Driving Behavioral Change for Information Management through Data-Driven Gree...
Cryptographic Data Splitting and Cloud Computing
1. Cryptographic Data Splitting
& Cloud Computing
By
Kevin L. Jackson, Engineering Fellow
NJVC, LLC
Presented to:
AFCEA Technology Over Bagels
October 12, 2010
2. The New IT Era
IDC September 2008
rev date 10/12/2010
4. Non-Scalable Applications Are Expensive and Risky
Non-scalable applications suffer from diminishing returns on added resources
As the business grows, per transaction costs INCREASE
At some point the application will hit a wall, leading to:
Application crashes (and potential disaster for the business – at huge cost)
Expensive process of re-architecting the application every few months/years
Non-Linear Scalability (15% Contention)
$1,200,000
$1,000,000 Server cost:
$20,000
Total Solution Cost
$800,000
$600,000 Single server throughput:
The Scalability
1,000 tx/sec
$400,000 Wall
Contention:
$200,000
15%
$0
1,000 2,000 3,000 4,000 5,000 6,000 7,000 8,000 9,000 10,000
Required Throughput (e.g., Tx/Sec)
5. The Goal: Linear Scalability On Demand
No diminishing returns on scale
No code changes when scaling
Drop in another box and increase capacity linearly
$1,200,000
$1,000,000
$800,000
$600,000
$400,000
$200,000
$0
1,000 2,000 3,000 4,000 5,000 6,000 7,000 8,000 9,000 10,000
1,000 tx/sec tx/sec tx/sec tx/sec
2,000 3,000 4,000
Linear Scalability Non-Linear Scalability (15% Contention)
11. Value and Capabilities
Time
Reduce time to deliver/execute mission
Increased responsiveness/flexibility/availability
Cost
Optimizing cost to deliver/execute mission
Optimizing cost of ownership (lifecycle cost)
Increased efficiencies in capital/operational expenditures
Quality
Environmental improvements
Experiential improvements
12. Government Cloud Computing
United States
Federal Chief Information Officers Council
Data.gov & IT Dashboard
Defense Information Systems Agency (DISA)
Rapid Access Computing Environment (RACE)
US Department of Energy (DOE)
Magellan
General Services Administration (GSA)
Apps.gov
Department of the Interior
National Business Center (NBC) Cloud Computing
NASA Nebula
National Institute of Standards and Technology (NIST)
United Kingdom
G-Cloud
European Union
Resources and Services Virtualization without Barriers Project
(RESERVOIR)
Canada
Canada Cloud Computing
Cloud Computing and the Canadian Environment
Japan
The Digital Japan Creation Project (ICT Hatoyama Plan)
The Kasumigaseki Cloud
13. Communications Infrastructure
Continuum Military
Tactical Edge
High Performance The Mainstream Mobile, Ad Hoc
Networks Internet Networks
Some Common Characteristics Some Common Characteristics Some Common Characteristics
• Stable infrastructure • Mixed range of assets • Ad hoc assets
• Fiber optic/High-speed RF/wireless • Mixed media • Generally wireless
optical
• Tending to higher bandwidth • Design for degraded operation
• Highest bandwidth
• Overprovisioned • Large variability in latency and
• Low latency bandwidth
• Low to high latency
•Connection-oriented links • Highly dynamic routing
• Table-based routing
• Policy-based QoS • More distributed network service
• Mixed policies in forwarding and
models required
QoS
• Change is the norm
14. Humanitarian Assistance and Disaster Response (HADR)
Humanity &
Infrastructure
Damaged local infrastructure
Heterogeneous mobile support/response
infrastructure
Secure/Sensitive/Unsecure information requirements
Network flexibility paramount
15. Cloud Computing
Not a technology but a new way of provisioning and
consuming information technology
An automated SOA implemented with “brutal standardization”
over a virtualized infrastructure (compute, storage, networks)
enables cloud computing
Key Benefits Key Concerns
Significant cost reductions Standards
Reduced time to capability Portability
Increased flexibility Control/Availability
Elastic scalability Security
Increase service quality IT Policy
Increased security Management / Monitoring
Ease of technology refresh Ecosystem
Ease of collaboration
Increased efficiency
16. Cloud Computing Security
Increased virtualization (Compute, Storage, Network)
Modification of infrastructure centric security policies
Support of information risk management profiles
“Brutal standardization” to increase automation and reduces
opportunity for human error
Increased infrastructure visibility to improve ability to
deploy, monitor and enforce security policies
Implementation of advanced data-centric security technologies
Global File Systems / Content Addressable Storage
Global, Shared Infrastructures
Dynamic, Non-traditional Coalitions
17. Cryptographic Data Splitting (SecureParser® )
Cryptographically splits data
Document E-mail Database
Email
- Database
Video Map Imagery
Imagery Creates physically separate fault
tolerant Shares
High-efficiency cryptographic module:
CDIP & COI Framework • Provably-secure Computational Secret Sharing
• Cryptographic Data Splitting
AES Encryption • Data Integrity Protection
• Modules can be change out, e.g. AES could be changed with a
Random Bit Split TYPE I encryption as requirement called for
“M of N ” Fault Tolerance
Share Authentication Physically Separate Shares
•Written to Storage – Data at Rest
•Written to Networks – Data in Motion
• Created at any IO Point in the system
1 2 3 4
User Definable
• Number of Shares
• Fault Tolerance
• Key Management
19. Independent Testing and Evaluation
2005 CWID: AFCA assessment & AF C2 Battle Lab demo
“…as demonstrating the potential to be labeled as an MLS/PL-4 System…”
2005 DISA: Technical Information Panel (TIP)
“…found to have merit for further evaluation and consideration for use as an information
assurance technology…potential to fundamentally alter the way storing and securing of data is
approached.”
2006 SOCOM: National Center for the Study of Counter-terrorism and Cybercrime
IV&V completed successfully for SOCOM MLS Pilot Project
2006 EUCOM Combined Endeavor: Joint Interoperability Test Center (JITC)
“…value of the SecureParser was obvious. This capability not only offers increased security of
data, but reduces costs by eliminating the need for redundant resources.”
2008 Selected by DISA as a demonstration solution for CWID’08 - June 08
Selected by NSA for HAP Trade Study as a Crypto Service and for DAR
20. ISR Data – Collection to War fighter IA
Collection Communication Storage and Sharing. Hiding War Fighter
Data in Plain Site on the Access
GIG.
Geographically distributed Data and
Servers
X X
Data transmitted through
multiple paths (Satellite
and Terrestrial) WAN/DIB
X
Ground ISR Data
Processing center
Secure ISR Secure and Highly Secure ISR Data Secure and Highly Secure and Highly
Data Available Sharing Available Storage and Available COI ISR
Communications Integrated Backup Data Sharing
21. Conclusion
Cloud Computing represents an important shift in
the consumption and delivery of information
technology
Shift from infrastructure-centric to data-centric
computing (and security)
Cryptographic data splitting can support the
security needs of this new era.
22. Thank You !
Kevin L. Jackson
Director Cloud Computing Services
NJVC, LLC
(703) 335-0830
Kevin.Jackson@NJVC.com
http://kevinljackson.blogspot.com
http://govcloud.ulitzer.com