About Us Our Work Employment News & Events
MITRE Remote Access for MITRE Staff and Partners Site Map
edge top

July 2001,
Volume 5
Number 2

Worldwide Information Systems Issue!

Information Support to Multinational Operations

A Global Diplomatic Common Platform

New Architecture to Ensure Interoperability of the NATO Bi-Strategic Command Automated Information System with U.S. and Allied Systems

Worldwide Air Traffic Control Analysis

Bringing Visibility, Efficiency, and Velocity to America's Mobility Forces

Joint Force Integration - A Challenge for the Warfighter

Global Information Grid Architecture

Implications and Challenges of the Global Combat Support System

Homeland Defense

IDEX II Replacement Project: Leveraging MITRE's Unique Role and Global Presence

Hexagon: A US Joint Force Command Solution to Coalition Interoperability

Home > News & Events > MITRE Publications > The Edge >

Hexagon: A US Joint Force Command Solution to Coalition Interoperability

Support to coalition operations in the future is the Information Assurance challenge of today. As each coalition operation (Haiti, Somalia, Bosnia, Kosovo) comes and goes, the lessons learned always yield cries for better interoperability among coalition members. The tough part of coalition information sharing is creating the mechanism by which any nation transfers information outside its own system. MITRE believes true interoperability with our coalition partners will come only after we have an information exchange system that has been designed from the ground up for use by coalition forces.

The United States Joint Forces Command (USJFCOM), with MITRE as the lead engineer, has prototyped such a system. It is called the Coalition MLS Hexagon Prototype (CMHP), or, simply, Hexagon. Hexagon, as the name implies, is built around six functions that allow the exchange of information with our coalition partners in a secure and flexible manner.

hexagon artworkSide One of Hexagon, Marking Standards, uses the classification and control marking standards adopted by the U.S. intelligence community. These standards were coordinated by the Controlled Access Program Coordinating Office (CAPCO), assisted by MITRE technical staff who support intelligence community members.

Side Two of Hexagon is called Document Marking. With USJFCOM direction, MITRE developed the Electronic Document Marking System (EDMS) to implement human-readable markings. EDMS enables the originator of the information to mark Microsoft Word, PowerPoint, and Excel documents in accordance with CAPCO and Executive Order 12958 standards. The marking is a simple operation. It is done with the point and click of a mouse and pull-down menus that provide the user choices for classification, handling caveats, and "release to" options for countries, operations, organizations, and exercises. The "human-readable" markings are stored as "computer-readable" electronic document property labels.

Side Three of Hexagon is called Digital Labels. The saved file is encrypted using a dynamically generated encryption key based on the document properties or computer readable labels. Saving the document also generates a plain text metadata file that the "Coalition Server," an Oracle 8 Relational Database Management System, parses in order to facilitate searches.

smartcard pictureHexagon’s fourth side, Personal Authentication, is the linchpin of CMHP. A "smartcard" personal token called a HexCard is used to identify the user and all of his or her security attributes. The HexCard stores a user’s fingerprint template and a cryptographic credential set that is based on his clearance levels, citizenship, and need-to-know roles, along with any organization memberships. The HexCard also generates public/private keys, using a Public Key Cryptography System (PKCS) to store a user’s signed x.509v3 digital certificate. The standard Windows NT log on has been replaced with a CMHP log on that requires a user ID, password, live scan of the finger and, of course, the HexCard. The user ID and password are "hashed" together using a Secure Hash Algorithm version 1 (SHA1) to create a decryption key to open the private storage area of the HexCard. The stored fingerprint templates are then compared with the live scan, prior to the user being able to gain access to the desktop. As the user logs on to the workstation, the stored x.509v3 digital certificate is read from the HexCard and used to populate the Windows NT "current user" registry hive. The EDMS software uses the registry values to display tailored marking options available to the user.

Side Five of Hexagon is the system’s Workstations and Server hardware. This includes NT workstations equipped with fingerprint scanners and smartcard readers, and requisite software for marking, encrypting, and decrypting documents. It also includes the two servers, one used as the enrollment station and certificate authority, the other running an Internet Information Server version 5 Web server and an Oracle database. The Web server communicates with the client workstations using a Secure Socket Layer (SSL) protocol established by presenting the digital certificate stored on the HexCard. When establishing the SSL session, the user’s security attributes (from the user’s digital certificate) are used to compose the database query. Search results will display only those documents that match both the search criteria and security attributes.

Hexagon’s sixth side is Security Management. A special staff security officer must be assigned to coordinate system security requirements and to generate and issue HexCards to CMHP participants. The staff security officer must also operate and maintain the certificate authority (CA) and understand the information assurance requirements.

The Hexagon concept provides the flexibility required in coalition-supported Joint Task Force operations by encrypting and protecting the information objects (e.g., a Word document, PowerPoint briefing, etc.) as opposed to protecting only the network. This is the key difference between the CMHP and other Multi-level Security (MLS) solutions. MLS, according to the NSTISSC 4009 definition, is the "concept of Processing Information with different classifications and categories that simultaneously permits access by users with different security clearances and denies access to users who lack authorization."

Using information object protection, we can compare the attributes of an individual with the attributes of objects that reside on the server. If there is a match, the coalition participant can retrieve and decrypt the (document) object.

The Joint C4ISR Battle Center (JBC) conducted a formal military utility assessment in August. The Hexagon prototype was also an integral part of the JBC-sponsored exercise Millennium Challenge 2000 in August.

MITRE, as the lead engineer and system integrator, was responsible for bringing the six sides of the Hexagon together to satisfy the CINC’s MLS requirement. Both the technical concept and system engineering have been spearheaded by MITRE. This was recognized by the Director of Central Intelligence, Mr. George Tenet, who presented MITRE’s Allan McClure the Intelligence Community Seal Medallion during a ceremony held at CIA headquarters this past June.

The Hexagon prototype formed the basis for the Fiscal Year 2000 "proof of concept" Content Based Information Security (CBIS) Advanced Concept Technology Demonstration (ACTD). MITRE, again, has been asked by USJFCOM and SPAWAR Systems Center to play a key role in the technical and operational development of the CBIS ACTD. In order to work across the breadth of worldwide operations, capabilities like those of CMHP and CBIS ACTD are critical.


For more information, please contact Allan McClure using the employee directory.


Homeland Security Center Center for Enterprise Modernization Command, Control, Communications and Intelligence Center Center for Advanced Aviation System Development

 
 
 

Solutions That Make a Difference.®
Copyright © 1997-2013, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.

IDG's Computerworld Names MITRE a "Best Place to Work in IT" for Eighth Straight Year The Boston Globe Ranks MITRE Number 6 Top Place to Work Fast Company Names MITRE One of the "World's 50 Most Innovative Companies"
 

Privacy Policy | Contact Us