Secure Link Middleware

Abstract

Abstract : One of the challenges for the U.S. National Archives and Records Administration (NARA) is to provide essential information assurance (IA) services for sensitive electronic records archives (ERA) in transit between networked computer systems. Current software technologies for securing data in transit rely on cryptographic algorithms and protocols provided in IP Security (IPSec), Virtual Private Network (VPN), or Shell (ssh). The general difficulties of using IPSec and VPN are the complexity and compatibility. IPSec has been evolved and updated with new standards since 1995 (with RFC 1825-1829) to 2005 (with RFC 4301-4309). VPN are generally designed and built based on proprietary algorithms. Usually, they should be acquired, installed, and operated from the same manufacturer. Therefore, typically, IPSec and VPN are implemented and operated at network routers by network administrator to provide security for network traffic between local area networks (LAN) rather than being used by end users at system level. For example, IPSec or VPN are used to connect internal LANs of different sites of an organization through a public network such as the Internet. But with this type of operation, there are no end-to-end encryptions between any two networked computers in the same LAN or in different LANs. Hence, communication traffic of two computers in a same LAN or communication traffic from a local node to its router has no protection. To meet NARA's technical requirements for having end-to-end encryption and authentication at the computer system level, Army Research Laboratory (ARL) developed a secure communication network middleware called Secure Link capable of providing essential IA services for accessing or transferring sensitive ERA between any two networked computers. This report documents the development of ARL Link.