On March 15th REDCOM participated in the Tri-Services Open Architecture Interoperability Demonstration (TSOA-ID). REDCOM demonstrated the latest evolution of the REDCOM Sigma ® C2 platform to industry partners and Army, Navy, and Air Force Open Architecture (OA) teams.
With REDCOM Sigma deployed on multiple platforms at TSOA-ID, REDCOM successfully demonstrated robust interoperability across platforms, networks, and waveforms.
REDCOM Sigma C2 software was running on a Spectranetix chassis during the event. REDCOM Sigma XRI-400 was connected to the Spectranetix system with the new REDCOM C2 Console for monitoring and controlling all comms — on both IP and RF networks — between the two systems. The C2 Console includes enhanced TSM interoperability to manage multiple talk groups simultaneously through a single TrellisWare TSM gateway radio.
REDCOM technology was also utilized in a demo in the Curtiss-Wright Defense Solutions booth. Curtiss-Wright had REDCOM Sigma installed in a virtual environment running on a SOSA-aligned VPX3-1260 single board computer in their chassis, along with the REDCOM Secure Client and a REDCOM Sigma XRI for radio interoperability.
“CMOSS is an evolving standard, and we are committed to building out the architecture as part of the SOSA™ Consortium. Our Sigma platform is well-positioned to be the core C2 platform on CMOSS for voice, video, and chat,” said Mike Gates, Director of Solutions Engineering, REDCOM. “It’s important to realize, though, that a CMOSS implementation will still take time, and interoperability will always be a concern. That’s why our Sigma software and Sigma XRI hardware will be so important during the transition to an Open Systems Architecture. These platforms are available today and help pave the way to a CMOSS future.”
For more details on REDCOM Sigma and Sigma XRI, view the product briefs or contact a REDCOM solution advisor for a demo.
REDCOM Laboratories, Inc., the leading supplier of advanced tactical and strategic communications solutions, is pleased to be attending FIDAE 2022 in Santiago, Chile April 5- 10 in booth C11. FIDAE is the premier aerospace and defense trade show in Latin America, that address the full scope of commercial, military, and space interests. REDCOM will be in the USA Partnership Pavilion exhibiting REDCOM’s flagship Sigma® ecosystem.
Sigma software is a complete Command & Control solution with voice, video, chat, and conferencing. REDCOM Sigma increases operational flexibility while reducing size, weight, and power (SWaP) requirements in military and humanitarian aid scenarios. REDCOM Sigma is based on open standards with a focus on interoperability, flexibility, and ease of use. Sigma is already proven and deployed by multiple programs with the U.S. Army and U.S. Air Force. In 2020, REDCOM Sigma® software was selected as the C2 platform of choice by the U.S. Army due to its support of Army modernization priorities while simultaneously reducing lifecycle, maintenance, and training costs.
REDCOM will also be demonstrating Sigma® XRI, a MIL-Spec hardware C2 platform built around REDCOM Sigma software. Sigma XRI bridges the gap between disparate radio systems used by military units, government agencies, and public safety organizations. By leveraging existing radio assets, Sigma XRI enables these organizations to seamlessly connect to each other, regardless of radio network, endpoint, or frequency used. Radio users can communicate directly with users on any SIP end device and can participate in the same voice conferences using Sigma XRI. All communications within Sigma XRI can be monitored and controlled via REDCOM’s new C2 Console app that provides tactical users with a single pane of glass to monitor all comms.
About FIDAE
FIDAE is the leading aerospace and defense trade show in Latin America. The show will build on its well-earned reputation to present a vital and growing international aerospace event that addresses the full scope of commercial, military and space interests. The 2018 edition hosted some 533 exhibitors from 50 nations whose products and services, including 138 aircraft on the flight line, attracted more than 120,000 professional visitors, including 525 delegations from 40 countries. Organizers anticipate more exhibitors and delegate visitors in 2022, all looking for extra insight and access to decision-makers and buyers in this dynamic and influential marketplace. For more information, please visit the FIDAE website at https://kallman.com/about-fidae-2022
About REDCOM
REDCOM Laboratories, Inc. is a woman-owned small business that specializes in the design and manufacture of advanced tactical and strategic communications solutions with a focus on interoperability, flexibility, and ease of use. REDCOM’s MIL-spec products are optimized for low size, weight, and power (SWaP), making them the ideal communications core for the tactical edge. REDCOM’s customers include all branches of the military, government agencies, emergency responders, integrators, and telecom service providers. For additional information, please visit the REDCOM website at www.redcom.com.
The current situation over national sovereignty in eastern Europe has the world on edge. It began with cyberattacks and is quickly evolving into kinetic warfare. Critical lines of communication are already being impacted. Without communications, a country is crippled, unable to coordinate a response, move troops, or bring in medical assistance.
In these situations, a stand-alone Command and Control communications system becomes a critical lifeline. Forces need the ability to distribute C2 comms capabilities in places that are not known to the adversary. Furthermore, these systems must not be dependent on a single transmission path. In the event that the IP network is taken down or a satellite is rendered inoperable, forces must be capable of pivoting to an alternate transmission path.
REDCOM solutions are uniquely positioned to enable comms in the tactical domain. Our Sigma software and Sigma XRI hardware deliver the resilience, mobility, interoperability, and ease of use required for forces at the tactical edge.
Resilience
Future conflicts will be remote, dispersed, and often operate in contested environments where communications may be disrupted or outright denied. Thus, a C2 comms platform for the next fight must be lightweight, flexible, and resilient.
REDCOM Sigma XRI is built specifically for these scenarios, enabling forces to leverage existing infrastructure and communicate across networks, technologies, and waveforms. From tactical radios on different nets to SIP endpoints and SATCOM devices, Sigma XRI enables powerful stand-alone C2 comms at the tactical edge.
If a cyber threat or outright attack renders IP-based communications inoperable, Sigma XRI can sustain critical C2 comms without requiring reach back to higher HQ.
Mobility
As operations become more decentralized and distributed, the ability to communicate is more important than ever. REDCOM Sigma XRI enables warfighters to sustain lines of communication while on the move without getting bogged down by gear. The small form factor, robust design, and low power requirements of the Sigma XRI means it can be deployed to the tactical edge in a backpack, on a vehicle, or on aerial assets. This is particularly valuable in forward-deployed scenarios where resources are limited, and soldiers must be as light as possible.
Interoperability
The ability to command, control, and communicate with Joint and Coalition forces will be critical to mission success in the next fight. Things become exponentially more complicated when multiple nations — with disparate communications technology — get involved on foreign soil.
The new REDCOM C2 console enables all disparate endpoints to be monitored and controlled from a single pane of glass. The C2 Console runs on any already-deployed PC, laptop, tablet, or MFoCS device, and soldiers can be trained on the platform in minutes.
Ease of Use
Usability is imperative to today’s warfighter, whether they are at the tactical edge or in a network operations center environment. REDCOM Sigma’s graphical user interface is intuitive and easy to use. Incidental users or administrators can be trained in minutes. This allows defense forces to further improve their force design by allowing for smaller geographically dispersed teams that do not require field service representatives or IT experts.
Conclusion
The requirement for effective, stand-alone C2 comms has become more important than ever before. REDCOM can play an important role in delivering proven C2 solutions to enable communications that help defend freedom anywhere in the world. Most critically, REDCOM technology can reduce complexity and lifecycle costs while improving the operational tempo of troops at the tactical edge. For more information on REDCOM Sigma or Sigma XRI, contact a REDCOM solution advisor today.
The term cybersecurity expert is overplayed. There is no official or legal definition, and between companies, the meaning of “cybersecurity expert” can vary greatly. When we talk about cyber, we need to understand our audience and trust the “experts” we rely on for information. As we talk to others, what attributes do we use to signal that we are cybersecurity experts? As we interview people for job openings, how do we qualify and differentiate between all of the candidates calling themselves “experts”?
Claiming to be a cybersecurity expert is essentially saying you have expertise in all forms of mathematics. But let’s be honest, no one can be a true expert in all areas of cybersecurity (or math for that matter). Most “experts” specialize within a given field and have general knowledge of surrounding areas. So, this begs the question, how can you measure this expertise? Education is a start but can be outdated as technology is continuously advancing. Your job title also does not work. If you are implementing requirements, it does not necessarily mean you understand them. Instead of these measurements, we suggest the following levels.
Cybersecurity levels based on the Kardashev Scale
We draw our inspiration from the Kardashev Scale, which measures a civilization’s level of technological advancement based on the amount of energy it uses. The main idea is those tech advancements are needed to control and produce larger and larger amounts of energy. Achievements are used to gauge expertise and mastery rather than generic certifications or titles. Since a true expert in cybersecurity does not exist, perhaps a scale like this could clear up how much knowledge so-called experts have. Our proposed cybersecurity levels are:
Level 1
Ability to articulate in general terms a given cybersecurity topic
Able to answer basic questions on a given topic
Example: Can provide a general overview of RSA and answer general questions about it and its importance.
Level 2
Ability to either code or describe mathematically a given cybersecurity topic
Able to talk about the inner workings of a given topic
Able to describe the purpose behind a cyber policy or the high-level workflow of a specific cyber protocol
Example: Understanding the math behind the concept or the purpose of a policy.
Level 3
Contributed to the discussion by providing new information that is beyond general knowledge
Typically, patents begin at this level
Example: Improved the efficiency of a given algorithm or combined novel ideas to provide a new concept/product that better solves a problem.
Level 4
Created a new discussion by introducing new concepts/ideas that revolutionize a given field in cybersecurity
Typically, this requires either new math or the use of math concepts used in a unique way
Example: Inventing quantum approaches to cybersecurity
REDCOM and cybersecurity
REDCOM is committed to continuous cybersecurity improvements. Our zero-knowledge authentication capability is built from the tactical edge up, focusing on interoperability and data protection using a “brilliance in the basics” approach. While we don’t consider ourselves cybersecurity experts, we strive to be level three or higher on our zero-trust architecture solution, ZKX. REDCOM’s new disruptive authentication technology, ZKX, offers seamless and frictionless multi-factor authentication designed to embody the foundational principles of zero trust. ZKX is designed atop a foundation of zero-knowledge proofs — longstanding mathematical functions used to prove one’s knowledge of secret information without revealing what that secret information is.
Conclusion
No one individual or organization is an expert in all aspects of cybersecurity. We believe a focus on measurable accomplishments is a better method of judging cybersecurity knowledge than titles or degrees. If you want to understand a person’s cyber competence, ask specific questions to deduce their level of expertise. Ask them what they’ve done in the field, what subfield they are focused on, or how they accomplish certain tasks. Be cautious of individuals or firms that refer to themselves as “cybersecurity experts” and be prepared to ask probing questions to classify them into one of the levels outlined above.
The zero-trust architecture (ZTA) is a novel conception of network construction designed to eliminate the overall concept of “trust” from day-to-day network operations. Currently, security is traditionally relegated to the network’s perimeter: if access was granted to a specific user’s account, then that user is free to enjoy the privileges associated with said account. The ZTA security model eliminates the idea of trusted networks, devices, personas, or processes, and shifts to multi-attribute and multi-checkpoint-based confidence levels that enable much more granular authentication and authorization policies.
President Biden signed an executive order pertaining to cybersecurity on January 19, 2022. This executive order further emphasizes already laid-out security measures and gives agencies with national security systems 60 days to update agency plans to prioritize resources for the adoption and use of cloud technology, including the adoption of the Zero Trust Architecture.
The momentum towards this executive order can be traced back to April 2021, when DISA and the NSA released a 163-page document on the DoD Zero Trust Reference Architecture. This document is quite expansive and a bit intimidating. Our cybersecurity team has reviewed it thoroughly, so you don’t necessarily have to (though you certainly should read pages 1-21 at a minimum). One of the most critical points discussed are the seven key pillars — or focus areas — to implementing a zero trust environment.
The seven pillars of a zero trust environment
User: Securing, limiting, and enforcing person, non-person, and federated entities’ access.
Device: Having the ability to identify, authenticate, authorize, inventory, isolate, secure, remediate, and control all devices.
Network/environment: Segment (both logically and physically), isolate and control the network/environment (on-premises and off-premises) with granular access and policy restrictions
Applications & workload: Applications and workloads include tasks on systems or services on-premises, as well as applications or services running in a cloud environment
Data: Zero Trust protects critical data, assets, applications, and services
Visibility and analytics: Vital, contextual details provide a greater understanding of performance, behavior, and activity baseline across other Zero Trust pillars
Automation and orchestration: Automate manual security processes to take policy-based actions across the enterprise with speed and at scale
Where to start: identity and authentication
The two most critical pillars are the user and the device; this needs to be the starting point. “All roads lead to identity and authentication,” says REDCOM’s Collin Sweeney, Senior Cyber Security Researcher. “The words ‘Zero Trust’ say it all: you aren’t going to trust any entity inherently. A ruggedized rigid process by which users can prove their claimed identity to another party is necessary.” Therefore, the user and device are the two most critical pillars and the starting point of Zero Trust.
The Cybersecurity and Infrastructure Security Agency (CISA) claims identity is defined as an attribute or set of attributes that uniquely describes an Agency user or entity. The agency needs to ensure the correct users have the right access, which is done by verifying their identity. A similar process takes place for the device. The main difference is instead of verifying a user or entity it is the verification of hardware connecting to a network.
Not all pillars can be achieved within the same solution. If you inherently have no trust, you need a way to authenticate the users and devices on your network. You must walk before you can run and by starting with the user and device you are doing just that. In implementing a ZTA, the goal is to protect your most valuable Data, Assets, Applications, and Services (DAAS). The first line of defense is making sure no unauthorized user or devices has access. Therefore, all roads lead to identity and authentication.
REDCOM ZKX: the solution for user and device authentication
REDCOM is a leading voice in the conversation on actualizing a working Zero Trust Architecture for the tactical edge. REDCOM’s new disruptive authentication technology, ZKX™, offers seamless and frictionless multi-factor authentication designed to embody the foundational principles of zero-trust. This is done by its lightweight construction and intentional “bottom-up” philosophy — integrating the enterprise with the edge, not the other way around. The benefits of ZKX are:
Authenticates user and their device simultaneously
Protects personal data by not storing personal information
No data is at risk if the endpoint device is compromised
Interoperable with various network mediums such as satellite, RF radio frequency, and IP networks
Can adapt to policy requirements
Deployed following policies already outlined
Confidence levels can be enhanced simply by continued challenging of a user’s identity, it is not all or nothing
For more information on ZKX watch our webinar and read our FAQ.
Conclusion
Not all pillars of Zero trust are achievable simultaneously. The user and device need to be authenticated before you can begin securing the other pillars. If unauthorized devices or users can access your network the network, data, and remaining pillars have all been compromised. REDCOM provides a solution to tackle the two most critical pillars without rip and replace thus reducing your network footprint.
REDCOM is proud to announce that the company is sponsoring and leading discussions at the Mobile Deployable Communications Conference (MDC), held in London, England on January 26 and 27, 2022. The Mobile Deployable Communications conference is designed to bring together global leading program managers, strategic decision-makers, industry experts, and thought leaders to discuss and explore the latest developments in communications technology in the tactical domain.
REDCOM’s Executive Vice President, Col. Mike Sweeney (USMC, Ret.) will be a featured speaker at MDC, focusing on tactical technologies to address emerging threats. With a career in the U.S. Marine Corps that spanned four decades in a wide variety of command and staff positions, Col. Sweeney is highly knowledgeable on the intricacies of warfare from the strategic, down to the tactical level. Col. Sweeney’s briefing will cover a variety of topics, including mitigating threats from the cyber domain, effective C2 for distributed and DIL environments, improving interoperability with joint and coalition forces, and reducing complexity while improving operational effectiveness.
Highly adaptable forces that allow the warfighter to maintain consistent communications and situational awareness are the keys to success in the next fight. Command and control will be driven by the ability to implement low SWaP hardware and software solutions, reduce the equipment footprint at the tactical edge, improve interoperability, and intuitively arrange connectivity. REDCOM solutions are uniquely positioned to enable the warfighter of today and tomorrow to optimize battlefield command while reducing complexity, costs, and training time.
During his briefing, Col. Sweeney will talk about multiple REDCOM solutions, including:
REDCOM Sigma: C2 software with integrated voice, video, and chat functionality. Sigma is already the C2 platform of choice for the U.S. Army’s Program Executive Office Command, Control, Communications-Tactical network modernization.
REDCOM Sigma XRI: a low-SWaP C2 hardware platform with the ability to bridge up to four separate radio nets into the C2 network.
REDCOM C2 Console: a graphical interface that provides users with interoperability between all forms of communication, with the ability to dynamically patch together any available comms path through drag and drop.
REDCOM ZKX: Lightweight and powerful user and device authentication system designed to bring a Zero Trust Architecture to the tactical domain.
About REDCOM
REDCOM Laboratories, Inc. is a woman-owned small business that specializes in the design and manufacture of advanced tactical and strategic communications solutions with a focus on interoperability, flexibility, and ease of use. REDCOM’s MIL-spec products are optimized for low size, weight, and power (SWaP), making them the ideal communications core for the tactical edge. REDCOM’s customers include all branches of the military, government agencies, emergency responders, integrators, and telecom service providers. For additional information, please visit the REDCOM website at www.redcom.com.
Every two years the Army comes out with a new set of iterative series of integrated tactical communications packages for delivery to Soldiers. Each capability set builds on that of the previous iteration to complete the end goal of forming a multi-domain capable network by 2028. These capability sets are designed to ensure the Army keeps pace with industry advancement to provide warfighters with the most advanced solutions. This approach sparks changes to the tactical network design through continuous assessments of integrated capabilities along four major lines of effort:
Unified network
Common operating environment
Joint/coalition interoperability
Command post mobility and survivability
According to General Murray, “This is an iterative build to the end state. We never truly reach the end state; the end state is constant innovation”.
Capability Set 21: Expeditionary & Intuitive
Capability set 21 focused on the improvement of expeditionary capability making the network simple and more intuitive. Communications systems are smaller, lighter, and faster. Soldiers found that applications and network devices are easier to learn and use and commanders of infantry formations are provided more connectivity options to ensure they can communicate in any environment.
REDCOM Sigma aligns directly with the Army’s goals for this capability set. Our software is so intuitive and easy to operate that new users can be trained on Sigma in hours or days — not weeks. Not only does this drastically reduce training costs, but it also improves the tooth-to-tail ratio (T3R) by enabling the team on hand to confidently operate REDCOM Sigma without the need for IT specialists or field service reps.
Capability Set 23: Capacity, Resiliency, Convergence
Capability Set 23 aims to provide a more robust transport layer to support the requirements of the Army’s other modernization priorities. This set builds upon advances in expeditionary capabilities and increases in capacity, resiliency, and convergence of the network. With the introduction of CMOSS, REDCOM’s Sigma® software will be able to provide warfighters the ability to configure, manage, and control their C2 communication capabilities — including VoIP, video, chat, and radio interoperability — directly through an intuitive and easy-to-use interface.
Capability Set 25: Automated and Protected
In Capability set 25, the focus will revolve around delivering automated and protected capabilities to allow rapid and secure collaboration and decision making while executing decentralized and distributed mission command.
Capability Set 27: Multi-Domain Dominance
Capability Set 27 will focus on multi-Domain dominance. This final CS will improve cyber protection and will be built upon all advances from the previous sets. The Army is implementing these modernization efforts through the capability sets to ultimately have a less-complex tactical network in 2028. This network will utilize the benefits of existing technology and ensures Soldiers of today and future generations continue to be the most lethal fighting force in the world.
JADC2, A Reality
Joint All Domain Command and Control (JADC2) is the Pentagon’s future warfighter concept with a network that is expeditionary and mobile but can still pass and process massive amounts of data — necessary in a world of connected sensors and shooters. All of this requires interoperability, which just so happens to be one of REDCOM’s core tenets.
Deploying REDCOM Sigma or REDCOM Sigma XRI today instantly delivers the following benefits that are directly aligned with all the Capability Sets concepts and the goal of making multi-domain interoperability reality:
Ease of use: REDCOM systems are so intuitive that new users can be trained and up to speed in minutes or hours — not days or weeks.
Interoperability with coalition partners: REDCOM technology bridges the gap between multiple disparate SIP and RF networks.
No rip and replace: REDCOM technology works with the existing deployed base of handsets and endpoints. Inserting REDCOM Sigma or Sigma XRI into existing architectures is seamless while enabling an upgrade path to future technology.
Improved tooth-to-tail ratio: REDCOM greatly reduces the complexity and bulk at the tactical edge and reduces the need for IT experts. This allows the military to further improve its force design by allowing for smaller geographically dispersed teams without extra field service representatives.
Continuity of ops in DIL environments: REDCOM enables command and control across all echelons, even in the denied environment. This enables warfighters to always sustain communications, regardless of transport medium.
Built for mobility: REDCOM systems thrive in the shoot, move, communicate environment. Our low SWaP platforms are resilient to hard shutdowns and power up extremely fast. Communications can be fully operational within minutes, enabling warfighters to secure a tactical advantage by always maintaining mobility.
Conclusion
The U.S. Army is developing these modernization efforts through capability sets that drive towards a less-complex tactical network in 2028. This new network will utilize the full benefits of existing technology and ensure Soldiers of today and future generations continue to be the most lethal fighting force in the world. REDCOM will continue to support these efforts and be the foundation for all C2 comms. JADC2 is a complex future operating concept, however, REDCOM can address the key goals today at the tactical edge. The goal of the capability sets is to make JADC2 a reality by 2028, and it is not out of reach. REDCOM’s current products can provide a clear path to these future operating concepts by placing powerful and easy-to-use C2 solutions in the hands of the warfighter. If you want to learn more about how REDCOM products enable interoperability at the tactical edge reach out to sales@redcom.com
In November 2021 REDCOM and AFCEA hosted a webinar where the current state of the Zero Trust Architecture at the tactical edge was discussed along with our newest solution, ZKX. We had lots of audience questions, but we weren’t able to get to them all in the allotted time. So, we decided to form this FAQ. If you have other questions or would like a more detailed conversation, please reach out.
What kind of performance impacts would a ZT framework have? Would it create a disadvantage in some scenarios?
Even with 10 challenge rounds, the Tx/Rx bandwidth required is in tens of bytes and fractions of a second. We will perform stress tests on our own server in the SIGMA XRI as well as other COTS processors and publish a more detailed report as the product matures
Building ZKX bottom-up, how do you plan to deploy it to multiple devices on the tactical edge and how do you take care of legacy systems? How do we get your manuscripts?
We have built ZKX to operate on any platform that can run & execute code. This architectural agnosticism combined with its low throughput requirements (on the order of kilobits) allows us to operate on a vast variety of different endpoints, servers, platforms, etc. Please reach out to have a more in-depth conversation and receive some more technical materials!
How do you achieve that unique output? Random algorithm?
Yes. Random zero-knowledge proofing elements are injected into every user response to an identity challenge. It is a fundamental part of the ZKP protocols.
Is there a NIST certification like FIPS for this style of authentication? If so, has the product been certified?
There is a NIST certification for identity & authentication solutions, namely NIST SP 800-63 (Digital Identity Guidelines). There is no official process for certifying a technology against this standard (it is a self-asserted designation) but we have designed this technology to be compatible with the requirements of AAL3, the highest standard for digital authentication solutions. REDCOM would love to see a formal and definitive standard & certification body developed for authentication and identity solutions, and ZKX will be one of the first products in line to undergo that process, whatever it may look like.
Do you have a diagram that shows where ZKX sits within a tactical enclave?
Yes! We have several generalized architecture diagrams for how ZKX will look in a forward-deployed or tactical setting. Many of its details are left up to implementation or mission specifics, but the generalized diagrams will give you a feel for where in the ecosystem ZKX will reside. Please reach out to us and we can get those to you!
Isn’t the one-way function just asymmetric encryption? Are you removing symmetric encryption altogether? In the past, asymmetric was used to establish a connection while symmetric is used to communicate after to maintain higher performance that is not possible with asymmetric methods. Does this mean you will get a significant performance hit?
One-way functions are a fundamental component of asymmetric encryption, and there are many similarities between ZKX and more common asymmetric encryption techniques. ZKX will leverage any existing transport mechanism with or without encryption, so whatever transport security you require can still be implemented. In terms of protecting the authenticating data, users create responses to identity challenges using a public key-based system that also utilizes zero-knowledge proofs. Again, ZKX is not a transport protocol. Whatever safeguards you require over your data channels are free to remain. ZKX is a privacy-preserving, robust MFA system – other parts of the transaction like networking or policy governance are outside of its control.
How about implementing a biometric verification that is hashed and stored on-chain. The processing happens off-chain on the users’ device and is transmitted as a ZKP. That would eliminate the CAC.
ZKX can handle anything you throw at it. New cards, serial numbers, blood type — ZKX is agnostic to the methods our customers will use to manage their users and the databases defining them.
Do you think the Soldier will ever be required to authenticate themselves and devices when downrange? Most tactical systems don’t have an AD environment or AAA, historically they use local login only. How will ZTA address security for a tactical Soldier, one that is in the field and needs information now?
This is an interesting question and one that the enterprise (and industry, for that matter) are still struggling to answer. ZTA requirements have yet to be developed for tactical settings, but we envision the situation being like today, no AD or AAA, and no cloud connectivity. ZKX is designed to operate within even the smallest formations – users can authenticate themselves and their device(s) before detaching from garrison, and our zero-knowledge identity attestation will keep their user/device identity verified if there is connectivity to a computer platform taking care of the verification side of that transaction. ZKX operates on the order of 10^0 kb per round, so even the most degraded SATCOM links can still facilitate ZKX authentication.
We hear you say that we must not trust the user and not trust the device. That’s why you have all kinds of Zero Knowledge checks build-in. What about Identity? Why do you trust identities?
This is a good point, and worth reinforcing. ZKX assumes that your organization has already undergone its own identity-proving process (think like being provisioned your first CAC or bringing a birth certificate and electric bill to the DMV to get a driver’s license). ZKX does NOT stand up to these identities, just authenticates them. This was an intentional design choice in order to allow organizations to continue utilizing their own trusted identity processes. We are simply offering a newer, more secure, and faster way to prove those identities (via zero-knowledge MFA) which are defined by your existing onboarding processes for employees, guests, contractors, etc.
We’d like to understand the math you’re using in ZKX
REDCOM is proud to have participated in Project Convergence (PC) 2021, the U.S. Army’s campaign of learning and experimentation for new Command and Control (C2) systems. Soldiers participating in PC 21, which concluded in November, used REDCOM Sigma C2 software to increase operational flexibility and interoperability within the Joint Force to realize JADC2 goals.
In 2020, REDCOM Sigma® software was chosen as the part of a C2 platform for the United States Army due to its support of Army modernization priorities while simultaneously reducing lifecycle, maintenance, and training costs.
“REDCOM embraces a real-time engineering approach. We don’t believe our job is done after the delivery of the initial capability. We put our command and control solutions to the test in operational environments and incorporate what we learn in future software releases,” said Courtney Stiles, Business Development Manager, REDCOM. “The Army is in the business of life and limb not in the business of ‘nice to have.’ Continuous improvement of our solutions makes the warfighter more effective and supports the Army’s goals in PC 21 and JADC2.”
REDCOM Sigma supports a rapidly changing operating environment by being easy to use, standards-based, and transport agnostic. This approach allows the Army to integrate with various systems, devices, and applications already fielded. REDCOM also enables the rapid insertion of new technology as it becomes available and supports the distribution of timely and actionable information so leaders can seize, retain, and exploit the initiative in any scenario, including in denied, intermittent, or limited-bandwidth (DIL) environments.
Future conflicts will require decisions to be made quicker than ever before, combining forces and systems in novel unanticipated ways not explicitly planned for in advance. REDCOM is committed to being a part of the Army’s continuous improvement efforts through Project Convergence to keep industry and the warfighter aligned with the most innovative and effective technology for the tactical edge.
About Project Convergence
Project Convergence (PC) is the U.S. Army’s campaign of learning, experimentation, and demonstration aimed at quickly integrating weapons systems and command and control (C2) systems with the Joint Force. Project Convergence is the Army’s contribution to the military’s future operating framework, JADC2. A strong Command and Control platform will be the key to success in future fights having the right people, weapons systems, information, and terrain will be critical. As an industry partner in Army network modernization, REDCOM has proven success in distributed and denied environments. REDCOM technology enables warfighters to sustain communications in all environments and scenarios, regardless of transport medium.
About REDCOM
REDCOM Laboratories, Inc. is a woman-owned small business that specializes in the design and manufacture of advanced tactical and strategic communications solutions with a focus on interoperability, flexibility, and ease of use. REDCOM’s MIL-spec products are optimized for low size, weight, and power (SWaP), making them the ideal communications core for the tactical edge. REDCOM’s customers include all branches of the military, government agencies, emergency responders, integrators, and telecom service providers. For additional information, please visit the REDCOM website at www.redcom.com.
Zero Knowledge and Zero Trust: they’re basically the same, right? Not quite. While these two terms might be similar in name, they are in fact two completely different ideas. Zero Knowledge can be used to help complete the notion of Zero Trust, but it cannot work in the opposite direction. Zero Knowledge is a mathematical distinction, whereas Zero Trust is a philosophical one.
As cyber threats continue to advance, the current network model is only becoming more insufficient in protecting critical data. In more classical network models, once you enter the network you have the authorization to access privileged data within said network. This compromises critical information, as we have seen in some of the most infamous cyber-attacks and breaches. This is where the concept of Zero Trust comes into play.
Zero Trust
Zero Trust is built on the idea that trust does not exist within the scope of cyber operations – be it between a network and its users, a network and its architectural components, or a user base and their organization. Architecturally, there is the assumption that there is no perimeter on the network and thus all data needs to be protected as though they are already exposed. Every point within the network would constantly require some form of authentication to access the data behind it.
Zero Knowledge
Zero Knowledge can be viewed as a narrower component of Zero Trust. Zero Knowledge enables specific actions like authentication that can be completed without sacrificing valuable secret or identifying information. This smaller slice of security further protects personal data like PII by no longer risking its exposure, as it is never stored or transmitted when used for authentication. Under this model, data associated with an item can be used for authentication that alone would be invaluable instead of using personal data that could be stolen. This model works under the assumption that each user or device was already compromised. By authenticating not only the user but the device as well, an extra layer of protection is added while minimizing computational or communicative overhead.
REDCOM ZKX
REDCOM recently formed a new business unit: ZKX Solutions. ZKX Solutions is bringing to market a new disruptive authentication technology, the ZKX MFA Engine. The ZKX Engine offers seamless and frictionless multi-factor authentication designed to embody the foundational principles of zero trust. The ZKX Engine is designed atop a foundation of zero-knowledge proofs — longstanding mathematical functions which are used to prove one’s knowledge of secret information without revealing what that secret information is. The benefits of the ZKX Engine are:
Protects personal data by not storing personal information
No data is at risk if the endpoint device is compromised
Interoperable with various network mediums such as satellite, RF radio frequency, and IP networks
Can adapt to policy requirements
Deployed following policies already outlined
Confidence levels can be enhanced simply by continued challenging of a user’s identity, it is not all or nothing
Authenticates user and their device simultaneously
Built from the bottom-up
Conclusion
Future fights will involve the cyber domain and it is critical data be protected against adversarial threats. REDCOM can protect vital data with our new solution ZKX, and our solution is part of the greater Zero Trust architecture.
Español
