Douglas L. Long
Assist Director, Information Security Group
Odyssey Research Associates
301 Dates Drive
Ithaca, NY 14850
(607) 277-2020    FAX: (607) 277-3206
dougl@oracorp.com

Chester J. Maciag
Network Security Engineer
US Air Force Rome Laboratory
525 Brooks Rd, Rome NY 13441-4505
DSN 587   (315) 330-1875
maciagc@rl.af.mil


       Enterprise Security for the Next Generation Internet

Current Internet technology provides insufficient security for the
rapidly growing uses of the Internet.  Virtually every day, new
vulnerabilities and new examples of exploitation of known weaknesses
make the front pages. This situation does little to inspire confidence
in the Internet as a forum for conducting government and commercial
business.  The Next Generation Internet (NGI) must directly address
security issues if it is to adequately address the creation of "the
foundation for networks of the 21st century".  These issues must be
addressed from a number of different fronts.  The basic NGI
infrastructure must provide reasonable security services at a
reasonable level of robustness.  Much work is already being done in
this area by the IETF (e.g. IPv6 security) and others.  These
protocols, algorithms and standards are likely to provide much of the
necessary technology for the NGI infrastructure.

Security for the NGI must also be considered from the point of view of
the enterprise.  It is unlikely that every organizations or market,
such as the Department of Defense, financial markets, healthcare
markets, or corporate information systems managers, will be willing to
rely solely on this infrastructure for the protection required by
their special needs.  The trust issues inherent in an internet type of
network environment are too great to be solved on a global scale.
Each enterprise with significant data communication security needs, be
it government or commercial, must be prepared to implement and manage
its own security solutions.  The goal for the NGI should be to provide
an infrastructure upon which these security solutions can be built.

Security for the NGI must also be considered from the point of view of
the changing nature of networks and network services.  Network speeds
of 100-1000 times that of today's technology will significantly
increase the difficulty of the management of network security.  The
global scale of 21st century networks also will significantly increase
the difficulty of this task.  Network services and network based
applications are becoming increasingly complex and their very nature
is changing in fundamental ways.  All of these trends will make the
management of security even more complex and challenging that it is
today.  These trends will require the development of network security
management technology that will aid enterprise security administrators
provide robust secure network services.

The Next Generation Internet must support a security architecture that
addresses these concerns.  There are several requirements for this
architecture.  First, it must support access to network services by
user applications.  Second, it must protect user applications from
abuse or attack from the network.  Third, it must provide the
enterprise with control over how and for what purpose user
applications access network services and how and for what purpose
access is provided to user applications from the network.  Fourth,
this architecture must provide management of supporting security
services for user applications.

Each of these requirements can be met with a security architecture
that places security management between user applications and network
services.  This security management function can provide control over
the application's access to network services and can provide control
over access from the network to the services provided by the
application.  All of these interactions can be controlled according to
the enterprise policy.  (Note that these ideas are not new; guards and
firewalls are currently used to provide these protections.)  The
advantage of our approach is that it is policy-based.  Each enterprise
can, with the same NGI infrastructure, network services, etc. as other
enterprises, develop its own policy that meets its unique needs.
Policies may be quite different from enterprise to enterprise, but can
never-the-less be built on the same NGI infrastructure.  The ability
for each enterprise to construct its own security management policy
will allow it to balance its security requirements with its needs for
access to network services according to its own needs.

Odyssey Research Associates, under a contract for the Air Force Rome
Lab, is currently developing an architecture for providing security
services to users of ATM networks.  This ATM User Security
Architecture (ATM USA) is targeted to providing and managing security
services for Department of Defense users of public and private ATM
networks and is designed to meet the architectural requirements
outlined above.  There are four key components to this architecture.
The Security Manager component is responsible for managing overall
user security.  The Security Policy component contains the enterprise
security policy that is enforced by the Security Manager.  This
security policy is typically applied to all computers within a secure
enclave.  The Network Security Management component is responsible for
providing the Security Manager with information about the security
status of network services, cryptographic devices, etc.  The Network
Security Managers of different enclaves may communicate through secure
channels to exchange status information, information about available
services, cryptographic certificates, etc.  The fourth ATM USA
component is responsible for supporting quality of service (QOS)
guarantees for network connections.  A major advantage of the
policy-based approach of ATM USA is the flexibility that it provides
the enterprise to control its network and use of network services.
For example, the policy-based approach can be used to weigh trade-offs
between quality of service and quality of protection.  The
policy-based approach also allows dynamic adjustments based on changes
of network status and availability of resources.

While the ATM USA architecture is oriented towards meeting the needs
of Department of Defense users, it also meets the needs of other types
of enterprises.  The ATM USA provides an example of a security
architecture that must be supported by the Next Generation Internet so
that the NGI can support the security needs of large enterprises.
Failure to address the enterprise will reduce the effectiveness of the
Next Generation Internet in meeting the demands of the 21st century.