 |
 |
 |
 |
| |
|||||
|
|
 |
Support to coalition operations in the future is the Information Assurance challenge of today. As each coalition operation (Haiti, Somalia, Bosnia, Kosovo) comes and goes, the lessons learned always yield cries for better interoperability among coalition members. The tough part of coalition information sharing is creating the mechanism by which any nation transfers information outside its own system. MITRE believes true interoperability with our coalition partners will come only after we have an information exchange system that has been designed from the ground up for use by coalition forces. The United States Joint Forces Command (USJFCOM), with MITRE as the lead engineer, has prototyped such a system. It is called the Coalition MLS Hexagon Prototype (CMHP), or, simply, Hexagon. Hexagon, as the name implies, is built around six functions that allow the exchange of information with our coalition partners in a secure and flexible manner.
Side Two of Hexagon is called Document Marking. With USJFCOM direction, MITRE developed the Electronic Document Marking System (EDMS) to implement human-readable markings. EDMS enables the originator of the information to mark Microsoft Word, PowerPoint, and Excel documents in accordance with CAPCO and Executive Order 12958 standards. The marking is a simple operation. It is done with the point and click of a mouse and pull-down menus that provide the user choices for classification, handling caveats, and "release to" options for countries, operations, organizations, and exercises. The "human-readable" markings are stored as "computer-readable" electronic document property labels. Side Three of Hexagon is called Digital Labels. The saved file is encrypted using a dynamically generated encryption key based on the document properties or computer readable labels. Saving the document also generates a plain text metadata file that the "Coalition Server," an Oracle 8 Relational Database Management System, parses in order to facilitate searches.
Side Five of Hexagon is the system’s Workstations and Server hardware. This includes NT workstations equipped with fingerprint scanners and smartcard readers, and requisite software for marking, encrypting, and decrypting documents. It also includes the two servers, one used as the enrollment station and certificate authority, the other running an Internet Information Server version 5 Web server and an Oracle database. The Web server communicates with the client workstations using a Secure Socket Layer (SSL) protocol established by presenting the digital certificate stored on the HexCard. When establishing the SSL session, the user’s security attributes (from the user’s digital certificate) are used to compose the database query. Search results will display only those documents that match both the search criteria and security attributes. Hexagon’s sixth side is Security Management. A special staff security officer must be assigned to coordinate system security requirements and to generate and issue HexCards to CMHP participants. The staff security officer must also operate and maintain the certificate authority (CA) and understand the information assurance requirements. The Hexagon concept provides the flexibility required in coalition-supported Joint Task Force operations by encrypting and protecting the information objects (e.g., a Word document, PowerPoint briefing, etc.) as opposed to protecting only the network. This is the key difference between the CMHP and other Multi-level Security (MLS) solutions. MLS, according to the NSTISSC 4009 definition, is the "concept of Processing Information with different classifications and categories that simultaneously permits access by users with different security clearances and denies access to users who lack authorization." Using information object protection, we can compare the attributes of an individual with the attributes of objects that reside on the server. If there is a match, the coalition participant can retrieve and decrypt the (document) object. The Joint C4ISR Battle Center (JBC) conducted a formal military utility assessment in August. The Hexagon prototype was also an integral part of the JBC-sponsored exercise Millennium Challenge 2000 in August. MITRE, as the lead engineer and system integrator, was responsible for bringing the six sides of the Hexagon together to satisfy the CINC’s MLS requirement. Both the technical concept and system engineering have been spearheaded by MITRE. This was recognized by the Director of Central Intelligence, Mr. George Tenet, who presented MITRE’s Allan McClure the Intelligence Community Seal Medallion during a ceremony held at CIA headquarters this past June. The Hexagon prototype formed the basis for the Fiscal Year 2000 "proof of concept" Content Based Information Security (CBIS) Advanced Concept Technology Demonstration (ACTD). MITRE, again, has been asked by USJFCOM and SPAWAR Systems Center to play a key role in the technical and operational development of the CBIS ACTD. In order to work across the breadth of worldwide operations, capabilities like those of CMHP and CBIS ACTD are critical. For more information, please contact Allan McClure using the employee directory. |
Solutions That Make a Difference.® |
|
|
Side
One of Hexagon, Marking Standards, uses the classification and control
marking standards adopted by the U.S. intelligence community. These
standards were coordinated by the Controlled Access Program Coordinating
Office (CAPCO), assisted by MITRE technical staff who support intelligence
community members.
Hexagon’s
fourth side, Personal Authentication, is the linchpin of CMHP. A "smartcard"
personal token called a HexCard is used to identify the user and all
of his or her security attributes. The HexCard stores a user’s
fingerprint template and a cryptographic credential set that is based
on his clearance levels, citizenship, and need-to-know roles, along
with any organization memberships. The HexCard also generates public/private
keys, using a Public Key Cryptography System (PKCS) to store a user’s
signed x.509v3 digital certificate. The standard Windows NT log on has
been replaced with a CMHP log on that requires a user ID, password,
live scan of the finger and, of course, the HexCard. The user ID and
password are "hashed" together using a Secure Hash Algorithm
version 1 (SHA1) to create a decryption key to open the private storage
area of the HexCard. The stored fingerprint templates are then compared
with the live scan, prior to the user being able to gain access to the
desktop. As the user logs on to the workstation, the stored x.509v3
digital certificate is read from the HexCard and used to populate the
Windows NT "current user" registry hive. The EDMS software
uses the registry values to display tailored marking options available
to the user.