Technical-Requiremen
Total Page:16
File Type:pdf, Size:1020Kb
UNCLASSIFIED//FOR OFFICIAL USE ONLY Version 1.0 (U//FOUO) TECHNICAL REQUIREMENTS DOCUMENT (TRD) FOR THE PROGRAMMABLE OBJECTIVE ENCRYPTION TECHNOLOGIES (POET) ADVANCED CRYPTOGRAPHIC MODULE (ACM) DOCUMENT DISTRIBUTION RESTRICTIONS: This document contains information exempt from mandatory disclosure under the Freedom of Information Act (FOIA). Exemption 3 applies. Not Releasable to the Defense Technical Information Center (DTIC) per DOD Instruction 3200.12. Unclassified FOUO Information: The document contains unclassified For Official Use Only information which is for the exclusive use of Government and Contractor personnel with a need-to-know the information. Such information is specifically prohibited from posting on unrestricted bulletin boards or other unlimited access applications. UNCLASSIFIED//FOR OFFICIAL USE ONLY DAAB07-03-R-P650 UNCLASSIFIED//FOR OFFICIAL USE ONLY Version 1.0 06 January 2006 (U//FOUO) Revision History Affected Ver. Date Description of Change Pages 1.0 01/06/06 Initial Release All Dissemination restricted as described on cover page UNCLASSIFIED//FOR OFFICIAL USE ONLY DAAB07-03-R-P650 2 of 285 UNCLASSIFIED//FOR OFFICIAL USE ONLY Version 1.0 06 January 2006 (U//FOUO) TABLE OF CONTENTS Section Page 1. (U//FOUO) Introduction 2 1.1. (U//FOUO) Scope 2 1.2. (U//FOUO) System Overview 2 1.3. (U//FOUO) Definition of Terms 2 2. (U//FOUO) Applicable Documents 2 2.1. (U//FOUO) Program-Specific Documents 2 2.2. (U//FOUO) Government Documents 2 2.2.1. (U//FOUO) Specifications, Standards, or Handbooks 2 2.3. (U//FOUO) Other 2 2.3.1. (U//FOUO) Standards 2 3. (U//FOUO) Technical Requirements 2 3.1. (U//FOUO) Notional High-Speed-Embeddable ACM 2 3.2. (U//FOUO) ACM Capabilities Summary 2 3.3. (U//FOUO) Cryptographic Services 2 3.3.1. (U//FOUO) Key Stream Generation 2 3.3.1.1. (U//FOUO) TRANSEC Key Stream Generation 2 3.3.1.2. (U//FOUO) Cover/Decover Key Stream Generation 2 3.3.2. (U//FOUO) Bulk Encryption/Decryption 2 3.3.3. (U//FOUO) Waveform COMSEC Encryption/Decryption 2 3.3.4. (U//FOUO) Baseband COMSEC Encryption/Decryption 2 3.3.5. (U//FOUO) HAIPE Encryption/Decryption 2 3.3.6. (U//FOUO) Telemetry, Tracking, and Command (TT&C) 2 3.3.7. (U//FOUO) Non Type 1 Services 2 3.3.7.1. (U//FOUO) Key Pair Management 2 3.3.7.2. (U//FOUO) Non Type 1 IPSec 2 3.3.7.3. (U//FOUO) Other Encryption/Decryption 2 3.3.7.4. (U//FOUO) Authentication Processing 2 3.3.8. (U//FOUO) Integrity Services 2 3.3.9. (U//FOUO) Digital Signature Services 2 3.3.10. (U//FOUO) Host Utility Services 2 3.3.11. (U//FOUO) Other Services 2 3.4. (U//FOUO) Mission Based ACM Loadings 2 3.4.1. (U//FOUO) Family of Advanced Beyond Line of Sight (FAB-T) 2 3.4.2. (U//FOUO) High Capacity Communications Capability (HC3) 2 3.4.3. (U//FOUO) Navy Multiband Terminal (NMT) 2 3.5. (U//FOUO) Key Management 2 3.5.1. (U//FOUO) Key Agreement and Key Exchange 2 3.5.1.1. (U//FOUO) Type 1 2 3.5.1.2. (U//FOUO) Non Type 1 2 3.5.2. (U//FOUO) Key Fill 2 Dissemination restricted as described on cover page UNCLASSIFIED//FOR OFFICIAL USE ONLY DAAB07-03-R-P650 3 of 285 UNCLASSIFIED//FOR OFFICIAL USE ONLY Version 1.0 06 January 2006 3.5.2.1. (U//FOUO) RED Fill 2 3.5.2.2. (U//FOUO) Benign Fill 2 3.5.2.3. (U//FOUO) BLACK Fill 2 3.5.3. (U//FOUO) Key Identification 2 3.5.4. (U//FOUO) Key Allocation and Usage 2 3.5.5. (U//FOUO) Key Accounting and Audit 2 3.5.6. (U//FOUO) Key Storage 2 3.5.7. (U//FOUO) Key Update 2 3.5.8. (U//FOUO) Key Rollover 2 3.5.9. (U//FOUO) Key Zeroization 2 3.5.9.1. (U//FOUO) Selective zeroization 2 3.5.9.2. (U//FOUO) Recoverable zeroization 2 3.5.9.3. (U//FOUO) Destructive zeroization 2 3.5.9.4. (U//FOUO) Over-the-Air Zeroization (OTAZ) 2 3.5.10. (U//FOUO) Over-the-Air Rekey (OTAR) 2 3.6. (U//FOUO) Cryptographic Modernization 2 3.6.1. (U//FOUO) Configurability 2 3.6.2. (U//FOUO) Programmability 2 3.6.2.1. (U//FOUO) Programmable Architecture 2 3.6.2.2. (U//FOUO) Cryptographic Software/Firmware Loading 2 3.6.2.3. (U//FOUO) Cryptographic Algorithm Identification 2 3.6.2.4. (U//FOUO) Cryptographic Software/Firmware Storage 2 3.6.2.5. (U//FOUO) Cryptographic Software/Firmware Erasure 2 3.6.3. (U//FOUO) Releasability 2 3.6.4. (U//FOUO) Cryptographic Family Interoperability 2 3.6.4.1. (U//FOUO) HAIPIS 2 3.6.4.2. (U//FOUO) LEF 2 3.7. (U//FOUO) Software Communications Architecture (SCA) 2 3.8. (U//FOUO) Lifecycle 2 3.8.1. (U//FOUO) ACM Startup 2 3.8.2. (U//FOUO) ACM Shutdown 2 3.8.3. (U//FOUO) Algorithm Initialization 2 3.8.4. (U//FOUO) Cryptographic Channel Instantiation 2 3.8.5. (U//FOUO) Cryptographic Channel Run-time 2 3.8.6. (U//FOUO) Cryptographic Channel Termination 2 3.9. (U//FOUO) Levels of Security and Classification 2 3.10. (U//FOUO) ACM Security Policy 2 3.11. (U//FOUO) Bypass Processing 2 3.11.1. (U//FOUO) Cryptographic Channel Bypass 2 3.11.2. (U//FOUO) Control/Status Bypass 2 3.11.3. (U//FOUO) CDL Bypass 2 3.11.4. (U//FOUO) Network Management Bypass 2 3.12. (U//FOUO) Unattended Operation 2 Dissemination restricted as described on cover page UNCLASSIFIED//FOR OFFICIAL USE ONLY DAAB07-03-R-P650 4 of 285 UNCLASSIFIED//FOR OFFICIAL USE ONLY Version 1.0 06 January 2006 3.13. (U//FOUO) Unclassified Handling 2 3.14. (U//FOUO) Tamper 2 3.15. (U//FOUO) TEMPEST 2 3.16. (U//FOUO) Identification and Authentication (I&A) 2 3.17. (U//FOUO) Audit 2 3.18. (U//FOUO) Alarm 2 3.19. (U//FOUO) Built-In Test (BIT) and Health Status 2 3.19.1. (U//FOUO) BIT 2 3.19.1.1. (U//FOUO) Power-on BIT 2 3.19.1.2. (U//FOUO) Continuous BIT 2 3.19.1.3. (U//FOUO) Initiated BIT (IBIT) 2 3.19.2. (U//FOUO) ACM Health Status 2 3.20. (U//FOUO) External Interfaces 2 3.21. (U//FOUO) Design margins 2 3.21.1. (U//FOUO) Processor Capacity 2 3.21.2. (U//FOUO) Memory Capacity 2 3.22. (U//FOUO) Power 2 3.22.1. (U//FOUO) General 2 3.22.2. (U//FOUO) Battery 2 3.23. (U//FOUO) Physical 2 3.24. (U//FOUO) Environmental 2 3.25. (U//FOUO) Maintainability 2 3.26. (U//FOUO) Reliability 2 3.27. (U//FOUO) Interchangeability 2 3.28. (U//FOUO) Workmanship 2 3.29. (U//FOUO) Documentation 2 3.30. (U//FOUO) Information Assurance (IA) Standards and Certification 2 4. (U//FOUO) NOTES 2 4.1. (U//FOUO) Acronyms 2 APPENDIX A: (U//FOUO) POET ACM REQUIRED ALGORITHMS 2 APPENDIX B: (U//FOUO) FAB-T Environmental Requirements 2 APPENDIX C: (U//FOUO) HC3 Environmental Requirements 2 APPENDIX D: (U//FOUO) NMT Environmental Requirements 2 1. Altitude, Non-Operating [Navy] 2 2. Atmospheric Pressure [Navy] 2 3. Temperature 2 3.1. Non-Operating [Navy] 2 3.2. Operating [Navy] 2 4. Humidity [Navy] 2 5. Salt Atmosphere 2 6. Vibration 2 6.1. Below Decks Equipment 2 Dissemination restricted as described on cover page UNCLASSIFIED//FOR OFFICIAL USE ONLY DAAB07-03-R-P650 5 of 285 UNCLASSIFIED//FOR OFFICIAL USE ONLY Version 1.0 06 January 2006 APPENDIX E: (U//FOUO) POET INDEPENDENT VERIFICATION AND VALIDATION (IV&V) MATRIX 2 APPENDIX F: (U//FOUO) Cryptograhic Modernization Requirements for the Programmable OBjective Encryption technologies (POET) Advanced Cryptographic Module (ACM) 2 1. (U) Purpose of Document 2 2. (U) Applicability 2 3. (U) Introduction 2 4. (U) Definitions 2 5. (U) Fundamental Programmable Functionality 2 5.1. (U) Confidentiality 2 5.2. (U) Authentication 2 5.3. (U) Integrity 2 6. (U) Other Considerations 2 6.1. (U) Modular Design 2 6.2. (U) Algorithm Baseline 2 6.3. (U) Spare Capacity 2 7. (U) Reprogrammable Architecture Overview 2 8. (U) Algorithm Approval Process 2 9. (U) Architecture Support Requirements 2 9.1. (U) Algorithm Software Distribution and Download 2 9.2. (U) Distribution of JOSEKI Splits 2 9.3. (U) Algorithm Load Options 2 9.4. (U) Housekeeping Requirements 2 9.5. (U) Algorithm Management Support for Foreign Interoperability and Releasability 2 9.6. (U) Key Management Support 2 9.6.1. (U) Basic System Key Management Functionality 2 9.6.2. (U) Key Fill Options 2 9.6.3. (U) Minimum Key Sizes 2 9.7. (U) Overall ECU Management 2 9.7.1. (U) Generating Electronically Signed Receipts 2 9.7.2. (U) User Status Information 2 9.7.3. (U) Configuration Management 2 10. (U) Designing for Programmability and Flexibility 2 10.1. (U) Reprogramming Software/Firmware 2 10.2. (U) Factory/Depot Initialization 2 10.3. (U) Electronic Serial Numbers 2 10.4. (U) Boot Loaders 2 10.5. (U) Trust Anchors 2 10.6. (U) Switching Among Algorithms 2 10.6.1. (U) Sustaining Operations During Reprogramming 2 10.7. (U) Capacity Chokepoints 2 10.8. (U) Risks And Vulnerabilities 2 10.9. (U) Certification Considerations 2 Dissemination restricted as described on cover page UNCLASSIFIED//FOR OFFICIAL USE ONLY DAAB07-03-R-P650 6 of 285 UNCLASSIFIED//FOR OFFICIAL USE ONLY Version 1.0 06 January 2006 11.