Medium Grade Features For Military Messaging



Similar documents
THE SECURITY ISSUE. Chris J Mitchell

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Chap. 1: Introduction

Defense Message System Messaging, Directory Services, and Security Services

Cryptography and Network Security

Common Security Protocol (CSP) ACP 120. June 1998

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security

Information System Security

Lecture II : Communication Security Services

Cryptography and Network Security Chapter 1

IY2760/CS3760: Part 6. IY2760: Part 6

HP PROTECTTOOLS RELEASE MANAGER

Table: Security Services (X.800)

Electronic Data Interchange (EDI) Messaging Security

CS 356 Lecture 28 Internet Authentication. Spring 2013

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia

CHAPTER THREE, Network Services Management Framework

How To Protect A Web Application From Attack From A Trusted Environment

INTERNATIONAL TELECOMMUNICATION UNION

MANAGEMENT OF SECURE SYSTEMS AND SECURITY WITHIN OSI 1

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

COSC 472 Network Security

Management: A Guide For Harvard Administrators

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

Integration Using the MultiSpeak Specification

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

INTERNATIONAL TELECOMMUNICATION UNION DATA COMMUNICATION NETWORKS: OPEN SYSTEMS INTERCONNECTION (OSI); SECURITY, STRUCTURE AND APPLICATIONS

Securing Distribution Automation

RHODE ISLAND. Electronic Business Transactions (EBT) Standards. for Electronic Data Interchange (EDI) in a Restructured Electric Industry

THREATS AND VULNERABILITIES FOR C 4 I IN COMMERCIAL TELECOMMUNICATIONS: A PARADIGM FOR MITIGATION

Building on a Foundation for Growth: Integrating DLP with Message Security Infrastructure

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Why you need secure

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications

PineApp TM Mail Encryption Solution TM

Ciphire Mail. Abstract

544 Computer and Network Security

3GPP TS V8.0.0 ( )

Research Involving Human Biological Materials: Ethical Issues and Policy Guidance Executive Summary

SPAM FILTER Service Data Sheet

How To Choose Security Class S0 For An Extended Ats Message Service

INTERNATIONAL TELECOMMUNICATION UNION

Electronic business conditions of use

Vendor Questionnaire

Keeping SCADA Networks Open and Secure DNP3 Security

Guidelines 1 on Information Technology Security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Content Teaching Academy at James Madison University

Quality Procedures and Work Instructions Manual

SERVICE LEVEL AGREEMENT

ONLINE INTEREST-BASED ADVERTISING ACCOUNTABILITY PROGRAM PROCEDURES. Policy Oversight By: The National Advertising Review Council (NARC)

Data Storage Security in Cloud Computing

TELECOMMUNICATION SERVICE MANAGEMENT

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES

Reference Guide for Security in Networks

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

CSCI 4541/6541: NETWORK SECURITY

Chapter 9 Key Management 9.1 Distribution of Public Keys Public Announcement of Public Keys Publicly Available Directory

GE Measurement & Control. Cyber Security for NEI 08-09

How To Block Ndr Spam

Snow Agent System Pilot Deployment version

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

Network Security Administrator

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

The Wang DMS/DII High Assurance Guard. PRODUCT PLAN (Draft)

Ohio Supercomputer Center

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010

Certification Practice Statement

Cloud Services. Anti-Spam. Admin Guide

Industry. Cyber Security. Information Sharing at the Technical Level. Guidelines

The Business Benefits of Logging

Secure web transactions system

ASIA/PAC AERONAUTICAL TELECOMMUNICATION NETWORK SECURITY GUIDANCE DOCUMENT

Summary of CIP Version 5 Standards

VICTOR VALLEY COMMUNITY COLLEGE DISTRICT ADMINISTRATIVE PROCEDURE. Computer Use - Computer and Electronic Communication Systems.

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

Network Security. Network Security Hierarchy. CISCO Security Curriculum

Site to Site Virtual Private Networks (VPNs):

Notes on Network Security - Introduction

In-Network Translation User s Guide

INTERNATIONAL TELECOMMUNICATION UNION $!4! #/--5.)#!4)/..%47/2+3 /0%. 3934%-3 ).4%2#/..%#4)/. /3) 3%#52) #452%!.$!00,)#!4)/.

Transcription:

Medium Grade Features For Military Messaging Christopher D. Bonatti IECA, Inc. 15309 Turkey Foot Road Darnestown, MD 20878-3640 Abstract Two grades of messaging service have evolved independently in two different communities. The military messaging community has evolved an expectation of a high grade of messaging functionality. In contrast, the Internet messaging community has long provided a low grade of messaging functionality in keeping with the Internet s simple and best effort paradigms. Commercial use of the Internet and military reliance on commercial off the shelf (COTS) products are forcing both communities to evolve to a common level of service the so called medium grade messaging. Standards bodies and industry fora have been working, often disjointedly, for several years to elaborate definitions of medium grade messaging features. This paper attempts to capture and refine a unified set of functional definitions for medium grade messaging drawing from a variety of sources. I INTRODUCTION Military messaging has evolved over many decades to establish expectations for a high grade of messaging functionality. This is reflected today in the level of service described in Allied Communications Publication (ACP) 123 [1] for International Telecommunications Union (ITU) Telecommunications Standardization Sector (ITU-T) X.400 series of recommendations [2]. The Simple Mail Transfer Protocol (SMTP), which is used widely on the Internet, has long provided a low grade of messaging functionality in keeping with the Internet s simple and best effort paradigms. Commercial electronic mail systems now embrace Internet mail, but are also striving to provide a higher level of messaging functionality to its users; a so called medium grade of messaging services. Meanwhile, military messaging systems are under pressure to reduce functionality and admit commercial off the shelf (COTS) products. These factors are forcing both communities to evolve to a common level of service, described herein as medium grade messaging. Standards bodies and consortia have both attempted to direct the drive to medium grade messaging by defining its requirements. The International Telecommunications Union (ITU) Telecommunications Standardization Sector (ITU-T) and the International Organization for Standardization (ISO) have amended the X.400 series of recommendations [2 and 3] with additional functionality to provide what they term Business Class Messaging (BCM) [4 through 7]. The Electronic Mail Association (EMA) developed a Business Quality Messaging (BQM) Functional Specification [8]. More recently, the U.S. Department of Defense (DoD) is developing a strategy and profile for Medium Grade Messaging (MGM) [9 and 10]. While all of these initiatives have their differences, a core set of requirements for what makes a messaging system medium grade appear to be emerging. II MODEL AND CRITERIA The various standards bodies and consortia that have attempted to define possible medium grade messaging features have varied in their results, in part because of differences in their approach and scope. Some studies, such as the effort, have attempted to model messaging from the very concrete perspective of application programming interfaces (APIs). Others, such as the effort, have taken a more generic service-oriented approach. In order to bridge these diverse different viewpoints, it is necessary to establish a uniform model and set of criteria for identifying possible business class features. For simplicity, this paper asserts a common definition of both the messaging model and the scope of a medium grade feature. GENERIC MESSAGING MODEL The messaging model that is assumed for the purposes of this discussion is necessarily simple. Fig. 1 depicts the model and its relationship to existing models. The messaging model includes a generic message exchange service whose properties are assumed to be broadly similar to COTS suites of SMTP or X.400 products. The functionality of the exchange service Services Provided Human User Services Provided Originating Submission Transport Layer Network/Internet Layer Data Link/Network Layer Physical Layer Virtual Association (Peer Protocol) Services Provided Network Service Service Transport Layer Network/Internet Layer Data Link/Network Layer Physical Layer Retrieval Recipient s Fig. 1. A generic messaging model is helpful in avoiding debates about underlying technology. Page 1

subsumes that of message store (MS), distribution list (DL), translation gateways, and other common features of messaging systems. It is intended to collect all of the functions of the messaging service provider within the model. Further refinement of the exchange service is not possible without becoming technology-specific. ISO BCM DoD MGM The messaging model also includes user agents (s), which act on behalf of the human user to submit and take delivery of messages. The is the focus for all content-oriented services that are provided on an originator-to-recipient basis. Both the message exchange service and the s operate as application layer entities, and provide services to the human user. Security services may apply equally throughout the messaging model. CRITERIA FOR MEDIUM GRADE FEATURES In the context of this paper, a feature is an element of protocol, service or procedure that results in some quantifiable service being provided to either the originator or recipient(s) of messages. In evaluating potential features for a medium grade messaging service, the following prioritized criteria were used to assess the overall merit of each feature. Good MGM features should: Be independent of particular implementation strategy or protocols; Apply to a broad community of users; and Not be provided by common configurations of COTS message handling systems. Ideally, some commonality was also sought among different medium grade initiatives (e.g.,, ISO BCM). However, in some cases, features failing to meet this criterion were included based on strengths in other areas. Fig. 2 illustrates the ideal relationship between the different medium grade initiatives and the features in this paper. III DESCRIPTION OF COMMON FEATURES Several medium grade messaging features stand out as obvious deficiencies in the existing state of the industry, while other features are more esoteric but provide excellent benefits to the user for implementation costs that are quite low. Most of the features from the former category apply to the message exchange service, while most of the latter are instantiated only as additional EMA BQM Features identified as common in this paper. Fig. 2. A Venn diagram shows the approximate relationship between the various medium grade definitions and the set of common features. fields in the message content. Table 1 summarizes the set of features discussed in this section, and lists their respective types and origins. Table. 1. The common medium grade features originate from a variety of specifications. Feature Name Type Origin(s) Transaction-style Processing for Reliability Delivery and Nondelivery Notifications Receipt Notifications Delivery Priority Maximum Lifetime Distribution List Expansion DL Exempted Recipients ACP 123 ACP 123 ACP 123 Access Control Security Page 2

Feature Name Type Origin(s) Confidentiality Security Integrity Security Non-repudiation of Origin Non-repudiation of Receipt Security Labeling Globally Unique Identifier Security Security Security Content Precedence Content Obsoleting Content Distribution Codes Authorization Time Manual Handling Instructions Information Category Originator Reference Other Recipients Circulation List Recipients Content MESSAGE EXCHANGE SERVICE FEATURES A robust message exchange service is critical to any medium grade messaging product or service. Necessarily features include high reliability, delivery and non-delivery notifications, message delivery priority, receipt notifications, message delivery priority, maximum message lifetime, distribution list (DL) expansion, and DL exempted recipients. Transaction-style Processing for Reliability Medium grade exchange services should be implemented so as to ensure reliability of message submission, transfer and delivery. A transactional style of processing must be adopted to provide an acceptable level of reliability in a distributed system. For messaging protocol engines, this constitutes design of message transfer agents (MTAs) and user agents (s) to reach a stable and recoverable state of message processing (e.g., logged into the in-queue and saved to non-volatile storage) before acknowledging a completion of any message transfer. Other factors such as graceful recovery from a systems failure also need to be considered. Delivery and Non-delivery Notifications Notifying the originator when a message cannot be delivered to its intended recipients is a basic feature of nearly all messaging systems. Notification that a successful delivery has taken place is also very important in many business scenarios, but is only now beginning to be widely supported. Delivery notifications are important because they often constitute a report of the delivery from a neutral third party. They also provide an indication of when a particular message reached the recipient company or organization regardless of how quickly that company may have processed the information. In business processes that involve submission deadlines, this type of information can be quite valuable to the originator. Receipt Notifications Receipt notifications provide a positive confirmation that the has processed the message. What constitutes processing varies widely, but usually entails opening a message and may even entail manually confirming reading and understanding the message. This capability is crucial in business scenarios in which hand-off of responsibility is required. Receipt notifications are usually generated by the recipient s, but are part of the message exchange functions. Delivery Priority A prioritized message exchange service is important for optimizing resource utilization for scenarios in which: a) The cost of transmission is high, or; b) The available transmission resources are saturated. Both of these situations are more common than is generally realized particularly in the small business sector. Prioritized message exchange allows urgent messages to be expedited by MTAs (causing the urgent messages to be sent before less urgent traffic) perhaps causing an intermittent network connection to be opened ahead of schedule. Conversely, this feature allows more aggressive cost control for a company s Page 3

overall messaging system. This is because the high level of service required for urgent messages need not be maintained for the bulk of the message traffic. Maximum Lifetime Many types of information exchanged using message handling are perishable. Services that allow the originator to provide an indication of this perishability, in the form of an expiry time, reduce transfer costs and adverse impacts on recipients. Distribution List Expansion Distribution lists (DLs) go by many names in the messaging industry depending on their exact characteristics and implementation. Sometimes called address lists (ALs), mail lists (MLs), or merely mail exploders; this ability to support sending messages to a centrally managed list of recipients is a critical medium grade messaging feature. DLs are used to support the dissemination of information to teams and business units of all sizes, and to support on line discussion in distributed fora. DL Exempted Recipients Some messaging systems enable the originator to specify particular recipients that should be omitted from the set of recipients resulting from DLs. This capability is quite useful in circumstances where the business process requires a small number of recipients to be excluded from a widespread distribution. Examples include collection of personnel performance appraisal inputs, or exclusion of traveling users from large file distributions. Support of this feature is not yet widespread, and is thus a key product discriminator. SECURITY FEATURES Protection of message traffic with security services is increasingly important to any medium grade messaging product or service. Necessarily features include access control, message confidentiality, message integrity, non-repudiation of origin, non-repudiation of delivery, message security labeling, and message sequence integrity. Access Control Control of access to the messaging infrastructure has become a more appreciated issue in recent years. Recent increases in theft of service, denial of service attacks, and anonymous Internet junk mail (i.e., spam ) have increased awareness of this deficiency in many messaging systems. Countermeasures recently deployed against these threats include submission control based on originating network address and restriction of transfer only operations on many MTAs. Stronger means are also possible based on cryptographic authentication mechanisms, but these are not yet broadly supported by industry. Confidentiality Services that prevent the disclosure of the content of a message to anyone other than the authorized recipients are a vital part of the messaging security requirement for medium grade messaging. Business processes that involve personal, proprietary or classified information cannot be safely conducted over messaging without this service. confidentiality is usually provided by encryption supported by protected exchange of a onetime shared symmetric key. The key exchange is usually performed within the messaging protocols. Integrity Basic message integrity is an essential requirement of the transfer service, but protection against deliberate tampering or modification enters the realm of security. This service is necessary in any medium grade messaging product or service. integrity is usually provided by use of a digital signature over the message, but may also be provided by application of secure hash or other encryption functions. Non-repudiation of Origin Non-repudiation of origin is the capability for the recipient to be able to demonstrate to a third party that the originator of a message is actually who they claim to be. Business processes that involve authorized approval cannot be safely conducted over messaging without this service. Non-repudiation of origin is usually provided by use of a digital signature over the message. Non-repudiation of Receipt Non-repudiation of receipt is the capability for the originator to be able to demonstrate to a third party that the intended recipient of a message has actually received it, and is who they claim to be. Nonrepudiation of receipt is usually provided by use of a digital signature over some form of receipt. Security Labeling security labeling allows the originator to attach an indication of the message s sensitivity to disclosure or other threats. Labeling is of growing importance in medium grade messaging as commercial enterprises recognize benefits from a compartmentalization approach to handling proprietary information. The ASN.1 data structure SecurityLabel, originally described in International Telegraph and Telephone Page 4

Consultative Committee (CCITT) 1 recommendation X.411:1988 [11], has become a de-facto standard because of its adoption in numerous secure messaging and directory efforts. However, subsequent definition of the security-categories field of the X.411 label has proven to be controversial, and is continuing in NATO, the Combined Communications Electronics Board (CCEB), and ISO Subcommittee 27 (SC27). CONTENT FEATURES The content of the message itself must provide a number of vital services to adequately support medium grade messaging. Necessarily features include a globally unique message identifier, a precedence indication, an obsoleting indication, distribution codes, an authorization time, manual handling instructions, an information category, an originator reference, other recipients, and the circulation list. Globally Unique Identifier s should be associated with a globally unique identifier to facilitate correlation of duplicates, allow cross-referencing of messages, and support management functions. Global uniqueness can easily be achieved by appending an appropriate time code or serial number to a uniquely registered user name or address. Many messaging systems already provide globally unique identifiers, but limit their effectiveness by conveying them in varying protocol fields (e.g., often X- extension headers in SMTP). Precedence s should contain an indication of the originator s perceived importance, or relevance, of the message (i.e., precedence) to each recipient of the message. This precedence value might be used to affect how the message is presented to the user (e.g., highlights or colors), or might trigger automatic alerts (e.g., via pager). Each recipient might have a different precedence. This service may or may not be directly tied to the message delivery priority service described for the exchange service. Obsoleting s should contain the globally unique message identifier of any other messages that by its receipt are rendered outdated or obsolete. This service addresses the perishability of messages from a different 1 Note that CCITT was later reorganized into the ITU-T. The term CCITT is used here for historical accuracy. perspective than the maximum message lifetime service described for the exchange service. This service aims to reduce confusion on the part of recipients as a result of message perishability. Distribution Codes The distribution codes service enables the originator to provide the recipient s with information to support the redistribution of the message either within the messaging system (e.g., auto-forwarding) or externally (e.g., hard copy distribution). It may also provide information to features such as automatic alerts (e.g., pager). Authorization Time The authorization time indication service enables the originator to indicate to the recipient the date and time at which a message was formally authorized. Depending upon local requirements, this date and time stamp may vary from the date and time when the message was submitted to the transfer system. Manual Handling Instructions The manual handling instructions indication service enables the originator to indicate to the recipient any post-delivery instructions (e.g., recipient handling remarks) that may accompany the message. The service might provide instructions consisting of free form text that may state special requests for recipient handling, or instructions for how to process body data. Information Category The information category indication service enables the originator to indicate to the recipient the character of the information contained in the message. The service might provide a registered identifier for each particular category, or free form information describing the nature of the communication. The recipient may use the information provided by this service to affect the presentation of messages to the recipient, or to affect any other local processing functions. A specific definition of information category values and semantics should be mutually supported by the originator and the recipient. Examples of possible information category values include: draft message, press release, contractual commitment, and policy statement. Originator Reference The originator reference indication service enables the originator to indicate to a recipient a reference value, chosen by the originator, to be used within the organization of the originator as an internal reference. Examples of possible references include: file number, claim number, and legal case number. This information may be used by the recipient in later communications Page 5

with the originator, possibly by other means, concerning a particular message. Other Recipients The other recipients indication service enables an originator to indicate to a recipient the names of intended recipients who will receive a message without the use of messaging (e.g., via fax). The service should also allow indication of which category, such as primary (i.e., To: ) or copy (i.e., Cc: ), the other recipients should be considered. Circulation List Recipients The circulation list recipients indication service enables the originator to indicate to the recipient a list of recipients to which the originator requests the message be serially distributed. In this context, recipients that have received the message are said to be "checked" in the circulation list. The circulation list should be updated by the recipient and included in a forwarded IPM sent to the next recipient that has not been checked. This service models a common business practice for circulating pertinent materials to small groups for comment. IV CONCLUSION This paper attempts to capture and refine a unified set of emerging functional requirements for medium grade messaging drawn from a variety of sources. Three types of features are identified: message exchange features, security features and content features. The message exchange features tend to address well known deficiencies in the existing state of the messaging industry. These tend to be the most complex features from an implementation standpoint, but represent well-understood concepts and technology. Security features address an already broad, and still growing, market segment. These tend to be more straightforward to implement, but are fraught with open standardization issues. The content features are more esoteric but provide excellent benefits to the user for generally low implementation costs. 2. ITU-T X.400 Series: Data Communication Networks: Handling Systems, 1992. 3. ISO/IEC 10021 Series: Information Technology Handling Systems (MHS), 1992. 4. ISO/IEC 10021-1 PDAM 4: Business Class 5. ISO/IEC 10021-4 PDAM 4: Business Class 6. ISO/IEC 10021-5 PDAM 4: Business Class 7. ISO/IEC 10021-7 PDAM 4: Business Class 8. Business Quality Messaging Functional Specification, Electronic Mail Association (EMA) Business Quality Messaging (BQM) Special Interest Group (SIG), November 1997. 9. Defense Messaging System (DMS) Medium Grade Messaging Strategy, Defense Information Systems Agency (DISA), 7 August 1998 (DRAFT). 10. Protocols Profile for Department of Defense Medium Assurance Messaging, Mitre Corp., Revision 2.0, January 1999. 11. CCITT X.411:1988: Data Communication Networks: Handling Systems: Transfer System: Abstract Service Definition And Procedures, 1988. The various medium grade development efforts exhibit a strong correlation of both objectives and outcome. Yet none of these activities appears to have gained a strong beachhead in the commercial products arena. This suggests that efforts should be made to harmonize the various definitions of medium grade messaging for the purpose of promoting a larger, more lucrative market for developers. V REFERENCES 1. ACP 123: Common Messaging Strategy and Procedures, November 1994. Page 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information