Coalition Information Sharing

In order to enable secure coalition information sharing (CIS), communication endpoints must be able to uniquely identify and authenticate each other to negotiate acceptable confidentiality and integrity protection algorithms. The root problem is one of identity management in decentralized access control systems. The security architecture must provide for a means to authenticate users to each other and manage their relationship to system capabilities. While Service-Oriented Architectures (SOAs) are ushering in a new era of interoperability, they also introduce new security concerns that must be addressed before they can be deployed. XML-Encryption and XML-Signature are provided as cryptographic protection mechanisms, but these suffer significant weaknesses due to the inherent flexibility of XML parsers. The current CIS solutions, such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS), are inflexible in that they only provide point-to-point connectivity and are dependent on the underlying transport medium. This paper will address several significant areas that must be addressed to effectively support secure CIS; data encryption independent of the transmission method, discrete separation of information by supporting differing levels of classification on the same network, and many-to-many communications in both synchronous and publish-subscribe methods, whether the data is in transit or at rest. We shall discuss each of these challenges and their implications in greater detail, and explore possible solutions to more effective CIS, including the Group Secure Association Key Management Protocol (GSAKMP), which provides key management for cryptographic groups without imposing any requirements on the methods of communication.