CRANE, Ind. —
Naval Surface Warfare Center, Crane Division (NSWC Crane) and Naval Information Warfare Center (NIWC) Atlantic researchers are collaborating to make Navy systems more secure. The research project, called High Assurance Interface Protocols (HAIP), is a proactive approach to prevent cyber-attacks that exploit common interfaces like USB, which is commonly used with mice or keyboards.
These computer peripherals can be maliciously modified, which could subject the host computer to security threats. HAIP connects the peripheral device to the computer using a robust firewall. Without HAIP, the process of reacting to a threat is time-consuming and includes identifying, assessing, patching, and fixing as rapidly as possible.
Dr. Adam Shull, a Computer Scientist at NSWC Crane and Principal Investigator for this Naval Innovative Science and Engineering (NISE) funded research, says HAIP prevents attaching a commercial keyboard directly to a navy computer or system.
“The peripheral device, which could have malicious software, would connect to the HAIP device, which would then connect to the computer,” says Dr. Shull. “Running the HAIP firewall on a separate device allows it to protect systems currently in use. We envision HAIP being used to protect a wide variety of devices across the Navy and Department of Defense (DoD) in the future. HAIP will ultimately help keep our country and the warfighter safe and secure.”
Dr. Robert Templeman, a Naval Sea Systems Command (NAVSEA) Distinguished Engineer for Cybersecurity, helped launch the HAIP research project. He says HAIP is able to create a novel syntactic firewall through the use of a specific technology, called language-theoretic security (LangSec).
“We rely on many protocols for communication between elements of our systems and platforms,” says Dr. Templeman. “Cybersecurity failures often occur when overly-complex, and vulnerable, interface protocols are exploited. Our current cybersecurity approaches do little to harden these interfaces, but some available approaches do exist to offer varying levels of protection. LangSec applies foundational computer science and mathematical laws to precisely define allowable traffic for a given protocol and can use proofs to provide guarantees of correctness. LangSec essentially applies the same rigor to the use of interface protocols that organizations such as DoD require of encryption.”
Dr. Templeman says LangSec technologies and approaches have been proven in many applications, but the challenge is it requires specialized knowledge and experience.
“NSWC Crane and NIWC Atlantic stood up the HAIP project on the premise that our systems will inevitably use untrusted components and must handle external untrusted inputs; the HAIP project is demonstrating the application of LangSec technology in legacy architectures and pipelining a workforce that is capable of developing LangSec solutions.”
Dr. Evan Austin, a NIWC Atlantic employee detailed as the Deputy Director, Cyber Technologies (C5ISREW) for the Office of the Under Secretary of Defense Research and Engineering and Co-PI for the project, says at the root of the problem that HAIP is trying to address is an acquisition strategy that mandates the use of commercial off-the-shelf (COTS) solutions whenever possible.
“With rare exception, commercial developments are motivated by demands for new and improved functionality,” says Dr. Austin. “The DoD’s unique requirements for safety, security, and reliability run orthogonal to that goal, such that we frequently find ourselves trying to modify or tailor COTS systems to meet our operational needs. The LangSec approach provides us with a way to appeal to mathematics and other formal logics to prove that our cyber-hardening efforts are actually reducing the attack surface of the platforms we are trying to protect.”
Dr. Templeman says threats in cyberspace touch all platforms and systems and HAIP ultimately benefits the warfighters.
“Our objective is to use this technology to make DoD and Navy systems secure,” says Dr. Templeman. “We often have to respond reactively to systems that have underlying vulnerabilities; we apply metaphorical band-aids after we learn of actual, or anticipated, harm. HAIP’s LangSec technology removes classes of vulnerabilities proactively offering the absolute highest levels of assurance; levels of assurance that our warfighters deserve.”
About NIWC Atlantic
As a part of Naval Information Warfare Systems Command, NIWC Atlantic provides systems engineering and acquisition to deliver information warfare capabilities to the naval, joint and national warfighter through the acquisition, development, integration, production, test, deployment, and sustainment of interoperable command, control, communications, computer, intelligence, surveillance, and reconnaissance, cyber and information technology capabilities.
About NSWC Crane
NSWC Crane is a naval laboratory and a field activity of Naval Sea Systems Command (NAVSEA) with mission areas in Expeditionary Warfare, Strategic Missions and Electronic Warfare. The warfare center is responsible for multi-domain, multi- spectral, full life cycle support of technologies and systems enhancing capability to today's Warfighter.
Join Our Team! NAVSEA employs a highly trained, educated, and skilled workforce - from students and entry level employees to experienced professionals and individuals with disabilities. We support today's sophisticated Navy and Marine Corps ships, aircraft, weapon systems and computer systems. We are continuously looking for engineers, scientists, IT and cyber specialists, as well as trade and other support professionals to ensure the U.S. Navy can protect and defend America. Please contact NSWC Crane Human Resources at firstname.lastname@example.org.