INFORMATION-BASED SECURITY ARCHITECTURE
Conventionally, security classifications levels are applied to whole documents and documents with different classifications must be stored on separate networks, with strictly controlled interfaces between the networks. This leads to expensive duplication where, for example, a SECRET document may contain only a small amount of actual secret information: a redacted version of the same document, with the secret information removed, may need to be stored on the separate network. Keeping the two copies in sync can introduce significant overhead and opportunity for error.
With IBSA, security classification is applied at the level of paragraphs, pictures or even individual words, with separation between the classifications being enforced using encryption. The separate parts (‘IBSA Objects’) are stored separately (on separate networks if required) and brought together only when a document is to be read or edited. Objects with lower classifications are common to the low-classification and high-classification versions of the document, so the duplication and synchronisation overhead is eliminated.
Exsel Electronics has been involved in the development of this technology, working on behalf of the UK Defence Science and Technology Laboratory (DSTL).
DATA ACCESS TRACKING
Sometimes, the best way to stop people from doing what they shouldn’t is to ensure that, if they do it, they get caught. By managing documents so that not only every change but even every access to them is securely and immutably recorded on a tamper proof blockchain, if data is leaked or stolen then it becomes a straightforward matter to work out who accessed the data most recently before the leak took place. Optionally, to ensure further data security and data loss prevention, digital watermarking can be added to ensure that each time the document is opened then it is, in some subtle way, unique. This provides a forensic link between the leaked data and the perpetrator.
HD VIDEO AND AUDIO STREAMING
Exsel Electronics is a specialist in live, secure audio and video mobile streaming and can advise on and implement optimised solutions for specific applications.
Sending video data over a network is challenging because data volume is high and unless the available communication channel can cope with this volume there will be trade-off between latency, resolution and frame-rate.
DATA INTEGRITY PROTOCOLS AND SYSTEMS
Often it is necessary to verify that data, once it has been sent, it has got through to its destination intact. A good way of ensuring data security protocols and tactical communication is to calculate a ‘hash’ of the data that is sent, then to calculate a hash of what is received, and make sure that the hashes are the same.
A hash is a single number or string of characters, of a fixed length, that is a unique function of the document contents. For example, imagine a document painted onto a pane of glass, with each letter of the alphabet having its own colour—then washing the paint off the glass into a bucket and mixing the colours together. The colour you’d get is exactly like a hash: you cannot reconstruct the document from it, yet it is unique to the document—changing one letter of the document would cause the final colour to be subtly different.
A blockchain is an extreme version of a hash to ensure secure data transfer—in fact a table of hashes which are themselves hashed together and the results copied widely to everyone who has an interest in the data. No link in the chain of hashes can be altered without disrupting the whole chain, giving an extremely secure, auditable and immutable record of all the data transfers.
DIGITAL COMMUNICATIONS STANDARDS AND PROTOCOLS
To get diverse pieces of civilian or military communication equipment talking reliably to each other on the battlefield, especially when hostile forces may actively be trying to prevent that from happening or the connection is vulnerable for any other reason, communications protocol standards must be carefully selected and rigorously enforced.
Protocols suitable for everyday business use, such as SSH or HTTPS, are often unsuitable for government or military communication systems or for lightweight devices (such as Internet-of-Things ‘IoT’ sensors) operating on heterogeneous networks. Carefully selecting the standard to suit the application, and ensuring that all equipment connected to the network is compatible with the standard, is critical for both robustness and security.