This report describes a unique approach to the solution of computer network security problems, and provides guidance in the areas of network security architectural issues and implementation options. The approach is based on a network resource, called a Network Security Center (NSC), which performs the functions of user identification/authentication and access request authorization. The NSC works in concert with Network Cryptographic Devices (NCDs) to enforce access control policy through the creation or denial of logically separate cryptographic connections between subjects (users) and objects (resources). The use of a NSC in a network permits effective control over network access, provides for audit data collection, and provides protection against tampering or modification of the access control data base. The architecture presented permits multiple NSCs to operate together, thus addressing issues such as modular expandability, regional subnets, and local control over resources. Network Cryptographic Devices that use the NBS Data Encryption Standard algorithm and are capable of being remotely keyed are a vital part of the NSC security approach. NCDs provide end-to-end cryptographic message protection, source-destination authentication of identity and, through the remote keying capability, the enforcement mechanism for NSC access control decisions. Implementation options for an NSC are presented, covering the areas of data structures, I/O structure, control structure, and size and performance limitations.
This report describes a unique approach to the solution of computer network security problems, and provides guidance in the areas of network security architectural issues and implementation options. The approach is based on a network resource, called a Network Security Center (NSC), which performs...
See full abstract
This report describes a unique approach to the solution of computer network security problems, and provides guidance in the areas of network security architectural issues and implementation options. The approach is based on a network resource, called a Network Security Center (NSC), which performs the functions of user identification/authentication and access request authorization. The NSC works in concert with Network Cryptographic Devices (NCDs) to enforce access control policy through the creation or denial of logically separate cryptographic connections between subjects (users) and objects (resources). The use of a NSC in a network permits effective control over network access, provides for audit data collection, and provides protection against tampering or modification of the access control data base. The architecture presented permits multiple NSCs to operate together, thus addressing issues such as modular expandability, regional subnets, and local control over resources. Network Cryptographic Devices that use the NBS Data Encryption Standard algorithm and are capable of being remotely keyed are a vital part of the NSC security approach. NCDs provide end-to-end cryptographic message protection, source-destination authentication of identity and, through the remote keying capability, the enforcement mechanism for NSC access control decisions. Implementation options for an NSC are presented, covering the areas of data structures, I/O structure, control structure, and size and performance limitations.
Hide full abstract
Keywords
access authorization; access control; authentication; computer network security; cryptography; end-to-end encryption; inter-computer network; internetting; NBS Data Encryption Standard; Network Cryptographic Devices; Network Security Center