Slashdot Mirror
NSA Approves First 802.11b Product for Secret Data
joehoya writes "I realize this is a couple of days old, but the National Security Agency recently certified the Harris Corp's Secnet-11 as the first 802.11b system permitted to carry US SECRET level data. See press release. The system integrates NSA crypto with commercial chipset based 802.11b PCMCIA cards and access points to create a secure wireless LAN. Unfortunately, you and I won't be able to buy them, as they are only available to organizations with an NSA COMSEC account."
That should be nsa.GOV, not nsa.MIL.
You used perfectly and secure in the same sentence. That is all the proof needed to show that you do not know what you are talking about.
- One of them gets detected with a pringles can across the street from an NSA office
- That same cantenna manages to sniff enough packets to crack the keys
My money is on Friday, November 22, 2002--
who is fooling who here? None of the OSes (only Windows versions) it works with are certified for TOP SECRET data.... guess its pretty useless till someone does the linux port eh?
-jon
If all this should have a reason, we would be the last to know.
you and I won't be able to buy them
While you're correct that most citizens (including Slashdot editors, I'd guess!) won't be able to buy these babies, please remember that a large portion of Slashdot's readership is in IT, some of us in positions where we may, in fact, purchase equipment through an NSA COMSEC account. Industries and corporations deemed "essential to the National Security" under conditions set forth in the NPHG Protection Act have been given this priveledge since its passage in 1973, in response to the Viet-nam War. I work at a major corn distributor (food being an essential supply during potential siege or embargo, and breakfast being the most important meal of the day), and I can tell you that I hope to have my hands on these sometime this month, before Christmas or President's Day at the very most. It should speed up our processes considerably to not have to be tied to "wired" networks. It's a fun time to be in IT, and this cloak-and-dagger stuff just makes it better.
Karma: Good (despite my invention of the Karma: sig)
impressive stuff... from what the datasheet says this all looks to be implemented hardware on the card - but given the low-level facilities of the chipsets on consumer-grade 802.11 cards is there any reason why some bright coder can't do a similar thing in driverspace?
"ClipperNet 11 is an innovative new product that allows us to provide our civilian customers with the advantages of secure wireless communications," said an NSA spokesperson. "With Type 1 Encryption, NSANet 11 meets the Department of Defense's stringent requirements for wireless transmission of both classified and unclassified information."
When asked whether the product had any relationship with the Clipper chip proposal of the mid 1990's, the NSA declined to comment. "Er, emm ... we don't have any comment on that", said one NSA spokesperson, who was last seen leaving hastily.
"Don't worry", a Harris spokesperson said. "We would never even think of embedding any technology into our products that would make it possible for secret government agencies to read the encrypted data stream, and we would certainly never use any information gained in that way for marketing purposes. Trust us!"
Harris shares were up 2 3/4 points today.
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
So even their spokespeople are unidentified?
If brevity is the soul of wit, then how does one explain Twitter?
...or tethered with fiber optic cables...
Hey! that would be a great way to keep them from drifting off into space.
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
However, the NSA is somewhat of an exception to this rule. It is widely known that they are the largest employer of mathemeticians worldwide, compared to any other governmental or private organization, including universities. Therefore, widespread solid peer-review of cryptography can actually happen *inside* the NSA without making anything public to the outside world and they would still get decent results. Add on that the NSA's cryptographers and mathematicians tend to be about a decade ahead of the public/academic world, and it all adds up to the NSA not needing to follow the conventional cryptography peer review mantra.
11*43+456^2
For Immediate Release: NSA to use Navajo "Code Talkers" for 802.11b encryption. 11/12/2002 The National Security Agency ("NSA") of the United States announced that effective immeidately they would be using 'code talking' technology based on the language of the Navajo Nation to encrypt all their 802.11b links. "We feel that this is an approriate encryption for these type of links" says Hugh G. Peter Head of NSA Encryption. "Besides, it will put many unemployed Native Americans back to work". The move was immediately commended by Microsoft Corp., who pledged to use this radical new encryption system in all it's new wireless products.
To get something approved for processing at the SECRET level is a moderately big deal for those who work with such data. For the outside world, it's not the last word on the quality of the system.
You can't, for example, get a Linux box approved to process SECRET information (at least, last I checked). Windows is approved, however. Yet, for the commercial user, I would say that Linux is more secure than Windows. What matters is how the system is set up. I'm kind of surprised that there's any demand for wireless networking at the SECRET level. With few exceptions, a classified box has to be physically disconnected from all other machines and operate only from hard drives with no communications software on them. There was an article on cnn.com today about a hacker who got access to sensitive but not classified information on military networks. The reason he didn't get access to classified information is because of the way it's protected.
And forget about anything at the TOP SECRET level or above. We have a room at the office that does work at the TS level. If you bring a disk in there, you can't leave with it. If you bring a hard drive in there, it can't leave the room. Once a computer goes in there, it can't leave either. Well, that's not entirely true...security chops them up into little tiny pieces, waves magnets over them, and does some other magic to make them completely clean before they can leave. They're certainly never useable again. They even destroy the monitors before removing them from the room, in case an image might be burned into them.
Anyway. People who deal with SECRET information will probably be interested in this article, and I'm sure life will go on with no change for those who don't.
Let's say that the quality of the code is roughly proportional to QN, where N is the number of developers and Q is the quality of each developer.
The alleged value of Open Source is that it allows you to increase the value of N by a dramatic number. Even if the developers are merely average, you can get a higher QN with Open Source than with closed source for many projects.
Of course, if the number of half-finished projects on Sourceforge is any indicator, simply opening up is not enough. You have to have some appeal to developers or you aren't going to raise your N much.
Then of course there is the other factor, Q. Even if you have something really cool, there is no gaurantee that those interested will be any better than average, and you will also have to expend some effort "managing" those who are below average or who are just plain crackpots.
Something tells me that the NSA has no trouble attracting developers with a very high "Q" and in sufficient "N" to do an excellent job.
Yes, I know about the "mythical man month" and that you can't just add up developers as I've suggested. That's why this is just an approximation.
Frankly, I think your post borders on Trollish because you've got "only" and "fully secure" in there; but there are probably plenty of people on /. who will eat up your post, just as there are plenty of people who think that obscurity==security. Of course neither side is right; Open Source isn't a panacea, but giving up obsccurity isn't always such a bright idea either.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
I speak only for myself, not as an official representative of the U.S. Government.
g -1 75.html
I decided to write this because I often see misconceptions of military networks on slashdot.
I have been a network administrator in the U.S. Air Force for 5 years. I have administered classified networks in Asia, Europe, the Middle East and the U.S. I have worked on Air Force and Army networks.
(1) The basic levels of classification are:
Unclassified
Confidential
Secret
Top Secret
There's some gray areas between and above but those are the basics
(2) You can process classified information on almost any platform you want. Top Secret on DOS, no problem. Windows 95, every day. Linux, sure. The big restrictions come when a computer is connected to both classified and unclassified networks. In that case the machine must be trusted to differentiate between the classifications. It must make sure that only Unclass was writted to the disk you're going to carry over to the unclassified network.
(3) Classified information, once properly encrypted, is no longer classified and you can pretty much do you what you want with it (put it on your t-shirt, print it on a flag and wave it, blast it in to space, send it over the internet, whatever)
(4) Because of the above, wireless and classified are nothing new. Radios, wireless networks, satellite phones, all of the them are used to transmit classified information.
(5) Moving classified information over unclassified networks is old news and several devices already exist. Devices like the NES (Network Encryption System) and the TACLANE are used to plug in to a classified network, encrypt and encapsulate the data, then move that data over an unclassified network.
http://www.fas.org/irp/program/security/_work/k
(6) What this new device offers is conveniance. Previously to run a network over a wireless link the procedure went something like:
Connect computer/network to DTE/DCE device
Connect DTE/DCE device to crypto
Connect crypto to wireless transmission medium
These steps needed to be completed for both sides of each link. It is slow, complicated, and expensive.
(7) Why not use IPSEC? It's complicated and not NSA certified. You should be able to give crypto to a user and only explain three things to them; in, out, power. Nothing to misconfigure, either it works or it doesn't, no chance of classified spillage.
(8) Why doesn't someone with access just take this thing apart and figure out whatever? This product is likely a CCI (controlled cryptographic item). Opening CCI without certification/authorization is illegal. Besides, without disecting the chips, how much are you really going to learn?
(9) The NSA must have a back door built in, right? No. A back door built in for them would be vulnerable to anybody. I highly doubt we would move national security information over a wireless network with a back door. If you're using their encryption keys, they have a copy and can read the info anyway. If you're not using their encryption keys, then you don't have one of these devices.
(10) Isn't someone going to crack this in a week? No. NSA certified encryption is good and well tested. We still routinely send Top Secret information over 10 year old encryption devices. If they had been compromised, we wouldn't be using them. The information sent from this device is encrypted. Without the same encryption key, you can't communicate with the device. Period.
(11) What about sniffing packets and breaking the key? Go ahead and try. Encrypted information has been floating around in the air for years and years. Multimillion man armies have been sniffing and recording and trying to break for decades. They keys change often. Sure, someone might (if they were lucky) break one key in ten years, but many devices get a new key every day.
I'm sure I left some stuff out and there are faults in my knowledge and spelling. If you have any questions, post and I will try to answer them.