SlideShare a Scribd company logo
1 of 19
Information contained herein is proprietary information and is made available
                                    to you because of your interest in our SDR Program Expertise. This information
                                         is submitted in confidence and its disclosure to you is not intended to
                                      constitute public disclosure or authorization for disclosure to other parties.




 Secure Architecture
 Traditional Red - Black




Global SDR                                                         Rafael Aguado
                                                                   rafael@globalsdr.com
                                                                   Dr. Eduardo Solana
The new era of software radio                                      eduardo@globalsdr.com
Global SDR            1   of   19                                   www.globalsdr.com
Information contained herein is proprietary information and is made available
                                                                to you because of your interest in our SDR Program Expertise. This information
                                                                     is submitted in confidence and its disclosure to you is not intended to
                                                                  constitute public disclosure or authorization for disclosure to other parties.


   Who we are
                                                                    GSDR

                                    Mr. Rafael Aguado holds a Master's degree in Computer
                                     Science from Polytechnic University of Madrid. He has
                                      been involved in most of the European initiatives for
                                      Software Radio development, managing the Spanish
                                     efforts in the ESSOR programme. He was the technical
                                    leader of the ESSaC program, where the foundations of
         rafael@globalsdr.com             the European SCA Certification were defined.

      Dr. Eduardo Solana is Senior Lecturer of Cryptography and
       Security in the University of Geneva. Amongst others, he
       has worked for IBM and PricewaterhouseCoopers where
        he was Global Subject Matter Expert for authentication
      solutions. He has more than twenty years of experience in
      the fields of cryptography and information security both in
                  the private sector and the academia.                      eduardo@globalsdr.com




Global SDR                                   2   of   19                                        www.globalsdr.com
Information contained herein is proprietary information and is made available
                                                              to you because of your interest in our SDR Program Expertise. This information
                                                                   is submitted in confidence and its disclosure to you is not intended to
                                                                constitute public disclosure or authorization for disclosure to other parties.


   What we do
         Development                                             GSDR

                          We are entitled to make your business grow. We are able to
           Business




                           customize your marketing campaign worldwide, find new
                                    possibilities or even find new markets
         Consulting




                         The consulting portfolio includes every step on the lifecycle of
            SDR




                            your SDR product. Think also in applying new Software
                        development models or best practices to your current processes
         Consulting




                        With more than 15 years of experience our company brings into
          Security




                         the SDR technology unique security features. We are a truly
                              independent company, devoted only to our clients

                        Training is considered the basic and first step in the development
             Training




                        of your team. Our company is experienced and specially skilled in
                            providing you with the preparation for the tools you need



Global SDR                              3   of   19                                           www.globalsdr.com
Information contained herein is proprietary information and is made available
                                        to you because of your interest in our SDR Program Expertise. This information
                                             is submitted in confidence and its disclosure to you is not intended to
                                          constitute public disclosure or authorization for disclosure to other parties.


   Introduction to the problem
   Introduction

       “The good thing about standards
       is that there are too many to
       choose from”




Global SDR                4   of   19                                   www.globalsdr.com
Information contained herein is proprietary information and is made available
                                                   to you because of your interest in our SDR Program Expertise. This information
                                                        is submitted in confidence and its disclosure to you is not intended to
                                                     constitute public disclosure or authorization for disclosure to other parties.


   Introduction to the problem
                                              Problem definition
      SCA Security Supplement.
        The SCA security supplement is still considered the most
         important reference in the security definition of a SDR
         based equipment.
      CICM
        MITRE cryptographic driver is increasing its importance as
         standard in order to offer functionality from the
         cryptographic side.
      CORBA
        CORBA connectivity mechanisms will be addressed in
         order to provide transparent communications between
         Red and Black subsystems.

Global SDR                      5   of   19                                        www.globalsdr.com
Information contained herein is proprietary information and is made available
                                                                       to you because of your interest in our SDR Program Expertise. This information
                                                                            is submitted in confidence and its disclosure to you is not intended to
                                                                         constitute public disclosure or authorization for disclosure to other parties.


   Definition of the Architecture
   Building blocks
       Equipment Security Limit
        INFOSEC Boundary
                                      Crypto Limit

             RED SOFTWARE                CS / S                 BLACK SOFTWARE
                     Waveform                                        Waveform

                      SCA                Crypto                        SCA
                                         Software
             POSIX     CORBA                                POSIX        CORBA
                                  M                                                                M
                                  H                                                                H
             Operating            A
                                                            Operating                              A
                   System         L     Operating                 System                           L
                                         System
                       BSP                                             BSP


             RED DIGITAL HW              CS / S                 BLACK DIGITAL HW
                                                                                                                      RF
                       GPP                GPP               GPP        DSP              FPGA
                                                                                                                FrontEnd



Global SDR                                        6   of   19                                          www.globalsdr.com
Information contained herein is proprietary information and is made available
                                                                                   to you because of your interest in our SDR Program Expertise. This information
                                                                                        is submitted in confidence and its disclosure to you is not intended to
                                                                                     constitute public disclosure or authorization for disclosure to other parties.


   Definition of the Architecture
   Goal driven
                                    Audio and data communications
                                    Provide COMSEC capabilities through the CS/S
                       DEFINITION



                                    User Authentication & Authorization
                                    This operation implies the communication of the credentials through all the control
                                    elements of the platform
        GOAL DRIVING




                                    TRANSEC
                                    The TRANSEC capabilities allows the interactions between the Cryptographic
                                    subsystem and the Digital Modem.




                                    Communication through CS/S
                                    CORBA connectivity mechanisms will be addressed in order to provide transparent
                                    communications between Red and Black subsystems.



Global SDR                                                7    of   19                                             www.globalsdr.com
Information contained herein is proprietary information and is made available
                                                                       to you because of your interest in our SDR Program Expertise. This information
                                                                            is submitted in confidence and its disclosure to you is not intended to
                                                                         constitute public disclosure or authorization for disclosure to other parties.


   Standards implementation
   Communications mechanisms
             RED SubSystem                              Crypto SubSystem                      Black SubSystem


                 CryptoDevice                                                                           CryptoDevice




                  Component




                                                                            CONNECTION
                                       CONNECTION
                                                                                                          Component




                  CORBA                                   NOT CORBA                                       CORBA
                 CAPABLE                                   CAPABLE                                       CAPABLE

             Control and data encryption communications
             Ciphering and deciphering the data flow is one of the basic operations of a
             secure system. In addition to these operations, the data flow coming from the
             crypto can be used also to generate the TRANSEC seed

Global SDR                                          8    of   19                                       www.globalsdr.com
Information contained herein is proprietary information and is made available
                                                                     to you because of your interest in our SDR Program Expertise. This information
                                                                          is submitted in confidence and its disclosure to you is not intended to
                                                                       constitute public disclosure or authorization for disclosure to other parties.


   Standards implementation
   Communications mechanisms
             RED SubSystem                            Crypto SubSystem                      Black SubSystem


                DomainManager                                                                        DeviceManager




                DeviceManager




                                                                          CONNECTION
                                     CONNECTION
                                                                                                           Device




                  CORBA                                 NOT CORBA                                       CORBA
                 CAPABLE                                 CAPABLE                                       CAPABLE

             Not CORBA capable connectivity.
             The communication has to be defined between heterogeneous middleware.
             Therefore a mechanism to bypass the crypto has to be defined.


Global SDR                                        9    of   19                                       www.globalsdr.com
Information contained herein is proprietary information and is made available
                                        to you because of your interest in our SDR Program Expertise. This information
                                             is submitted in confidence and its disclosure to you is not intended to
                                          constitute public disclosure or authorization for disclosure to other parties.


   Standards Implementation
                                 Communication Definition

    Transparent communication between
     subsystems
    Transparent monitoring of the
     communications between subsystems
    Access control to the communications
    Independent from the Operating environment
     presented in the platform

Global SDR             10   of   19                                     www.globalsdr.com
Information contained herein is proprietary information and is made available
                                                                                             to you because of your interest in our SDR Program Expertise. This information
                                                                                                  is submitted in confidence and its disclosure to you is not intended to
                                                                                               constitute public disclosure or authorization for disclosure to other parties.


   Standards Implementation
   Communication Definition
            RED SubSystem                        Crypto SubSystem                               Black SubSystem

                  Component                                                                                     Component
                   10.0.1.1                                                                                      10.0.2.1
                        ETF                                                                                         ETF
                       Plugin                                                                                      Plugin
                                                                         AC
                                                             LOG
                                                                        Rules
                                  Acceptator




                                                                                Acceptator
                                                Acceptator




                                                                                                   Acceptator
                                   Message




                                                                                 Message
                                                 Message




                                                                                                    Message
                      PROXY                                    BYPASS                                             PROXY




  Developed for and shared by each                The bypass system of the                      A proxy receiving the
  component of the platform. This plugin will     CS/S including the Log and                    communications from the
  enable the communication with other             access control capabilities.                  different components, which
  components through the NON-CORBA                                                              have to go through the CS/S.
  capable Crypto


Global SDR                                                         11   of      19                                           www.globalsdr.com
Information contained herein is proprietary information and is made available
                                             to you because of your interest in our SDR Program Expertise. This information
                                                  is submitted in confidence and its disclosure to you is not intended to
                                               constitute public disclosure or authorization for disclosure to other parties.


   Radio Security API


   UML
        The Radio Security API is defined by the JTRS SCA
         Security Supplement as a set of functional packages
   Objectives
        Keep the assurance of the COMPUSEC boundary and
         to act as the interface to the Crypto Subsystem
   Different approaches
        The objectives can be achieved by securing the
         operating environment or by implementing specific
         software components (e.g. guards)

Global SDR                    12   of   19                                   www.globalsdr.com
Information contained herein is proprietary information and is made available
                                                                                                                                        to you because of your interest in our SDR Program Expertise. This information
                                                                                                                                             is submitted in confidence and its disclosure to you is not intended to
                                                                                                                                          constitute public disclosure or authorization for disclosure to other parties.


   Radio Security API
   API Definition
              RED SubSystem                                                                                      Crypto               BLACK SubSystem
                                                                                                               SubSystem


                                                                                    Security Service n
                 Security Service 1
                                      Security Service 2
                                                           Security Service 3




                                                                                                                                                                                                            Security Service m
                                                                                                                                         Security Service 1
                                                                                                                                                              Security Service 2
                                                                                                                                                                                   Security Service 3
                                                                                …                                                                                                                       …



                                      Red Crypto                                                         RPC                    RPC
                                                                                                                                                    Black Crypto
                                        Device                                                                                                         Device


     1. The CryptoDevice User invokes the getPort operation, using the Security Service
        identifier as a parameter.
     2. The getPort operation will return a reference to the Security Service Provider.
     3. Then, the Security Service User connects to the Security Service Provider by the
        use of connectPort operation.
     4. Now the Security Service User is able to call the security service functionality.
Global SDR                                                                                                       13   of   19                                                                                                    www.globalsdr.com
Information contained herein is proprietary information and is made available
                                                    to you because of your interest in our SDR Program Expertise. This information
                                                         is submitted in confidence and its disclosure to you is not intended to
                                                      constitute public disclosure or authorization for disclosure to other parties.


   Radio Security API
   Component Allocation
             Service Package   Security Service                    Subsystem
                 Security        Management               RED
                                      Port                RED
                                   Port User              RED
                   Fill
                                       Bus                RED
                                 Management               RED
               Algorithm         Management               RED
               Certificate       Management               RED
                                    Control               RED/BLACK
                 Crypto
                               Encrypt/Decrypt            RED/BLACK
                  Key            Management               RED
                                 Management               RED/BLACK
                TRANSEC
                                  Key Stream              BLACK
                  Policy         Management               RED/BLACK
              Integrity and         Control               RED
             Authentication    Digital Signatures         RED
                  Alarm          Management               RED/BLACK
                  Time           Management               RED/BLACK

Global SDR                      14   of   19                                        www.globalsdr.com
Information contained herein is proprietary information and is made available
                                                                      to you because of your interest in our SDR Program Expertise. This information
                                                                           is submitted in confidence and its disclosure to you is not intended to
                                                                        constitute public disclosure or authorization for disclosure to other parties.


   CICM API
                                                                Crypto Subsystem
      User Authentication
          Authentication based on a User/Password pair. Standard has been modified to improve
           flexibility
      Communication Channel Management
          COMSEC Channel Implementation. Performance driven. CICM problem identified regarding
           the ownership of the channels
      TRANSEC Channels
          The TRANSEC channels have two main objectives. The first one is to be a reliable time source
           while the second one is the random number generation
      Import interface
          To import new cipher algorithm, security policies and keys from a RS-232 port. CICM
           specification problem.
      Configuration
          This functionality group offers the possibility of object administration (keys, algorithms, and
           security policies) to the user.



Global SDR                                       15   of   19                                         www.globalsdr.com
Information contained herein is proprietary information and is made available
                                                                            to you because of your interest in our SDR Program Expertise. This information
                                                                                 is submitted in confidence and its disclosure to you is not intended to
                                                                              constitute public disclosure or authorization for disclosure to other parties.


   CICM API
   Standard Implementation
            CICM
            Although a number of commercial cryptographic interfaces have been standardized and
            are in use, CICM is the first generic cryptographic interface to be developed that meets the
            needs of a wide range of high assurance applications


             RED SubSystem                      Crypto SubSystem                       Black SubSystem

      RSS         Red Crypto                          Crypto                                     BlackCrypto                        RSS
                    Device                            Module                                        Device

                                                         CICM API
                        CICM call




                                                                                                          CICM call
                                                           CICM call




                    CICM API                                                                          CICM API
                   CICM driver                                                                      CICM driver
                                                      Transport
                  Transport (RPC)      RPC              (RPC)               RPC                   Transport (RPC)




Global SDR                                          16     of          19                                       www.globalsdr.com
Information contained herein is proprietary information and is made available
                                          to you because of your interest in our SDR Program Expertise. This information
                                               is submitted in confidence and its disclosure to you is not intended to
                                            constitute public disclosure or authorization for disclosure to other parties.


   CICM API
   Crypto Implementation




Global SDR                 17   of   19                                   www.globalsdr.com
Information contained herein is proprietary information and is made available
                                                      to you because of your interest in our SDR Program Expertise. This information
                                                           is submitted in confidence and its disclosure to you is not intended to
                                                        constitute public disclosure or authorization for disclosure to other parties.


   CICM API
                                                    Improvements

      FILL Interface.
        CICM Import Interface is not compliant with the FILL interface
         proposed by the SCA
      Object deletion
        Incompatibility of the SCA and CICM regarding the deletion of the ‘in
         use’ objects.
      Subsystem Identification
        The CICM is agnostic to the subsystem originator of the call. Useful in
         order to apply security policies to the whole subsystem
      Bypass
        Although under discussion, the bypass policies can be implemented on
         the SCA standard and not by the CICM


Global SDR                           18   of   19                                     www.globalsdr.com
Information contained herein is proprietary information and is made available
                                                                            to you because of your interest in our SDR Program Expertise. This information
                                                                                 is submitted in confidence and its disclosure to you is not intended to
                                                                              constitute public disclosure or authorization for disclosure to other parties.


   Conclusions




                        PORTABILITY                                                                   1st REFERENCE
                                                         SCALABILITY                                  ARCHITECTURE
                      common standards
                                                   upgrading of the different
                    integrating them in the
                                                      subsystems without
                         whole design
FACING THE FUTURE                                   impacting on the others

The improve in
portability and
interoperability will
present an after and
before in the SDR                     INTEROPERABILITY
                                increasing the capability of the platform
development                      to import and run different waveforms




Global SDR                                         19    of    19                                           www.globalsdr.com

More Related Content

Similar to SDR Reference Secure architecture

Sariya it 2019
Sariya it 2019Sariya it 2019
Sariya it 2019Sariya IT
 
Protect your sensitive data against data leaks with Safetica DLP
Protect your sensitive data against data leaks with Safetica DLPProtect your sensitive data against data leaks with Safetica DLP
Protect your sensitive data against data leaks with Safetica DLPAdi Saputra
 
Oh... that's ransomware and... look behind you a three-headed Monkey
Oh... that's ransomware and... look behind you a three-headed MonkeyOh... that's ransomware and... look behind you a three-headed Monkey
Oh... that's ransomware and... look behind you a three-headed MonkeyStefano Maccaglia
 
SDN Adoption Challenges
SDN Adoption Challenges SDN Adoption Challenges
SDN Adoption Challenges Vimal Suba
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AWard Pyles
 
Sira insights from cloud vendor risk assessments
Sira   insights from cloud vendor risk assessmentsSira   insights from cloud vendor risk assessments
Sira insights from cloud vendor risk assessmentsCary Sholer
 
Identity and Access Management Provider
Identity and Access Management ProviderIdentity and Access Management Provider
Identity and Access Management ProviderPriyanka Agarwal
 
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...Tunde Ogunkoya
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
Calgary security road show master deck final
Calgary security road show master deck finalCalgary security road show master deck final
Calgary security road show master deck finalScalar Decisions
 
Non-profit Tech Needs in Serbia
Non-profit Tech Needs in SerbiaNon-profit Tech Needs in Serbia
Non-profit Tech Needs in SerbiaCatalyst Balkans
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...Aladdin Dandis
 
Protection You Need from the Partner You Trust
Protection You Need from the Partner You TrustProtection You Need from the Partner You Trust
Protection You Need from the Partner You TrustADP, LLC
 
Protection You Need from the Partner You Trust
Protection You Need from the Partner You TrustProtection You Need from the Partner You Trust
Protection You Need from the Partner You TrustADP, LLC
 
DarkSide Ransomware Analysis Report
 DarkSide Ransomware Analysis Report DarkSide Ransomware Analysis Report
DarkSide Ransomware Analysis ReportBRANDEFENSE
 
Approaches to Cyber Resilience and Supply Chain Assurance
Approaches to Cyber Resilience and Supply Chain AssuranceApproaches to Cyber Resilience and Supply Chain Assurance
Approaches to Cyber Resilience and Supply Chain AssuranceLeonardo
 
Adp global security trust the platform for business innovation
Adp global security   trust the platform for business innovationAdp global security   trust the platform for business innovation
Adp global security trust the platform for business innovationNathan Gazzard
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Enterprise Italia
 

Similar to SDR Reference Secure architecture (20)

Sariya it 2019
Sariya it 2019Sariya it 2019
Sariya it 2019
 
Protect your sensitive data against data leaks with Safetica DLP
Protect your sensitive data against data leaks with Safetica DLPProtect your sensitive data against data leaks with Safetica DLP
Protect your sensitive data against data leaks with Safetica DLP
 
Oh... that's ransomware and... look behind you a three-headed Monkey
Oh... that's ransomware and... look behind you a three-headed MonkeyOh... that's ransomware and... look behind you a three-headed Monkey
Oh... that's ransomware and... look behind you a three-headed Monkey
 
SDN Adoption Challenges
SDN Adoption Challenges SDN Adoption Challenges
SDN Adoption Challenges
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 A
 
Sira insights from cloud vendor risk assessments
Sira   insights from cloud vendor risk assessmentsSira   insights from cloud vendor risk assessments
Sira insights from cloud vendor risk assessments
 
Identity and Access Management Provider
Identity and Access Management ProviderIdentity and Access Management Provider
Identity and Access Management Provider
 
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Redington Value Journal - June 2017
Redington Value Journal - June 2017Redington Value Journal - June 2017
Redington Value Journal - June 2017
 
Calgary security road show master deck final
Calgary security road show master deck finalCalgary security road show master deck final
Calgary security road show master deck final
 
Non-profit Tech Needs in Serbia
Non-profit Tech Needs in SerbiaNon-profit Tech Needs in Serbia
Non-profit Tech Needs in Serbia
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...
 
Protection You Need from the Partner You Trust
Protection You Need from the Partner You TrustProtection You Need from the Partner You Trust
Protection You Need from the Partner You Trust
 
Protection You Need from the Partner You Trust
Protection You Need from the Partner You TrustProtection You Need from the Partner You Trust
Protection You Need from the Partner You Trust
 
DarkSide Ransomware Analysis Report
 DarkSide Ransomware Analysis Report DarkSide Ransomware Analysis Report
DarkSide Ransomware Analysis Report
 
Approaches to Cyber Resilience and Supply Chain Assurance
Approaches to Cyber Resilience and Supply Chain AssuranceApproaches to Cyber Resilience and Supply Chain Assurance
Approaches to Cyber Resilience and Supply Chain Assurance
 
Adp global security trust the platform for business innovation
Adp global security   trust the platform for business innovationAdp global security   trust the platform for business innovation
Adp global security trust the platform for business innovation
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data Breach
 

Recently uploaded

Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Alkin Tezuysal
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4DianaGray10
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and businessFrancesco Corti
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingMAGNIntelligence
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1DianaGray10
 
Scenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosScenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosErol GIRAUDY
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveIES VE
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2DianaGray10
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxNeo4j
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTxtailishbaloch
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Muhammad Tiham Siddiqui
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
Where developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingWhere developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingFrancesco Corti
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfInfopole1
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameKapil Thakar
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)IES VE
 
.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptxHansamali Gamage
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0DanBrown980551
 

Recently uploaded (20)

Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and business
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1
 
Scenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosScenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenarios
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
Where developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingWhere developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is going
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdf
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First Frame
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)
 
.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0
 

SDR Reference Secure architecture

  • 1. Information contained herein is proprietary information and is made available to you because of your interest in our SDR Program Expertise. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. Secure Architecture Traditional Red - Black Global SDR Rafael Aguado rafael@globalsdr.com Dr. Eduardo Solana The new era of software radio eduardo@globalsdr.com Global SDR 1 of 19 www.globalsdr.com
  • 2. Information contained herein is proprietary information and is made available to you because of your interest in our SDR Program Expertise. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. Who we are GSDR Mr. Rafael Aguado holds a Master's degree in Computer Science from Polytechnic University of Madrid. He has been involved in most of the European initiatives for Software Radio development, managing the Spanish efforts in the ESSOR programme. He was the technical leader of the ESSaC program, where the foundations of rafael@globalsdr.com the European SCA Certification were defined. Dr. Eduardo Solana is Senior Lecturer of Cryptography and Security in the University of Geneva. Amongst others, he has worked for IBM and PricewaterhouseCoopers where he was Global Subject Matter Expert for authentication solutions. He has more than twenty years of experience in the fields of cryptography and information security both in the private sector and the academia. eduardo@globalsdr.com Global SDR 2 of 19 www.globalsdr.com
  • 3. Information contained herein is proprietary information and is made available to you because of your interest in our SDR Program Expertise. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. What we do Development GSDR We are entitled to make your business grow. We are able to Business customize your marketing campaign worldwide, find new possibilities or even find new markets Consulting The consulting portfolio includes every step on the lifecycle of SDR your SDR product. Think also in applying new Software development models or best practices to your current processes Consulting With more than 15 years of experience our company brings into Security the SDR technology unique security features. We are a truly independent company, devoted only to our clients Training is considered the basic and first step in the development Training of your team. Our company is experienced and specially skilled in providing you with the preparation for the tools you need Global SDR 3 of 19 www.globalsdr.com
  • 4. Information contained herein is proprietary information and is made available to you because of your interest in our SDR Program Expertise. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. Introduction to the problem Introduction “The good thing about standards is that there are too many to choose from” Global SDR 4 of 19 www.globalsdr.com
  • 5. Information contained herein is proprietary information and is made available to you because of your interest in our SDR Program Expertise. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. Introduction to the problem Problem definition  SCA Security Supplement.  The SCA security supplement is still considered the most important reference in the security definition of a SDR based equipment.  CICM  MITRE cryptographic driver is increasing its importance as standard in order to offer functionality from the cryptographic side.  CORBA  CORBA connectivity mechanisms will be addressed in order to provide transparent communications between Red and Black subsystems. Global SDR 5 of 19 www.globalsdr.com
  • 6. Information contained herein is proprietary information and is made available to you because of your interest in our SDR Program Expertise. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. Definition of the Architecture Building blocks Equipment Security Limit INFOSEC Boundary Crypto Limit RED SOFTWARE CS / S BLACK SOFTWARE Waveform Waveform SCA Crypto SCA Software POSIX CORBA POSIX CORBA M M H H Operating A Operating A System L Operating System L System BSP BSP RED DIGITAL HW CS / S BLACK DIGITAL HW RF GPP GPP GPP DSP FPGA FrontEnd Global SDR 6 of 19 www.globalsdr.com
  • 7. Information contained herein is proprietary information and is made available to you because of your interest in our SDR Program Expertise. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. Definition of the Architecture Goal driven Audio and data communications Provide COMSEC capabilities through the CS/S DEFINITION User Authentication & Authorization This operation implies the communication of the credentials through all the control elements of the platform GOAL DRIVING TRANSEC The TRANSEC capabilities allows the interactions between the Cryptographic subsystem and the Digital Modem. Communication through CS/S CORBA connectivity mechanisms will be addressed in order to provide transparent communications between Red and Black subsystems. Global SDR 7 of 19 www.globalsdr.com
  • 8. Information contained herein is proprietary information and is made available to you because of your interest in our SDR Program Expertise. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. Standards implementation Communications mechanisms RED SubSystem Crypto SubSystem Black SubSystem CryptoDevice CryptoDevice Component CONNECTION CONNECTION Component CORBA NOT CORBA CORBA CAPABLE CAPABLE CAPABLE Control and data encryption communications Ciphering and deciphering the data flow is one of the basic operations of a secure system. In addition to these operations, the data flow coming from the crypto can be used also to generate the TRANSEC seed Global SDR 8 of 19 www.globalsdr.com
  • 9. Information contained herein is proprietary information and is made available to you because of your interest in our SDR Program Expertise. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. Standards implementation Communications mechanisms RED SubSystem Crypto SubSystem Black SubSystem DomainManager DeviceManager DeviceManager CONNECTION CONNECTION Device CORBA NOT CORBA CORBA CAPABLE CAPABLE CAPABLE Not CORBA capable connectivity. The communication has to be defined between heterogeneous middleware. Therefore a mechanism to bypass the crypto has to be defined. Global SDR 9 of 19 www.globalsdr.com
  • 10. Information contained herein is proprietary information and is made available to you because of your interest in our SDR Program Expertise. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. Standards Implementation Communication Definition  Transparent communication between subsystems  Transparent monitoring of the communications between subsystems  Access control to the communications  Independent from the Operating environment presented in the platform Global SDR 10 of 19 www.globalsdr.com
  • 11. Information contained herein is proprietary information and is made available to you because of your interest in our SDR Program Expertise. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. Standards Implementation Communication Definition RED SubSystem Crypto SubSystem Black SubSystem Component Component 10.0.1.1 10.0.2.1 ETF ETF Plugin Plugin AC LOG Rules Acceptator Acceptator Acceptator Acceptator Message Message Message Message PROXY BYPASS PROXY Developed for and shared by each The bypass system of the A proxy receiving the component of the platform. This plugin will CS/S including the Log and communications from the enable the communication with other access control capabilities. different components, which components through the NON-CORBA have to go through the CS/S. capable Crypto Global SDR 11 of 19 www.globalsdr.com
  • 12. Information contained herein is proprietary information and is made available to you because of your interest in our SDR Program Expertise. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. Radio Security API UML  The Radio Security API is defined by the JTRS SCA Security Supplement as a set of functional packages Objectives  Keep the assurance of the COMPUSEC boundary and to act as the interface to the Crypto Subsystem Different approaches  The objectives can be achieved by securing the operating environment or by implementing specific software components (e.g. guards) Global SDR 12 of 19 www.globalsdr.com
  • 13. Information contained herein is proprietary information and is made available to you because of your interest in our SDR Program Expertise. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. Radio Security API API Definition RED SubSystem Crypto BLACK SubSystem SubSystem Security Service n Security Service 1 Security Service 2 Security Service 3 Security Service m Security Service 1 Security Service 2 Security Service 3 … … Red Crypto RPC RPC Black Crypto Device Device 1. The CryptoDevice User invokes the getPort operation, using the Security Service identifier as a parameter. 2. The getPort operation will return a reference to the Security Service Provider. 3. Then, the Security Service User connects to the Security Service Provider by the use of connectPort operation. 4. Now the Security Service User is able to call the security service functionality. Global SDR 13 of 19 www.globalsdr.com
  • 14. Information contained herein is proprietary information and is made available to you because of your interest in our SDR Program Expertise. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. Radio Security API Component Allocation Service Package Security Service Subsystem Security Management RED Port RED Port User RED Fill Bus RED Management RED Algorithm Management RED Certificate Management RED Control RED/BLACK Crypto Encrypt/Decrypt RED/BLACK Key Management RED Management RED/BLACK TRANSEC Key Stream BLACK Policy Management RED/BLACK Integrity and Control RED Authentication Digital Signatures RED Alarm Management RED/BLACK Time Management RED/BLACK Global SDR 14 of 19 www.globalsdr.com
  • 15. Information contained herein is proprietary information and is made available to you because of your interest in our SDR Program Expertise. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. CICM API Crypto Subsystem  User Authentication  Authentication based on a User/Password pair. Standard has been modified to improve flexibility  Communication Channel Management  COMSEC Channel Implementation. Performance driven. CICM problem identified regarding the ownership of the channels  TRANSEC Channels  The TRANSEC channels have two main objectives. The first one is to be a reliable time source while the second one is the random number generation  Import interface  To import new cipher algorithm, security policies and keys from a RS-232 port. CICM specification problem.  Configuration  This functionality group offers the possibility of object administration (keys, algorithms, and security policies) to the user. Global SDR 15 of 19 www.globalsdr.com
  • 16. Information contained herein is proprietary information and is made available to you because of your interest in our SDR Program Expertise. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. CICM API Standard Implementation CICM Although a number of commercial cryptographic interfaces have been standardized and are in use, CICM is the first generic cryptographic interface to be developed that meets the needs of a wide range of high assurance applications RED SubSystem Crypto SubSystem Black SubSystem RSS Red Crypto Crypto BlackCrypto RSS Device Module Device CICM API CICM call CICM call CICM call CICM API CICM API CICM driver CICM driver Transport Transport (RPC) RPC (RPC) RPC Transport (RPC) Global SDR 16 of 19 www.globalsdr.com
  • 17. Information contained herein is proprietary information and is made available to you because of your interest in our SDR Program Expertise. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. CICM API Crypto Implementation Global SDR 17 of 19 www.globalsdr.com
  • 18. Information contained herein is proprietary information and is made available to you because of your interest in our SDR Program Expertise. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. CICM API Improvements  FILL Interface.  CICM Import Interface is not compliant with the FILL interface proposed by the SCA  Object deletion  Incompatibility of the SCA and CICM regarding the deletion of the ‘in use’ objects.  Subsystem Identification  The CICM is agnostic to the subsystem originator of the call. Useful in order to apply security policies to the whole subsystem  Bypass  Although under discussion, the bypass policies can be implemented on the SCA standard and not by the CICM Global SDR 18 of 19 www.globalsdr.com
  • 19. Information contained herein is proprietary information and is made available to you because of your interest in our SDR Program Expertise. This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties. Conclusions PORTABILITY 1st REFERENCE SCALABILITY ARCHITECTURE common standards upgrading of the different integrating them in the subsystems without whole design FACING THE FUTURE impacting on the others The improve in portability and interoperability will present an after and before in the SDR INTEROPERABILITY increasing the capability of the platform development to import and run different waveforms Global SDR 19 of 19 www.globalsdr.com