The U.S. financial, business, and military sectors rely on cooperative networking for seamless information exchange. The nation’s current “network armor” depends on knowledgeable information technology experts dynamically reconfiguring add-on components, such as firewalls, filters, and VPN appliances, to repair the operational and algorithm kinks exploited by network terrorists.
But pervasive security of mobile and wireline communications that are resistant to intentional or unintentional misuse remains elusive. The solution now lies in new secure network protocols that have no security vulnerabilities to internal and external adversaries, and maintain the performance and flexibility integral to the Internet's success.
BAE Systems is leading research and development of next-generation, secure networking protocols for the Internet and Department of Defense that prevent and retard attacks. The company's expertise combines military networking domain knowledge, university and government research partnerships, and rapid prototyping expertise to target the information assurance requirements of tactical mobile and enterprise networks.
BAE Systems is developing new approaches to multi-hop forwarding, such as cognitive protocols that adapt to traffic and operational characteristics, and applying network coding to military networks. Network coding, which replaces packets with information flows, unifies network services while providing the fault tolerance and performance gains required to eliminate many core security vulnerabilities. The company is also developing techniques to prevent corruption of control information, the root cause of many network attacks, such as falsified routing and denial of service.
BAE Systems is combining advances in symmetric and asymmetric cryptography with data-plane and control-plane signaling to ensure packet integrity, confidentiality, and traceback. These approaches promise to provide strong accountability to future Internet traffic.
Ensuring that networking resources are properly accounted for and managed is a building block of secure protocols. BAE Systems is developing and demonstrating the infrastructure required for managing and enforcing scalable security policies across all network traffic flows. For example, the company’s dynamic firewall services provide the line-rate deep packet inspection necessary for policy enforcement. Cross-layer system design and extensions to existing solutions, such as PKI and IPSEC, provide pragmatic solutions that are compatible with today’s best practices.
BAE Systems has developed formal methods, such as finite state-space analysis, to understand the security characteristics and assumptions of protocol prior to their fielding. This analysis reduces the risk of unidentified vulnerabilities being introduced with new services.