top secret//si//orcon/re tol usa, fve y (u) valian … · • (u isakm) -p interne securitt...

VAL I ANT SURF - Wikilnfo

T h e a c c r e d i t e d s e c u r i t y l eve l of t h i s s y s t e m Is: T O P SEC R E T / / S I - G A M M A/TALENT K E Y H O L E / / O R C O N / P R O P I N / R E L I D O / R E L T O USA, EVEY » TOP SECRET//SI//ORCON/REL TO USA, FVEY

(U) VALIANT SURF From Wikilnfo

(TS//SI//REL) VALIANTSURF is the cover term for the deve lopment of Data Network Cipher (DNC) exploitation capabil i t ies in TURMOIL for in tegrat ion into the TURBULENCE DNC thread. VALIANTSURF is the p re fe r red r e fe rence for all TURBULENCE DNC exploitation capabili t ies since the fac t tha t NSA does work with DNC's is classified "S//REL". The TURBULENCE DNC capability exploits communicat ions encryp ted with DNC Internet Protocols.

Contents

• 1 (U) Data Network Cipher (DNC) Classification • 1.1 (U) Official CES Classification Guide • 1.2 (U) Guidelines

• 2 (U) DNC Protocols • 2.1 (U) IPsec • 2.2 (U) PPTP • 2 .3 (U) HOOKED • 2.4 <U) CINDER • 2.5 (U) DNSC

• 3 (U) TU DNC Products • 3.1 (S//SI//REL) IPSec DNC Products

• 3.1.1 (U) Spin History • 3.1.2 (S//SI//REL) DNC Metada ta Flow • 3.1.3 (TS//SI//ORCON//REL) DNC Decryption Flow • 3.1.4 (TS//SI//REL) DNC Survey Flow • 3.1.5 (S//SI//REL) DNC Analyze Flow

• 4 (U) Requirements , Planning, and Reviews • 5 (U) Design Details

• 5.1 (S//SI//REL) Archi tectural Taxonomy • 5.2 (U//FOUO) Cur ren t DNC Design Documents • 5.3 (U) Design Reviews and Technical Exchanges • 5.4 (U) Technical Documents • 5.5 (U) DNC Enterpr i se Messaging Fabric • 5.6 (S//SI//REL) DNC IKE SMG (Replaced Ike Analytic) • 5.7 (S//SI//REL) DNC IKE Analytic

• 6 (U) CIET Tasking • 7 (U) Test

• 7.1 (S//SI//REL) DNC Metada ta • 7.2 (TS//SI//REL) DNC Decrypt • 7.3 (U//FOUO) LONGHAULTest • 7.4 (U//FOUO) One CA Server Toggled among Multiple TURMOILs

• 7.4.1 For more information, Contact one of t hese POCs • 8 (U) Deployments

• 8.1 (U//FOUO) VALIANTSURF RFC a n d DR Needs for TURMOIL Baseline Deliveries 2011 • 8.2 (U//FOUO) VALIANTSURF RFC a n d DR Needs for TURMOIL Baseline Deliveries 2010 • 8.3 (U//FOUO) Live Dataflow • 8.4 (U//FOUO) TURMOIL Installat ions • 8.5 (U//FOUO) IPsec/IKE Metada ta Routing • 8.6 (U//FOUO) IPsec/ESP Metada ta Routing FALLOUT to TOYGRIPPE • 8.7 (S//SI//REL) VAO STATUS • 8.8 (U//FOUO) Deployments and Development sys tems • 8.9 (U//FOUO) CIET Deployments • 8 .10 (U//FOUO) Monitoring

• 9 (U) Governance • 9.1 (U) DNC Thread Schedules • 9.2 (U) VALIANTSURF Thread Sta tus Weekly Meet ings 2012

• 9.2.1 (U//FOUO) VALIANTSURF Activity Leads Status Review • 9.3 (U) Team M e m b e r s - 9.4 (U) Stakeholders

• 10 (U) VALIANTSURF Historical -• 10.1 (U//FOUO) Deployment Documents • 10.2 (U) Design Reviews and Technical Exchanges • 10.3 (U//FOUO) VALIANTSURF Activity Leads Sta tus Review • 10.4 (U) VPN Thread Schedules

• 11 (U) Pages of In te res t

(U) Data Network Cipher (DNC) Classification

VALIANTSURF - Wikilnfo

(U) Officiai CES Class i f icat ion Guide

• ( U / / F O U O ) C E S C R Y P T A MAI YS IS 0 2 - 1 2 • n W F O U O I C L A S S I F I C A T I O N G U I N F F O R E C I P I C A R E S Q U E (P1Q) 0 2 - 1 0 (I

(U) Guidel ines

• (U//FOUO) The fact t ha t NSA is in te res ted in DNC is U//FOUO. • (S//REL) Jus t the fact tha t NSA does work with DNC is classified.

• (S//REL) If the only information given is t ha t you a re a DNC exper t or you work on DNCs, then the classification is S//REL

• (TS//S1//ORCON/REL) If the information given is tha t you decrypt DNCs, the classification is, a t a minimum TS//SI //ORCON//REL

• (TS//S1//ORCON/REL) If the fact of DNC exploitation is ment ioned or inferred (with or wi thout mention of a specific t a rge t or person), the classification is TS//SI//ORCON//REL

• (TS//S1//ORCON/REL) The decryption resul ts a re classified, a t a minimum, TS//S1//REL

(TS//SI//ORCON/REL) The classifications above a re the minimum classifications. A higher classification may be regui red depending on the res t of the content . For example, ment ioning you work on DNCs is SECRET//REL but if you mention you work on DNCs and a re in CES, the classification should be TS//S1//ORCON//REL since CES deals with exploitation.

(U) DNC Protocols

(U) IPsec

(U) The IPsec DNC protocol sui te comprises the following protocols:

• (U) ISAKMP - In te rne t Securi ty Association and Key M a n a g e m e n t Protocol (RFC 2407, RFC 2408) provides an authent icat ion and key exchange f ramework .

• (U) IKE - In te rne t Key Exchange v l (RFC 2409) and v2(RFC 4306) provide an authent ica t ion and key exchange mechanism.

• (U) ESP - Encapsula t ing Security Payload (RFC 2406) provides traffic confidentiality (via encryption) provides authent icat ion and integri ty protect ion.

• (U) AH - Authenticat ion H e a d e r (RFC 2402) provides integri ty and authent ica t ion protect ion the includes immutable IP h e a d e r fields. This differs from ESP integri ty protect ion that does not include the IP header.

(U) PPTP

(U) The Point-to-Point Tunnel ing Protocol (PPTP) was developed in 1996 by the PPTP Forum, comprised of Ascend Communicat ions, U.S. Robotics, 3Com, Copper Mountain Networks, ECI Telematics, and lead by Microsoft .

(U) The Microsof t implementa t ion of PPTP (RFC 2637) permits the data link layer protocol, Point-to-Point Protocol (PPP) (see STD-0051), to be tunneled th rough an IP network, encapsula ted within an enhanced/modif ied Generic Routing Encapsula t ion (GRE) t r anspor t protocol (IP Next Protocol 47). The contents of the PPP data is normally IP ne twork protocol packets for a private network, but can also carry any other Local Area Network (LAN) protocol, like Microsoft NetBEUI or Novell IPX/SPX.

(U) Microsoft PPTP (MS-PPTP) permi ts the encapsula ted PPP data to be au then t ica ted using e i ther version 1 (RFC 2433) or version 2 (RFC 2759) of the Microsoft extensions to the PPP Challenge Handshake Authenticat ion Protocol (CHAP) (RFC 1994), and to be encrypted using RC4 with key lengths of 40, 56, or 128 bits (RFC 3078, RFC 3079). The mode of the encryption is negot ia ted and key lengths a re exchanged using the PPP Compress ion Control Protocol (CCP) (RFC 1962).

(U) HOOKED

(TS//SI//REL) HOOKED HAND is a DNC protocol used in a commercia l DNC product .

(U) CINDER

(TS//SI//REL) CINDERASH/TRACK are ESP-like protocols t ha t use non-RFC defined fields.

(U) DNSC

(TS//SI//REL) DNSC is ...

SCARLETFEVER SSL Brief

(U) TU DNC Products

(S//SI//REL) IPSec DNC Products

(S//S1//REL) The TU DNC produc ts a re the outputs of four process ing da ta flows:

• (S//SI//REL) The TU DNC Metada ta flow collects me tada ta about IPsec (IKE/ISAKMP and ESP) events then forwards the m e t a d a t a to follow-on SIGINT Development (SIGDEV) systems.

• (TS//SI//REL) The TU DNC Decryption flow de tec t s IPsec communicat ions, selects by IP-Address, decrypts the traffic selected for decryption, and re-injects the encapsu la ted (cleartext) con ten t into TURMOIL for processing.

Fi le : D N C I P S E C O p e r a t i o n . j p g

(U) IPseu DNC O p e r a t i o n

and optionally

2 of 13


• (TS//SI//REL) The TU DNC Survey flow fo rwards to XKEYSCORE all e n c a p s u l a t e d (cleartext) sess ions t h a t a r e se lec ted by IP-Address fo r decrypt ion by t h e TU DNC Decrypt ion flow t h a t a r e also m a r k e d fo r SIGDEV.

• (S//SI//REL) The DNC Analyze flow se lec t s by IP-Address IKE/ISAKMP and ESP p a c k e t s tha t a r e t h e n sess ionized a n d f o r w a r d e d to PRESSUREWAVE for analysis .

( U ) S p i n H i s t o r y

(TS//SI//REL) Spin 9 e f for t s t rans i t ioned fielded DNC s o f t w a r e f rom the Red TURMOIL (TML) a r c h i t e c t u r e to t h e Blue and i m p l e m e n t e d a r edes ign of t h e decryp t ion flow t h a t rea l loca tes some funct ional i ty b e t w e e n TURMOIL and the DNC Attack O r c h e s t r a t o r (VAO).

(TS//SI//REL) Spin 10 ef for ts s t a r t e d deve lopmen t of a decrypt ion capabi l i ty tha t can be deployed to SMK, improved DNC de tec t ion and p roces s ing capabil i t ies , and deve loped the DNC Analyze flow.

(S/ /SI/ /REL) DNC M e t a d a t a F low

• (TS//SI//ORCON//REL) The DNC M e t a d a t a Flow collects m e t a d a t a a b o u t IKE/ISAKMP and AH/ESP events and fo rwards the m e t a d a t a to follow-on SIGINT Deve lopmen t (SIGDEV) sys tems .

• (TS//SI//ORCON//REL) All IKE/ISAKMP p a c k e t s seen in t h e incoming da ta a r e col lected, bund led and t h e n sess ionized within TURMOIL. Then t h e m e t a d a t a is ex t rac ted , conver ted to ASDF and then s e n t to the ASDFRepor t e r c o m p o n e n t within TURMOIL. The ASDFRepor t e r g a t h e r s all ASDF g e n e r a t e d within TURMOIL and s e n d s the bund les to FALLOUT via TUBE. FALLOUT delivers t h e m e t a d a t a r eco rds to t h e a p p r o p r i a t e des t ina t ions . The IPSec IKE m e t a d a t a all goes to TOYGRIPPE via MAILORDER. TOYGRIPPE is a DNC analytic d a t a b a s e in CES used by t h e c ryp tana lys t s in conjunct ion with a vulnerabi l i ty d a t a b a s e to d e t e r m i n e exploitability.

• (TS//SI//ORCON//REL) Sampled AH/ESP packe t s s een in the incoming d a t a a r e col lected, m e t a d a t a is ex t r ac ted p e r session, a n d t h e m e t a d a t a is conve r t ed to ASDF a n d sen t to the ASDFRepor t e r within TURMOIL. The ASDF r eco rds follow the s a m e p a t h s as t h e IKE M e t a d a t a above.

H l M l PrMMG! IP Security <|P*M)/

Mir net Key E^hartya (IKE) ' lnSctnei Sccurty AMooaUonKcy Mansgt-wri Pioto« (ISAKMPl

? h VPN me tafia» witrt fui-tako IKE ara nmptoa ESP

Tarow Prrtocol P 5«ui<tr (PMC) 1

EflcnpcuUKing Sacjit j PtyloM (ESP)

SoVKtod application Mstions rocovomJ Irwn » VPN ioii iam «ikrOM toe doorjplori and rev«ect«-.ii

«Tfimferm flilaftflwi

•0

TURBULENCE .. VPH l a t o M tatcctod fa* decriftion and uv«y VPN Survey fUltHfrw

i Tra«! PÌÌIMS!

IP Saeursy (IPsec |/ Aurrwwcaton lioaclw (All)/

Erictesuaing SetuMy Paytoad (ESP)

fr E rtlyttaa VPN usiions MkKMd kn arvilyirt lAnalyz, Dataftowj

Encr pled VPN »csaiofvii ¡Mjloeiod fc^ docfypdwt ^ mat fail to docripl ui.no VAO (irowted He»

i Tra«! PÌÌIMS!

IP Saeursy (IPsec |/ Aurrwwcaton lioaclw (All)/

Erictesuaing SetuMy Paytoad (ESP)

• U M b n

Traratam & NoTransJoimOA Triinsfcxm & Surwy

Tr*ttfo<rn & Surrey & NoTramtamQA

Trantfoirn A AttatjrHt Traratarm & AnXym A MùTramÌOfmOft

Tramlatm & Analyze A Sunry frmrt j im & AiwV» & Wini tonl iQA 6 Swv»j

(TS//SI//REL) TU VPN Products

SECRET//COMINT//REL TO USA, FVEY

va-we-twa 1 MAILORDER | C. IPseclKE Metadata I F ASDF 1

i

TUBE

VSj.KE:MD1 T SocKet Connection C iPstc/iKE ftetoras F SOTF

y T a Tianspol I _ _ . . _ c - content TURMOIL F = Format |

FALLOUT

ys-iKE tn T MAILORDER C: IPM'I /IKE Metadata F ASDF

(TS/ /SI / /ORCON//REL) VPN IKE M e t a d a t a D a t a f l o w

s SECRETOCOMINT//REL TO USA, FVEY

» u — »

T Socket Cwrwcticm C tPweESP Wetaflgla Buncos F ASDF in SOTF V>E8P-MDa

T MAILORDER C IPteoESP Metadata F ASDF

TUBE I I +

FALLOUT

VS-ESP-MJÌ T MAILORDER c jPsec-ESP Metadata F: ASDF

(TS/ /SI / /ORCON//REL) VPN E S P M e t a d a t a D a t a f l o w

(TS/ /SI/ /ORCON//REL) D N C D e c r y p t i o n F l o w

• (TS//SI//ORCON//REL) The DNC Decrypt ion Flow d e t e c t s and dec ryp t s se lec ted communica t ions t h a t a r e e n c r y p t e d us ing IPsec t h e n re in jec t s the u n e n c r y p t e d packe t s back into TURMOIL Stage 1. TURMOIL S t a g e 1 appl ica t ions p rocess t h e p a c k e t s into sess ions a n d w h e n a p p r o p r i a t e fo rwards the u n e n c r y p t e d c o n t e n t to follow-on p rocess ing sys tems. The DNC even t ing (PPF) c o m p o n e n t s in TURMOIL d e t e c t all IKE/ISAKMP and ESP packe t s a n d que r i e s KEYCARD for each un ique IKE e x c h a n g e sess ion and each un ique ESP sess ion to d e t e r m i n e if the link should be se lec ted fo r p rocess ing . Select ion is b a s e d on IP addres s . Decrypt ion is a t t e m p t e d if e i the r t h e s o u r c e o r the des t ina t ion IP a d d r e s s is t a r g e t e d for decrypt ion in KEYCARD (the KEYCARD task ing act ion is labe led "TRANSFORM" so as no t to use the t e r m "decrypt") . If KEYCARD r e t u r n s a hit for an IKE packe t , then the IKE packe t is s e n t to LONGHAUL w h e r e is is used to r ecove r keys. If KEYCARD r e t u r n s a hi t for an ESP packet , a key r e q u e s t is sen t to LONGHAUL. The IPsec Securi ty P a r a m e t e r Index (SP1) co r r e l a t e s IKE

3 of 13


sessions with ESP sessions. A LONGHAUL response message will e i ther re tu rn the key or indicate that a key could not be recovered. If a key is recovered, the ESP packe ts a re decryp ted and re- injected into TURMOIL for f u r t h e r processing.

• (TS//SI//ORCON//REL) All DNC Decryption funct ions and communicat ions with LONGHAUL, specifically POISONNUT, the Attack Orches t ra to r (and a DNC Metrics service via POISONNUT) a re hos ted on a specially configured and dedica ted TURMOIL process ing host called a CA Server. All CA Service blade so f tware is loaded and adminis tered by CES approved and CA Services authorized adminis t ra tors . The CA server is f irewalled and effectively functions as an extension of the CES enclave. In the fu tu re all communicat ions be tween the CA Server and the CES services (LONGHAUL, DNC Metrics) will be a secure JMS messag ing service based on the ISLANDTRANSPORT / 1SLANDHIDEAWAY inf ras t ruc ture .

Q TOP SECRET//COMINT//REL TO USA, FVEY

^ntemeHie^xchang^KEj^^

TUBE

VPNS T s octet conn«» on C Selected Application Sessions'

. F SOTF

HOW " selected Apple aton Sessions are oenvfieo ana selected Iron tf tedtcrypitd packets cxi/acted

from me VPN tunnel ana inserted into the TURMOIL input stream

VPN9 T MAILOROER C S e w e d Application Sessons" F SOTF

EXOPUMP

VPN11 ! ». T ITx (IMS)

». C Selected Apt* Sessions' F XMUSOTF

PRESSURE-WAVE

H u n t e r

5 Authenticatior eade AH

TURMOIL

PIQ Services

VPN1 T Socüet Connection C Selector H1 Query?Response F .Binary

VPN 18 T Secure Socket (SSL) C PIQ Blade Management F WebSA H DOC

VPH4 T IT* (JMS) C ike Messages F IHfSOAp}

VPN3 T IT* (JMS) C ËSPKey Req/Res F IH(SOAP)

>> BS

i ra I

a a

_i IT s CO X UJ to u UJ o

( T S / / S I / / O R C O N / / R E L ) V P N D e c r y p t i o n D a t a f l o w

\ r T U M U L T Stage 0

1 DNCPackets

DNC IP Address., Selector Lookup

— K E Y C A R D J

y TURMOIL Stage 1 > Selected f

DNC — V S - C A S e r v e r Sessions y

Transformed • ONC M , J Packets V;

DNC Key Recovery Msgs

( LONGHAUL ') I POISON N U T J

TURMOIL Stage 1 Payload Decomp

Decompressed DNC Packets V

TURMOIL Stage 1' j

Selected Peckets frwn DNC •

Sirfvey Sessfcvis from DNC

DNC Metadata

Strong Selected VoIP

Sessions

X K E Y S C O R E Stage 2 FE

DNC Metadatii>

' (ASDF) " I FALLOUT

DNC ^-Metadata,

(ASDF) < f Strong

Selected DNI Sessions

Selected Sessions Survey Sessions from DNC from DNC

• * XKEYSCORE

Stage 2 BE

TUBE ^Str'jr/g Selected Sessions

T O Y G R I P P E ) VALIANTSURF Spin 22 December?. 2010

TOP SECRET//COMINT//REL TO USA, FVEY

( T S / / S I / / O R C O N / / R E L ) S i m p l e V A L I A N T S U R F D a t a f l o w

4 of 13


ONVEVANCE)

Qrutex> Vo/P-CSDF Sessions'

VALIANTSURF Spin 22 DtMfflDW 13. 2010

TOP SECRET//COMINTWREL TO USA, FVEY

Store ONEROOF

(TS/ /SI / /ORCON//REL) C o m p l e x VALIANTSURF D a t a f l o w

DEPRECATED

TOP SECRETWCOMINT//REL TO USA, FVEY

Analyst Stage 0 TURMOIL PIQ Blade KEY CARD TUBE EXOPUMP VAO nvi VPN Metrics OOC

-IP-Address I Actio) - TRANSFORM IKE

Q—r | Tsrgtì Oueiv— d K ™

IF[ TRANSFORM )J <KE Teufel Responso 0

" b SessiomzelKE

. I K £

"Session™ Q> —1KE Messages«

ESP "acket"

IF[ TRANSFORM1

ESP Target Quer y » |

# - - ¡4 ESP Target R e s p o n s e - ^

' I P Sessenne ESP

. E 5 P _ 'Session"

-ESP Key Requesl-

IF| Key Recovered | ' - E S P Key Response

Decompress. Sessi once ano Sä ed Recovered

Packet 5

"O

Q Socket

MAILORDER Q ISLANDTRANSPORT (JMS) (T) ISIANDHIDEAWAY (H) Secure Socket (HTTPS]

Decrypt lo recover encapsulated pacKets I J

VPN Metrics (SOAP)

^ Application Session I J is Selected |

Jf"* :

fcy i ••ä&iected ApphcaUOfi Sessior

Reinject recovered encapsulated packets

H -

ons 1 O - ;

- P I O Blade Monitoring' "Application Sessions'"

(TS/ /SI / /ORCON//REL) V P N D e c r y p t i o n S e q u e n c e

5 of 13


TOP SECRET/iCOMtNWREL TO FVEY

5. H " 1™ • i - i r 1 1 " • -menta-

PU r; ACHA • TIW

boinwi , rllTI ^ «V WK — ¿ L r *

— """"Ci-, w ^ II) | f» Cc

—¿ÌL-f ««•> iMe.u KtiMUHl

BCRY1Y, ITia«a«u£ngCltapgr| MOM

ESS.-OKmrUfKlKl vt*l w. b«id > r i. ' a --r •• .v-'-mf-j nt tr-ji» net Co mnmjK R>IM | c^vr»* * IMS

»1 Of© Corxr:««- K'" ^ m ^ J J J j j l j

(TS/ /SI / /ORCON//REL) D e t a i l e d T u r m o i l DNC Dec ryp t ion S e q u e n c e D i a g r a m

(TS//SI//REL) DNC Survey Flow

• (TS//SI//REL) The DNC Survey Flow detects , decrypts selected communicat ions that a re encrypted using IPsec; then sessionizes the unencryp ted packets and sends the sessions to XKEYSCORE. The DNC event ing (PPF) components in TURMOIL de tec t s all IKE/ISAKMP and ESP packe ts and quer ies KEYCARD for each unique IKE exchange session and each unique ESP session to de t e rmine if the link should be selected for processing. Tasking is based on IP address . Decryption is a t t emp ted if e i ther the source or the dest inat ion IP addres s is tasked for decrypt ion in KEYCARD (the KEYCARD tasking action is labelled "TRANSFORM" so as not to use the term "decrypt"). If KEYCARD re tu rns a hit for an IKE packet , then the IKE packet is sent to the P01S0NNUT(DNC Attack Orchestra t ion) Service. If KEYCARD re tu rns a hit for an ESP packet , a key r eques t is sen t to POISONNUT. A POISONNUT response message will e i ther re tu rn the key or indicate that a key could not be recovered. If a key is recovered, the ESP packets a re decrypted and re- injected into TURMOIL for sessionization. If KEYCARD also associa ted a "SURVEY" action with the DNC Tunnel IP-Address the encapsula ted sessions a re sen t to XKEYSCORE. The DNC Survey flow requi res that both "TRANSFORM" and "SURVEY" actions a re ass igned to a t a rge ted IP-Address.

• (TS//SI//REL) All DNC Decryption funct ions and communicat ions with P01S0NNUT(and a DNC Metr ics service) a re hosted on a specially configured TURMOIL processor called a CA Server. All CA Server sof tware is loaded and adminis tered by CES approved and CA Server author ized adminis t ra tors . The CA Server is firewalled and effectively funct ions as an extension of the CES enclave. In the fu tu re all communicat ions be tween the CA Server and the CES services (POISONNUT, DNC Metrics) will use a secure JMS messag ing service based on the ISLANDTRANSPORT/ ISLANDH1DEAWAY inf ras t ruc ture .

TOP SECRET;/COMINT//REL TO USA, FVEY

Internet KeyExchi

VPN7 T Soc*fi[ Conneclion c Encrypted ana oecrypleti

App ii anon sessions F SOTF

XKEYSCORE

ie{IKE) ÎnternetSecurity Association Key Management Protocol ( ISAKf^)gg|

AuthenicatiorêadeÂH^^n^^

TURMOIL

VPN1 T soctet ccnnedicKi C Selector Hil Ouery ficspcnse

^.(aWSY.,.. VPN1B T secure socket (SSL) C PIO Brade Management

^ F W e b S A _ _ _ _

PIQ Blade

VPN4 T it* c IKE Messages F IHJSOAP) VPN3 T IT* C. ESP Key ReqrRes F IH(SOAP)

to > 1 to s

®

—I IT CO X UJ

<0 o UJ o

(TS//SI/ /REL) V P N S u r v e y D a t a f l o w

6 of 13


T O P S E C R E T O C O M I N T W R E L T O U S A , F V E Y

AialYSt Stage 0 TURMOIL PIQ Blade KEYCARD

L j P - A f l l i r e s s 1 Action = TRANSFORM & SURVEY >

rru,IKE -L U Packet

F [ TRANSFORM |¡

^ — I K E Ta iga Query -— .

—IKE Tergeí Response Q

" D Sessiomze IKE

IKE "Sess ion"

L £ J Packet

IF[ TRANSFORM |

0—ESP Target Query r.——tip Targe! Respon;

Session ne ESP

e s p _ i Session" -ESP Key Request—

IF| Key Recovered |

Decompress, and Sesstontze

Recovered Packets

ESP Key Response j

Decrypt to recover encapsulated packets

•VPN Meines (SOAP)

e r r i •

"J Reinject recovered encapsuiafed (rackets

IF| SURVEY I

o — »Application Session—

H- - F i o Biade Monitoring—

Q Socket

O MAI LOROER

O I S L A N D T R A N S P O R T (JMS)

® ISLANDHIOEAWAY

( 0 ) Secure Socket (HTTPS)

( T S / / S I / / R E L ) V P N S u r v e y S e q u e n c e

(S//SI//REL) DNC Analyze Flow

• (TS//SI//REL) The DNC Analyze Flow selectively collects IKE/ISAKMP packe ts and raw, encryted ESP packe ts that a re sessionized and forwarded to PRESSUREWAVE for analysis. The DNC event ing (PPF) componen ts in TURMOIL de tec t all IKE/ISAKMP and ESP packe ts and queries KEYCARD for each unique IKE exchange and each unique ESP session to de t e rmine if the link should be selected for analysis. Tasking is based on IP address . If KEYCARD re tu rns an "ANALYZE" action for any IPsec packet hit, then the IPsec packet is sessionized and sent to PRESSUREWAVE.

S E C R E T / / C O M I N T / / R E L T O U S A , F V E Y

Internet Key Exchange ( IKE) I Internet Security Association Key Management Protocol ( I S A K M P )

VPK6 T: Sockel Connection C IPsoc Packets Saieded lor Analysis F: SOTF

n Encapsu la t i ng Secur i t y P a y l o a d (ESP)

VPN9 T; MAILORDER C: IPsec Packeis Selected lar Analysis F: SOTF

VPN1 T: Socket Connection C: Selector Hit Query/Response

. F Binary h

E X Q P U M P

VPN1I T: IT« (JMS) C: IPSoc Pacfcols Solodod lor Analysts F: XMUSOTF

P R E S S U R E -

_ W A V E

"wrfrw Key T - Transport C = Content F = Format

S E C R E T / / C O M I N T / / R E L T O U S A , F V E Y

( T S / / S I / / R E L ) V P N A n a l y z e - D a t a f l o w

7 of 13



Stage 0 TURMOIL KEYCARD

[Ih, IKE _ Packet -

kIKE Select^ Query

IF| ANALYZE j ;

IF[ ANALYZE

I h ESP

Packet"

L I K E Select A "^Response

: : t ) • I I

Sessionize IKE

IKE Sessioo

•r &

IF| ANALYZE ) <

SP Select Query

! ESP Selscl Response'

IF| ANALYZE } ; ,P

^ !

Q ESP Sessior

TUBE

Sesstanize ESP

-IKE Sessior»

EXOPUMP PWv

Q Socket

(J) MAILORDER

Q ISLANDTRANSPORT (JMS)

(H) Secure Socket Layer (HTTPS)

( J ) ESP Se 1 I I I


•ESP Session-

(TS//SI/ /REL) V P N Analyze S e q u e n c e

(U) Requirements, Planning, and Reviews

(U) Design Details

(S//SI//REL) Architectural Taxonomy

• DNCA (Digital Network Crypt Applications) - b ranch • ROMULANALE - N a m e of project within DNCA that develops capabili t ies for the CAServer • GALLANTWAVE - DNSC project *and* th read on fielded systems, including TURMOIL and XKS (DeepDive)

• GW Mission App - legacy capability on CAServer for DNSC decryption • ROMULANGAWK - ROMULANALE provided capability on CAServer for DNSC decryption in sof tware • ROMULANGOWL - ROMULANALE provided capability on CAServer for DNSC decryption in h a r d w a r e (pending)

• VALIANTSURF - DNC project *and* th read on fielded systems, cur rent ly including only TURMOIL • MAL1BU - DNC process ing a rch i tec ture for VALIANTSURF on TURMOIL using session based process ing

• PIQServices - capability on CAServer for DNC decryption u n d e r MAL1BU • WAIMEA - DNC process ing a rch i tec ture for VALIANTSURF on TURMOIL using packet s t ream based processing. This

covers all conf igurat ions of the a rch i tec ture (sof tware and ha rdware ) • WA1MEAVISAGE - DNC WAIMEA process ing a rch i tec ture with decryption pe r fo rmed in sof tware

- ROMULANV1SAGE - ROMULANALE provided capability on CAServer for WA1MEAV1SAGE • WA1MEAVISE - DNC WAIMEA process ing a rch i tec ture with decryption per formed in ha rdware

• ROMULANV1SE - ROMULANALE provided capability on CAServer for DNC WAIMEAVISE

(U//FOUO) Current DNC D e s i g n D o c u m e n t s

• MALIBU Archi tec ture • WAIMEA Archi tec ture

(U) D e s i g n Reviews and Technical Exchanges

(U) Technical D o c u m e n t s

• (S//SI//REL) IPsec Sessionization • (S//SI//REL) HOOKED Sessionization • (S//SI//REL) CINDER Sessionization • (S//SI//REL) PPTP Sessionization • (S//SI//REL) New Protocol (IPsecESP,PPTP,HOOKED,CINDER) Specification • (TS//SI//REL) Turmoil Analysis for Inc remen t 3 • (TS//SI//REL) VPN IKE ASDF data flow J • (TS//SI//REL) VPN IKE ASDF Sequence Diagram ^ • (TS//SI//REL) APEXWPN Data Flow ^ • (TS//SI//REL) APEXWPN Sequence Diagram ^

8 of 13


• (TS//SI//REL) Turmoil VPN Decrypt Sequence Diagram

• (TS//SI//REL) SPIN 15 VPN Story 1 -• (TS//SI//REL) Spin 15 TURMOIL Model • (TS//SI//REL) S31322 Branch VPN Brief

• (TS//SI//REL) VS Monitoring

(U) DNC Enterprise M e s s a g i n g Fabric

• (S//SI//REL) VPN AMF(lTx)Fabric Diagram

(S//SI//REL) DNC IKE SMG {Replaced Ike Analytic) • (S) Description - The IKE SMG (Sesionized Metada ta Genera tor) inher i ted the in ternal bus iness logic of the IKE Analytic,

bu t was re-hosted as an iBridge service. There is no longer any connect ion to PRESSUREWAVE or METROTUBE. The IKESMG runs as a CCM graph IPSECJKE MDATA with input f rom IPSEC EVENT TO BME via IOPort.

• (S) Spin 17 - No Release. Initial version developed but not del ivered to TURMOIL • (S) Spin 18 - Initial Release. Patched Version had verbose logging. • (S) Core 3.1 - Par t of ValiantSurf Shark feather. APEX process ing removed. Sessionization by Exchange introduced. • (S) Core 4.x - Fu tu re re lease compliant with Schema version 8.

(S//SI//REL) DNC IKE Analytic

• (S) Spin 15 - No Release. Verified Spin 14 VIAS runs successful ly on Met ro tube 2.3.1 (Metro tube Spin 15 version). • (U) Other Wiki Links:

• ( U ^ ^ ^ 5 3 1 3 2 1 ( C O N ) Analytic Developer • (S) VALIANTSURF Wiki • (S) VPN Metada ta Flow diagram • (S) VpnlpsecVpnLargeDataCharacter iza t ion

• (S) Spin 14 - Upgraded Spagic workflow to follow the robus t PWV Retr iever Pattern. • (S) Pat tern Comprises s e p a r a t e service assemblies for Listener, Me tada ta Retriever, DataRetriever, Throttler, and DNC

wrapper . • (S) Er ror handling and VIAS logging capabil i t ies added.

• (S) APEX (DEMO) - Modified SOTF Parser and TGIF Record Factory to process Apex metada ta .

• (S) Spin 13 - Upgraded Spagic workflow to match Met ro tube 2.1. • (S) Numerous bug fixes re la t ing to Toygrippe con ten t including Exchanges Types, Message Types, Phase2-Only,

missing t rans forms(see MadForge DNC-analytic project for details). • (S) Added capability to process Toygrippe file classification de termined by DNC Metada ta .

• (S) Spin 12 - The VPN Analytic has been re -named as the VIAS (VPN IKE Analytic Service). In this spin, there were 2 ma jo r changes .

• (S) First, the analytic was conver ted to run in the Met ro tube 2 f ramework , as a JSo rce re r Service on the Met ro tube Service Bus.

• (S) Second, the VIAS is now re leased by the ValiantSurf (DNC) team directly to Turbulence, w h e r e Spin 11 and ear l ie r vers ions w e r e packaged by the DNC team, delivered informally to Met ro tube Services who pe r fo rmed the sof tware re lease to Turbulence .

• (S) Spin 11 and prior - VPN Analytic runs as a Met ro tube 1 service. • (S) An improvement to the IkeSessionizer a lgor i thm correct ly matched up the initiator and r e sponder by wai t ing for the

r e s p o n d e r to re tu rn a non-ZRC (Zero Responder Cookie).

(U) CIET Tasking • (S//SI//REL) Tasking for TEC/MHS/CROSSCUT

(U) Test VALlANTSURF/TestData

• (S//SI//REL) RFCs Required f o r T M L 18.1 and ear l ie r re leases • (S//SI//REL) VALIANTSURF RFCs

(S//SI//REL) DNC Metadata

• (S//SI//REL) S p i n l 4 VPN IKE Metada ta Test Document • (S//SI//REL) S p i n l 3 VPN IKE Metada ta Test Document • • (S//SI//REL) Sp in l2 VPN IKE Metada ta Test Document

9 of 13

VAL I ANT S U RF - Wikilnfo

(TS//SI//REL) DNC Decrypt

• (TS//SI//REL) S p i n l 2 VPN Decrypt Test Document •

(U//FOUO) LONGHAUL Test

LONGHAUL Test Documentat ion Page

(U//FOUO) One CA Server Toggled a m o n g Mult iple TURMOILs

(U//FOUO) This section descr ibes a ne twork des ign to have one CA se rver serve multiple TURMOILs. Note tha t a CA Server can only communica te to one TURMOIL a t a t ime.

Motivation:

1. Power/space/cooling limitations 2. Long lead t ime to gain approval to add CA Services se rvers 3. H a r d w a r e cos t

4. Limits on public IP addres s space at some sites

Click for detai ls on the CA Server Bank.

For m o r e i n f o r m a t i o n . Contac t o n e of t h e s e POCs

"ML Network Engineer CA Services Developer TML Integra t ion and Test

TURMOIL Lab M a n a g e r T1 VS Thread Lead

(U) Deployments VALLANTSURF Deployment Roles & Responsibili t ies (U) CIET Deployment Overview (U) VALIANTSURF Levels of Success

(U//FOUO) VALIANTSURF RFC and DR N e e d s for TURMOIL B a se l in e Del iveries 2 0 1 1

(U//FOUO) VALIANTSURF RFC and DR N e e d s for TURMOIL Base l ine Del iveries 2 0 1 0

• (TS//SI//ORCON/REL) RFC DR N e e d s TURMOILBaselines

(U//FOUO) Live Dataf low

TU FLE VPN Metada ta B e a c o n s !

(U//FOUO) TURMOIL Insta l la t ions

RPH Log

(U//FOUO) IPsec/IKE Metadata Rout ing

Site SIGAD TUBE MAILORDER PDDG

TUBE MAILORDER Trigraph

TUBE MAILORDER Sys tem Digraph

S y s t e m R o u t e METROTUBE MAILORDER PDDG

ME' MA Trig

MHS LATTICE USJ-759

AH HXN 51 MHS-LIVE-T16 via NSAW 0 0 TYG

MHS LATTICE USJ-759 KY EXM 52 MHS-DEV-T16 via NSAW oo TYG

MHS LATTICE USJ-759

N/A N/A N/A MHS-DEV-T16 via Site Store

KY TYG

MHS-STARQUAKE USJ-759A AH HXN 51 MHS-LIVE-T16 via NSAW oo TYG

10 of 13


KY EXM 52 MHS-DEV-T16 via NSAW OO TYG

KY TYG QX MHS-DEV-T16 via Site Store

N/A N/A

US-3150 RU

EXN 51 G1-T16 via NSAW OO TYG

US-3150 RU

DVN 52 G2-DEV-T16 via NSAW OO TYG

US-3150 RU LPN 53 G3-LPT via

NSAW OO TYG US-3150 RU

LPN 54 G4-LPT via NSAW OO TYG

US-3150 RU

LPN 55 G5-LPT via NSAW OO TYG

US-3150 RU

DVN 56 G6-DEV-LPT via NSAW OO TYG

TEC USD-1001TEC BL EXM 51 TEC-T16 via NSAW OO TYG

YRS USF-787 MH EXM 51 YRS3-LPT via NSAW OO TYG

(U//FOUO) IPsec/ESP Metadata Rout ing FALLOUT to TOYGRIPPE

FALLOUT Process ing & Dataflow FALLOUT Dataflow Statist ics I

Si te SIGAD FALLOUT MAILORDER PDDG

FALLOUT MAILORDER Trigraph

TOYGRIPPE MAILORDER Trigraph

FALLOUT MAILORDER S y s t e m Digraph

TUBE U p s t r e a m S o u r c e S y s t e m Digraph (Source S y s t e m Atom)

U p s t r e a m S o u r c e S y s t e m

MHS-LATTICE USJ-759 AH KLG TYF D0,D9 51 MHS-L1VE-T16

MHS-LATTICE USJ-759 AH KLG TYF D0,D9 52 MHS-DEV-T16

MHS-STARQUAKE USJ-759A KY KLG TYF D0,D9 51 MHS-L1VE-T16

MHS-STARQUAKE USJ-759A KY KLG TYF D0,D9 51 MHS-DEV-T16

US-3150 RU KLG

TYF D0,D9 51 G1-T16

US-3150 RU KLG

TYF D0,D9 52 G2-T16

US-3150 RU KLG TYF D0,D9 53 G3-LPT

US-3150 RU KLG TYF D0,D9 54 G4-LPT

US-3150 RU KLG

TYF D0,D9 55 G5-LPT

US-3150 RU KLG

TYF D0,D9 56 G6-LPT

TEC USD-1001TEC BL KLG TYF D0,D9 51 TEC-T16

CROSSCUT US-3301 U6 KLG TYF

SARATOGA US-3167 IL KLG TYF

MUSCULAR DS-200B C4 KLG TYF

YRS USF-787 MH KLG

TYF D0,D9 51 YRS 1-LPT

YRS USF-787 MH KLG TYF D0,D9 52 YRS2-LPT YRS USF-787 MH KLG

TYF D0,D9 53 YRS3-LPT

(S//SI//REL) VAO STATUS

POISONNUT Wiki

• Last Updated Wed Mar 5 20:36:00 GMT 2008 * RUNNING

11 of 13


(U//FOUO) Dep loyments and D e v e l o p m e n t sy s t ems

(U//FOUO) VAL1ANTSURF TURMOIL componen ts a re deployed directly to the TURMOIL systems.

(U//FOUO) The VAL1ANTSURF mission-application is deployed on the CAServer platform. See CAServer#Deployments for site specific configurat ion.

(U//FOUO) CIET Deployments

Si t e Type |Current TURMOIL N e x t TURMOIL Hardware CA Server C o m m e n t

JCE Dev Unknown Core 3.0.10 1-BCH none none

M H S E S O Dev Unknown TBD TBD none none

SMKG2 Dev 18.1.5 Core 3.0.10 TBD TBD none

SARATOGA Live 17.1 Core 3.0.10 TBD TBD none

MUSCULAR Live 18.1.1 18.1.5 TBD TBD none

SMK Live 17.1 Core 3.0.10 TBD TBD none

CROSSCUT Live 15.6.1 Core 3.0.10 TBD TBD none

MHS Live 15.6.1 Core 3.0.10 TBD TBD none

TEC Live 15.6.1 15.6.1 TBD TBD none

(U//FOUO) Monitor ing

(U//FOUO) CA servers a re moni tored by the T3332 Data Opera t ions Cen te r (DOC)as pa r t of their TU monitoring fSLACKKEY) DOC TU SlackKev Homepage . To access the TopView TU PRC - DOC I

• (U//FOUO) The VALIANTSURF SOP used by the DOC VALIANT SURF Tab Special Instruct ions

• (U//FOUO) During bus iness hours, the DOC uses the following contac t list: DOC business hours POC l i s t# VALIANTSURF

• (U//FOUO) DOC After Hours Call-in Procedures

• (U//FOUO) VALIANTSURF CA Server Troubleshoot ing Guide

(U) Governance

(U) DNC Thread Schedu le s

(U) VALIANTSURF Thread Status Weekly M e e t i n g s 2 0 1 2

(U//FOUO) VALIANTSURF Activity Leads S t a t u s Rev iew

(S//S1//REL) The VALIANTSURF Leads Meet ing reviews a re held weekly on Mondays. The purpose of this review is to discuss the major goals and s ta tus of activities taking place. Any roadblocks that would cause a fai lure in meet ing the es tabl ished goals should be discussed a t this t ime.

(U) Team M e m b e r s

'S31322 Thread Lead Rl,IDA/CCS(CON) Archi tecture Lead S31322(Integree) Archi tec ture Team

1322 Archi tecture Team S31322(CON) Systems Engineer 31322 Systems Engineer S31322 Systems Engineer

/S31322 SW Developer 1322 SW Developer

S 3 1 3 2 2 SW D e v e l o p e r S 3 1 3 2 2 S W D e v e l o p e r

S 3 1 3 2 2 ( C O N ) SW D e v e l o p e r S 3 1 3 2 2 ( C O N ) SW D e v e l o p e r

1322 SW Developer S31322(CON) CAS Deployment

l/S31322(CON) Integrat ion & Test Lead S31322(CON) Integra t ion & Test Engineer •/S31322(CON) Integra t ion & Test Engineer

| /S31322(CON) Integrat ion & T e s t Engineer

12 of 13

VAL I ANT S U RF - Wikilnfo

(U)l fS31322(CON) In tegra t ion & Test Eng ineer

Team Alias: DL Valiantsurf (mailto:

<U) Stakeholders

weekly

(U) VALIANTSURF Historical -

(U//FOUO) Dep loyment D o c u m e n t s

• (S//SI//REL) Spin 11/12 Metada ta Flow m a n a g e m e n t -• (U) Spin 9 VPN PIQ Blade Version Description Document (VDD) for MHS, YRS, TEC -• (U) Spin 9 MHS PIQ Blade Baseline Change Regues t -• (U) Spin 8 VPN TML Test Checklist 20070416 • • (U) Spin 8 VPN MHS Checklist 20070416

(U) Des ign Reviews and Technical Exchanges

• (S//SI//REL) VPN TU IT meet ing minu tes 1 May 2009 -• (S//SI//REL) VPN/TUMMS requ i rements meet ing minutes 23 April 2009 • (S//SI//REL) VPN TUBE Metada ta Bundle Classification meet ing minutes 3 April 2009 • • (S//SI//REL) Brief to YRS dur ing TDY 17-21 Nov 2008 - (S//SI//REL) Spin 12 TURBULENCE VPN Technical Review • (S//SI//REL) Spin 10 TURBULENCE VPN Technical Review Minutes -• (S//SI//REL) Spin 10 TURBULENCE VPN Technical Review • (S//SI//REL) Spin 10 VPN / ISLANDTRANSPORT / ISLANDH1DEAWAY Technical Exchange 20080124 Meet ing Minutes • (S//SI//REL) Spin 10 VPN / ISLANDTRANSPORT / ISLANDH1DEAWAY Technical Exchange 20080124 Meet ing Agenda • (S//SI//REL) Spin 9 TURBULENCE VPN Design Review • (S//SI//REL) Spin 9 TURMOIL VPN Design Review Minutes • (S//SI//REL) Spin 9 TURBULENCE VPN Design Review Minutes •

(U//FOUO) VALIANTSURF Activity Leads S ta tus Review

(S//SI//REL) The VALIANTSURF Activity Leads S ta tus reviews a r e held bi-weekly on Mondays th roughou t the Spin. The purpose of this review is to discuss t he ma jo r goals and s ta tus of activities taking place. Any roadblocks tha t would cause a fai lure in meet ing the es tabl ished goals should be discussed at this t ime.

<U) VPN Thread S c h e d u l e s

• (U//FOUO) Spin 11 VPN Sprint Schedule • • (U//FOUO) Spin 10 VPN Sprint Schedule •

(U) Pages of Interest • (U//FOUO) TURMOIL VALIANTSURF • (U//FOUO) TURMOIL GALLANTWAVE

Retr ieved f rom ' Category: VPN

Derived Rom: SI Classification Guide, 02-01 Dated: 20060711 and N5A/C5SM1-52. Dated: 20070108

Declassify On: 2032313B

T O P S E C R E T O S I / / O R C O N J R E L T O U S A , F V E Y

13 of 13