| In the course of transforming the manner which information is exchanged and secured over its IP-based network infrastructure, the Department of Defense (DoD) is committed towards providing information assurance (IA) throughout the Global Information Grid (GIG). The GIG is a complex ubiquitous network compromised of military, government research, and intelligence community (IC) user networks characterized by vastly differing network topologies. Interconnecting GIG networks and nodes, while supporting DoD’s ongoing commitment towards IA, requires securing the peering sessions and routing information exchanges within the GIG routing control plane.
Based on large-scale incidents on the Internet, elements within the routing control plane are particularly susceptible to vulnerabilities given insufficient preventive measures. A combination of adopting best common industry practices for hardening routing protocols, utilizing inherent routing protocol security features and leveraging additional next-generation network security measures will prevent the GIG from both intended and inadvertent insider and outsider attacks.
Because the GIG network topology differs vastly from those based on Internet-like conditions, routing protocols will encounter the severest of network conditions. The advent of network mobility within the tactical regions of the GIG presents newfound challenges in terms of the operational costs and complexity of traditional routing security mechanisms. Robustness of the routing control flows under any condition or under any network attack is placed at the forefront of operational concerns. An in-depth security analysis of GIG inter-and intra-domain routing protocols in consideration is provided, thus allowing GIG network architects the capability to design their networks according to recommendations for maintaining message confidentiality and integrity, performing route peer authentication and authorization, utilizing adequate route policy and filtering mechanisms, and ensuring route origin authentication and path validity. |
| Mr. Victor Chao, a Senior Consultant with Booz Allen Hamilton, received his B.S. degree in Computer Engineering from Virginia Tech and is currently pursuing his M.S. degree in Electrical Engineering from the Johns Hopkins University. Mr. Chao has over three years of professional experience in the area of network engineering with satellite- and terrestrial-based communications systems. At Booz Allen, Mr. Chao is the network engineering information assurance lead supporting the Military Satellite Communications (MILSATCOM) Joint Terminal Engineering Office (JTEO), a division of the Air Force Space and Missile Systems Center (SMC). For the Office of the Assistant Secretary of Defense – Networks and Information Integration (ASD/NII) Directorate, Mr. Chao serves as the Global Information Grid (GIG) routing security technical lead. Prior to joining Booz Allen, Mr. Chao served as an electromagnetic (EM) engineer in the Detector Systems and Optics Division at the Goddard Space Flight Center (GSFC) branch of NASA. Mr. Chao is a member of the Institute of Electronics and Electrical Engineers (IEEE) Wireless Communications Society (ComSoc). Mr. Chao is currently a Certified Information Systems Security Professional (CISSP). |