Suite B Cryptography
Problem
In order to prevent these products from falling into the wrong hands, they have strict security controls that make them cumbersome to store, operate, and share with partners. A Type 1 product is a Controlled Cryptographic Item (CCI) that is handled through the COMSEC Material Control System (CMCS), a logistics and accounting system through which COMSEC equipment is distributed, controlled, and safeguarded. Although important for protecting the sensitive designs of these products, these requirements create a heavy operational burden. They must be stored in a secure location, or in the possession and supervision of an authorized and trained custodian with an appropriate security clearance. In many situations, these burdens make the use of CCI impractical. Examples include deployment or transport by uncleared personnel, sharing with Coalition partners or local governments, and use with unmanned sensors. Type 1 products go through a thorough design and development process, overseen by the NSA. The process can take two to three years to complete development and evaluation, which can be too long to meet user requirements. The lengthy process also does not allow products to keep pace with technology innovation, which often leads to technology refreshes every two to three years. A technology may be obsolete before it is ever brought to market. Type 1 products are sold only to the US government, which limits the market size. This results in products that are more expensive than commercial alternatives that solve similar problems. In addition, a security overlay architecture (such as the Inline Network Encryptor(INE)) has been adopted to satisfy most communications security requirements because it allows a single solution to be leveraged across a wide variety of communications options. However, this architecture results in solutions that are less than ideal because they have more components than necessary, and this makes it difficult to develop smaller, highly-integrated, more cost-effective solutions to point problems. The combination of operational burdens, long evaluation processes, and high costs make CCI impractical for many applications that require strong security. Without a solution to address these problems, these important applications either will not be implemented, will be implemented with inadequate security, or will be implemented at a much higher cost than necessary. SolutionThe desire to support increased communications without operational burdens and the explosive growth of communications technologies and solutions, combined with reduced government budgets require a different approach to communications security. Open standards, with the assistance of government expertise from NSA and NIST, have matured to the point where they can more than adequately protect National Security Information. The government wants to leverage these advances, along with the tremendous ongoing industry investment in commercial communications security technology. 
To address these issues, NSA has announced Suite B Cryptography, a set of unclassified algorithms including AES, and “Secure Sharing Suite”, a common suite of public security standards and protocols. Suite B is part of the NSA Cryptographic Interoperability Strategy (CIS), developed to improve information sharing within the United States and with coalition partners. Open standards and the use of strong public algorithms provide interoperability and allow for the possibility of release to coalition partners or state and local governments. And Suite B may be used to protect sensitive but unclassified (SBU) as well as classified information (SECRET) with NSA approval, where currently only Type 1 products are approved. This provides a solution that will free organizations from the onerous burdens of COMSEC handling requirements currently associated with CCI equipment. Since the vast majority of classified information is SECRET or below, approved Suite B products could significantly improve the speed and flexibility of deploying secure, COTS-based communications systems. NSA is also developing a new Commercial Solutions Partnership Program (CSPP) program. The program enables the use of a combination of COTS information assurance products that form a particular application solution to protect information up to the SECRET level. This program will leverage the NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) and the NIST Cryptographic Module Validation Program (CMVP), also known as FIPS 140. The NSA plans layered solutions to targeted classes of use rather than simply approving specific COTS products. Therefore, the COTS Suite B network architecture uses layered products and protocols to provide security. In IP networks, a combination of layer 2 and layer 3 security protocols are recommended. For wireless LANs, this includes WPA2 with EAP-TLS and IPsec with Suite B algorithms. Secure Sharing Suite
Fortress SolutionTo provide interoperability with third party implementations, Fortress supports WPA2-EAP-TLS and IPsec Suite B. As well, Fortress fully complies with interoperability standards as outlined by the IP Minimal Essential Interoperability Requirements (IPMEIR) specification. All Fortress products are designed to meet FIPS 140-2, 140-3, Common Criteria, DODD 8100.2, and service based accreditation processes. The ultimate security level of any product is determined by the quality of the cryptographic implementation. Fortress Technologies is committed to leading the industry in the implementation of COTS Suite B Cryptography in support of the NSA's Cryptographic Interoperability Strategy. We continue to work closely with our customers to understand their CONOPs and help them successfully leverage secure wireless communications across their operating environments. Throughout the United States federal government and its coalition partners, an urgent and increasing demand for mission-critical secure wireless communications is driving the need for COTS based solutions that will improve capabilities and meet the requirements of the disadvantaged user. Today, COTS based wireless communication solutions can be used to extend the reach of the network as a common transport framework, while approved Type 1 cryptographic products can be overlaid for data protection, where appropriate. Fortress provides this for our customers today. However, there is a strong desire for integrated secure communication solutions, instead of bolt-on security overlays. Today, Fortress' FIPS approved secure wireless products can be deployed to protect Sensitive but Unclassified, NIPRNET traffic. The company's goal is to embrace the COTS Suite B architecture to extend that value to communications at the SECRET level and below, with appropriate NSA review and approval. Fortress is an advocate and leader in implementing COTS Suite B Cryptography in support of the NSA's Cryptographic Interoperability Strategy as promoted by the Committee on National Security Systems-15 (CNSS-15).
|
Classified government communications are protected by special Type 1 encryption products that are controlled by the National Security Agency. Type 1 products typically use classified Suite A cryptographic algorithms, which are developed and controlled by the NSA. These products take multiple years to design and develop and provide security strong enough to protect National Security Systems (NSS) and National Security Information (NSI) at all levels.