|
|
Your feedback is important:
Please take our 1-minute survey here and provide us with your input on Axway Today.
Thank you!
|
|
back to top ^
|
|
|
|
US Marine Corps Defends Mission-Critical Communications with Validation Authority™
US Marine Corps relies on the Axway Validation Authority™ (VA) (formerly the Tumbleweed VA) to distinguish friend from foe in real time and ensure the security of mission-critical communications among its force of more than 40,000 personnel worldwide. The VA's ability to validate the status of digital certificates in real time ensures that revoked credentials cannot be used for secure email, smart card login, Web access or other electronic transactions.
Profile
Established in 1775 by the Continental Congress, the United States Marine Corps today is a force of more than 40,000 personnel with air, land, and sea-based expeditionary fighting capabilities for responding to a broad range of contingencies and conflicts anywhere in the world. As part of their security posture, the Marine Corps relies on a public key infrastructure (PKI) to guarantee authentication, authorization, confidentiality, integrity and non-repudiation of email-based communication and access to desktop, server, and network resources. All Marine Corps personnel are issued digital certificates stored on Common Access Cards used for secure email, smart card login to systems and networks, Web access, or other electronic transactions.
 Business Value
The Marine Corps recognizes that digital certificates need to be validated at time of use to ensure the integrity of their PKI solutions. Allowing expired or revoked credentials to be used left the Marine Corps vulnerable to potential security breaches with disastrous consequences and was not an option.
Prior to deploying the VA, the Marine Corps relied on Defense Information
System Agency (DISA) generated certificate revocation lists (CRLs) to determine the status of a digital certificate. In operation over time, these CRLs became so large in size and number that Marine Corps mission-critical applications would ultimately "time out" when attempting to obtain, process, and make a determination on a digital certificate's validity for a given transaction. The growing size of the CRLs threatened to degrade the performance of the Marine Corps operations, increasing costs and undermining the integrity of its PKI systems.
Additionally the Marine Corps required a solution that could provide multiple-level failover and ensure continuity of validation in disconnected operating environments.
The Marine Corps evaluated several solutions and a number of different vendors before selecting the Tumbleweed Validation Authority (VA) to be the lynchpin of their PKI.
Efficient and Reliable Validation of Digital Certificates
The Marine Corps objective was to find a PKI validation solution that could speed the real-time validation of digital certificates. By utilizing the VA, the Marine Corps was able to replace slow, inefficient CRL downloads with fast, efficient Online Certificate Status Protocol (OCSP, RFC 2560) queries. OCSP is one of the many internationally accepted open security standards supported by the VA. The VA offers a comprehensive, scalable, and reliable framework
VA is allowing mission-critical applications to perform real-time queries on the status of digital certificates in a much faster, reliable, and cost-effective manner.
- Joseph Seitzer, PKI Integration Team, US Marine Corps
|
for real-time validation of digital certificates based on a suite of products that can be used to address the needs of different organizations. The Marine Corps selected the VA Server, a sophisticated digital certificate status responder which maintains a store of digital certificate revocation data obtained from the
DISA-issued CRLs. The Marine Corps also selected the Desktop Validator and Server Validator products to enable digital certificate validation in all their systems. Using VA products, digital certificate status can be checked in a few milliseconds, making the digital certificate validation process virtually transparent to Marine Corps users. "The size and number of CRLs are no longer an issue," said Joseph Seitzer, PKI Integration Team, US Marine Corps. "VA is allowing mission-critical applications to perform real-time queries on the status of digital certificates in a much faster, reliable, and cost-effective manner."
Additionally, the Tumbleweed VA features an innovative Repeater-Responder architecture that supports sophisticated caching and replication, allowing the
Marine Corps to scale their digital certificate validation infrastructure without the additional complexity and costs of Hardware Signing Modules (HSMs), which are subject to strict physical and logical security requirements. Since VA Repeater servers do not need to perform sensitive cryptographic operations, they can reside in a wide range of environments at reduced cost and offer the high availability the Marine Corps requires.
Photo Credit: Lance Cpl. Evan Eagan, Marine Corps Systems Command
The VA's robust architecture has already demonstrated its capabilities for maintaining continuity of validation. In one situation, when a power outage at a facility caused a loss of network connectivity, the Repeaters continued providing seamless authentication using their caches despite the temporary loss of the network. This multilevel support for backup, load balancing, and failover is critical for maintaining the integrity of communications, especially with expeditionary forces.
"The Validation Authority's comprehensive, scalable and reliable framework for real-time validation of digital certificates has allowed us to strengthen our security posture significantly. Its robust security capabilities, ease of administration, and extensibility are ensuring the requisite level of validation essential for establishing the trusted relationships on which our operations depend, whether for exchanging sensitive information, processing transactions, or accessing network systems critical to strategic and tactical units," said Joseph Seitzer, PKI Integration Team, US Marine Corps. www.marines.mil
This case study was written prior to the 2008 merger of Axway and Tumbleweed. You can learn more about the Axway Validation Authority suite here.
|
