Efficient and Secure Multi-domain Information Sharing in Tactical Networks

Tactical Networks (TNs) are challenging communication environments at the base of modern network-centric warfare, characterized by limited resources, frequent link disruption, and partitioning. TNs typically involve a multitude of units belonging to different domains that need to share information securely over shared and constrained links to enable cooperation. Federation offers a model for policy-based information sharing across multiple domains, which permit individual forces and organizations to match mission requirements by allowing a fine-grained selection of the data to exchange. However, while the Federation model alone is not enough to ensure confidentiality and integrity of data transmissions over shared network resources, traditional end-to-end cryptography solutions might not suit low-resources, bandwidth-constrained networking environments. This paper discusses three solutions to enable secure and efficient information sharing in multi-domain TNs using Federation. The first solution relies on a centralized group key management service (GkMS) that defines a single group for secure communications. The GkMS also authenticates the federates and assigns them a unique symmetric key for the group that they can use to encrypt/decrypt transmissions; with this approach, information sharing is entirely controlled by Federation policies. The second solution enables the definition of multiple groups of authenticated federates and provides information access control to information senders. This approach leverages attribute-based encryption (ABE) techniques to encrypt federated messages and define, on a per-message basis, a subset of groups that can access the data. Finally, the third solution addresses link disruption and network partitioning in TNs by introducing a distributed GkMS architecture.