The disclosure relates to systems and methods for secure network domains and, more specifically, multiplexing secure network domains over common transport media.
As enterprise networking technology has evolved, various industries have automated more aspects of their business. Business processes, data and devices are increasingly using networks due to the ease of deployment, maintenance, access, and management. With the ease of access and standardized interfaces comes the increase in security threats to a business' critical infrastructure and sensitive data. In many instances, the reduced costs in general deployment and operation are inversely disproportionate to the new cost of security.
Seeking a solution to the security risks presented by network vulnerabilities, the military directed organizations to segregate various levels of security by the physical separation of all network devices. This method of communications provides a high assurance (HA) method of data exchange while blocking outside entities from gaining access, however redundant and costly. Commercial off the shelf (COTS) equipment is inherently expensive to deploy, maintain, and upgrade for a single network; when applied to multiple security domains the number of security domains is multiplied by the cost of the hardware. Though the expense appears linear, the cost of management is influenced by process, procedures, and personnel, and thus may not be easily absorbed. With COTS technology, this approach is highly impractical for commercial enterprises to implement.
The Industrial Systems Automation (ISA99) working group shares a similar problem to the military in that sensor and supervisory control and data acquisition (SCADA) devices have become network capable. With the exposure of infrastructure to the Internet, cyberattacks against a nation state and large commercial enterprises have become more prevalent. The ISA99 working group has suggested that sensors, SCADA, and automation devices be deployed on a separate network infrastructure for security. However, there is no COTS solution for a single device supporting multiple networks simultaneously and securely.
Another area that could benefit from the secure transfer of data from multiple security domains is in the airline industry. Aircrafts are now equipped with communications equipment allowing both the airplane control systems to communicate with ground stations as well as the passengers of the plane to communicate with the open Internet. This exposes a vulnerability wherein passengers may be able to gain access to the local network containing the aircraft's control systems.
A traditional security approach for local area network (LAN) technology is known as virtual local area networks (VLANs), also known as IEEE 802.1Q. VLANs allow network administrators to “segment” their infrastructure, based on maintaining an access control list (ACL), attempting to control the flow of traffic across between segments. Since VLANs were designed for provisioning rather than security, VLANs are not considered sufficiently strong enough for protecting boundaries between multiple security domains. It is a well-known fact in the industry that LAN switches can be attacked such that the switch defaults back to a hub behavior exposing all traffic on all ports regardless of ACLs; furthermore, VLAN tagging can be used to subvert ACLs and hop from one VLAN to another before the traffic reaches an ACL capable device.
The Institute of Electrical and Electronics Engineers (IEEE) also created the IEEE 802.1X and 802.1AE (MACsec) for port level security and link layer security. However, MACsec does not secure multiple security domains; rather MACsec secures information between authenticated devices on the LAN. In spite of the encryption and authentication mechanisms it provides, end host addressing and layer 2 protocols are not secure. Attempting to service more than one level of security on the same infrastructure would still expose the higher security domains to various attacks from the lower domains. As an example, devices can still be identified by their media access control (MAC) address as they relate to the manufacturer's MAC address range, thus allowing an attacker to footprint the network and determine potential vulnerabilities based on device type.