6. Products that Oak Ridge MLS Testbed is Testing for Phase 2 and Phase 3

6.1 Lotus cc:Mail 6.6 Certification Authority Workstation
6.2 LJL Armor Mail Add-On for cc:Mail 6.7 Directory System Agent
6.3 Secret Agent 6.8 Mail List Agent
6.4 Fortezza Cards and PCMCIA Readers 6.9 Audit Manager
6.5 SNS Mail Guard Version 2B

6.1 Lotus cc:Mail

Lotus cc:Mail is the user mail agent (UMA) chosen by DOE Headquarters for its mail system. Testing of cc:Mail will be performed on the Oak Ridge MLS Testbed to ensure that it will work with the SNS Mail Guard and with the Fortezza card.

 to Sect. 6 menu

6.2 LJL Armor Mail Add-On for cc:Mail

The Armor Mail Add-On for cc:Mail produced by LJL Enterprises, Inc., is used to provide a link between cc:Mail and the Fortezza card and provide users of cc:Mail with the option to encrypt E-mail and generate digital signatures using the card.

 to Sect. 6 menu

6.3 Secret Agent

Secret Agent is an encryption program produced by AT&T for messages and files, but it does not provide mail services. A file can be encrypted with Secret Agent using a variety of cryptographic algorithms, and this encrypted file is handled by the UMA as an attachment to a mail message. Version 3.13 of Secret Agent for Windows has the capability to use the Fortezza card.

 to Sect. 6 menu

6.4 Fortezza Cards and PCMCIA Readers

The Fortezza card provides data integrity, identification and authentication, digital signature, nonrepudiation, and data encryption/decryption security services for Sensitive But Unclassified and SECRET National Security Information. The Fortezza crypto card provides the hardware necessary for these security services. It is a fundamental component in the MISSI suite of products. The card is in a PCMCIA format and requires a special reader that attaches to either the PC parallel port or to the small systems computer interface (SCSI) bus. Oak Ridge MLS Testbed PCs are equipped with parallel port PCMCIA readers. Fortezza cards have a clock, memory, input/output, access control, and the following four algorithms: secure hash (data integrity), digital signature (authentication and nonrepudiation), SKIPJACK type II encryption (confidentiality), and public key exchange. Unclassified electronic mail and documents created on the NN-50 classified LAN will require digital signature, and this will be checked by the SNS Mail Guard before the E-mail and attached documents are passed down to the unclassified segment.

 to Sect. 6 menu

6.5 SNS Mail Guard Version 2B

The SNS Mail Guard is the first stage in the evolution of the MISSI MLS server. It is designed to provide connectivity between unclassified and classified LANs for the purpose of distribution of unclassified E-mail and certain attachments. Version 2B has recently been obtained and will be used to provide the controlled interface between the unclassified and classified LANs. One communication board is required for each network.

The Release Authority can be manual or automated. The manual control of messages could be used if the need for increased control were required. Because it will be automated in Phase 2, the Release Authority filters will be set. These filters are used to automatically review message traffic.

Filters can perform checks on each message [e.g., ASCII E-mail only, label required, restrict senders, restrict recipients, restrict hosts, authorized attachments only (text file, WordPerfect 6.0 for Windows, etc.), restrict source routes, and perform word searches]. If a message does not pass the filter checks, the message can be returned to sender, returned to postmaster, returned to sender and postmaster, or destroyed. The filter and their functions are described below.

6.5.1 Message Security Protocol Filter
6.5.2 Envelope Filter
6.5.3 Message Filter
6.5.4 Dirty Word Search Filter
6.5.5 Manual Reviewer Filter

6.5.1 Message Security Protocol Filter

When activated, the Message Security Protocol (MSP) filter is responsible for processing all mail messages for MSP-compliance (i.e., signed or signed/encrypted). The filter verifies that the message is MSP-compliant, that the message has had the correct security processing applied, and that the person signing the message is authorized to pass messages through the SNS. The MSP filter requires the use of the Fortezza card and the PCMCIA card reader. For the other filters to properly process a message, the message must be forwarded from the MSP filter without a digital signature and in plain text format. Because the SNS must decrypt and inspect MSP-encrypted messages, it is considered a recipient of the message.

 to Sect. 6.5 menu

6.5.2 Envelope Filter

The Envelope filter defines the hosts, senders, and recipients that will be allowed to transfer mail through the SNS. The Envelope filter can also check to see if a mail message has been sent using SMTP source routes and will reject the mail message if source routing is not allowed. Messages sent using source routing present a possible security risk to networks protected by the SNS. Source routing can be used to attack specific workstations on the high side of an SNS network.

 to Sect. 6.5 menu

6.5.3 Message Filter

The Message filter places certain restrictions on the mail messages that pass through the SNS. In particular, the Message filter can be configured to check for the following message characteristics: printable ASCII E-mail; classification label; and authorized file attachment types such as text files prepared with Windows software (e.g., Lotus 1-2-3, Excel, PowerPoint, Word, WordPerfect, Harvard Graphics, and PerFORM PRO), DOS executables, and Windows executables.

 to Sect. 6.5 menu

6.5.4 Dirty Word Search Filter

The Dirty Word Search filter scans mail messages for text containing security-sensitive (dirty) words. Words and phrases that are defined as sensitive by local site security policy are included in a dirty word list for use by the filter. If a message is found to contain a dirty word, the message will be rejected by the filter.

 to Sect. 6.5 menu

6.5.5 Manual Reviewer Filter

Messages received by the Manual Reviewer filter will be forwarded to the manual review queue. There they will be reviewed by the Release Authority. Mail messages can also be forwarded to the manual review queue even if the Manual Reviewer filter is disabled. Messages rejected by one of the other four filters will be automatically forwarded to the manual review queue if the Manual Review Upon Reject field is specified as "On" for that filter.

 to Sect. 6.5 menu or     to Sect. 6 menu

6.6 Certification Authority Workstation

The Certification Authority Workstation (CAW) is the key, privilege, and certificate generator for MISSI components. It is used to register users and support their clearances and privileges. The CAW creates the X.509 certificates and the crypto key materials that it programs into the Fortezza cards. It also creates the user personal identification numbers (PINs) that are necessary to invoke the Fortezza card.

The CAW, which is a part of the Certification Authority (CA) hierarchy, will be used to provide directory information to the Directory System Agent and the Mail List Agent. Fortezza cards being tested in the Oak Ridge Testbed were programmed by NSA, but a CAW will be required for the NN-50 Demonstration LANs.

 to Sect. 6 menu

6.7 Directory System Agent

The Directory System Agent provides the X.500 directory services. It is required for global user addressing and provides a repository for the X.509 certificates and other public security information essential for MISSI product operation.

 to Sect. 6 menu

6.8 Mail List Agent

The Mail List Agent (MLA) is used in the E-mail system to address the message to all the recipients in the E-mail list. The MLA retrieves each recipient's certificate and key information.

 to Sect. 6 menu

6.9 Audit Manager

The audit manager provides audit support to all the MISSI building block products. It provides support for the collection and analysis of security-relevant auditable events associated with the MISSI Network Security Management components. The Audit Manager will collect records generated by these audit agents and provide a location for central analysis and archiving of records.

 for Article    Section  to Conference Proceedings Page