Network-centric warfare mandates secure communication among numbers of network nodes to form a common operational picture at the command level, or provide immediate situational awareness to a deployed unit, platform, or individual.
Whether in command centers, aircraft, or unmanned aerial vehicles, network nodes are deployed as sensor dust in a mobile, ad-hoc network context, or as human-portable or wearable devices. The nodes perform periodic or event-driven cryptographic rekeying operations to prevent compromising of sensitive information.
BAE Systems develops next-generation solutions for last-mile wireless key distribution to mission groups, user communities, and coalitions. The company’s SecureKeys wireless group rekeying system consists of two primary components; wireless rekeying devices (WRDs) are connected to the fill port of each cryptographic device and inject the appropriate key material, and wireless rekeying gateways (WRGs) package, protect, and securely deliver the key material to the WRDs deployed in the system. Key delivery is accomplished as a group function, minimizing time for rekeying the system and reducing network use.
Designed for the unique challenges of tactical Department of Defense environments, the WRG employs a scalable group rekeying algorithm, leverages standards-based security protocols, and wirelessly performs simultaneous rekeying of the targeted set of WRDs. SecureKeys scales to millions of users for theater-wide secure communications while requiring negligible storage and processing on client platforms. The rekey algorithm is also stateless and does not require the client to receive prior rekey directives to process the current one. This feature is advantageous where communications are intermittent or degraded, or when the receiver has to go offline in emission-controlled or covert operations.
SecureKeys supports multiple wireless infrastructures, and WRGs can be deployed by hierarchy to delegate rekeying functions to tactical commanders best suited to define mission needs. This feature also allows the tactical commander to pre-emptively revoke rekeying privileges in units that may have been lost or compromised.
In addition, the SecureKeys system allows the operator to create and select security policies, network configuration parameters, and rekeying schedules to be used by each WRD. The WRG provides a visual display of the status of known and registered WRDs, and allows the operator to effectively delegate, audit, and override rekeying operations in subordinate WRGs. Revocation of keying privileges for one or more WRDs can be accommodated through revocation lists or operator intervention.
