International Defense Security & Technology Your trusted Source for News, Research and Analysis
Military is integrating Smartphones and tablets into their military operations, to enhance situational awareness and as backup communication in denied situations. Marines are considering airborne operations with tablets, Air Force looks at maintenance efficiencies, they have also widely used for training and education. They are also using ruggedized cases to withstand water, impact, and environmental challenges.
Instant messaging has become more convenient for quick and easy communication of text, voice or video than email or SMS text messaging. WhatsApp mobile messaging service owned by Facebook now has grown to more than 1 billion users. The instant-messaging app sees nearly 42 billion messages sent each day via its platform, with over 1.6 billion photos being shared daily. Numbers also reveal that over 250 million videos are shared each day on WhatsApp, and that there are over 1 billion groups.
Users are also concerned with lack of privacy; therefore, the next generation message apps are being designed with security in mind. A secure messaging application will let you safely exchange private information with employees, clients and co-workers, without worrying that your data could be compromised. However, these enhanced security features also allow the terrorist groups to carry out their clandestine communications and propaganda broadcast. FBI has warned about the dangerous dark future where criminals use technology that’s impossible to spy on.
As per a Proposers Day briefing document by Dr. Joshua Baron, DARPA is working on an anonymous, hack-proof and end-to-end mobile communication system. DARPA is soliciting innovative research proposals in the area of cryptographic and communication obfuscation techniques in order to build an anonymous, attack-resilient mobile communication system that can reside completely within a network environment. Proposed research should investigate innovative approaches that enable revolutionary advances in science, devices, or systems. Specifically excluded is research that primarily results in evolutionary improvements to the existing state of practice.
Military is also building secure networks which these mobiles can use. “If you could build a secure network, one that troops could actually use in the most remote stretches of wilderness and the most war torn cities, even the simplest of smartphone functions would be tremendous tools not only for communicating but also for other simple tasks that are quickly complicated in battlefield scenarios”, said DARPA program manager Doran Michels
Military’s requirement for secure unhackable messaging system
The Department of Defense requires a secure messaging system that would use the standard encryption and security features of current messaging apps such as WhatsApp, Signal, or Ricochet, but also use a decentralized Blockchain-like backbone structure that would be more resilient to surveillance and cyberattacks. There is a critical DoD need to develop a secure messaging and transaction platform accessible via web browser or standalone native application.
DARPA’s goal is to have “a secure messaging system that can provide repudiation or deniability, perfect forward and backward secrecy, time to live/self-delete for messages, one time eyes only messages, a decentralized infrastructure to be resilient to cyber-attacks, and ease of use for individuals in less than ideal situations,” according to a notice looking for proposals, which was recently posted on a government platform that offers federal research funds to small businesses.
The messaging platform would act as the transport for a cyptographically sound record of all transactions whether they be MIPRs, contracts, troop movements or intelligence. Troops on the ground in denied communications environments would have a way to securely communicate back to HQ and DoD back office executives could rest assured that their logistics system is efficient, timely and safe from hackers.
The advantages of this decentralized structure is that it would be more resilient, and there would be no centralized server where a spy or hacker could gather metadata, according to Frederic Jacobs, an independent security researcher who in the past worked as a developer for the encryption messaging app Signal. However, such a structure would have higher latency and it’s harder to deploy at scale, he further added.
Block chain’s distributed consensus model
Marc Andreessen, the doyen of Silicon Valley’s venture capitalists, listed the blockchain’s distributed consensus model as the most important invention since the Internet itself.“Today, every interaction you have online relies on a central trusted authority. No matter what you do online, you’re trusting someone to tell you the truth — whether it’s your bank giving you your statement balance, your email service provider telling you your message was delivered, or your antivirus software assuring you that everything’s A-OK,” writes Mike Gault, Founder and CEO, Guardtime.
In fact, there’s always the risk that a single provider of information could lie, or simply be wrong. That’s why Internet security is such a disaster today; we’re trusting sources that can be hacked, manipulated or compromised. And increasingly we’re trusting them with our most precious personal data and life events
The blockchain could change all of that. A blockchain is the structure of data that represents a financial ledger entry, or a record of a transaction. Each transaction is digitally signed to ensure its authenticity and that no one tampers with it, so the ledger itself and the existing transactions within it are assumed to be of high integrity.
The real magic comes, however, from these digital ledger entries being distributed among a deployment or infrastructure. These additional nodes and layers in the infrastructure serve the purpose of providing a consensus about the state of a transaction at any given second; they all have copies of the existing authenticated ledger distributed amongst them.
When a new transaction or an edit to an existing transaction comes in, generally a majority of the nodes within a blockchain implementation must execute some algorithms and essentially evaluate and verify the history of the individual blockchain block that is proposed, and come to a consensus that the history and signature is valid, then the new transaction is accepted into the ledger and a new block is added to the chain of transactions. If a majority of nodes do not concede to the addition or modification of the ledger entry, then it is denied and not added to the chain.
This distributed consensus model is what allows blockchain to run as a distributed ledger without the need for some central, unifying authority saying what transactions are valid and (perhaps more importantly) which ones are not. By enabling this distributed consensus, it can actually create a true record of events, past and present, in the digital world.
Crucially, it does this without compromising privacy. You can record the fact that the event happened, and even that it happened correctly, without exposing confidential details about the subject matter or the parties involved. This explains why bitcoin enables black-market transactions; despite the public nature of the ledger, the users themselves can remain completely anonymous. Blockchain can be configured to work in a number of ways that use different mechanisms to achieve consensus on transactions and, in particular, to define known participants in the chain and exclude everyone else.
The largest example of blockchain in use, Bitcoin, employs an anonymous public ledger in which anyone can participate. For more private uses of blockchain among a smaller number of known actors, many organizations are deploying permissioned blockchains to control who participates in transaction activity. The country of Estonia, which secures much of its banking infrastructure with a blockchain, boasts the lowest rate of credit card fraud in the euro zone.
DARPA’s seeks small business help in development of secure messaging and transaction platform
Legacy messaging and backoffice infrastructures, traditionally based on centralized, unencrypted hub-and spoke database architecture, are expensive, inefficient, brittle and subject to cyber-attack. The overhead costs of maintaining such architectures is rising rapidly. Many organizations unknowingly keep duplicate information and fail to ensure synchronization thus amplifying the potential for data theft and data corruption/rot.
Incorporating a truly transparent mechanism for conducting journaled transactions enables the DoD to leverage its distributed footprint for a reduction in latency of these transactions, their security and their integrity and assurance. The objective is to create a secure messaging and transaction platform that separates the message creation, from the transfer (transport) and reception of the message using a decentralized messaging backbone to allow anyone anywhere the ability to send a secure message or conduct other transactions across multiple channels traceable in a decentralized ledger.
The messaging platform will transfer messages via a secure decentralized protocol that will be secured across multiple channels, including but not limited to: 1) Transport protocol, 2) Encryption of messages via various application protocols, 3) Customized blockchain implementation of message deconstruction and reconstruction, and decentralized ledger implementation.
With this messaging platform the business logic of the DoD ecosystem would be mapped onto a network of known entities using distributed ledgers. By doing this significant portions of the DoD backoffice infrastructure can be decentralized, ‘smart documents and contracts’ can be instantly and securely sent and received thereby reducing exposure to hackers and reducing needless delays in DoD backoffice correspondance.
As an example, Military Interdepartmental Purchase Requests (MIPR) could be implemented using the secure ledger. Regulators with access to the ledger could read the correspondance and thus easily verify that a MIPR transaction didn’t violate Federal Acquisition Regulations (FAR).
The benefits are broad and could even be applied to domains such as space. With crowded skies it’s important to maintain situational awareness of all satellites and those concerned with space situational awareness/telemetry or air traffic control could instantly share data between nations using a separate but equivalent ledger implementation thus removing questions as to the authenticity and integrity of the data.
The contract includes three phases. The first phase will focus on “creating a model, …experimenting with encryption schemes, evaluating hardware…and defining the product feature set.” Phase two would be testing, and phase three would be implementation.
Resilient Anonymous Communication for Everyone (RACE)
The Resilient Anonymous Communication for Everyone (RACE) program will research technologies for a distributed messaging system that can: a) exist completely within a given network, b) provide confidentiality, integrity, and availability of messaging, and c) preserve privacy to any participant in the system. Compromised system data and associated networked communications should not be helpful for compromising any additional parts of the system. RACE advances will be based on rigorous security arguments, such as those found in the academic cryptography community or statistical arguments based on realistic simulations.
RACE will seek to create advances in communication protocol encapsulation methods as well as efficient, oblivious, distributed system tasking to build a system that is resistant to attack, even with limited participant compromises and largescale, real-time deep packet inspection. The program will further seek to explore approaches to preserving privacy, such as secure multiparty computation and obfuscated communication protocols.
The goal of the RACE program is to create a system capable of avoiding large-scale compromise. As such, RACE research efforts will explore: 1) preventing compromised information from being useful for identifying any of the system nodes because all such information is encrypted on the nodes at all times, even during computation; and 2) preventing communications compromise by virtue of obfuscating communication protocols.
DARPA is planning to integrate the RACE to Android mobile applications for messaging and software apps for system nodes. After the development, the prototype of RACE will be tested among 1,000 users using 1,000 servers. As per DARPA, the outgoing client to server connection will have a bandwidth of 500Kbps whereas the server to server connection could be up to 10Mbps.
Professor Shrimpton & Team Selected for DARPA RACE Program
Prof. Tom Shrimpton and Co-PIs Drs. Vincent Bindschaedler, Kevin Butler, and Patrick Traynor have been selected to participate in DARPA’s Resilient Anonymous Communication for Everyone (RACE) Program. The 1.5 million dollar research grant they received for this project will enable them to contribute their expertise in cryptographic and obfuscated communication protocols to research technologies for an attack-resilient mobile communications system that can completely reside within a network environment, as well as to create advances in communication protocol encapsulation methods.
References and Resources also include:
http://in.pcmag.com/instant-messaging/102798/news/darpa-wants-help-developing-a-secure-messaging-pla
http://www.cio.com/article/3055847/security/what-is-blockchain-and-how-does-it-work.html
