High Assurance Internet Protocol Encryptor: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 03:10, 1 November 2014 edit 72.253.122.203 (talk) No edit summary Tags: categories removed reference list removal Possible vandalism ← Previous edit		Latest revision as of 00:42, 24 March 2025 edit undo Balon Greyjoy (talk \| contribs) Autopatrolled, Extended confirmed users, New page reviewers, Pending changes reviewers, Rollbackers 75,728 edits m script-assisted date audit and style fixes per MOS:NUM
(29 intermediate revisions by 25 users not shown)
Line 1: {{Short description\|Encryption device}} {{multiple issues\| {{cleanup\|date=March 2012}} Line 4 ⟶ 5: {{refimprove \|date= February 2008}} }} {{Use mdy dates\|date=March 2025}} A '''High Assurance Internet Protocol Encryptor''' ('''HAIPE''') is a [[Type 1 encryption]] device that complies with the [[National Security Agency]]'s HAIPE IS (formerly the HAIPIS, the High Assurance Internet Protocol Interoperability Specification). The [[cryptography]] used is [[NSA Suite A Cryptography\|Suite A]] and [[NSA Suite B\|Suite B]], also specified by the NSA as part of the [[Cryptographic Modernization Program]]. HAIPE IS is based on [[IPsec]] with additional restrictions and enhancements. One of these enhancements includes the ability to encrypt [[multicast]] data using a "preplaced key" (see definition in [[List of cryptographic key types]]). This requires loading the same key on all HAIPE devices that will participate in the multicast session in advance of data transmission. A HAIPE is typically a secure gateway that allows two enclaves to exchange data over an untrusted or lower-classification network. ~~Abstract~~ The standard issue poncho, what else can it be used for? Several alternative uses have already been identified for the poncho through various Army Field Manuals such as the improvised litter. However, there are many more uses for the poncho that have also been discovered and, quite possibly, many more that have yet to be found. After much research online, reading through Army Regulations and Field Manuals and asking several of my fellow classmates what they would use the poncho for, I have found several more uses that I would not have considered on my own. These findings describe some of the uses that have already been discovered and shared; with enough time and energy, it would seem that the possibilities are endless. ==Examples== Examples of HAIPE devices include: ~~The Many Uses of a Poncho~~ * [[L3Harris Technologies]]' Encryption Products<ref>[https://www2.l3t.com/cs-east/what-we-do/products/encryption-products_red-eagle.htm L-3 Communication Encryption Products]</ref> People frequently encounter strange obstacles in their lives and even more so if that person happens to be in the Uniformed Armed Services. The standard issue Rain Poncho, though. can help overcome several of these obstacles. Though the poncho was originally issued to help keep rain off the wearer, many Army Soldiers were finding alternative uses for it right from the get go. KG-245X 10 Gbit/s (HAIPE IS v3.1.2 and Foreign Interoperable), When the poncho was first introduced to the US Army as an outer garment to ward off rain, the Soldiers quickly learned that they could use the poncho for other uses as well. Captain Randolph Marcy wrote “The Prairie Traveler” in 1859 with several references to how the poncho or, as he referred to it, the gutta percha, was used by his Soldiers while traveling overland. After procuring resources from local towns and villages, the Soldiers would use a poncho that had been tied off at the center hole to store sugar and shelter it from the rain. KG-245A fully tactical 1 Gbit/s (HAIPE IS v3.1.2 and Foreign Interoperable) ~~Marcy (1859) also wrote how to use a poncho to take shelter from a storm:~~ ** RedEagle A very secure protection against storms may be constructed by planting firmly in the ground two upright poles, with forks at their tops, and crossing them with a light pole laid in the forks. A gutta-percha cloth, or sheet of canvas, or, in the absence of either of these two, blankets, may be attached by one side to the horizontal pole, the opposite edge being stretched out to the windward at an angle of about forty-five degrees to the ground, and there fastened with wooden pins, or with buckskin strings tied to the lower border of the cloth and to pegs driven firmly into the earth. This forms a shelter for three or four men, and is a good defense against winds and rains. If a fire be then made in front, the smoke will be carried away, so as not to incommode the occupants of the bivouac. (p. 132) * [[ViaSat]]'s AltaSec Products<ref>[http://www.viasat.com/government-communications/information-assurance/ ViaSat Information Assurance web page]</ref> Marcy also wrote about how the poncho was used to prevent moisture from the ground seeping into the Soldiers knapsacks or clothing. This was done by simply laying the poncho directly onto the ground prior to either lying on top of it or placing the knapsack on top of it. KG-250,<ref>[http://www.viasat.com/government-communications/information-assurance/altasec-kg-250 ViaSat KG-250]</ref> and According to The Ranger Handbook (2006), two ponchos can be used together to build a makeshift raft. This requires more than just the poncho but, without the ponchos, it is impossible; everything can be substituted for something else. In order to build the raft the hood of the first poncho needs to be tied off to prevent water from getting through the hole. After that is done, lay the poncho on the ground hood up and place two poles in the center roughly 18 inches apart. Then all personal gear, including the worn clothing, is placed in between the poles. Once this is done, the poncho is snapped shut. The snapped portion must then be tightly rolled down toward the center. The pigtails that are leftover at the edges are then rolled up and tied off. The second poncho will mimic the first and will have the first poncho, with all the gear, placed in the second poncho. KG-255 [1 Gbit/s]<ref>[http://www.viasat.com/government-communications/information-assurance/altasec-kg-255 ViaSat KG-255]</ref> A man called WI_Woodsman also posted an interesting use for the poncho. According to WI_Woodsman (2013) the poncho can be tied off at all four corners with a slight sag in the middle towards the hood hole, and allow rain water to be collected easily at the hood. He went on to show how it was done with several pictures. WI_Woodsman also went on about using the poncho as a rain fly. First a ridge line should be suspended between two trees. Then tie the hood shut. Finally tie all four corners to poles that are staked into the ground, which will make the poncho look like an elevated tent. The rain fly is useful because it allows you to keep dry and possibly even allow for a small fire. * [[General Dynamics Mission Systems]] TACLANE Products<ref name="ge">[https://gdmissionsystems.com/encryption/taclane-network-encryption General Dynamics TACLANE Encryptor (KG-175)]</ref> In the Army’s First Aid (2006) manual, the poncho can be utilized in several other ways to assist in providing first and/or self aid. One such use is the improvised litter. This is extremely useful because, in combat, there isn’t always a litter available to assist in the movement of a casualty. In these situations, a simple poncho and two poles would suffice. This is done by placing the two poles on opposite sides of the poncho, then rolling the poncho and the poles together until the poncho is firmly in place and not going to come undone, or slide off the poles, while in route. Another possible use is a sling. If the arm is wounded and needs to be held up and in place the poncho is able to be wrapped around the arm and body to prevent mobility. In the event that a casualty has a sucking chest wound the poncho can also be cut and placed over the wound to form an occlusive dressing. FLEX (KG-175F) There are many more uses for the poncho. Some are known, while others remain to be discovered yet. It really comes down to how creative the user is when they find an obstacle and a poncho is a part of their inventory. The poncho is an item that should be kept nearby no matter what. Place one in the trunk of the car, your backpack, or wherever else you might be. The possibilities are truly endless and the poncho should never be overlooked. 10G (KG-175X) ** Nano (KG-175N) ~~<ref>~~ * Airbus Defence & Space ECTOCRYP Transparent Cryptography<ref>{{Cite web \|url=http://www.cassidian.com/pl/web/guest/1307 \|title=Ectocrypt Blue by Cassidian, an EADS Company \|access-date=November 18, 2013 \|archive-url=https://web.archive.org/web/20131107061236/http://www.cassidian.com/pl/web/guest/1307 \|archive-date=November 7, 2013 \|url-status=dead }}</ref><ref>{{cite web\|url=http://www.cassidian.com/en_US/web/guest/cassidian-unveils-ectocryp-yellow \|archive-url=https://archive.today/20131118073910/http://www.cassidian.com/en_US/web/guest/cassidian-unveils-ectocryp-yellow \|url-status=dead \|archive-date=November 18, 2013 \|title=CASSIDIAN unveils ECTOCRYP YELLOW \|date=September 2013 }}</ref> ~~CPT Marcy, Randolph B. (1859). The Prairie Traveler, a Hand-Book for Overland Expeditions. Retrieved from http://www.gutenberg.org/files/23066/23066-h/23066-h.htm~~ ~~United States Army Infantry Training School. (2006). Ranger Handbook (SH 21-76). Fort Benning, GA. 184.~~ Three of these devices are compliant to the HAIPE IS v3.0.2 specification while the remaining devices use the HAIPE IS version 1.3.5, which has a couple of notable limitations: limited support for [[routing protocols]] or open [[network management]]. ~~WI_Woodsman. (2013, April 10). 101 Uses For The US GI Poncho! [Web log comment]. Message posted to http://bladesandbushcraft.com/index.php?topic=5442.0~~ ~~Headquarters, Departments of the Army, the Navy, and the Air Force and Commandant, Marine Corps. (2004). First Aid (FM 4-25.11). Washington, DC: U.S. Government Printing Office.~~ A HAIPE is an IP encryption device, looking up the destination IP address of a [[Network packet\|packet]] in its internal Security Association Database (SAD) and picking the encrypted tunnel based on the appropriate entry. For new communications, HAIPEs use the internal Security Policy Database (SPD) to set up new tunnels with the appropriate algorithms and settings. Due to lack of support for modern commercial routing protocols the HAIPEs often must be preprogrammed with [[static routing\|static routes]] and cannot adjust to changing network topology. ~~<ref>~~ A couple of new HAIPE devices will combine the functionality of a router and encryptor when HAIPE IS version 3.0 is approved. General Dynamics has completed its TACLANE version (KG-175R), which house both [[Red/black concept\|a red and a black]] Cisco router, and both ViaSat and L-3 Communications are coming out with a line of network encryptors at version 3.0 and above. Cisco is partnering with [[Harris Corporation]] to propose a solution called SWAT1<ref>[https://www.cisco.com/web/strategy/docs/gov/swat1_ds.pdf Cisco Harris SWAT1 Solution]</ref> There is a UK HAIPE variant that implements UKEO algorithms in place of US Suite A. Cassidian has entered the HAIPE market in the UK with its Ectocryp range. Ectocryp Blue is HAIPE version 3.0 compliant and provides a number of the HAIPE extensions as well as support for network [[quality of service]] (QoS). Harris has also entered the UK HAIPE market with the BID/2370 End Cryptographic Unit (ECU).<ref>[https://www.harris.com/press-releases/2008/12/next-generation-bid-2370-device-developed-under-uk-ministry-of-defence-chimp Harris UK BID/2370 ECU]</ref> In addition to site encryptors HAIPE is also being inserted into client devices that provide both wired and wireless capabilities. Examples of these include L3Harris Technologies' KOV-26 Talon and KOV-26B Talon2, and Harris Corporation's KIV-54 <ref>{{Cite web \|url=http://rf.harris.com/media/secnet54_emod_tcm26-9219.pdf \|title=Harris KIV-54 (SECNET 54) \|access-date=November 18, 2013 \|archive-url=https://web.archive.org/web/20131030001308/http://rf.harris.com/media/SecNet54_EMOD_tcm26-9219.pdf \|archive-date=October 30, 2013 \|url-status=dead }}</ref> and PRC-117G <ref>{{Cite web \|url=http://www.rfcomm.harris.com/117G/ \|title=Harris AN/PRC-117G \|access-date=October 5, 2008 \|archive-url=https://web.archive.org/web/20080930205542/http://www.rfcomm.harris.com/117G/ \|archive-date=September 30, 2008 \|url-status=dead }}</ref> radio. == HAIPE managers == Viasat and General Dynamics Mission Systems both develop their own proprietary software for managing HAIPE devices, VINE and GEM One, respectively. The GEM One specifications list support for the Viasat HAIPEs, KG-250X and KG-250XS while the data sheet for VINE only lists supported Viasat Network Encryptors.<ref name="VINE Data Sheet">{{cite web \|title=VINE Data Sheet \|url=https://www.viasat.com/content/dam/us-site/government/documents/VINE_datasheet_040_web.pdf \|website=Viasat.com \|access-date=June 19, 2022}}</ref><ref name="GEM One GDMS">{{cite web \|title=GEM One Encryptor Manager - General Dynamics Mission Systems \|url=https://gdmissionsystems.com/products/encryption/encryptor-management/gem-one-encryptor-manager \|website=gdmissionsystems.com \|access-date=June 19, 2022 \|language=en}}</ref> Both the HAIPE IS v3 management and HAIPE device implementations are required to be compliant to the HAIPE IS version 3.0 common MIBs. Assurance of cross vendor interoperability may require additional effort. An example of a management application that supports HAIPE IS v3 is the L3Harris Common HAIPE Manager (which only operates with L3Harris products).{{Citation Needed\|date=June 2022}} == See also == * [[ARPANET encryption devices]] * [[NSA encryption systems]] == References == {{reflist}} == External links == * [http://www.cnss.gov/Assets/pdf/CNSSP-19.pdf CNSS Policy #19 governing the use of HAIPE] {{Webarchive\|url=https://web.archive.org/web/20080513042825/http://www.cnss.gov/Assets/pdf/CNSSP-19.pdf \|date=May 13, 2008 }} [[Category:Cryptographic protocols]] [[Category:National Security Agency encryption devices]]