The advent of the Joint Tactical Radio System (JTRS) has created a software defined radio (SDR) based on the Software Communications Architecture (SCA). SDR radios that are being built for the Department of Defense (DoD) must be SCA compliant. If the radio needs to receive or send secure data, the requirements of the Security Supplement apply. The Security Supplement defines that the user side of a radio (where the user data is supplied) be defined as red. Once the data is encrypted, it is called black. When implementing a radio with embedded security, different types of data exist that need to move across the red-to-black or black-to-red sides of the radio. The user traffic data must be encrypted. However, not all of the data can be encrypted. Some of the data (which will usually exist in packet form) must bypass the encryption process, but must be reunited with the other data on the black side of the radio. The bypass process from red-to-black must be carefully monitored to prevent inadvertent disclosure of user data. Also, the traffic data packet may contain embedded real-time commands, which must also be bypassed.
Currently implemented bypass functions for encrypted/unencrypted data are slow, i.e., the data is not transferred at traffic rates. One current solution under consideration is to build in a bypass as part of the algorithm. However, such a solution requires a unique algorithm design and recertification of that algorithm. This solution is not really feasible, particularly in terms of expense and time.
There are two currently practiced methods for performing the bypass function. Generally, the first method intercepts the data stream, removes the header or real-time command from the data stream, and routes the header outside the en/decrypt module. Additional logic and/or circuitry validate the contents of the header. This method has been the traditional implementation for many years, and requires a significant amount of bypass circuitry.
The second method allows the header to enter the en/decrypt module. The en/decrypt algorithm checks the header contents and performs the en/decrypt function. This method requires unique implementation of the en/decrypt algorithm for each header scheme.
A processing element that can efficiently and cost effectively bypass a cryptographic component without the need for a unique algorithm for each implementation is desirable.