Scalable HAIPE Discovery
Abstract
This paper presents a scalable concept for the dynamic discovery of High Assurance Internet Protocol Encryption (HAIPE) devices situated across multiple striped network segments. The term striped in this context refers to traversing from a red (or classified) network to a black (or unclassified) network to a red network in a multiple concatenated manner (i.e., red-black-red-black-red ...). There are many reasons why network segmentation using IP encryption may occur: use of a commercial satellite link, traversing from one secure facility to another on an existing base network, operating over a radio frequency network, and so on. Each of these network segments or enclaves need to be secured (in this case, via IP encryption) which causes the segments to exist. The boundary between red and black sides is assumed to be protected via a HAIPE device (or an equivalent of an IPSEC virtual private network gateway). Our design also addresses mobile enclaves (where whole networks may come and go every 15 minutes) and multi-homed enclaves (where multiple entry/exit points exist). Finding how one traverses this striped environment and operate on a global scale (millions of network) are key challenges and the subject of this paper.
Document Details
- Document Type
- Technical Report
- Publication Date
- Dec 01, 2006
- Accession Number
- ADA477086
Entities
People
- Glen Nakamoto
Organizations
- MITRE Corporation