Scalable Haipe Discovery
Using a DNS-Like Referral Model
August 2005
Glen Nakamoto, The MITRE Corporation
Lisa Higgins, The MITRE Corporation
Justin Richer, The MITRE Corporation
ABSTRACT
This paper presents a scalable concept for the dynamic discovery of
High Assurance Internet Protocol Encryption (HAIPE) devices situated
across multiple "striped" network segments. The term "striped"
in this context refers to traversing from a red (or classified) network
to a black (or unclassified) network to a red network in multiple concatenated
fashion (i.e., red-black-red-black-red ...) There are many reasons why
network "segmentation" using IP encryption may occur: use
of a commercial satellite link, traversing from one secure facility
to another on an existing base network, operating over a radio frequency
network, and so on. Each of these network segments or enclaves need
to be secured (in this case, via IP encryption) which causes the segments
to exist. The boundary between red and black sides is assumed to be
protected via HAIPE device. Our design also addresses mobile enclaves
(where whole networks may come and go every 15 minutes) and multi-homed
enclaves (where multiple entry/exit points exist). Finding how one traverses
this striped environment and operates on a global scale (millions of
networks) are key challenges and the subject of this paper.
Additional Search Keywords
N/A
|
