Software System Slices Search Time
Sharp infrastructure allows users to dig deeper for data.
The U.S. Air Force is spearheading the joint community’s pursuit to meet the need for speed—in a realm other than aircraft. A Web-based system developed by the service is providing the boost that commanders and intelligence specialists need to attain the goal of striking a target within seven minutes of a command to attack.
One key to faster and more accurate response in the battlespace is rapid access to the plethora of information that is collected in all forms and resides in databases throughout the military. In the past, commanders and analysts faced stovepiped information sources. To locate items of interest, such as images or data, they were forced to enter each system, then search for the information they required. But work that began at the Air Force Research Laboratory (AFRL), Rome, New York, nearly three years ago is doing away with this time-consuming task by furnishing a single point of entry into all available data on a specific topic.
Broadsword, a data access and security infrastructure, allows users to search, find and retrieve information from a variety of heterogeneous and diverse sources. The Air Force worked in conjunction with the Defense Intelligence Agency, the National Imagery and Mapping Agency and industry to create a system that ultimately will smooth the process of joint operations, Dr. John Salerno, Broadsword’s technical manager at the AFRL, explains.
The system’s strength lies in its ability to converge and merge the multiple layers of data and present a user with one comprehensive result, Salerno says. “The best analogy is the Internet,” he continues. “You can do a simple search using an engine, but that will only get you the results from the top layer. The second level requires a dynamic search engine. So, if you go to amazon.com, for example, you can use its search engine to look in its database for books about aircraft. If you conducted that same search using a simple Internet engine, the results would show all the Web sites that had information about aircraft but not the specific list of the books on amazon.com. The third type of search capability requires the user to input a user identification and password. Broadsword brings all three worlds together into a single data structure.
“The published page you see on the Internet is the world as it is now, the surface Web. But a lot of good information is behind the doors, and this is the deep Web. Broadsword allows users to get to it,” Salerno offers.
According to Capt. Craig Strong, USAF, Broadsword program manager, AFRL, another key element of the system is the security it provides. One component of the technology solely focuses on furnishing information assurance, which allows Broadsword users to employ a single application and yet access several databases. The goal of this approach is to eliminate the duplication of efforts by effectively compiling information and reducing the data footprint of a mission. At the same time, servers at individual commands do not become overloaded with hundreds of files, yet users at various commands have access to each other’s databases and can acquire all available data with a single query, saving time, Capt. Strong explains. Although the technology was initially developed as an intelligence community tool, it has since moved into the command and control arena, he adds.
Broadsword consists of five functional components: the gatekeeper, the keymaster, the access and authentication module, the trusted transfer agent and the clients.
The gatekeeper, a thin layer of software, processes users’ queries, audits actions, communicates with various sources, interconnects with other gatekeepers, maintains system status, and collects and compiles results. Users submit their query to the gatekeeper where it is forwarded to all appropriate sources. Once the gatekeeper has received the results, it combines them into a single response, builds an audit record and forwards the information to the user. The software also provides an interface for user maintenance and system statistics and configuration.
Products include reports from database sources, messages, documents, video clips, maps and images. These items can be delivered by way of non-real-time mail-order delivery, file transfer protocol (FTP) delivery or near-real-time FTP delivery.
Sources at a site can be made available to other sites through the gatekeeper-to-gatekeeper connection. Each site must first be registered with a keymaster, which manages a list of all gatekeepers and the registered sources.
Registration begins when the system administrator of a new gatekeeper calls the keymaster distribution center and a unique identifier is generated. The system administrator enters this identifier and the keymaster’s port number and address into the new gatekeeper’s registration screen. The administrator then generates a public/private key pair and sends the keymaster a message that contains the public key, the registration identifier and a map that includes all of the sources that will be made publicly available.
In response, the keymaster sends a message that contains the gatekeeper’s digital certificate that is encrypted using the keymaster’s private key, a second digital certificate and the world map of all other gatekeepers and their publicly available sources. Once this process is complete, secure access between gatekeepers is possible.
Under Broadsword version 2.0, systems administrators had to go to two locations to manage user accounts. Version 3.0 of the system improved this process by introducing the access and authentication module (AAM). The newer version is backward compatible.
The AAM has three purposes. It provides the Broadsword administrator with a single interface to create and configure user accounts. In addition, it allows regional user maintenance, which is beneficial because administrators are not available at all locations. Finally, it automatically creates a global directory service through which users can find information about other users.
This capability must be compatible with the lightweight directory access protocol (LDAP) initiative that the intelligence community and the U.S. Defense Department are pursuing. The intelligence community’s LDAP system is designed like an online telephone directory that contains users’ data, including identifications and passwords. However, additional information that is required to provide a qualified-user authentication module, such as password history and the number of invalid log-in attempts, is not collected.
The AAM provides a single interface through which all user and system access information is acquired and maintained. By separating user information from password management, each gatekeeper has a pure LDAP schema as well as the necessary data to perform a reasonable level of authentication information and password management.
The gatekeeper, keymaster and AAM provide the infrastructure for the interconnection of information sources within a specific community of interest (COI) and a single security domain. The system’s fourth component, the trusted transfer agent (TTA), combines the infrastructure and a multiple-security-level capability that is provided under the information support server environment guard. The agent enables two gatekeeper/keymaster infrastructures that operate at different security levels to communicate with each other. Any authorized user within the gatekeeper’s community of interest operating at the high-side security level can access, query and pull information from the low side of the COI.
Message digest 5 (MD5), a seal that ensures the integrity of a message, is attached to all information that passes from different security levels through the TTA. When an information package is passed between TTA processes or through the information support server environment guard, the MD5 seal is recalculated and compared with the original integrity seal to verify a match. If the seal does not match at any point, an error message is generated, message processing is terminated and an entry is written in the system log that indicates where the problem was detected within the TTA process flow. This security element is one of the key benefits of Broadsword, Capt. Strong says.
While these four components compose the power behind Broadsword, it is the fifth segment, the user interface, with which the system’s customers are most familiar. The Web-based interface supports multiple roles that are specific to individual users and can include searcher, administrator as well as information systems security officer.
The interface resides on the user’s workstation and requires a Hypertext Markup Language 4.0-compliant Web browser. Broadsword software installation on the workstation is not required.
Users log into Broadsword from a main screen that has been tailored to the roles they have been assigned by the site system administrator. The preference section allows users to set up their default values. It is split into six pages that include general registration and the default first page, information support, delivery options, search information and utilities, attribute configuration and remote access.
Users can define their search-tools page appearance, designate data sources to search and identify a preferred search mechanism. A feedback page allows customers to offer suggestions and comments online about the interface.
A variety of tools are available to customers to find and retrieve information from diverse sources. They can also combine these search tools and configure a method they prefer through the define-search page option. Broadcast feeds can be enabled to alert users about potential activity within a specific area of responsibility, and they can acquire additional information using the system’s request mechanism.
To conduct a local query, the customer sends a request to the gatekeeper, which builds an audit record. A copy of the request is routed to the appropriate sources through the plug-ins that accept the request, validate it against gatekeeper policy, convert it to the format required by the source then forward it to the source.
Once all responses are received, the gatekeeper combines them into a single response, audits the results and delivers the information to the user.
The results page displays all records that match the user’s query. Currently, Broadsword allows customers to order items from the commercial satellite imagery library, the imagery product library, the imagery digital exploitation system, and demand-driven direct digital dissemination. Several products of different types can be placed into a shopping cart and saved from session to session and across multiple queries.
To ensure security, queries made to a remote gatekeeper undergo an authentication process. A public key infrastructure, or PKI, method is used between gatekeepers and keymasters to verify that requests can be sent outside of local sources. Once the query is authenticated, the gatekeeper follows the same procedures to assemble all responses and deliver a single combined result to the customer.
According to Clifford M. Goodnight, Broadsword supports the Air Force’s Air Combat Command (ACC), Langley Air Force Base, Virginia, intelligence systems branch’s personalized computer-integrated imagery and intelligence (PC-I3) initiative. Goodnight, systems engineer, ACC, provides technical support to the initiative.
“Broadsword allows PC-I3 users to access distant data sources using a single log-in and password. Prior to Broadsword, users were required to maintain a log-in and password for each classified system they accessed. Most users were limited to single-source support, which meant that they were severely restricted in access to other classified intelligence systems. …This registration of intel databases allows users to access previously inaccessible imagery and order-of-battle data,” Goodnight explains.
The ACC intelligence systems branch purchased and fielded 12 Broadsword servers throughout the Air Force, including areas in the Asia-Pacific region and key Air National Guard and Reserve locations. The system supports the unit-level mission planning process by enabling PC-I3 users to view threat information, which they use to develop threat overlays for mission planning systems, such as the mission and support system and the personal flight planning system, Goodnight offers. Pilots also employ the technology to retrieve imagery for briefings and target folders from which they create their flight plan to avoid threats, he adds.
Broadsword has been installed in approximately 30 percent of the commands throughout all of the services. The system is scheduled to be fully deployed by the end of 2002.
Salerno believes that the Broadsword concept could be extended to the commercial sector. The capability would allow Web surfers to reach the various levels of the Internet by using a single application.