ARPANET encryption devices

Last updated
Diagram of a Private Line Interface (PLI) for the ARPANET, BBN Report 2816, April 1974 PLI Diagram, BBN Report 2816, April 1974.jpg
Diagram of a Private Line Interface (PLI) for the ARPANET, BBN Report 2816, April 1974

The ARPANET pioneered the creation of novel encryption devices for packet networks in the 1970s and 1980s, and as such were ancestors to today's IPsec architecture, and High Assurance Internet Protocol Encryptor (HAIPE) devices more specifically.

Contents

DuPont and Fidler provide a historical perspective of ARPANET encryption devices in the broader evolution of computer networks and cybersecurity. [1] They focus primarily on the first such ARPANET device, the Private Line Interface (PLI). That said, the PLI was just the first in a series of devices created during the 1970s and 1980s in ARPANET-related research and development: [2]

Private Line Interface (PLI)

The Private Line Interface (PLI) was the first packet encryptor, sponsored by the Advanced Research Projects Agency and implemented by BBN Technologies as part of the creation of the ARPANET. It was in an early ideation phase by 1973, [3] with a stated goal of providing users with the equivalent of a private, leased line through the ARPANET. In that early phase, the PLI was envisioned to provide two distinct capabilities: transferring a continuous bit steam over the ARPANET, and possibly encrypting the bit stream while it was within the ARPANET.

As design progressed, it evolved into a packet encryption device, which was approved starting in 1975 by the National Security Agency for limited deployment on the ARPANET, to protect classified data as it passed through the network. [2] Each PLI device incorporated a KG-34 encryption device, and as a result was a manually keyed system. [4]

Black-Crypto-Red (BCR)

Black-Crypto-Red (BCR) was an experimental, end-to-end, network packet encryption system developed in a working prototype form by BBN and the Collins Radio division of Rockwell between 1975 and 1980. BCR was the first network security system to support TCP/IP traffic for IPv3, and it incorporated the first Data Encryption Standard (DES) chips that were validated by the U.S. National Bureau of Standards (now called NIST). [5] It provided automated, KDC-based key management and access control (as later adopted by Kerberos and Blacker), [2] and supported IP header bypass. [6]

Blacker

The first Blacker program began in the late 1970s, with a follow-on eventually producing fielded devices in the late 1980s. [7] It was sponsored by the National Security Agency as a very high assurance (A1), multi-level security system, and developed by SDC (software) and Burroughs (hardware), and after their merger, by the resultant company Unisys. [2]

Internet Private Line Interface (IPLI)

The Internet Private Line Interface (IPLI) was created by BBN as a successor to the PLI. It was updated to use TCP/IP (IPv4) and newer COMSEC technology (KG-84), but still manually keyed. [2] They were intended for use in the Defense Data Network and also in DARPA Low-Cost Packet Radios in the SURAN project.

Related Research Articles

An Internet Protocol address is a numerical label such as 192.0.2.1 that is connected to a computer network that uses the Internet Protocol for communication. An IP address serves two main functions: network interface identification and location addressing.

The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.

The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suite are the Transmission Control Protocol (TCP), the User Datagram Protocol (UDP), and the Internet Protocol (IP). Early versions of this networking model were known as the Department of Defense (DoD) model because the research and development were funded by the United States Department of Defense through DARPA.

<span class="mw-page-title-main">Router (computing)</span> Device that forwards data packets between computer networks

A router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions between networks and on the global Internet. Data sent through a network, such as a web page or email, is in the form of data packets. A packet is typically forwarded from one router to another router through the networks that constitute an internetwork until it reaches its destination node.

In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

<span class="mw-page-title-main">Network address translation</span> Protocol facilitating connection of one IP address space to another

Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used to bypass the need to assign a new address to every host when a network was moved, or when the upstream Internet service provider was replaced, but could not route the network's address space. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network.

A virtual private network (VPN) is a mechanism for creating a secure connection between a computing device and a computer network, or between two networks, using an insecure communication medium such as the public Internet.

The end-to-end principle is a design framework in computer networking. In networks designed according to this principle, guaranteeing certain application-specific features, such as reliability and security, requires that they reside in the communicating end nodes of the network. Intermediary nodes, such as gateways and routers, that exist to establish the network, may implement these to improve efficiency but cannot guarantee end-to-end correctness.

<span class="mw-page-title-main">Raytheon BBN</span> American research and development company

Raytheon BBN is an American research and development company, based next to Fresh Pond in Cambridge, Massachusetts, United States.

<span class="mw-page-title-main">ARPANET</span> Early packet switching network (1969–1990), one of the first to implement TCP/IP

The Advanced Research Projects Agency Network (ARPANET) was the first wide-area packet-switched network with distributed control and one of the first networks to implement the TCP/IP protocol suite. Both technologies became the technical foundation of the Internet. The ARPANET was established by the Advanced Research Projects Agency (ARPA) of the United States Department of Defense.

In computer networks, a tunneling protocol is a communication protocol which allows for the movement of data from one network to another. It involves allowing private network communications to be sent across a public network through a process called encapsulation.

<span class="mw-page-title-main">Interface Message Processor</span> Computer network device

The Interface Message Processor (IMP) was the packet switching node used to interconnect participant networks to the ARPANET from the late 1960s to 1989. It was the first generation of gateways, which are known today as routers. An IMP was a ruggedized Honeywell DDP-516 minicomputer with special-purpose interfaces and software. In later years the IMPs were made from the non-ruggedized Honeywell 316 which could handle two-thirds of the communication traffic at approximately one-half the cost. An IMP requires the connection to a host computer via a special bit-serial interface, defined in BBN Report 1822. The IMP software and the ARPA network communications protocol running on the IMPs was discussed in RFC 1, the first of a series of standardization documents published by what later became the Internet Engineering Task Force (IETF).

Network address translation traversal is a computer networking technique of establishing and maintaining Internet Protocol connections across gateways that implement network address translation (NAT).

The Defense Data Network (DDN) was a computer networking effort of the United States Department of Defense from 1983 through 1995. It was based on ARPANET technology.

A High Assurance Internet Protocol Encryptor (HAIPE) is a Type 1 encryption device that complies with the National Security Agency's HAIPE IS. The cryptography used is Suite A and Suite B, also specified by the NSA as part of the Cryptographic Modernization Program. HAIPE IS is based on IPsec with additional restrictions and enhancements. One of these enhancements includes the ability to encrypt multicast data using a "preplaced key". This requires loading the same key on all HAIPE devices that will participate in the multicast session in advance of data transmission. A HAIPE is typically a secure gateway that allows two enclaves to exchange data over an untrusted or lower-classification network.

The following outline is provided as an overview of and topical guide to the Internet.

In computing, Microsoft's Windows Vista and Windows Server 2008 introduced in 2007/2008 a new networking stack named Next Generation TCP/IP stack, to improve on the previous stack in several ways. The stack includes native implementation of IPv6, as well as a complete overhaul of IPv4. The new TCP/IP stack uses a new method to store configuration settings that enables more dynamic control and does not require a computer restart after a change in settings. The new stack, implemented as a dual-stack model, depends on a strong host-model and features an infrastructure to enable more modular components that one can dynamically insert and remove.

The internet layer is a group of internetworking methods, protocols, and specifications in the Internet protocol suite that are used to transport network packets from the originating host across network boundaries; if necessary, to the destination host specified by an IP address. The internet layer derives its name from its function facilitating internetworking, which is the concept of connecting multiple networks with each other through gateways.

In digital communications networks, packet processing refers to the wide variety of algorithms that are applied to a packet of data or information as it moves through the various network elements of a communications network. With the increased performance of network interfaces, there is a corresponding need for faster packet processing.

A long-running debate in computer science known as the Protocol Wars occurred from the 1970s to the 1990s when engineers, organizations and nations became polarized over the issue of which communication protocol would result in the best and most robust computer networks. This culminated in the Internet–OSI Standards War in the late 1980s and early 1990s, which was ultimately "won" by the Internet protocol suite ("TCP/IP") by the mid-1990s and has since resulted in most other protocols disappearing.

References

  1. "Edge Cryptography and the Codevelopment of Computer Networks and Cybersecurity", by Quinn DuPont, Bradley Fidler, IEEE Annals of Computing, vol. 38, Oct.-Dec. 2016, pages 55-73.
  2. 1 2 3 4 5 "Re: Network Layer Encryption History and Prior Art", email by Steve Kent on the ipsec mailing list, Wed, 19 Jun 1996 10:59:39 +0100
  3. "Interface Messages Processors for the ARPA Network", Quarterly Technical Report No. 2, by Frank E. Heart, BBN Report 2580, BBN Technologies, pages 10-13.
  4. "Interface a Private Line Interface (PLI) to an IMP and a Host to a PLI", in Specifications for the Interconnection of a Host and an IMP, BBN Report No. 1822, Appendix H, January 1976.
  5. Internet Security Glossary, Version 2, RFC 4949, August 2007.
  6. Trust in Cyberspace, National Academies Press, 1999, page 301.
  7. DARPA Technical Accomplishments: An Historical Review of DARPA Projects , vol. 1, by Sidney G. Reed, Richard H. Van Atta, and Seymore J. Deitchman, IDA Paper P-2192, 1990, pages 20-18 to 20-20.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.