Virtually everyone knows that the United States
government was responsible for the design of the Internet as a solution to
maintaining communications in case of a nuclear attack. It should be no
surprise then to learn that this same government ï¿½ in fact, just about every
government ï¿½ is now plunging into VoIP with both feet. In the U.S., all
facets of the government are involved, from the military, DOD, and other
federal and state agencies.
Some months back I wrote about the militaryï¿½s
use of VoIP and was subsequently overwhelmed with e-mails from vendors in
the space and others who were interested in learning more. So I studied up a
bit on the topic and as I learned more and more about government purchases
of VoIP equipment, I became more and more fascinated with how the U.S. and
other governments communicate. More specifically, how they communicate
securely. Even more interesting is how they integrate their secure
communications with VoIP.
A BIT OF HISTORY
In 1970, the Secure Telephone Unit (STU) was a small refrigerator-sized
device introduced to allow secure communications between telephones. STU-II
device was later introduced and in the late 1980s the STU-III device was
developed as a user-friendly and relatively economical upgrade. About the
size of a standard desk telephone, this device did not have the drawbacks of
its predecessors and as such could enjoy more widespread adoption. The
terminals are designed to operate reliably, with high voice quality, as both
ordinary telephones and secure instruments over the dial-up public switched
telephone network. STU-III operates in full-duplex over a single telephone
circuit using echo canceling modem technology. STU-IIIs come equipped with
2.4 and 4.8 kbps code-excited linear prediction (CELP) secure voice. Secure
data can be transmitted at speeds of 2.4, 4.8, and 9.6 kbps. There are many
manufacturers, each promising different maximum throughput rates. The data
throughput between two STU-IIIs can only be as great as the slowest STU-III
A newer government standard is also in use called Future Narrowband Digital
Terminal (FNBDT). FNBDT is a signaling scheme that defines all the necessary
information to allow various vendors to build interoperable cryptographic
equipment based on U.S. Government Type 1 encryption (a term for processes
managed by the National Security Agency (NSA) that provide approved U.S.
Government users with cryptographic products and systems that are suitable
for the protection of classified information). It should be noted that a
device can provide Type 1 encryption but not adhere to the FNBT standard.
Understanding Government Terminology
To further understand some of the products discussed in this article it is
helpful to discuss some terms as defined according to the Committee on
National Security Systems (http://www.nstissc.gov/).
type 1 product
Classified or controlled cryptographic item endorsed by the NSA for securing
classified and sensitive U.S. Government information, when appropriately
keyed. The term refers only to products, and not to information, key,
services, or controls. Type 1 products contain approved NSA algorithms. They
are available to U.S. Government users, their contractors, and federally
sponsored non-U.S. Government activities subject to export restrictions in
accordance with International Traffic in Arms Regulation.
type 2 product
Unclassified cryptographic equipment, assembly, or component, endorsed by
the NSA, for use in national security systems as defined in Title 40 U.S.C.
type 3 algorithm
Cryptographic algorithm registered by the National Institute of Standards
and Technology (NIST) and published as a Federal Information Processing
Standard (FIPS) for use in protecting unclassified sensitive information or
type 4 algorithm
Unclassified cryptographic algorithm that has been registered by the
National Institute of Standards and Technology (NIST), but not published as
a Federal Information Processing Standard (FIPS).
(COMSEC) Communications Security
Measures and controls taken to deny unauthorized individuals information
derived from telecommunications and to ensure the authenticity of such
telecommunications. Communications security includes cryptosecurity,
transmission security, emission security, and physical security of COMSEC
(AES)Advanced Encryption Standard
FIPS approved cryptographic algorithm that is a symmetric block cypher using
cryptographic key sizes of 128, 192, and 256 bits to encrypt and decrypt
data in blocks of 128 bits.
RUBIKï¿½S CUBE ON SUPER STEROIDS
An interesting note: It can take over one hundred trillion years to break a
128-bit AES key. My research tells me that type 1 encryption is likely
orders of magnitude more difficult to break than even 256-bit based AES! Put
more simply, we could be talking about a code that could take a thousand
trillion or quadrillion years to break. You know, I donï¿½t think I ever wrote
the word quadrillion before. In any event, this is a huge number, and we are
talking about a very difficult code to break!
Getting back to FNBDT, it is not just a narrowband standard as its name
implies. It also includes a common voice processing capability, a
crypto-algorithm base and a key-management process. Moreover, it has become
the primary security standard for cell phones, military radios, and emerging
public safety communications devices for homeland security missions and many
first responders around the world.
FNBDT recently added the ability to accept electronic re-keying. To maintain
a high level of security in products under use, it is necessary to re-key
them in the field routinely. However, in the past, the only way to re-key
was to physically locate a COMSEC custodian (the person who deals with the
re-keying task) to perform a data transfer. This was time-consuming and
inconvenient. Now users of the secure FNBDT products can simply auto-update
a key by connecting the device back to the central management infrastructure
over a secure call.
The NSA now maintains an FNBDT interoperability test bed that verifies
vendor compliance with the current version of FNBDT specifications and tests
interoperability among the current versions of all wireline and wireless
products to verify secure, end-to-end interoperability.
POTS TASTE ON A SATELLITE BUDGET
One vendor that I met with recently, Net.com, has just had their Shout IP
secure VoIP solution selected by the Defense Department to provide secure
and un-secure voice calls between coalition sites as part of the Kuwait-Iraq
Command, Control, Communications and Computers Commercialization (KICC)
program. What intrigued me about Net.com is that their solution offers up to
a 70 percent increase in bandwidth efficiency by using some novel
Shout IP works with both STU and FNBDT and is much more bandwidth efficient
than traditional VoIP solutions. In a conversation between two people, you
would need to have a Shout IP device on both sides of the connection. Letï¿½s
assume for this example that the conversation is taking place over 9.6 kbps.
The output of the encrypted stream from the caller is sent to the Shout IP
unit (located nearby) where the signal is demodulated. The signal is not
unencrypted, just demodulated or converted to zeros and ones. Typically, the
modem that modulates the signal assumes a 64 kbps call and thus adds
significant overhead. Net.comï¿½s technology allows the signal to be
compressed and sent over to another Shout IP device that remodulates the
signal. The result is that far lower amounts of bandwidth are used because
you arenï¿½t dealing with a 64kbps modem signal.
It should be noted that in the above example, other VoIP solutions could use
ADPCM (a decades old compression standard) to get the 64 kb signal down to
32 kb. You canï¿½t go much further than 32 kbps because modulated modem calls
are difficult to compress further.
Another benefit to sitting between the modems
that encrypt and decrypt data is that if a packet needs to be retransmitted,
the local Shout IP device can ask for the packet to be sent again while the
device on the other side of the connection effectively stalls for time by
communicating the appropriate in information to the modem on the receiving
side. Modems are typically intolerant of delays so this middle-logic aids in
much better and potentially life-saving communications.
Another technology employed is frame packing (a technology allowing multiple
voice frames in the same packet to reduce IP overhead bandwidth) It is
possible to have a maximum of 60 calls sharing the same packet! If you add
frame packing to silence suppression and superior compression via
demodulation, Net.Com is helping our military make maximum use of satellite
links and other low-bandwidth connections.
YOU CAN TAKE IT WITH YOU
Another company playing in the government/military space with a solution
that encompasses VoIP is Telecommunications Systems who recently released
their SwiftLink 1400 series portable and encrypted communications system
that works with six public telecommunication networks (PTNs). You can use it
to access GSM, global mobile satellite, POTS, PBX, WI-FI, and wired
Ethernet. Type 1 and Type 4 FNBDT are built in and the device is relatively
lightweight, coming in its own travel case. The SwiftLink 2100 series is
more of a portable field command center enabling reach-back to voice, data,
and video. IM and e-mail are also supported as is secure VoIP. A complete
LAN solution is built in to the 2100, allowing up to seven Ethernet devices
and two telephone handsets to be networked in the field. This device is
designed to work quickly out of the box and the whole unit stores quickly in
a case the size of carry-on luggage that weighs 53 pounds. These are the
types of devices used by senior government officials, special forces, the
FBI, and others.
EVERYONE DOES VoIP
What amazes me most about my journey into military and government VoIP is
how much the government (like everyone else) is relying on VoIP in the
communications systems. A converged network just makes so much sense and the
government realizes that it is easier to rely on commercial off the shelf
components and technologies than building or specifying the construction of
systems from scratch. There are a number of other companies providing
communications products to the government and indeed, both companies above
also sell to service providers and enterprise customers so make sure to look
them up and see what other products are in their portfolio.
If you are interested in learning more about military applications of VoIP
and other technologies, please visit the Defense Information Systems Agency
Web site at http://www.disa.mil/ or the
Joint Interoperability Test Command at
http://jitc.fhu.disa.mil/. Also, check out the conference program of the
upcoming Internet Telephony Conference & EXPO, which will be held October
4-7 in Los Angeles, CA. We have added a special conference track focusing
specifically on Military/Defense applications related to VoIP. For more
information, please visit www.itexpo.com.
If you are interested in purchasing reprints of
this article (in either print or HTML format), please visit Reprint
Management Services online at
www.reprintbuyer.com or contact a representative via e-mail at
[email protected] or by phone at
To The June 2004 Table Of Contents ]