Government Network Security Research

Since our project is targeted towards military personnel, I have done some research into this area. One great resource I found was from Tumbleweed Communications (paper link here), entitled "Identity Validation for Government Wireless Networks". Obviously, this white paper was a great choice because it focuses directly on the topic I was looking for.

First of all, I have limited knowledge in network security. The best knowledge I have is from some classes that taught me a little about encryption algorithms and my own personal research on routers. Also, my personal router uses WPA-2 with AES encryption. Super fancy words, right? Well, it turns out that the government prohibits use of WEP (a common network security protocol) and requires WPA-2 security(with AES encryption) , simply because it requires Layer 4 Encryption.

Layer 4 encryption means the following--there is a different structure to the packet encryption. So first it runs though layer 1 encryption, then it runs though layer 2 , then layer 3, and then though layer 4. All data is placed in an encrypted TCP/UDP packet. The coders add 4 headers to the front of the encrypted message packet: original layer 2 header, orginal IP header, original layer 4 header, then the CE-ESP header. The message looks like the figure below (CipherOptics: http://www.cipheroptics.com/securitysolutions/layer-4-encryption.html).

Layer 4 encryption benefits include (directly from CipherOptics):

• ability to pass encrypted data though Network Address Translation (NAT)
• support for policy-based routing/loading balancing
• lower packet overhead
• Netflow/Jflow support
• Infrastructure independent
• Network high availability and failover transparent

Now let us go over AES. AES or Advanced Encryption Standard is a symmetrical-key encryption standard adopted by the United States government. The standard comprises of three block ciphers: AES-128, AES-192, and AES-256. Where the numbers at the end of the type of cipher indicates the bit size of the key required for encryption. 

According to Wikipedia this is the high-level description of the algorithm (http://en.wikipedia.org/wiki/Advanced_Encryption_Standard):

1. KeyExpansion—round keys are derived from the cipher key using Rijndael's key schedule
2. Initial Round
1. AddRoundKey—each byte of the state is combined with the round key using bitwise xor
3. Rounds
1. SubBytes—a non-linear substitution step where each byte is replaced with another according to a lookup table.
2. ShiftRows—a transposition step where each row of the state is shifted cyclically a certain number of steps.
3. MixColumns—a mixing operation which operates on the columns of the state, combining the four bytes in each column.
4. AddRoundKey
4. Final Round (no MixColumns)
1. SubBytes
2. ShiftRows
3. AddRoundKey

So, we are most defiantly (without a doubt) going to make our network run with WEP-2 security and AES encryption. Or else, the user cannot connect at all to the robot to gather, run, or collect data.

PS. If you are interesting in looking at some code for AES--- look here (it's in C).