Secure Communication for Contested Environments

NPS NRP Executive SummaryMany current communication channels rely largely on interactive cryptographic protocols to establish security. These protocols require real-time round-trips of synchronous interaction between devices and makes them susceptible to channel-tear down by adversaries as well as environmental effects ' subsequently leading to additional set-up time and increased electromagnetic footprint. Within a contested environment, such protocol use presents physical vulnerabilities to logistics due to the increased location detectability from the electromagnetic footprint as well as cyber security vulnerabilities. In particular, if an adversary compromises the communications channel, they can gain long-term access to the data. This research looks at addressing this problem through use of secure asynchronous protocols. Protocols supporting asynchronicity limit downtime, offering efficiency benefits under restricted communication. They furthermore have potentially attractive security features such as self-healing security in the event of adversarial compromise of a communications channel. This research applies CAC2S as a case study, framing the environment concerns to the contested restrictions anticipated.N4 - Fleet Readiness & LogisticsThis research is supported by funding from the Naval Postgraduate School, Naval Research Program (PE 0605853N/2098). https://nps.edu/nrpChief of Naval Operations (CNO)Approved for public release. Distribution is unlimited.

Utilizing the Messaging Layer Security Protocol in a Lossy Communications Aerial Swarm

Recent advancements in unmanned aerial vehicle (UAV) capabilities have led to increasing research into swarming systems. Unfortunately, efforts to date have not resulted in viable secure communications frameworks, and the limited processing power and constrained networking environments that characterize these systems preclude the use of many existing secure group communications protocols. The Messaging Layer Security (MLS) protocol, currently under development at the Internet Engineering Task Force (IETF), offers some attractive properties for these types of systems. This work looks at integrating MLS into the Advanced Robotic Systems Engineering Laboratory (ARSENL) UAV swarm system as a means of assessing its efficacy. Implementation test results are presented both for experiments conducted in a simulation environment and with physical UAVs

Computationally Modeling User-Mediated Authentication Protocols

User interaction constitutes a largely unexplored field in protocol analysis, even in instances where the user takes an active role as a trusted third party, such as in the Internet of Things (IoT) device initialization protocols. Initializing the study of computational analysis of 3-party authentication protocols where one party is a physical user, this research introduces the 3-party possession user mediated authentication (3-PUMA) model. The 3-PUMA model addresses active user participation in a protocol which is designed to authenticate possession of a fixed data string – such as in IoT device commissioning. To demonstrate the 3-PUMA model in practice, we provide a computational analysis of the ISO/IEC 9798- 6:2010 standard’s Mechanism 7a authentication protocol which includes a user interface and interaction as well as a device-to-device channel. We show that the security of ISO/IEC 9798-6:2010 Mechanism 7a relies upon a non-standard MAC security notion, which we term existential unforgeability under key collision attacks (EUF-KCA). It is unknown if any standardized MAC algorithm achieves EUF-KCA security, indicating a potential vulnerability in the standard

Trident Room Podcast Episode 24: Dr. Britta Hale, Exchanging Big Ideas [audio]

The Trident Room Podcast officially started broadcasting in the summer of 2020. It was created by an HSI/OR student who wanted to capture conversations he was having with the impressive array of faculty, students, and staff roaming the halls of NPS. Podcasting provides a direct and unfettered connection with listeners, and he wanted to bring that same kind of informative, yet intimate exchange to the Naval Postgraduate School community.Trident Room Host Michael Gannon sits down with cryptographer and NPS faculty member Dr. Britta Hale. This episode was recorded on July 30, 2021

Faces of NPS: Britta Hale, PhD

Faces of NPS features Interviews spotlighting the students, faculty, staff and alumni of our Nation’s premier defense education and research institution.Dr. Britta Hale is a cryptographer and Assistant Professor in Computer Science at NPS

Reducing Asymmetry in Countering Uncrewed Aircraft Systems

Symposium PresentationApproved for public release; distribution is unlimited

Introduction to the Minitrack on Cyber Systems: Their Science, Engineering, and Security

Proceedings of the 53rd Hawaii International Conference on System Sciences | 202

Reducing Asymmetry in Countering Unmanned Aerial Systems

Excerpt from the Proceedings of the Nineteenth Annual Acquisition Research SymposiumCurrent Counter Unmanned Aerial Systems (C-UAS) rely heavily on low-efficiency techniques such as broadband radio frequency (RF) jamming and high-intensity lasers. Not only do such techniques come at the cost of second and third order effects—such as collateral jamming risks to operational systems, a large RF footprint, and high energy use—but they also present an asymmetry between threat and response. Many commercial, off-the-shelf UAS devices are inexpensive compared to the C-UAS systems historically under focus in Department of Defense (DoD) acquisition. This work argues for leveling that asymmetry by exploring C-UAS autonomy-on-autonomy options by using cyberattack payload capabilities residing on a UAS. By reducing the attack surface to focus on a particular target, these cyber techniques provide scalpel-edged control to the operator, reducing risk to own systems, RF footprint, and collateral damage.Approved for public release; distribution is unlimited

A Note on Hybrid Signature Schemes

This draft presents work-in-progress concerning hybrid/composite signature schemes. More concretely, we give several tailored combinations of Fiat-Shamir based signature schemes (such as Dilithium) or Falcon with RSA or DSA. We observe that there are a number of signature hybridization goals, few of which are not achieved through parallel signing or concatenation approaches. These include proof composability (that the post-quantum hybrid signature security can easily be linked to the component algorithms), weak separability, strong separability, backwards compatibility, hybrid generality (i.e., hybrid compositions that can be instantiated with different algorithms once proven to be secure), and simultaneous verification. We do not consider backwards compatibility in this work, but aim in our constructions to show the feasibility of achieving all other properties. As a work-in-progress, the constructions are presented without the accompanying formal security analysis, to be included in an update

Secure Channels and Termination: The Last Word on TLS

Secure channels are one of the most pivotal building blocks of cryptography today. Internet connections, secure messaging, protected IoT data, etc., all rely upon the security of the underlying channel. In this work we define channel protocols, as well as security for channels constructed from stateful length-hiding authenticated encryption (stLHAE) schemes. Furthermore, we initiate the concept of secure termination where, upon receipt of a signifying message, a receiver is guaranteed to have received every message that has been sent, and will ever be sent, on the channel. We apply our results to real-world protocols, linking the channel environment to previous analyses of TLS 1.2, and demonstrating that TLS 1.2 achieves secure termination via fatal alerts and close_notify messages, per the specification of the Alert Protocol