STAMINA—Survivable Tactical Ad Hoc Mobile Network Architectures

The FCS (Future Combat Systems), WIN-T (Warfighter Information Network-Tactical), and JTRS (Joint Tactical Radio System) programs have all identified the need for secure and survivable ad hoc wireless tactical networks to support the network centric battlefield environment of the future. To address this need, Architecture Technology Corporation (ATCorp) is developing the STAMINA Self-Configuring Autonomous Firewall and the STAMINA Active Replication with Fault Masking middleware to increase intrusion tolerance and survivability for MANETs (Mobile Ad-hoc Networks) including, but not limited to, CERDEC's (US Army's Communication-Electronics Research, Development and Engineering Center) TWNA (Tactical Wireless Network Assurance) architecture. The STAMINA components provide a powerful integrated information assurance and survivability architecture for future mobile tactical networks, protecting them from sophisticated network and information attacks launched by adversaries to disrupt the network operations.

STAMINA's intrusion tolerance capabilities specifically target the Policy Management System (PMS) components in a MANET and in TWNA architecture shown in the following figure.

The PMS is the centerpiece of the TWNA architecture and a vital component to other secure MANETs. It implements and distributes the security policies governing not only the normal operations of the network but also the response of the network under attack. Given the central role of the PMS, any intrusion-induced subversion of this function would wreak havoc on the tactical network. STAMINA hardens the PMS (as well as other systems such as the Bandwidth Broker) and the critical network services that the PMS uses, to make them intrusion-resistant. This ensures uninterrupted and correct operation of the network in spite of attacks.

To further underscore the need for STAMINA additions to the PMS components of TWNA and other MANETs, consider the attack scenario depicted in the above figure. The IDS (Intrusion Detection System) component detects an information attack launched from a compromised node within the network and notifies the PMS of the event. In response to this attack, the PMS, working with the TPKI, revokes the credentials of the compromised nodes identified by the IDS. Furthermore, it adjusts the security posture of the network as dictated by the security policy. The PMS accomplishes this by directing the Bandwidth Broker (BB) to reprioritize the traffic flows and by reconfiguring the firewall rules within the nodes of the network to define the allowable flows for the new security posture.

Suppose the PMS host itself is compromised either through an external attack or through physical capture. In this case, the PMS functionality can be subverted by the attacker to launch a wide variety of debilitating attacks on the network. Arbitrary revocations of the credentials of good nodes within the network and malicious reconfiguration of the firewall rules within network nodes would disrupt critical traffic flows thereby causing a catastrophic failure of the tactical network. STAMINA will address this problem by ]hardening^ the PMS with intrusion tolerance capabilities using Active Replication with Fault Masking that will enable the network to function reliably in spite of a compromise of one or more hosts executing PMS functions. STAMINA will also harden the network services that the PMS relies upon to make them intrusion-resistant. Currently TPKI revocations take 24 hours to propagate from the Central Authority, but the STAMINA Self-Configuring Autonomous Firewalls working with the PMS can implement an instant quarantine based on IDS feedback to the PMS.

STAMINA Innovations and Benefits

STAMINA is a communication middleware which provides validated and verified flow control and multicast group communication to single endpoints through merged voting. This is done with two main components: