HomeNewsInterviewsAnalysisArticlesIssuesWho We AreEventsContact

Aselsan’s Cyber Security Solution

10 January 2014 · 14:57
Issue 48News
In today’s world where everything is being digitized, the use of information technologies and real-time information exchange have become a must, rather than a choice for every sector. Cyberspace has broadened unexpectedly and has become an important part of our daily life, social interactions, work life and the services we receive from government institutions.
Cyberspace has become vulnerable to all kinds of cyber attacks and cyber threats have changed, evolved and increased over time. This has necessitated innovative and original cyber security measures ensuring secure and continuous information exchange through cyberspace.
ASELSAN works towards developing next-generation innovative and original technologies and develops national solutions such as the VAG System that ensures continuous secure information exchange, and the Mini IP Encryption device that is ecologically friendly and suitable for mobile technologies.
Virtual Air Gap System (VAG)
The ASELSAN 2180 VAG, namely the Virtual Air Gap (VAG), is a unique combination of hardware and Common Criteria EAL 4+ certified software; it provides a secure network traffic flow between private and public networks in order to realize mission-critical operations fundamentally by preventing transit IP traffic. The ASELSAN 2180 VAG runs on internal and external host machines (vag-int and vag-ext) on top of Linux operating system and mediates the information flow with the support of external software installed in its environment. 
ASELSAN 2180 VAG system is deployed between the external network and the institution’s internal network and does not use IP-based communication for internal connection. Therefore, the ASELSAN 2180 VAG actually forms a “virtual air gap” border providing high-level security.  The system that runs the ASELSAN 2180 VAG is basically composed of internal and external security components (servers) and a shared memory (shared disk) component. Figure-1 shows the general architectural view of the ASELSAN 2180 VAG and its environment. 
ASELSAN 2180 VAG is protected by a number of environmental components in order to function appropriately. These components include firewall (FW), network-based intrusion detection system (NIDS), protocol filter and host based intrusion detection system (HIDS) working on both servers (vag-int and vag-ext). Vag-int has a management interface that enables administrative users (with sufficient access rights) to manage and monitor both internal and external hosts’ system information, configuration data, partial backups, administrative users, audit logs and user passwords. 
Information flow over ASELSAN 2180 VAG is bi-directional: through external to internal network and vice versa. External network’s requests/responses are taken by the external host (vag-ext). The requests/responses are passed through application level controls by a process running on the external host. Filtered and controlled requests/responses are transferred to the shared disk after encryption and digital signing. The internal host (vag-int) takes the requests/responses from the shared disk after decryption, and signature verification procedures. If no problem occurs, the requests/responses are recorded and transferred to the respective application on the internal network. Same information flow is valid for connections from the internal network to the external network. 
The communication between vag-int and vag-ext is encrypted and cryptographically signed. Cryptographic operations are performed by the functions of crypto library of the operating system. Crypto/Sign layer of the VAG architecture that is shown in Figure 2 invokes two cryptographic actions on the data packets flowing from message layer to disk access layer. Operational Environment first encrypts the payload of the data packet and then signs the whole packet using the crypto/sign module of the ASELSAN 2180 VAG. This way, the disk has signed and encrypted data packets which can only be resolved by peer host. Figure-2 shows the internal architecture of the VAG servers. 
Mini IP Encryption Device
Mini IP Encryption Device has been developed by ASELSAN to be compatible with mobile technologies and to make SECRET level classified secure voice and data communication possible over mobile and/or fixed IP-based networks; and it is an original, innovative and environmentally friendly solution. Mini IP Encryption Device, which has copper and fiber optical 10/100/1000 Mbit/s ethernet interfaces and an encryption speed that exceeds 155 Mbit/s, supports Internet Protocol version 4 (IPv4) and version 6 (IPv6).
Mini IP Encryption Device, which is capable of functioning in Tunnel and Transport modes supporting IPSEC and NATO NINE standards, has two encryption algorithms that support different classification levels. As a result it offers secure data sharing capability by providing real-time connection to networks with different classification levels. Configuration, alarm management and security management of Mini IP encryption devices can be performed and encryption keys can be loaded remotely using state-of-the-art Secure Network Management System over SNMP.
Mini IP Encryption Devices that support mobile IP can automatically discover changing red network topology and distribute this topology securely among themselves; likewise they can automatically discover each other and perform cryptographic verification without any need for configuration and/or operator. Even when there are no configured tunnel tables (policies) on Mini IP Encryption Devices they can find each other dynamically and build tunnels using the Secure Tunnel Establishment Protocol (STEP).
Mini IP Encryption Device, environmentally friendly with its low weight and low power consumption, is an inseparable part of information and communication technologies and e-government applications with its superior technical characteristics, high processing speed and portable mechanical properties that are suitable even for tough military conditions.
 As a conclusion, ASELSAN is the biggest developer and producer of cryptology and information security products in Turkey; in parallel with growing technologies and demands, ASELSAN is planning to make investments in the Cyber Security area, which covers all cyber interests including, among other subjects, cyber defense and cyber espionage. At ASELSAN, we think that cyber security technologies should be developed nationally, using original and innovative ideas. In order to keep this development healthy and sustainable, we aim to create a “Cyber Security Technology Development Ecosystem” where a co-operation between the government, universities and the defense sector will be implemented.
 
Aselsan’s Cyber Security Solution | Defence Turkey