The HAIPIS Version 3.1 (High Assurance Internet Protocol Encryption Interoperability Specification) is the National Security Agency's latest secure internet protocol specification. HAIPIS is a powerful protocol that permits enclaves equipped with compliant gateways to communicate securely over untrusted networks.
The protocol is based on IPSec with additional restrictions and enhancements. These enhancements include multicast, over-the-network key establishment, Ethernet encapsulation, header compression, and support for Type-1 Suite A and Suite B algorithms. In addition, compliant devices support services such as networking, traffic protection, and management features that provide Information Assurance (IA) in IPv4/IPv6 networks.
The specification can scale to a range of channel capacities, performance levels and other aspects of individual applications. Scalability of HAIPE software components has been an area of active investigation by those skilled in the art. The challenge is to provide a hardware platform that provides the required level of computational support, but can be optimized with respect to cost, size, weight, and related features.
Many commercial and government entities are committed to a network-based communications strategy at all levels, from the Global Information Grid (GIG) to the Tactical Internet and Battlefield Mobile Networks. Commercial network security solutions do not fully address the government/military threat model. IPSec does not sufficiently address vulnerabilities and threats such as flow analysis, routing spoofs and key management spoofs. Features such as Over the Network Key Management, Secure Network Management, dynamic and authenticated peer discovery and guaranteed interoperability over segmented secure domains and public infrastructure are all required.
To address the need for a secure network communications specification, NSA formed the HAIPIS specification development effort. HAIPE IS version 1.x introduced basic signaling interoperability between various products and was primarily intended for enclave gateway implementations to address the flow analysis problem. HAIPE IS version 3.1 adds support for Internet Protocol Version 6 (IPv6), standardized over-the-network management and bandwidth efficient modes and transforms. HAIPE 3.x complaint products can be implemented in hosts and terminals, in addition to enclave gateway solutions.
HAIPIS is a powerful protocol and it is in early stages of proliferation. There is a need for a scalable, programmable HAIPE hardware architecture to address the performance requirements of a broad range of applications. In addition, a programmable platform would be able to accommodate changing requirements with a simple software upgrade.