This invention relates generally to the field of network security measures that ensure that a secure computer network is physically isolated from unsecured networks. More specifically, this invention relates to novel security architecture based on Free-Space Optical Interconnections (FSOI) for board-to-board information transmission.
Mission Assurance (MA), as defined by DoD Directive 3020.40 is “a process to ensure that assigned tasks or duties can be performed in accordance with the intended purpose or plan. It is a summation of the activities and measures taken to ensure that required capabilities and all supporting infrastructures are available to the DoD to carry out the National Military Strategy.”
Information Assurance (IA) is the application of this directive in the cyber domain. IA activities include measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. IA is the practice of managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes. It can use physical, technical and administrative controls to accomplish these tasks.
In accordance with this directive, a principal responsibility of a commander is to assure mission execution in a timely manner. The reliance of a Mission Essential Function (MEF) on cyberspace makes cyberspace a center of gravity an adversary may exploit and, in doing so, enable that adversary to directly engage the MEF without the employment of conventional forces or weapons.
Joint Publication 1-02, DoD Dictionary of Military and Associated Terms, defines cyberspace as “a global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers,” and cyberspace operations as “the employment of cyber capabilities where the primary purpose is to achieve military objectives or effects in or through cyberspace. Such operations include computer network operations and activities to operate and defend the Global Information Grid.”
The U.S. Department of Defense (DoD) depends increasingly on cyberspace to execute critical missions that are vital to maintaining American military superiority in the traditional domains of land, sea, air, and space. The U.S. is arguably more at risk to an asymmetric attack vector launched by an adversary that cannot, or chooses not to, confront the U.S. in a conventional conflict. In the end, the military advantages that net-centricity provides the U.S. military concomitantly offer an adversary affordable attack vectors through cyberspace against critical missions and advanced weapon systems.
An air gap is often employed for computers and networks that must be extraordinarily secure. Frequently the air gap is not completely literal, such as via the use of dedicated cryptographic devices that can tunnel packets over entrusted networks while avoiding packet rate or size variation. This is the current state-of-the-art. What is really needed, however, is a method and or apparatus that exploits a literal air gap between boards for increased obfuscation and enhanced security.
Free Space Optics were originally developed by the military and NASA and have been used for more than three decades in various forms to provide fast communication links in remote locations. Free-Space Optical Communications (FSOC) have already been explored for next-generation military networks. FSOCs were recognized as having the potential to provide fundamental improvement to the ability to support high-capacity links for network-centric operational concepts like widespread sensor data dissemination. Additionally, it has been shown that data can be encoded using the orbital angular momentum of the light. Optical encoding is now being applied to free-space communication links and can potentially lead to improved security implemented at the classical and single photon level.
Due to the shrinking nature of silicon transistor technology, higher speed and more powerful electronic devices have been realized owing to the dense integration of millions of transistors. The need for high-speed interconnects between chips, cards, and racks have driven research beyond conventional copper based cables for data transmission due to the fundamental limitations, including the electric power consumption, heat dissipation, transmission latency and electromagnetic interference.
Indeed, the rapid advances in optical integration have allowed optical interconnect technology to now enter “inside the box”, at the computer architecture subsystem level. Within the prior a several reconfigurable free-space-based high-speed card-to-card optical interconnect structures have been proposed and investigated, with demonstrated speeds up to 2.5 Gbps. Of these and of direct interest to this endeavor is the experimentally demonstrated free-space reconfigurable card-to-card optical interconnect architecture of K. Wang. et. al. that demonstrated a 30 Gb/s data rate, and the experimentally demonstrated integration of free-space optics with standard CMOS technologies by I. Savidis et al from April 2016.
It is therefore a primary object of the present invention to provide an apparatus and method to secure computers from non-secure computer networks.
It is another object of the present invention to provide an apparatus and method that exploit the benefits of free space optical communications technology to isolate the vulnerable elements of computers from non-secure computer networks.
It is yet another object of the present invention to provide an apparatus and method for physically interrupting free space optical data transfer in a manner and sequence that permits data transfer to and from a computer network while ensuring physical isolation of vulnerable computer components from the computer network.
In a preferred embodiment of the present invention, a secure computer network architecture, comprises several processor components and at least one network communications component where at least one processor component comprises a means for bidirectional optical data transfer with the network communications components and processor components and a means for unidirectional optical data transfer with the remainder of the processor components and a means for interrupting the bidirectional optical data transfer.
Still, in the preferred embodiment of the present invention, the means for interrupting the bidirectional optical data transfer comprises at least one shutter being interlockable with at least one other shutter.
Further still, the preferred embodiment of the present invention further comprises a non-transitory storage medium having a plurality of executable computer programming instructions stored therein, which, when executed by at least one processor component, cause one or more of the processor components to permit the network communications component to access data from external networks when the means for bidirectional optical data transfer between the network communications component and a first processor component is verified as enabled; to transfer the data to the first processor component; and transfer the data from the first processor component to a second processor component when the data requires storage and when means for bidirectional optical data transfer between said network communications processor and the first processor component is verified as disabled.
Briefly stated, the invention provides an apparatus and method for computer network security based on Free-Space Optical Interconnections (FSOI) for board-to-board information transmission. The addition of a controllable, interlocked shutter system creates air-gapped isolation of the boards, allowing for increased obfuscation, and enhanced security.
An air gap is a network security measure that consists of ensuring that a secure computer network is physically isolated from unsecured networks, such as the public internet or an unsecured local area network. It represents nearly the maximum protection one network can have from another (save turning the device off). It is not possible for packets or datagrams to “leap” across the air gap from one network to another.
Free-Space Optical Communications have been recognized as having the potential to provide fundamental improvement to the ability to support high-capacity links for network-centric operational concepts like widespread sensor data dissemination. It has been shown that data can be encoded using the orbital angular momentum of the light and can potentially lead to improved security implemented at the classical and single photon level.
The goal of the present invention is to provide a novel security architecture anal method based on Free-Space Optical Interconnections (FSOI) for board-to-board information transmission. The addition of an interlocked shutter system with secured isolated control, either manual or automated, will create air-gapped isolation of the boards, allow for increased obfuscation, and enhanced security.
Referring to
Still referring to
Still referring to
Still referring to
Referring to
Still referring to
Referring to
Still referring to
Referring to
Still referring to
Referring to
Still referring to
Referring to
Having described preferred embodiments of the invention with reference to the accompanying drawings, it is to be understood that the invention is not limited to those precise embodiments, and that various changes and modifications may be effected therein by one skilled in the art without departing from the scope or spirit of the invention as defined in the appended claims.
This patent application claims the priority benefit of the filing date of provisional application Ser. No. 62/322,391 having been filed in the United States Patent and Trademark Office on Apr. 14, 2016 and now incorporated by reference herein.
The invention described herein may be manufactured and used by or for the Government for governmental purposes without the payment of any royalty thereon.
Number | Name | Date | Kind |
---|---|---|---|
4430699 | Segarra | Feb 1984 | A |
5058103 | Shimizu | Oct 1991 | A |
5473666 | Szczebak, Jr. | Dec 1995 | A |
6259554 | Shigematsu | Jul 2001 | B1 |
6661546 | Plett | Dec 2003 | B1 |
6842439 | Zeitfuss | Jan 2005 | B2 |
7561566 | Tomich | Jul 2009 | B2 |
7565701 | Telesco | Jul 2009 | B2 |
8014682 | Pelley | Sep 2011 | B2 |
8340520 | Kani | Dec 2012 | B2 |
8463130 | Ma | Jun 2013 | B2 |
8750707 | Sabet | Jun 2014 | B2 |
9301027 | Kauffeldt | Mar 2016 | B2 |
9438337 | Byers | Sep 2016 | B2 |
20030002109 | Hochberg | Jan 2003 | A1 |
20030219251 | McMurry | Nov 2003 | A1 |
20040086282 | Graves | May 2004 | A1 |
20040156638 | Graves | Aug 2004 | A1 |
20040165589 | Tomich | Aug 2004 | A1 |
20060215629 | Miller | Sep 2006 | A1 |
20080044178 | Harrison | Feb 2008 | A1 |
20080320298 | De Vaan | Dec 2008 | A1 |
20090263138 | Pelley | Oct 2009 | A1 |
20120020674 | Cole | Jan 2012 | A1 |
20120263476 | Sabet | Oct 2012 | A1 |
20140105593 | Vieth | Apr 2014 | A1 |
20150349881 | Byers | Dec 2015 | A1 |
20170004806 | Edwards | Jan 2017 | A1 |
Number | Date | Country |
---|---|---|
EP 2950199 | Dec 2015 | EP |
2541361 | Jul 2015 | GB |
Number | Date | Country | |
---|---|---|---|
20170310393 A1 | Oct 2017 | US |
Number | Date | Country | |
---|---|---|---|
62322391 | Apr 2016 | US |