Security is an extremely important consideration in network communications. With the ever-increasing utilization of the Internet, most networks now have Internet gateways that open the network to external attacks by would-be hackers. Further, the popularity of wireless networks has also increased dramatically as technology has enabled faster and more reliable wireless communications. Yet, wireless communications are inherently less secure than wired communications, since wireless communication signals are typically much easier to intercept than signals on difficult-to-access cables.
As a result, cryptography modules are often used to encrypt private or secret communications and reduce the likelihood that they will be deciphered and used by malicious individuals or organizations. By way of example, wireless local area networks (WLANs) and WLAN devices are widely used and provide a convenient and cost-effective approach for implementing network communications where it may be difficult or otherwise impractical to run cables. One of the more prominent standards which has been developed for regulating communications within WLANs is promulgated by the Institute of Electrical and Electronic Engineers' (IEEE) 802 LAN/MAN Standards Committee, including the 802.11 standard. In addition to providing wireless communications protocols, the 802.11 standard also defines a wireless equivalent privacy (WEP) cryptographic algorithm used to protect wireless signals from eavesdropping.
The programmable cryptography modules have been developed for use in such cryptography systems. The Sierra and Sierra II programmable cryptographic modules are manufactured and sold by the assignee of the present invention, Harris Corporation of Melbourne, Fla. The Sierra and Sierra II are both programmable cryptographic modules operative as both a multimedia voice and data encryption module. Both modules are miniaturized printing wiring assemblies that include at least one custom application specific integrated circuit (ASIC) and supporting software that is embedded in radios and other voice and data communications equipment to encrypt classified information prior to transmission and storage.
The NSA-certified Sierra modules are an embeddable encryption technology that combine the advantages of the government's high-grade security (Type I) with the cost efficiency of a reprogrammable, commercially produced Type 3 and Type 4 encryption module. Sierra can assume multiple encryption personalities depending on the mission and provide encryption/decryption functionality, digital voice processing (vocoding) and cryptographic key management support functions.
The software programmability provides a low cost migration path for future upgrades to embedded communications equipment without the logistics and cost burden normally associated with upgrading hardware. The Sierra programmable encryption module supports a large number of encryption/decryption algorithms and modes. It has a limited algorithm and mode distribution to customers by the National Security Agency (NSA). Any security policy criteria must be met within the module and approved by NSA. During development, custom module software must be created for each Sierra embedment and intensive NSA software evaluation/certification must be made for every module. Non-flexible customer algorithm updates must be reevaluated by the NSA for new algorithm additions. This increases the manpower resource costs for each embedment.
This problem is currently being solved by a custom module software for each Sierra embedment and costs the NSA software evaluation/certification for every module. The security requirements are pushed to host systems and customers are charged a high NRE. It would be advantageous, however, if the programmable cryptography modules would allow greater flexibility in the delivery of software security policies and development of software embedment packages for different custom applications. The process should be expedited with reduced time and money spent on the NSA certification process. It would also be advantageous if a system and method could be implemented that would facilitate the upgrade of waveforms and algorithms for customers and reduce NRE and manpower resource costs for each embedment.