• About ISSO
• Research Areas
• Projects
• Finished Projects and Archive
• Opensource Projects

Finished Projects

Cryptographic Technologies

International Cryptography Experiment (ICE)

View the quad chart graphic for this project.

Objective:
The overall objective of the ICE project is to develop and demonstrate modular, removable, replaceable cryptographic-based security components that are commercially available and can be utilized in a wide range of secure software applications. A primary goal of the project is to test the notion that secure software applications can be separated from specific cryptographic security components in such a manner that users can employ a number of alternatives with minimal impact on the applications; and, conversely, that specific cryptographic implementations (such as hardware or software modules) can support a number of different applications. Such an approach should enable easier, widespread development and use of secure applications utilizing cryptography, allow combinations of cryptographic security that support a range of protection levels (e.g., military, government, commercial, and multinational), and, hence, provide flexible, low-cost methods of cryptographically protecting sensitive information.

Approach:
TIS has developed a high-level security architecture for a set of demonstrations to be implemented as part of the ICE project. The architecture depicts the layering of logical interfaces among secure applications, high-level security and security support services, and underlying cryptographic functions, separates by application program interfaces (APIs). The architecture logically separates secure applications from the myriad of security mechanisms/protocols and cryptographic modules/algorithms, and supports the primary ICE objective of demonstrating and testing the advantages of modular, removable, replaceable cryptographic security components.

Based on this security architecture, TIS is developing a set of demonstrations that integrate selected cryptographic security components into a secure electronic mail application. The TIS MIME Object Security Services (TIS/MOSS) application software, which provides integrity, authentication, and confidentiality for electronic mail, was selected as a vehicle for demonstration and testing. The TIS/MOSS software is being integrated with selected cryptographic APIs and hardware/software cryptographic modules embodying different cryptographic algorithms. The demonstrations where chosen to optimize return on investment, completeness of results, availability of resources, and balanced satisfaction of varying interests. They will enable us to explore how to effectively use multiple cryptographic security components in multiple applications. This includes how to specify, implement, and effectively use modular, removable, replaceable security components in the layered architecture. Satisfying varying protection requirements in diverse environments (e.g., military, government, commercial, and multi-national) with minimal impact on applications is included. Providing robustness or survivability through rapid deployment of alternative components without requiring reengineering or even field modifications is also included.

Recent Accomplishments:

• Completed development of primary ICE demonstration of secure electronic mail application utilizing multiple cryptographic modules and algorithms. Demo is based on Microsoft Windows. Integrated the TIS/MOSS software with Qualcomm's Eudora user agent software as a "plug-in' to provide integrity, authentication, and confidentiality services for electronic mail. Incorporated the Microsoft CryptoAPI into the TIS/MOSS software and developed CryptoAPI-compliant cryptographic services providers (CSPs) based on the NSA Fortezza PCMCIA crypto card and the Fischer International Crypto SmartDisk.
• Developed software module to "translate" Microsoft CryptoAPI function calls to the RSA Laboratories' Cryptographic Token Interface (Cryptoki). Translation module allows easier development and use of CryptoAPI-compliant CSPs based on commercially available cryptographic tokens that provide a Cryptoki interface.
• Developed UNIX version of Microsoft CryptoAPI interface, enabling TIS/MOSS software to maintain cross-platform support. Developed associated CSPs based on the NSA Fortezza card and the RSAREF software, and successfully tested interoperability between Windows and UNIX versions of TIS/MOSS software.

Current Plan:

• Release secure electronic mail demonstration software to Internet community for experimental use and testing.
• Extend secure electronic mail demonstration through addition of common interfaces for security support functions, including certificate management.
• Extend secure electronic mail demonstration through addition of common, high-level interfaces for store-and-forward security services (e.g., Internet IDUP-GSS-API).
• Continue coordination efforts with government organizations, commercial organizations, and standards bodies promote widespread development and use of common cryptographic security interfaces within secure applications and cryptographic security components

Technology Transition:
TIS is coordinating its efforts under the ICE project with government organizations (NSA, NIST, UK MoD, etc.), commercial organizations (security framework, security product, and application developers, etc.), and standards bodies (IETF, Open Group, etc.) to facilitate widespread development and use of common cryptographic security interfaces to effectively incorporate cryptographic security components into secure applications.

All of the software developed for the ICE demonstrations is being made available to government organizations, industry, and other researchers for experimental use and testing to determine the suitability of specific cryptographic security interfaces in achieving the overall goals of ICE.

TIS is conducting a series of Technical Workshops for participants from government organizations and industry. The specific aims of the workshops are to report on and coordinate efforts to develop common cryptographic security interfaces, and to showcase demonstrations of the effective use of common cryptographic security interfaces to incorporate cryptographic security components into secure applications.

TIS is reporting on the results of the ICE project, including the layered security architecture and the demonstration development activities, to participants of the technical workshops, as well as in conference papers and presentations, and in PI meetings. TIS is also participating in, and contributing to, several industry and standards body efforts to develop common cryptographic security interfaces.