N251-017 TITLE: Small Type-1 Encryption for Aircraft, Littoral, and Terrestrial Higher-than-Secret (STEALTH) Applications

OUSD (R&E) CRITICAL TECHNOLOGY AREA(S): Integrated Sensing and Cyber

The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with the Announcement. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws.

OBJECTIVE: Develop very small modular NSA Type-1 High Assurance Internet Protocol Encryptor (HAIPE) Internet Protocol Security (IPSEC) encryption modules that support multi-frequency, carrier-hopping, spread spectrum features with removable crypto modules.

DESCRIPTION: Type-1 Encryption "device" for Aircraft, Littoral, and Terrestrial Higher-than-Secret (STEALTH) requires physically separated Red and Black dual processors as part of the architecture. STEALTH must have provisions for a modular Radio Frequency (RF) System on Chip (SoC) to support L and S Band Transmission Security (TRANSEC) Waveform (WF) Encryption. STEALTH will support Multi-Frequency, Carrier-Hopping, Spread Spectrum features in modern WFs. Target applications are for smaller embedded systems, such as 3U VPX, SOSA VPX, and other systems requiring removable plug-and-play crypto. Encryption data rates need to be able to support low to medium encrypted transmissions. The system is intended for tactical-relevant aircraft, ships, vehicles, dismounted users, SIPR, and JWICS government users that need removable crypto modules and that can be easily removed and stored in secure spaces (i.e., safes, etc.), or removed from military platforms to facilitate Secret and Top Secret handling procedures.

The Navy requires very small modular NSA Type-1 High Assurance Internet Protocol Encryptor (HAIPE) Internet Protocol Security (IPSEC) encryption modules along with physically separated Red & Black dedicated, processors, memory, and storage that can be easily removed from computers, radios, electronic warfare systems, and can also be embedded into antennas that have Software Defined Radios (SDRs) integrated into the antennas. Current crypto solutions are entire stand-alone large avionics boxes and cannot be easily integrated into emergent Software Defined Radios (SDRs) or mission computers requiring greater Size, Weight, Power, and cooling (SWAPc) and higher integration costs. The DoD requires a crypto solution that allows the users to easily remove these crypto units without having to de-install the crypto system from an aircraft, ship, ground control station, or secure classified facility. The lack of carriage/sled docking architectures or socket type connector design architecture is a contributing factor to the current constrained architecture. Multi-domain platforms and Sensitive, Compartmented, Information Facilities (SCIFs) require a removable "credit card"—sized crypto card (rough dimensions) that can operate with the following requirements:

1. Data Rate: 10 Mbps (threshold) up to 100 Mbps (objective) for Secret and TS/SCI when operating Type-1 NSA encryption algorithms.
2. Size: .75 in. X 3 in. X .25 in. (1.905 cm X 7.62 cm X 63.5 cm) thick (Thumb Drive Sized) that can plug-and-play in tactical embedded systems or through external connection devices (removable architecture approach without disassembly or deinstallation of the system).
3. Ability to code and zeroize over a USB and PCI-E minibus.
4. Processing: 4-Core (3 GHz, 8 x Peripheral Component Interconnect express (PCIe) Lane (Threshold), 16 x PCIe Lane (Objective)) per enclave.
5. Memory: 32 GB of RAM (Double Data Rate (DDR) 4, 3200 MHz data speed (or higher)) per enclave.
6. Storage: Persistent storage capability of 2 TB per enclave.
7. Telecommunication Electronics Material Protected from Emanating Spurious Transmissions (TEMPEST).
8. Embedded Cryptological Unit (ECU) shall support the Joint Communication Architecture for Unmanned Systems (JCAUS).
9. Power: Host power provided by 5VDC Bus.
10. Cooling: Convection cooled (No external fan).
11. Thermal: Operate 50–80 °Celsius.
12. Security level: Secret, TSI, NATO – (Guidance: See CUI NSA PICO Brief).
13. Open Standards: Configuration 1: 2X (RED & Black) multi-lane, mini-PCI interface with USB, Thunderbolt 4 (Embedded daughter card or stand alone for MOSA, SOSA, FACE, etc.).

Note: Enclave is defined as separate Red and Black sub-systems.

Work produced in Phase II will become classified. Note: The prospective contractor(s) must be U.S. owned and operated with no foreign influence as defined by 32 U.S.C. § 2004.2 et seq., National Industrial Security Program Executive Agent and Operating Manual, unless acceptable mitigating procedures can and have been implemented and approved by the Defense Counterintelligence and Security Agency (DCSA) formerly Defense Security Service (DSS). The selected contractor must be able to acquire and maintain a secret level facility and Personnel Security Clearances. This will allow contractor personnel to perform on advanced phases of this project as set forth by DCSA and NAVAIR in order to gain access to classified information pertaining to the national defense of the United States and its allies; this will be an inherent requirement. The selected company will be required to safeguard classified material during the advanced phases of this contract IAW the National Industrial Security Program Operating Manual (NISPOM), which can be found at Title 32, Part 2004.20 of the Code of Federal Regulations.

PHASE I: Develop and demonstrate the feasibility of a conceptual design/architecture that will support a STEALTH plug-and-play NSA Type-1 crypto module approach. Present a Red and Black cypher text core isolation approach that shows how the architecture meets TEMPEST requirements for data bus and power layout, memory and processing architecture, and compliance with NSA design standards (to be provided after contract award). The design should also show the mounting options for various applications and the plug-and-play approach to accommodate multiple SDRs, computer processors, and small device applications. The design approach should address the incorporation of a modular Radio Frequency (RF) System on Chip (SoC) that has Red and Black separation, supports L and S Band, TRANSEC Waveform (WF) Encryption. Embedded Cryptological Unit (ECU) shall support the Joint Communication Architecture for Unmanned Systems (JCAUS). Additionally, a high-level unclassified Anti-Tamper (AT) design approach should be addressed in Phase I. The Phase I effort will include prototype plans to be developed under Phase II.

PHASE II: A lab-based proof of concept brass board design and Red and Black (Physically separated) RF SoC (L and S Band) that will be submitted to NSA for consideration and approval that can be removed without disassembly/de-install of the host system. Demonstrate full encryption using NSA algorithms with RED and BLACK rule sets applied to parsing classified (secret data) and unclassified data in a controlled lab environment.

The work under this effort will be classified at SECRET under Phase II (see the Description section for details).

PHASE III DUAL USE APPLICATIONS: Transition to PMA/PMW-101 Program of Record (PoR) for Multi-Information Distribution System (MIDS) Program Office (MPO). Full Qualification and Test (FQT) to include TEMPEST and Authority to Operate (ATO).

Continue the development of the STEALTH Type-1 encryption devices while developing an NSA approval path to operate at SECRET, TS/SCI, Special Access Programs (SAP), to support Federal and Foreign Governments, Five Eyes (FVEY), and for NATO secret.

Small removable HAIPE devices have commercial transition applications for protecting bank information, company proprietary information, as well as, for government classified operations developed during Phase II. Open Standards compliant (i.e., SOSA, JCAUS, etc.) for integration with other commercial products (i.e., SDRs, Servers, Desktop Computers, etc.).

REFERENCES:

1. National Security Agency/Central Security Service. "Cybersecurity solutions: Data at rest capability package, Version 4.8." October 2019. https://www.nsa.gov/portals/75/documents/resources/everyone/csfc/capability-packages/DAR%20CP%20v%204_8.pdf?ver=2019-10-03-093804-417

2. Malyasov, D. "National Security Agency certifies new battlefield encryptor." Defence Blog, October 9, 2019. https://defence-blog.com/national-security-agency-certifies-new-battlefield-encryptor/

3. National Security Agency/Central Security Service. "Information assurance capabilities: Data at rest capability package, Version 4.0." January 2018. https://www.nsa.gov/portals/75/documents/resources/everyone/csfc/capability-packages/dar-cp.pdf

4. "National Industrial Security Program Executive Agent and Operating Manual (NISP), 32 U.S.C. § 2004.20 et seq. (1993)." https://www.cfr.gov/current/title-32/subtitle-B/chapter-XX/part-2004

KEYWORDS: System on Chip; SoC; High Assurance Internet Protocol Encryptor; HAIPE; ECU; Joint Communication Architecture for Unmanned Systems; JCAUS; National Security Agency; NSA; Telecommunication Electronics Material Protected from Emanating Spurious Transmissions; TEMPEST; Small Type-1 Encryption for Aircraft, Littoral, and Terrestrial Higher-than-Secret; STEALTH

TPOC 1: David Gerda
(216) 200-1916
Email: [email protected]

TPOC 2: Maulin Patel
(619) 252-807
Email: [email protected]

---