Intercepted communications: Encryption standards for the defense edge

Shaza Khan
March 18, 2024

In an increasingly digitized world, safeguarding sensitive military information is paramount. Encryption is a critical component of data security, providing a reliable method for ensuring the security and confidentiality of sensitive data for government, defense, and aerospace organizations operating at the edge.

History of Encryption in Military Operations

The use of encryption in military operations can be traced back to ancient civilizations. Encryption techniques such as substitution ciphers and transposition ciphers were used to safeguard military plans and strategic information. In fact, the Spartan military is known to have employed Scytale, a rudimentary form of transposition encryption, during the fifth century B.C. to ensure secure communication between their forces.

During the World Wars, encryption gained significant prominence with both Allied and Axis powers investing heavily in cryptographic methods. Wireless telegraphy, codes, and ciphers were used by military units in World War I. For example, field armies used trench codes to relay tactical messages between troops on the front lines. In fact, a key event that helped bring the United States into World War I was the Zimmermann telegram, which proposed a military alliance between Germany and Mexico, that was decoded by cryptographers at the British Naval Intelligence.

World War II ushered in the development of more advanced encryption methods. The study of enemy codes and decryption, known as cryptanalysis, was a crucial aspect of the war effort. Intelligence agencies, such as Britain's Government Code and Cipher School at Bletchley Park, dedicated numerous resources to deciphering enemy encryption. One impressive encryption device used by the Axis powers was the Enigma machine. Initially considered unbreakable, the Allies made significant cryptographic advancements and managed to decipher the Enigma code. The successful decryption of intercepted enemy messages provided invaluable information that influenced military strategies and helped shorten the duration of the war.

After World War II, encryption technologies continued to evolve. Government agencies, such as the National Security Agency (NSA) in the United States, worked on developing more sophisticated encryption systems. These advancements in cryptography laid the foundation for modern encryption algorithms and protocols that are widely used today.

Intercepted communications: The need for encryption at the edge

Edge computing refers to the practice of processing and analyzing data closer to where it is generated, rather than relying on centralized data centers. This approach allows for faster response times, reduced latency, and increased efficiency. However, it also introduces unique security challenges that must be addressed.

For government and military organizations operating at the edge, secure communication channels are indispensable. These organizations handle highly classified information and need to protect it from interception, tampering, and espionage. Interception, for instance, refers to the unauthorized access to and eavesdropping on data during transmission. Tampering involves modifying or altering data in transit, while espionage entails attempts to gain unauthorized access to sensitive information. These threats highlight the need for strong encryption protocols and key management practices for these high-risk environments.

Encryption involves transforming data into an unreadable format, only accessible to authorized parties with the correct decryption key. By encrypting data at the edge, government and military organizations can mitigate the risks associated with unauthorized access and data breaches.

Effective encryption solutions should utilize industry-standard algorithms and cryptographic protocols. AES (Advanced Encryption Standard) and RSA (Rivest-Shamir-Adleman), for example, are widely adopted encryption algorithms that offer a high level of security. Additionally, secure key management practices, such as regular key rotation and secure storage, are crucial for maintaining the integrity and confidentiality of encrypted data.

When selecting an encryption solution for complex and high-risk operations, it's essential to consider factors such as performance, scalability, and compatibility with existing infrastructure. Hardware-based solutions provide robust physical protection and can offload the encryption workload from the CPU, ensuring optimal performance. However, they may require additional investments and careful implementation. Specifically, since the late `90s*, side-channel analysis (SCA) attacks - a classification of hardware security attacks that focus on stealing information indirectly by exploiting unintended information leakages - have been a particular threat against physical systems that implement cryptography, including microprocessors executing cryptography software. Because of this, all cryptographic implementations for the last 25 years have required use of SCA countermeasures-sometimes called SCA-resistant (SCA-R) cryptography. However, it is difficult for hardware encryption solutions to deliver cryptographic agility, or the ability to switch between different cryptographic algorithms if a vulnerability is found.

Software-based encryption solutions, on the other hand, offer flexibility and can be easily deployed across various devices. They can leverage the computational power of modern CPUs and are often more cost-effective. But software-based encryption is still subject to SCA concerns and software introduces other sources of vulnerabilities, such as adversarial access to the code, accidental loss of sensitive data through crash-dumps or heap re-use, poor sources of entropy (the amount of unpredictable randomness) for key-generation, and errors in open-source implementations* if not tested, curated, and managed correctly.

Encryption Standards: NSA Type 1, FIPS 140-2, CSfC, AES and EN

Three prominent encryption standards are FIPS 140-2, NSA Type 1, and the European AES/EN. Each of these encryption standards uses different algorithms and data encryption keys. The strength of encryption keys varies depending on the length of the key. For example, AES uses 128-bit, 192-bit, or 256-bit keys, while FIPS 140-2 requires at least 112-bit keys. Each standard has its unique purpose and scope, and understanding their differences is essential for selecting the appropriate encryption standard for safeguarding data.

The table below outlines some key differences between these encryption standards:

FIPS 140 Encryption Standards

The Federal Information Processing Standard (FIPS) Publication 140 is a U.S. government standard that specifies security requirements for cryptographic modules used in electronic data processing systems to protect sensitive but unclassified (SBU) information. This standard covers a wide range of encryption algorithms, uses a four-level rating system to measure a module's security level, and requires certification from NIST (National Institute of Standards and Technology). FIPS 140 is widely accepted by government and non-government agencies and has a vigorous certification process. FIPS 140-3, is the latest version of the standard and the previous version, FIPS 140-2 will remain active until September 21, 2026.

AES and EN European Encryption Standards

The European Union has several encryption standards, including the AES and the European Norms (EN). These standards specify the requirements for data encryption for European organizations and require certification from external third-party testing labs. European encryption standards are compatible with a wide range of systems.

NSA Type 1 Encryption Standard

The NSA Type 1 standard is another U.S. government standard that specifies the security requirements for cryptographic modules used in secure systems. The NSA Type 1 standard is the highest level of security assurance available and requires certification from the NSA (National Security Agency). This standard uses highly classified encryption algorithms and keys that are not publicly shared. Devices with NSA Type 1 are available to U.S. government users and contractors and are subjected to International Traffic in Arms Restrictions (ITAR) export restrictions. They are primarily used within the U.S. government and military for securing top-secret communications and data.

An alternative approach: Commercial Solutions for Classified program (CSfC)

Commercial Solutions for Classified (CSfC) is a program initiated by the National Security Agency (NSA) that is designed to protect classified information for secure communications through a different layered approach using commercial security components. It provides a framework for organizations to build an encryption ecosystem by combining different products to achieve the necessary level of security. It allows agencies, such as defense and intelligence agencies that use classified networks, to minimize overall cost, reduce development time, and simplify integration to deploy the latest technologies on systems and networks faster. CSfC is an alternative to hardware-based NSA Type 1 encryption solutions and the choice between them depends on the specific requirements and level of security assurance needed for classified communications.

Future Advances in Encryption

As technology continues to advance and the threat landscape evolves, encryption requirements will continue to change. Some potential trends that may shape the future of encryption include:

1. Quantum-Resistant Encryption: Quantum computers have the ability to break commonly used encryption methods, such as RSA and elliptical curve cryptography (ECC). There is a growing focus on developing quantum-resistant encryption algorithms that can withstand attacks from these powerful computers.
2. Post-quantum Cryptography: Post-quantum cryptography refers to cryptographic algorithms that are resistant to attacks from both quantum and classical computers. Lattice-based, code-based, and multivariate polynomial-based encryption schemes are being researched to ensure long-term security of encrypted data.
3. Homomorphic Encryption: This encryption allows computation to be performed on encrypted data without the need to decrypt it. More practical and efficient, this technology would enhance privacy and security in data sharing and cloud computing, as well as open new possibilities for secure computations on encrypted data.
4. Secure Key Management: Secure key management is critical for increasingly complex cryptographic systems. Advances in key management practices and technologies will ensure the secure generation, storage, and distribution of cryptographic keys.
5. Cloud and Endpoint Encryption: The wide adoption of cloud services and mobile devices has raised the importance of encryption for data both at rest and in transit. Encryption of data stored in the cloud of endpoints (e.g., phones, laptops) will continue to be an area of focus, especially for edge military operations.

How are you handling your military data encryption requirements? ​Contact a Mercury expert today to save time and money.

Learn More:

• JDAR NSA Type 1 Encryption Module
• White paper: Unlocking the True Value of Encryption and Key Management Modes
• Blog: Can you trust your computer? Three ways your system may already be Unsafe
• White Paper: Cross-Domain Solutions for an Evolving Battlefield

References:

• *Kocher, Paul C; Jaffe, Joshua; Jun, Benjamin (1999). "Differential Power Analysis". Annual International Cryptology Conference
• https://www.wired.com/2014/02/gotofail/