Secure Multi-Domain Information Sharing in Tactical Networks

Tactical Networks (TNs) are challenging communication environments at the base of modern network-centric warfare, characterized by limited resources, frequent link disruption, and partitioning. TNs typically involve a multitude of units belonging to different domains that need to share information securely over shared and constrained links to enable cooperation. Federation Services offer a model for policy-based information sharing between multiple domains, which permit individual forces and organizations to match mission requirements by allowing a fine-grained selection of the data to exchange. However, while the Federation model alone is not enough to ensure confidentiality and integrity of data transmissions over shared network resources, traditional end-to-end cryptography solutions might not suit low-resources, bandwidth-constrained networking environments. This paper discusses two solutions to enable secure and efficient information sharing in multidomain TNs using Federation Services. The first solution enables the definition of multiple groups of authenticated federates and provides information access control to information senders by leveraging on Attribute-Based Encryption techniques to encrypt federated messages and define, on a per-message basis, a subset of groups that can access the data. The second solution enhances the first one by addressing link disruption and network partitioning in TNs by introducing a distributed group key management service (GkMS) architecture.