Stealth Intro
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Stealth Intro as PDF for free.
More details
- Words: 1,477
- Pages: 28
The Unisys Stealth Solution for Network
Preserving right to know and need to know on whatever network is available.
© 2009 Unisys Corporation. All rights reserved.
The Original Problem
Existing multiple networks
WAN 1
• Complex • Difficult and expensive to manage
DC 1
DC 2
WAN 2 DC 3
WAN 3
Data Center
GIG
© 2009 Unisys Corporation. All rights reserved.
LAN Infrastructures
Users
Page 2
Stealth Consolidated Network
DC 1 DC 2
LAN / WAN /Wireless DC 3
Stealth Network Appliance
Data • Confidentiality • Integrity • Availability Page 3
What is the Unisys Stealth Solution?
The Unisys Stealth Solution is a transformational way to protect your network data. It starts by using certified encryption, then bit-splits data into multiple slices as it moves through the network. But more than that, the Stealth Solution allows multiple communities of interest to share the same network without fear of another group accessing their data or even their workstations and servers. The result is a much simpler network infrastructure, increased agility to react to new opportunities, and enhanced security of your network data.
© 2009 Unisys Corporation. All rights reserved.
Page 4
R2
Security Group, Domain, or Community of Interest Defines Data Access
3
1 2
2
1
1
2
Community of Interest 1 Community of Interest 2 Community of Interest 3
© 2009 Unisys Corporation. All rights reserved.
1
3
3
3
A community of interest can be anything the customer defines it to be.
Page 5
Multiple Communities or Domains Can Safely Share Data
3
1 2
2
1
1
2
1
3
3
3
Community of Interest 1 Community of Interest 2 Community of Interest 3
© 2009 Unisys Corporation. All rights reserved.
Page 6
The Rest of the Devices Remain Cloaked from Unauthorized Eyes
3
1 2
2
1
1
2
1
3
3
3
Community of Interest 1 Community of Interest 2 Community of Interest 3
© 2009 Unisys Corporation. All rights reserved.
Page 7
Encrypt Everything by Community of Interest • Deploy a simplified consolidated network infrastructure that separates devices and data into communities of interest • Community of interest based on identity of individual or server, controlled by site’s identity management system • When a user’s role changes, change the identity management system, not the network configuration • FIPS 140-2 certified – “Under evaluation” for EAL 4+ • •
Stealth Delivers Defense-Level Encryption Clear text TCP/IP Packet Stealth Hdr
… G(01000111) …
Clear text
… S(01010011) …
Encrypt (AES-256)
© 2009 Unisys Corporation. All rights reserved.
Page 9
Data Is Split at the Bit Level Clear text TCP/IP Packet Stealth Hdr
… G(01000111) …
Clear text
… S(01010011) …
Encrypt (AES-256)
Parsed into slices
… 100 …
… 00 … © 2009 Unisys Corporation. All rights reserved.
… 111 … Page 10
Stealth Sends Data through the Network Encrypted slices
… 100 …
… 00 …
… 111 …
NIC
Destination device
NIC Parsed Intranet
© 2009 Unisys Corporation. All rights reserved.
Page 11
Resilience •
• Stealth can be configured to add redundant data to the slices: M of N – The encrypted data is parsed into N slices, and it requires any M of them to restore the data – Each bit of the encrypted packet is added to more than one slice – Original data can be recovered with fewer than the total number of slices – Example: only need any 3 of 4 slices to recover the data
Page 12
Reliability / Integrity • Cryptographic Module : SecureParser® by Security First Corp.
•
•
– FIPS 140-2 certified AES-256 Encryption – Unique patented bit-level splitting – FIPS certified authentication (SHA-1) Insures record was not tampered with
Stealth Bandwidth Implications
• While Stealth adds some overhead to the network in order to provide its security and sharing features, in most environments Stealth will not have a significant impact on the network bandwidth available to either a user or a server. • When possible, Stealth combines all of the slices into a single packet which reduces overhead and does not change the number of packets on the network. Stealth does this only if M=N and the resulting slices all fit into a single packet. • In a typical network environment with 800 byte packet and 3 of 3 parsing, Stealth will add about 20% overhead.
© 2009 Unisys Corporation. All rights reserved.
Page 14
Sharing Is Simpler • Access policies and governance enhanced • Password rules remain as defined • Users restricted to only applications and services in assigned workgroup
© 2009 Unisys Corporation. All rights reserved.
Page 15
Stealth Session Keys Are Self-Managed Stealth creates and manages Session Keys
•
•
• • •
Encryption-Session Key and Split-Session Key Short term—for the current session only Never stored in non-volatile memory No key management actions required by operations
Entire key process invisible to users
• • •
© 2009 Unisys Corporation. All rights reserved.
Page 16
Sending an Open Session Request Over a Stealth Network Open Session Request
Encryption Key
Split Key
AES-256 Encryption using Workgroup Key
Encrypted Open Session Request Parsed using Workgroup Key
Slice 1 •
Slice 2
Slice 3
The server attempts to regenerate and decrypt the open session request using each of its Workgroup Keys •
•
Session success = same Workgroup Key = server attempts to open the reverse connection back to the workstation with a different pair of Session Keys Session failure = Workgroup Key does not match = no response returned to the workstation
© 2009 Unisys Corporation. All rights reserved.
Page 17
Simpler Provisioning Translates to Rapid Deployment Application OS 7. Application 6. Presentation 5. Session 4. Transport 3. Network 2. Link 1. Physical
Network Stack
Stealth
NIC
© 2009 Unisys Corporation. All rights reserved.
Page 18
The Stealth Appliance Is Your Gateway to the Non-Stealth World
Internet
© 2009 Unisys Corporation. All rights reserved.
Page 19
Stealth Lowers Costs •By consolidating infrastructure, Stealth reduces the cost of acquisition, support, and the FTEs to manage them Stealth conserves • Space • Weight • Power • Heat Generation •
•
© 2009 Unisys Corporation. All rights reserved.
Page 20
Stealth in the DoD Network
LAN / WAN /Wireless
Stealth Network Appliance
Data • Confidentiality • Integrity • Availability Page 21
Commercial Network
Stealth in the DoD Network
p i t l u
s y h le p
r o l ica
m h t i w s n i e u s s s k r s w i o a l e w , t s n Sam cal n e a r e o i t a i l u g log ealth C l e r h a it • H nanci n w e c i o i n • F ucat plia d com tices E • c Data o a t r p • Confidentiality due b e s t d • Integrity n a LAN / WAN /Wireless
Stealth
Network Appliance
• Availability
Page 22
Server Outsourcing Today Customer A
Unisys Outsourcing Facility Customer A Tier 1 Virtual Server Customer A Tier 2 Virtual Server Virtual Servers
Customer B
Customer B Virtual Server Customer B Virtual Server
Customer A
© 2009 Unisys Corporation. All rights reserved.
Customer B
Page 23
Stealth and Server Outsourcing (Phase 1A) Customer A
Stealth Protected
Unisys Outsourcing Facility Customer A Tier 1 Virtual Server Customer B Virtual Server Virtual Servers
Customer B
Customer B Virtual Server Customer A Tier 2 Virtual Server
Stealth Network Appliance
Stealth Ensures:
•Customer A can only communicate with Customer A Tier 1 VS •Customer A Tier 2 VS can only communicate with Customer A Tier 1 VS •Customer B can only communicate with Customer B Virtual Servers
© 2009 Unisys Corporation. All rights reserved.
Customer A
Customer B
Page 24
Stealth and Server Outsourcing (Phase 2) Customer A
Unisys Outsourcing Facility Stealth Protected
Customer A Tier 1 Virtual Server Customer B Virtual Server Stealth Network Appliance
Virtual Servers
Customer B
Customer B Virtual Server Customer A Tier 2 Virtual Server
Stealth Ensures:
•Customer A can only communicate with Customer A Tier 1 VS •Customer A Tier 2 VS can only communicate with Customer A Tier 1 VS •Customer B can only communicate with Customer B Virtual Servers
© 2009 Unisys Corporation. All rights reserved.
Customer A
Customer B
Page 25
Security Risks Distract Organizations from Focusing on Objectives
Need to • Promote sharing • Extend the enterprise • Strengthen agility • Ensure trust • •
© 2009 Unisys Corporation. All rights reserved.
Page 26
Stealth Delivers the Right Information to the Right People at the Right Time
•Protects data-in-motion for LAN, WAN, and wireless networks •Improves agility •Provides value and cuts costs
© 2009 Unisys Corporation. All rights reserved.
Page 27
The Unisys Stealth Solution
Questions? UnisysStealthSolution.com [email protected]
© 2009 Unisys Corporation. All rights reserved.
Preserving right to know and need to know on whatever network is available.
© 2009 Unisys Corporation. All rights reserved.
The Original Problem
Existing multiple networks
WAN 1
• Complex • Difficult and expensive to manage
DC 1
DC 2
WAN 2 DC 3
WAN 3
Data Center
GIG
© 2009 Unisys Corporation. All rights reserved.
LAN Infrastructures
Users
Page 2
Stealth Consolidated Network
DC 1 DC 2
LAN / WAN /Wireless DC 3
Stealth Network Appliance
Data • Confidentiality • Integrity • Availability Page 3
What is the Unisys Stealth Solution?
The Unisys Stealth Solution is a transformational way to protect your network data. It starts by using certified encryption, then bit-splits data into multiple slices as it moves through the network. But more than that, the Stealth Solution allows multiple communities of interest to share the same network without fear of another group accessing their data or even their workstations and servers. The result is a much simpler network infrastructure, increased agility to react to new opportunities, and enhanced security of your network data.
© 2009 Unisys Corporation. All rights reserved.
Page 4
R2
Security Group, Domain, or Community of Interest Defines Data Access
3
1 2
2
1
1
2
Community of Interest 1 Community of Interest 2 Community of Interest 3
© 2009 Unisys Corporation. All rights reserved.
1
3
3
3
A community of interest can be anything the customer defines it to be.
Page 5
Multiple Communities or Domains Can Safely Share Data
3
1 2
2
1
1
2
1
3
3
3
Community of Interest 1 Community of Interest 2 Community of Interest 3
© 2009 Unisys Corporation. All rights reserved.
Page 6
The Rest of the Devices Remain Cloaked from Unauthorized Eyes
3
1 2
2
1
1
2
1
3
3
3
Community of Interest 1 Community of Interest 2 Community of Interest 3
© 2009 Unisys Corporation. All rights reserved.
Page 7
Encrypt Everything by Community of Interest • Deploy a simplified consolidated network infrastructure that separates devices and data into communities of interest • Community of interest based on identity of individual or server, controlled by site’s identity management system • When a user’s role changes, change the identity management system, not the network configuration • FIPS 140-2 certified – “Under evaluation” for EAL 4+ • •
Stealth Delivers Defense-Level Encryption Clear text TCP/IP Packet Stealth Hdr
… G(01000111) …
Clear text
… S(01010011) …
Encrypt (AES-256)
© 2009 Unisys Corporation. All rights reserved.
Page 9
Data Is Split at the Bit Level Clear text TCP/IP Packet Stealth Hdr
… G(01000111) …
Clear text
… S(01010011) …
Encrypt (AES-256)
Parsed into slices
… 100 …
… 00 … © 2009 Unisys Corporation. All rights reserved.
… 111 … Page 10
Stealth Sends Data through the Network Encrypted slices
… 100 …
… 00 …
… 111 …
NIC
Destination device
NIC Parsed Intranet
© 2009 Unisys Corporation. All rights reserved.
Page 11
Resilience •
• Stealth can be configured to add redundant data to the slices: M of N – The encrypted data is parsed into N slices, and it requires any M of them to restore the data – Each bit of the encrypted packet is added to more than one slice – Original data can be recovered with fewer than the total number of slices – Example: only need any 3 of 4 slices to recover the data
Page 12
Reliability / Integrity • Cryptographic Module : SecureParser® by Security First Corp.
•
•
– FIPS 140-2 certified AES-256 Encryption – Unique patented bit-level splitting – FIPS certified authentication (SHA-1) Insures record was not tampered with
Stealth Bandwidth Implications
• While Stealth adds some overhead to the network in order to provide its security and sharing features, in most environments Stealth will not have a significant impact on the network bandwidth available to either a user or a server. • When possible, Stealth combines all of the slices into a single packet which reduces overhead and does not change the number of packets on the network. Stealth does this only if M=N and the resulting slices all fit into a single packet. • In a typical network environment with 800 byte packet and 3 of 3 parsing, Stealth will add about 20% overhead.
© 2009 Unisys Corporation. All rights reserved.
Page 14
Sharing Is Simpler • Access policies and governance enhanced • Password rules remain as defined • Users restricted to only applications and services in assigned workgroup
© 2009 Unisys Corporation. All rights reserved.
Page 15
Stealth Session Keys Are Self-Managed Stealth creates and manages Session Keys
•
•
• • •
Encryption-Session Key and Split-Session Key Short term—for the current session only Never stored in non-volatile memory No key management actions required by operations
Entire key process invisible to users
• • •
© 2009 Unisys Corporation. All rights reserved.
Page 16
Sending an Open Session Request Over a Stealth Network Open Session Request
Encryption Key
Split Key
AES-256 Encryption using Workgroup Key
Encrypted Open Session Request Parsed using Workgroup Key
Slice 1 •
Slice 2
Slice 3
The server attempts to regenerate and decrypt the open session request using each of its Workgroup Keys •
•
Session success = same Workgroup Key = server attempts to open the reverse connection back to the workstation with a different pair of Session Keys Session failure = Workgroup Key does not match = no response returned to the workstation
© 2009 Unisys Corporation. All rights reserved.
Page 17
Simpler Provisioning Translates to Rapid Deployment Application OS 7. Application 6. Presentation 5. Session 4. Transport 3. Network 2. Link 1. Physical
Network Stack
Stealth
NIC
© 2009 Unisys Corporation. All rights reserved.
Page 18
The Stealth Appliance Is Your Gateway to the Non-Stealth World
Internet
© 2009 Unisys Corporation. All rights reserved.
Page 19
Stealth Lowers Costs •By consolidating infrastructure, Stealth reduces the cost of acquisition, support, and the FTEs to manage them Stealth conserves • Space • Weight • Power • Heat Generation •
•
© 2009 Unisys Corporation. All rights reserved.
Page 20
Stealth in the DoD Network
LAN / WAN /Wireless
Stealth Network Appliance
Data • Confidentiality • Integrity • Availability Page 21
Commercial Network
Stealth in the DoD Network
p i t l u
s y h le p
r o l ica
m h t i w s n i e u s s s k r s w i o a l e w , t s n Sam cal n e a r e o i t a i l u g log ealth C l e r h a it • H nanci n w e c i o i n • F ucat plia d com tices E • c Data o a t r p • Confidentiality due b e s t d • Integrity n a LAN / WAN /Wireless
Stealth
Network Appliance
• Availability
Page 22
Server Outsourcing Today Customer A
Unisys Outsourcing Facility Customer A Tier 1 Virtual Server Customer A Tier 2 Virtual Server Virtual Servers
Customer B
Customer B Virtual Server Customer B Virtual Server
Customer A
© 2009 Unisys Corporation. All rights reserved.
Customer B
Page 23
Stealth and Server Outsourcing (Phase 1A) Customer A
Stealth Protected
Unisys Outsourcing Facility Customer A Tier 1 Virtual Server Customer B Virtual Server Virtual Servers
Customer B
Customer B Virtual Server Customer A Tier 2 Virtual Server
Stealth Network Appliance
Stealth Ensures:
•Customer A can only communicate with Customer A Tier 1 VS •Customer A Tier 2 VS can only communicate with Customer A Tier 1 VS •Customer B can only communicate with Customer B Virtual Servers
© 2009 Unisys Corporation. All rights reserved.
Customer A
Customer B
Page 24
Stealth and Server Outsourcing (Phase 2) Customer A
Unisys Outsourcing Facility Stealth Protected
Customer A Tier 1 Virtual Server Customer B Virtual Server Stealth Network Appliance
Virtual Servers
Customer B
Customer B Virtual Server Customer A Tier 2 Virtual Server
Stealth Ensures:
•Customer A can only communicate with Customer A Tier 1 VS •Customer A Tier 2 VS can only communicate with Customer A Tier 1 VS •Customer B can only communicate with Customer B Virtual Servers
© 2009 Unisys Corporation. All rights reserved.
Customer A
Customer B
Page 25
Security Risks Distract Organizations from Focusing on Objectives
Need to • Promote sharing • Extend the enterprise • Strengthen agility • Ensure trust • •
© 2009 Unisys Corporation. All rights reserved.
Page 26
Stealth Delivers the Right Information to the Right People at the Right Time
•Protects data-in-motion for LAN, WAN, and wireless networks •Improves agility •Provides value and cuts costs
© 2009 Unisys Corporation. All rights reserved.
Page 27
The Unisys Stealth Solution
Questions? UnisysStealthSolution.com [email protected]
© 2009 Unisys Corporation. All rights reserved.
Related Documents
Stealth Intro
June 2020 4
Stealth Advertising
June 2020 22
Stealth Brochure
May 2020 8
Stealth Media
December 2019 9
Stealth Logo
December 2019 9