “good-enough” approach where appropriate. All approaches are subject to NSA certification and approval.

Suite A offers the highest level of security, and also is referred to as “Type-1” crypto. “Suite A is a classified algorithm—even the algorithm is classified,” says Thales’ Brosnan. “You have to lock it up at night, and be careful how you treat it.” Suite A crypto is used for government communications up to top secret and beyond.

Still, Suite A crypto still has many of the problems associated with legacy crypto: It is difficult and costly to develop, maintain, and implement. It places a severe time and cost burden on the NSA. Suite A-encrypted systems, moreover, must be handled only by personnel with appropriate security clearances. Those without clearances cannot operate Suite A equipment, which severely limits how military forces can use it in the field.

Suite B crypto uses unclassified algorithms, which are openly published and understood. “People know it, and know how it works, but what makes it secure is how you implement it,” Brosnan says. Since Suite B crypto uses unclassified algorithms, personnel without security clearances can operate equipment using Suite B encryption, which opens up its use to a broad variety of warfighters—particularly those on the front lines. Suite B crypto often is appropriate for secret or otherwise sensitive information with a short shelf life—such as a position report on a moving enemy force.

Layered COTS, also called Commercial Solutions for Classified (CSFC), is perhaps the newest approach to crypto modernization. “Layered COTS means taking different security products from different vendors, and laying one on top of the other, and is good enough to protect secret,” explains Mike Guzelian, vice president of secure voice and data products at General Dynamics C4 Systems in Scottsdale, Ariz.

“You could have a laptop that runs a CISCO VPN piece of software—that is one layer of encryption—next to Juniper Networks running another layer; the data is getting encrypted twice,” Guzelian says. “The concept is it is less expensive and easier to use, but it really depends on the application.”

While layered COTS might not be quite as secure as Suite B and Suite A crypto, this approach holds the promise of being relatively inexpensive, quick to develop and field, and easy to maintain, in applications where it is appropriate. “You take commercial equipment, and layer off-the-shelf technologies out to the network and enterprise area,” says Richard Takahashi, director of information assurance products at military radio designer ITT Exelis Communications Systems in Tempe, Ariz.

“By layering different technologies you have equipment that can handle secret and below data,” Takahashi says. “The objective is to take advantage of commercial technology—particularly mobile devices—to handle secret-and- below data. The compromise is you are using off the shelf technology rather than full-custom secure equipment.”

Suite A crypto has limited use, layered COTS crypto still is in its infancy, and most of industry’s attention in cryptography and crypto modernization is on Suite B, industry experts say.

The General Dynamics ProtecD@R PC Encryptor secures data at rest on desktop and laptop computers.

Enabling technologies

The primary enabling technologies for crypto modernization are the latest generations of small, fast, and power-efficient microprocessors, FPGAs, DSPs, and hypervisor software that enables different software operating systems to run together virtually with little risk of operating systems or data corrupting one another.

Encryption algorithms can be long and complex, yet today’s microprocessors, FPGAs, and DSPs have evolved in capability such that they are able to handle running crypto algorithms in real time. “We use the latest FPGA technology—nothing fancy,” says General Dynamics’ Guzelian. “Commercial processors have gotten to where they are fast enough to do it.”

As commercial processor technology has increased in speed and capability, so has industry’s ability to capitalize on commercial processors to develop specialized crypto processors—particularly for embedded applications in small handheld devices. “The enabling technologies are the COTS programmable crypto devices,” says Thales’ Brosnan. “There are a number of people who make that encryption device—L3, Raytheon, General Dynamics, Harris, ITT, and others.”

Thales is using the company’s Suite B-certified COTS programmable crypto processor in the Thales Rifleman radio, which is a handheld software-defined radio for infantry soldiers that complies with the DOD’s Joint Tactical Radio System (JTRS) program, Brosnan says.

“It can be a simpler implementation, because the crypto is in the software, and can take advantage of commercially available algorithms,” Brosnan says. “The whole idea of Suite B is getting NSA involved to endorse commercial algorithms, and if NSA decides it is implemented properly, they will certify the device.”

At Rockwell Collins, company crypto experts launched a program about six years ago to develop the company’s own programmable crypto engine and embed it in products such as the Rockwell Collins AN/ARC-210 military radio for aircraft, Brunk says. Embedding crypto in the radio saves space and weight, and enables the company either to make more lightweight radios or add capability.

Crypto modernization can help ease new cryptography upgrades for legacy systems such as the Single Channel Ground and Airborne Radio System (SINCGARS), shown above.

New applications

Perhaps the most exciting aspect of crypto modernization involves the new applications that new crypto design approaches will facilitate. Among the highest-profile new applications will be commercial cell phones and tablet computers on the battlefield.

Green Hills Software, for example, is using its hypervisor technology to enable Android smartphones to run unencrypted data and encrypted secure data side-by-side on the same device, Kleidermacher says. “We are working with the NSA and some of the [cell phone] carriers on the leading edge of satisfying these emerging government requirements,” he says. “We make the phone so it can be used in secret, and perhaps even top-secret communications using standard Android stack and protocols, and come up with Suite B-compliant VPN and secure voice capability.”

ITT Exelis is developing two Android handheld products that will be considered for front-line military use: the GhostRider cell phone and the GhostWarrior tablet computer, Takahashi says.

The enabling technology for GhostRider and GhostWarrior is a secure network processor that packages together with the battery of a commercial smartphone or tablet computer. This technology also could be used to secure Wi-Fi access points, personal computers, or USB data storage devices.

ITT Exelis officials have demonstrated the GhostRider secure network processor with a commercial smartphone, and say they hope to receive NSA certification for the device sometime next year. “Our technology is platform-agnostic,” Takahashi says. “We can use any commercial smartphone that is Android-based by replacing the original battery with our battery, which is coupled with our network processor.”

The General Dynamics TACLANE-C100 Suite B encryptor secures information classified secret and below.

One of the features of the GhostRider cell phone is operating on unsecure commercial networks and secure military networks with the same device, Takahashi explains. “While the soldier is in garrison, he could use the phone to call home, but then bring it into the field to use for tactical communications.”

This kind of embedded crypto also could be used for secure data exchange and control of unmanned vehicles, as well as sending secure targeting information from soldiers on the front lines to attack aircraft in the area, officials say.

More Military & Aerospace Electronics Current Issue Articles
More Military & Aerospace Electronics Archives Issue Articles


Get All the Military Aerospace Electronics News Delivered to Your Inbox or Your Mailbox

Subscribe to Military Aerospace Electronics Magazine or email newsletter today at no cost and receive the latest information on:


  • C4ISR
  • Cyber Security
  • Embedded Computing
  • Unmanned Vehicles


Get All the Military Aerospace Electronics News Delivered to Your Inbox or Your Mailbox

Subscribe to Military Aerospace Electronics Magazine or email newsletter today at no cost and receive the latest information on:


  • C4ISR
  • Cyber Security
  • Embedded Computing
  • Unmanned Vehicles

Military & Aerospace Photos

Most Popular Articles

Related Products

XPand6020 | Small Form Factor (SFF) System Featuring XPedite5205 Running Cisco IOS® and XPedite7450

The XPand6020 is a Small Form Factor (SFF) system that features an XPedite5205, which runs Cisco ...

XPedite5401 | Freescale Eight-Core P4080 Conduction-Cooled PrPMC/XMC Module with Two GbE Ports

The XPedite5401 is a high-performance PrPMC/XMC, single board computer supporting Freescale QorIQ...

XPort3200 | Freescale QorIQ P1020 Processor-Based Conduction- or Air-Cooled XMC/PMC IEEE 1588v2 Grandmaster Clock Module

The XPort3200 is a rugged, IEEE 1588v2 Precision Time Protocol (PTP) ordinary clock with grandmas...

XChange3018 | 3U VPX 10 Gigabit Ethernet Switch with Optional Layer 2 Switching and Layer 3 Routing Management Support

The XChange3018 is a conduction- or air-cooled, 3U VPX, 10 Gigabit Ethernet switch module. The XC...

XPand4200 Series | ½ ATR Lightweight Forced-Air-Cooled Chassis for Conduction-Cooled Modules

The XPand4200 Series redefines the limits of power, performance, and functionality in a sub-½ ATR...

XPedite7472 | Intel® Core™ i7 Processor-Based Conduction- or Air-Cooled 3U VPX-REDI SBC with SecureCOTS™

The XPedite7472 is a secure and high-performance, 3U VPX-REDI, single board computer based on the...

XPedite5500 | Freescale P2020 QorIQ Conduction- or Air-Cooled PrPMC/XMC Module

The XPedite5500 is an XMC/PrPMC mezzanine module targeting the Freescale QorIQ P2020 processor. W...

XPort5005 | XMC Form Factor PCIe Mini Card Carrier Board

The XPort5005 is an XMC module that can be quickly configured to support a platform’s specific I/...

XCalibur1603 | Freescale QorIQ Eight-Core P4080 Processor-Based Air-Cooled 6U cPCI SBC

The XCalibur1603 is a high-performance, 6U cPCI, single board computer supporting Freescale QorIQ...

XChange3019 | 3U VPX 10 Gigabit Ethernet Switch with XMC and Optional Managed Switching and Routing Support

The XChange3019 is a conduction- or air-cooled, 3U VPX, 10 Gigabit Ethernet switch module. It pro...

Related Companies

General Atomics Aeronautical Systems Inc

GA-ASI is a leading manufacturer of proven, reliable Remotely Piloted Aircraft (RPA) systems, radars, and electro-opt...

DiCon Fiberoptics Inc

Offers fiber optic switches, tunable filters, and VOAs. Founded in 1986, the company is a US based, AS9100 certified,...

Curtiss-Wright Defense Solutions

About Curtiss-Wright Defense Solutions Curtiss-Wright Defense Solutions (CWDS) is a long established techno...

DDC-I Inc

Offers complete solutions for embedded software developers with a focus on mission- and safety-critical applications....

Harris Corporation

Harris provides advanced, technology-based solutions that solve government and commercial customers' mission critical...

United Electronic Industries Inc

UEI is a leader in the PC/Ethernet data acquisition and control, Data Logger/Recorder and Programmable Automation Con...

Crane Aerospace & Electronics

When failure is NOT an option...rely on Crane Aerospace & Electronics. We supply high-density, high-reliability c...

MERITEC

Signal integrity leaders and preferred vertically integrated manufacturer of high-performance electrical and electron...

AcQ Inducom

Develops and produces non-certified and certified high-tech modular hardware- and software solutions for on-board and...

Advanced Conversion Technology Inc

ACT designs and manufactures, since 1981, an extensive range of AC-DC and DC-DC power supplies (switching, linear, ra...
Wire News provided by   

Press Releases

Model INCX-4001

The INCX-4001 consists of a high quality audio transceiver specifically designed to implement a complete fiber optic intercom.

Model PS-1210

The PS-1210 is a 1A, 12VDC stand-alone or rack mountable non-switcher (no RF noise) power supply.

Model OS-3121

Optical switches are utilized to disconnect, bypass and reroute fiber optic communications. All of these optical switches are purely optical path, there is no optical to e...

Webcasts

New Design Tools That Help You Develop Radar That Sees the Un-seeable and Detects the Undetectable

Xilinx EW/ISR System Architect, Luke Miller, has new tricks and he’s going to tell you all about them in a new Xilinx Webinar—for free. His Webinar will cover new ways to implement Radar functions including ...
Sponsored by:

All Access Sponsors


Mil & Aero Magazine

June 2015
Volume 26, Issue 6
file

Download Our Apps



iPhone

iPad

Android

Follow Us On...



Newsletters

Military & Aerospace Electronics

Weekly newsletter covering technical content, breaking news and product information
SUBSCRIBE

Cyber Security

Monthly newsletter covering cyber warfare, cyber security, information warfare, and information security technologies, products, contracts, and procurement opportunities
SUBSCRIBE

Defense Executive

Monthly newsletter covering business news and strategic insights for executive managers
SUBSCRIBE

Electronic Warfare

Quarterly newsletter covering technologies and applications in electronic warfare, cyber warfare, optical warfare, and spectrum warfare.
SUBSCRIBE

Embedded Computing Report

Monthly newsletter covering news on embedded computing in aerospace, defense and industrial-rugged applications
SUBSCRIBE

Unmanned Vehicles

Monthly newsletter covering news updates for designers of unmanned vehicles
SUBSCRIBE