| Objective: ||Develop advanced Information Assurance (IA) mechanisms to ensure timely, trusted information is available on C2ISR networks.
|| Description: ||The DoD’s adoption of the Global Information Grid (GIG) as a means to implement net-centric warfare requires the wide spread distribution and protection of trusted information. To realize this capability, the Anti-Tamper-Software Protection Initiative (AT-SPI) Technology Office, in partnership with ESC’s (551st Electronic Systems Wing (formerly known as Battle Management Systems Wing), seeks to explore and extend innovative Information Assurance (IA) mechanisms to protect C2ISR networks. These IA mechanisms (e.g. code algorithms, network appliances, software applications, automated procedures, etc.) should increase the current capability to identify/track/mitigate network intrusions. Additionally, these mechanisms should have minimal impact on other effective detection mechanisms or network-loading efficiencies and help optimize the IA performance of C2ISR networks.
Airborne and Ground-based systems working on the fringes of a network experience intermittent drop-offs lasting from seconds to hours. Once a connection is re-established, the network needs to quickly decide if the entity is, in fact, the dropped system, a new system coming on-line, or a hostile intrusion. Intrusion identification/tracking requires advanced applications based upon dynamic addressing, and special security techniques. Data from airborne and Ground-based networks has led to a database of suspect access actions which can be used to characterize the necessary IA properties of each network’s environment. It is expected that the proposals will exploit existing USAF IA structures and databases to explore potential new IA mechanisms to develop, validate and enhance network IA environments. Figures of merit in assessing the effectiveness of the mechanisms should include, but not be limited to, improvements in intrusion detection and identification, enhanced probability of predicting the nature of the “intrusion” (i.e. friend, foe or unknown) in structured architectures and reduced false-alarm alerts.
|| ||PHASE I: Conduct analysis, using real data, to develop mechanism descriptions for intrusion identification/ intrusion-tracking techniques to optimize intrusion detection, search and track capabilities within structured architectures/networks. Compare and contrast the candidate mechanisms.
|| || ||PHASE II: Perform detailed analysis and demonstrate the efficacy of mechanisms for intrusion detection, searching, and tracking in IA environments. Conduct tests to assess the effectiveness of each mechanism. Develop/ demonstrate an automated, near-real-time IA processing mechanism (i.e. network appliance, software application, automated procedure) using real-world military network data sets.
|| ||DUAL USE COMMERCIALIZATION: Military application: Developed products will be used in networks requiring rapid detection/tracking of intrusion, within limited bandwidth, supporting the IA data-collection, and minimizes intruder interference. Commercial application: Developed products will be used in protected commercial networks experiencing unwanted intrusion interference. Potential examples include networks in: medicine, personnel (H/R) processing and banking.
|| References: ||1. AFPD 33-2, "Information Protection"
2. AFI 33-202, Volume 1, "NETWORK AND COMPUTER SECURITY"
|Keywords: ||Information Assurance, IA, network-centric, anti-tamper, trusted information, protection, security, algorithms, intrusion-detection, intrusion-tracking, interference, node authentication|