Top Secret Traffic and the Public ATM Network Infrastructure

Abstract

The current network security paradigm, coupled with the desire to transport classified traffic securely, has caused the U.S. Department of Defense (DoD) to maintain its own isolated networks, distinct from the public ATM network infrastructure. Internally, the DoD maintains four types of completely separate and isolated networks to carry top secret, secret, confidential, and unclassified traffic, respectively. A public ATM network may be viewed as carrying unclassified or nonsecure traffic. Although the cost of maintaining four separate network types is becoming increasingly prohibitive to the DoD, the inability of the public and DoD to utilize each other's network resources runs counter to the current atmosphere of dual use and economies of scale. This article introduces the concept of a “mixed use” network, wherein the four DoD network types and the public ATM network are coalesced into a single, unified network that transports all four types of traffic, efficiently and without compromising their respective security. In a mixed use network, the ATM nodes and links that are common between the DoD and public networks are labeled “joint use” and fall under the jurisdiction of the military for obvious protection of the security assets. The concept of “mixed use” is the direct result of the user-level, security-on-demand principle that recently has been introduced in the literature and one that is enabled by the fundamental security framework and the basic characteristic of ATM networks. This article models a representative 32- node public ATM network, a 40-node DoD network, and the coalesced 50-node mixed use network, and executes accurate simulations on a testbed that, in turn, executes on a network of Linux workstations configured as a loosely coupled parallel processor. The simulation testbed closely resembles an operational ATM network, thereby implying realistic results. Performance data, obtained for representative input traffic stimulus, constitute a successful scientific demonstration of the concept of a “mixed use” network. Furthermore, the results reveal that because the unclassified DoD traffic encounters a richer connectivity in the mixed use network, the success rate of the DoD calls is significantly higher in the mixed use network than in the military network. The unclassified DoD traffic's demand for security resources decreases, thereby enabling a much higher chance for the secure calls to succeed. Unlike in the traditional DoD classified networks, in a mixed use network the security resources are not distributed uniformly throughout the network. In this paradigm, security is viewed as a distributed resource, and the underlying distributed resource allocation strategy aims at allocating it to each user efficiently, based on demand and dictated by need.