Wikipedia

High Assurance Internet Protocol Encryptor: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
No edit summary
Tags: categories removed reference list removal Possible vandalism
m Reverting possible vandalism by 72.253.122.203 to version by 82.20.69.157. False positive? Report it. Thanks, ClueBot NG. (2013168) (Bot)
Line 5:
}}
 
A '''HAIPE (High Assurance Internet Protocol Encryptor)''' is a [[Type 1 encryption]] device that complies with the [[National Security Agency]]'s HAIPE IS (formerly the HAIPIS, the High Assurance Internet Protocol Interoperability Specification). The [[cryptography]] used is [[NSA Suite A Cryptography|Suite A]] and [[NSA Suite B|Suite B]], also specified by the NSA as part of the [[Cryptographic Modernization Program]]. HAIPE IS is based on [[IPsec]] with additional restrictions and enhancements. One of these enhancements includes the ability to encrypt [[multicasting|multicast]] data using a "preplaced key" (see definition in [[List of cryptographic key types]]). This requires loading the same key on all HAIPE devices that will participate in the multicast session in advance of data transmission. A HAIPE is typically a secure gateway that allows two enclaves to exchange data over an untrusted or lower-classification network.
Abstract
The standard issue poncho, what else can it be used for? Several alternative uses have already been identified for the poncho through various Army Field Manuals such as the improvised litter. However, there are many more uses for the poncho that have also been discovered and, quite possibly, many more that have yet to be found. After much research online, reading through Army Regulations and Field Manuals and asking several of my fellow classmates what they would use the poncho for, I have found several more uses that I would not have considered on my own. These findings describe some of the uses that have already been discovered and shared; with enough time and energy, it would seem that the possibilities are endless.
 
Examples of HAIPE devices include:
* L-3 Communications' HAIPE <ref>[http://www.l-3com.com/HAIPE L-3 Common HAIPE Manager]</ref>
The Many Uses of a Poncho
** KG-245X 10Gbit/s (HAIPE IS v3.0.2),
People frequently encounter strange obstacles in their lives and even more so if that person happens to be in the Uniformed Armed Services. The standard issue Rain Poncho, though. can help overcome several of these obstacles. Though the poncho was originally issued to help keep rain off the wearer, many Army Soldiers were finding alternative uses for it right from the get go.
** KG-245A fully tactical 1 Gbit/s (HAIPE IS v3.1.2 and Foreign Interoperable)
When the poncho was first introduced to the US Army as an outer garment to ward off rain, the Soldiers quickly learned that they could use the poncho for other uses as well. Captain Randolph Marcy wrote “The Prairie Traveler” in 1859 with several references to how the poncho or, as he referred to it, the gutta percha, was used by his Soldiers while traveling overland. After procuring resources from local towns and villages, the Soldiers would use a poncho that had been tied off at the center hole to store sugar and shelter it from the rain.
** KG-240A fully ruggedized 100 Mbit/s (HAIPE IS v3.1.2 and Foreign Interoperable)
Marcy (1859) also wrote how to use a poncho to take shelter from a storm:
** KOV-26 TALON <ref>[http://www.l-3com.com/Talon L-3 Talon]</ref>
A very secure protection against storms may be constructed by planting firmly in the ground two upright poles, with forks at their tops, and crossing them with a light pole laid in the forks. A gutta-percha cloth, or sheet of canvas, or, in the absence of either of these two, blankets, may be attached by one side to the horizontal pole, the opposite edge being stretched out to the windward at an angle of about forty-five degrees to the ground, and there fastened with wooden pins, or with buckskin strings tied to the lower border of the cloth and to pegs driven firmly into the earth. This forms a shelter for three or four men, and is a good defense against winds and rains. If a fire be then made in front, the smoke will be carried away, so as not to incommode the occupants of the bivouac. (p. 132)
* [[ViaSat]]'s AltaSec Products<ref>[http://www.viasat.com/government-communications/information-assurance/ ViaSat Information Assurance web page]</ref>
Marcy also wrote about how the poncho was used to prevent moisture from the ground seeping into the Soldiers knapsacks or clothing. This was done by simply laying the poncho directly onto the ground prior to either lying on top of it or placing the knapsack on top of it.
** KG-250,<ref>[http://www.viasat.com/government-communications/information-assurance/altasec-kg-250 ViaSat KG-250]</ref> and
According to The Ranger Handbook (2006), two ponchos can be used together to build a makeshift raft. This requires more than just the poncho but, without the ponchos, it is impossible; everything can be substituted for something else. In order to build the raft the hood of the first poncho needs to be tied off to prevent water from getting through the hole. After that is done, lay the poncho on the ground hood up and place two poles in the center roughly 18 inches apart. Then all personal gear, including the worn clothing, is placed in between the poles. Once this is done, the poncho is snapped shut. The snapped portion must then be tightly rolled down toward the center. The pigtails that are leftover at the edges are then rolled up and tied off. The second poncho will mimic the first and will have the first poncho, with all the gear, placed in the second poncho.
** KG-255 [1 Gbit/s]<ref>[http://www.viasat.com/government-communications/information-assurance/altasec-kg-255 ViaSat KG-255]</ref>
A man called WI_Woodsman also posted an interesting use for the poncho. According to WI_Woodsman (2013) the poncho can be tied off at all four corners with a slight sag in the middle towards the hood hole, and allow rain water to be collected easily at the hood. He went on to show how it was done with several pictures. WI_Woodsman also went on about using the poncho as a rain fly. First a ridge line should be suspended between two trees. Then tie the hood shut. Finally tie all four corners to poles that are staked into the ground, which will make the poncho look like an elevated tent. The rain fly is useful because it allows you to keep dry and possibly even allow for a small fire.
* [[General Dynamics]]' [[TACLANE]] KG-175<ref name=ge>[http://www.gdc4s.com/taclane-1g-(kg-175g).html General Dynamics TACLANE Encryptor (KG-175)]</ref>
In the Army’s First Aid (2006) manual, the poncho can be utilized in several other ways to assist in providing first and/or self aid. One such use is the improvised litter. This is extremely useful because, in combat, there isn’t always a litter available to assist in the movement of a casualty. In these situations, a simple poncho and two poles would suffice. This is done by placing the two poles on opposite sides of the poncho, then rolling the poncho and the poles together until the poncho is firmly in place and not going to come undone, or slide off the poles, while in route. Another possible use is a sling. If the arm is wounded and needs to be held up and in place the poncho is able to be wrapped around the arm and body to prevent mobility. In the event that a casualty has a sucking chest wound the poncho can also be cut and placed over the wound to form an occlusive dressing.
*Airbus Defence & Space ECTOCRYP Transparent Cryptography <ref>[http://www.cassidian.com/pl/web/guest/1307 Ectocrypt Blue by Cassidian, an EADS Company]</ref><ref>{{cite web|url=http://www.cassidian.com/en_US/web/guest/cassidian-unveils-ectocryp-yellow|title=CASSIDIAN unveils ECTOCRYP YELLOW|date=September 2013}}</ref>
There are many more uses for the poncho. Some are known, while others remain to be discovered yet. It really comes down to how creative the user is when they find an obstacle and a poncho is a part of their inventory. The poncho is an item that should be kept nearby no matter what. Place one in the trunk of the car, your backpack, or wherever else you might be. The possibilities are truly endless and the poncho should never be overlooked.
 
Three of these devices are compliant to the HAIPE IS v3.0.2 specification while the remaining devices use the HAIPE IS version 1.3.5, which has a couple of notable limitations: no support for [[routing protocols]] or open [[network management]].
<ref>
 
CPT Marcy, Randolph B. (1859). The Prairie Traveler, a Hand-Book for Overland Expeditions. Retrieved from http://www.gutenberg.org/files/23066/23066-h/23066-h.htm
A HAIPE is an IP encryption device, looking up the destination IP address of a [[Network packet|packet]] in its internal Security Association Database (SAD) and picking the encrypted tunnel based on the appropriate entry. For new communications, HAIPEs use the internal Security Policy Database (SPD) to set up new tunnels with the appropriate algorithms and settings. By not supporting routing protocols the HAIPEs must be preprogrammed with [[static routing|static routes]] and cannot adjust to changing network topology. While manufacturers support centralized management of their devices through proprietary software,<ref>[http://www.viasat.com/government-communications/information-assurance/vine-manager-software ViaSat's VINE website]</ref><ref>[http://www.gdc4s.com/gem-x.html General Dynamics's GEM website]</ref> the current devices offer no management functionality through open protocols or standards.
United States Army Infantry Training School. (2006). Ranger Handbook (SH 21-76). Fort Benning, GA. 184.
 
WI_Woodsman. (2013, April 10). 101 Uses For The US GI Poncho! [Web log comment]. Message posted to http://bladesandbushcraft.com/index.php?topic=5442.0
[http://www.telegrid.com TELEGRID Technologies]<ref>[http://www.telegrid.com TELEGRID Technologies]</ref> produces a non proprietary Encryptor Management System for multiple [[Inline Network Encryptor|INE]], [[HAIPE]] and Mobile IP encryptors including the KIV-7M, GD KG-175D, ViaSat KG-250 and Harris SecNet54. The Encryptor Management System is known as the Secure Multi-web Remoting Tool (SMRT).<ref>[http://www.telegrid.com/TELEGRID_SMRT_Flyer.pdf TELEGRID SMRT Multiple HAIPE Remote Manager]</ref> The SMRT provides an encryptor management interface as well as a common crypto [[Management information base|MIB]] for remote management via [[SNMP]]. It also provides secure remote access to the management interfaces of the underlying encryptors.
Headquarters, Departments of the Army, the Navy, and the Air Force and Commandant, Marine Corps. (2004). First Aid (FM 4-25.11). Washington, DC: U.S. Government Printing Office.
 
<ref>
Both the HAIPE IS v3 management and HAIPE device implementations are required to be compliant to the HAIPE IS version 3.0 common MIBs. Assurance of cross vendor interoperability may require additional effort. An example of a management application that supports HAIPE IS v3 is the L-3 Common HAIPE Manager.
 
A couple of new HAIPE devices will combine the functionality of a router and encryptor when HAIPE IS version 3.0 is approved. General Dynamics has completed its TACLANE version (KG-175R), which house both a red and a black Cisco router, and both ViaSat and L-3 Communications are coming out with a line of network encryptors at version 3.0 and above. Cisco is partnering with [[Harris Corporation]] to propose a solution called SWAT1<ref>[https://www.cisco.com/web/strategy/docs/gov/swat1_ds.pdf Cisco Harris SWAT1 Solution]</ref>
 
There is a UK HAIPE variant that implements UKEO algorithms in place of US Suite A. Cassidian has entered the HAIPE market in the UK with its Ectocryp range. Ectocryp Blue is HAIPE version 3.0 compliant and provides a number of the HAIPE extensions as well as support for network [[quality of service]] (QoS). Harris has also entered the UK HAIPE market with the BID/2370 End Cryptographic Unit (ECU).<ref>[http://harris.com/view_pressrelease.asp?act=lookup&pr_id=2601 Harris UK BID/2370 ECU]</ref>
 
In addition to site encryptors HAIPE is also being inserted into client devices that provide both wired and wireless capabilities. Examples of these include L-3 Communication's KOV-26 Talon and Guardian SME-PED, and Harris Corporation's KIV-54 <ref>[http://rf.harris.com/media/secnet54_emod_tcm26-9219.pdf Harris KIV-54 (SECNET 54)]</ref> and PRC-117G <ref>[http://www.rfcomm.harris.com/117G/ Harris AN/PRC-117G]</ref> radio.
 
==See also==
* [[NSA encryption systems]]
 
==References==
{{Reflist}}
 
==External links==
* [http://www.cnss.gov/Assets/pdf/CNSSP-19.pdf CNSS Policy #19 governing the use of HAIPE]
 
[[Category:Cryptographic protocols]]
[[Category:National Security Agency encryption devices]]
Retrieved from "https://en.wikipedia.org/wiki/High_Assurance_Internet_Protocol_Encryptor"