Search AFCEA Site

Enable breadcrumbs token at /includes/pageheader.html.twig

A TITAN Set of Solutions

The AFRL’s modern suite of tools presents a secure way to share information and communicate.
By Kimberly Underwood
The Air Force Research Laboratory’s (AFRL’s) Trusted Information Transfer and Access Nexus, or TITAN, suite of tools enables secure communications in ways not seen before, including through the use of augmented reality glasses, as depicted by this graphic. Credit: Bundi-stock.adobe.com generated with AI
The Air Force Research Laboratory’s (AFRL’s) Trusted Information Transfer and Access Nexus, or TITAN, suite of tools enables secure communications in ways not seen before, including through the use of augmented reality glasses, as depicted by this graphic. Credit: Bundi-stock.adobe.com generated with AI

The Air Force Research Laboratory (AFRL) has developed secure solutions that present classified information to only those who need it. The suite of tools is called TITAN—the Trusted Information Transfer and Access Nexus—and was developed by the Information Directorate in the lab’s Rome, New York, office. 

Meant for users across the U.S. Department of Defense (DOD), TITAN enables information sharing in cross-domain applications—the handling of information across different classification domains, from unclassified to top secret. 

The suite includes several cross-domain systems, including an access operating system called SecureView, a transfer solution called XARBITOR, and a voice and video cross-domain solution called V2CDS, explained David DeProspero, laboratory manager of the AFRL’s cross-domain facility. 

DeProspero is the chief engineer for the SecureView program and oversees the technical aspects of integration for the TITAN cross-domain solutions at the lab.

“Cross domain, in general, is hard,” he explained. “It’s probably one of the hardest things that you can do in DOD computing. Not only does it have to meet very specific technical requirements for the end user, but it has to do so in a way that is repeatedly and reliably secure.”

For the access operating system, the AFRL created the first solutions for SecureView several years ago, and since then, has continually improved the tool, obtaining additional authorities to operate, or ATOs, along the way in compliance with the National Security Agency’s (NSA’s) National Cross Domain Strategy Management Office, the chief engineer noted.

“SecureView follows a push-pull development cycle, with some of the requirements pushed to us by the NSA under their ‘Raise the Bar’ program,” he said. “As those requirements come out, we have to develop and release a new version of SecureView. And for the pull development cycle, we pull requirements directly from sites.”

For this, organizations contact the lab seeking improvements. Sometimes the parties are either new to the cross-domain environment, are expanding their requirements or have found that their existing solutions do not meet their cross-domain needs.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

SecureView works with any level of classification. 

“We can support any of them,” DeProspero said. “The flavors make no difference to us, as long as they fall in the realm of unclassified up to [secure].” 

The product uses two different ways to facilitate the networking or the interconnection of those systems. “One way is if you have a computer with multiple network interface cards or ports, you can literally plug all of those different colored network wires into the back of the box running SecureView, and SecureView will securely isolate those network channels and route them to the appropriate virtual machines,” he explained. “The second way is by using VPN [virtual private network] technology.”

And when the COVID-19 pandemic advanced the need for telework five years ago, the AFRL created what became the most popular use case for SecureView: classified remote access. For that, they relied on the NSA’s Commercial Solutions for Classified, or CSfC, structure.

“What we’re able to do is tunnel networks of higher classifications over a network of lower classification,” DeProspero explained. “CSfC allows us to simply connect one network cable into a SecureView computer, and within that, one network cable runs the isolated and encrypted traffic of all of those other networks riding over it.”

CSfC endpoints within the tool decrypt the tunneled networks and SecureView routes them to the appropriate virtual machines. The product can also route networks of a lower classification over a higher classification carrier network. This is the so-called non-CSfC use case, the chief engineer clarified, adding that this case does not require nearly as much hardware, though it fundamentally achieves the same goal by encapsulating multiple networks riding over a single carrier network.

Also, the user interface for SecureView is “incredibly simple,” with users up and running in about 30 seconds, DeProspero added. This works even with multiple computer monitors and different networks, such as Non-Classified Internet Protocol (IP) Router Network, known as NIPRNet, and the Secret IP Router Network, or SIPRNet.

“From a user experience perspective, it provides unparalleled flexibility in how you, the user, need to use your workspace,” he said. “In the old days, if you had NIPR and SIPR at your desk, you had a computer running SIPR on one monitor, and you had one computer running NIPR on another monitor. People were used to dedicating one computer monitor per virtual machine. SecureView, however, can accommodate up to 16 computer monitors per computer.”
 

DeProspero
The removal of the physical monitor is step one in being allowed to access networks of very high classifications, outside of SCIFs or outside environments that those networks were designed to operate within.
David DeProspero
Laboratory Manager of the AFRL’s Cross-Domain facility

Meanwhile, the transfer solution, XARBITOR, is a cross-domain agile rules-based information transfer orchestrator. And like SecureView, it uses the same innovative architecture that makes it compliant under the NSA’s Raise the Bar program, which is an effort for improving cross-domain solution security and capabilities from a design, development, assessment, implementation and use perspective, DeProspero noted. 

According to the lab’s website, the transfer tool supports simultaneous, bidirectional transfers between multiple security domains. It is a secure, scalable and extensible framework that rapidly deploys cross-domain data inspection, sanitization and transfer capabilities, leveraging modularity and configurability. This includes transfer of a variety of file types, such as XML messages, PDFs or Microsoft Office files. 

For voice and video communication, the TITAN’s V2CDS tool “delivers secure, real-time Voice over Internet Protocol communication and conferencing with point-to-point video capability across two domains. Users can make two-party direct and multiparty conference calls, allowing users across two security networks to communicate simultaneously,” the lab indicated.

Additionally, the chief engineer emphasized that they are constantly evolving the technical capabilities of TITAN. This includes work on the first hardware-based cross-domain solution. In addition, the AFRL tackled an end-user need that involved the use of augmented reality. 

The lab was tasked with finding a way to use SecureView without a computer monitor, and while at first that left the engineers “scratching our heads for a little while,” DeProspero explained, they found that augmented reality (AR) goggles worked better than virtual reality (VR) goggles. 

VR goggles immerse the viewer in a new digital reality, while AR overlaps new information onto the viewer’s real world around them.

“The problem is a lot of the users of SecureView were not brought up in the virtual reality era, myself included,” the chief engineer said. “The very first time I created a proof of concept of this in a VR headset, it made me nauseous and motion sick, and immediately we realized that just because the solution provided unparalleled security, does not mean that it provides a good user experience. So, we transitioned that to augmented reality.”

The lab worked with U.S. Special Operations Command (SOCOM) to find an AR headset. Forward-deployed soldiers from SOCOM already employ AR headsets in contentious areas. With the goggles, soldiers can see what they need while retaining immediate situational awareness in their real field of view.

“With an augmented reality headset, it’s just a piece of glass that you can look through, but on that piece of glass, a digital asset is projected,” DeProspero explained.

The headset they chose—the Magic Leap 2—has a 5K resolution, which is incredibly bright and can even be used in direct sunlight, he said. And the goggles are very light, with a form factor akin to a pair of glasses versus the weight of a traditional VR headset.

“Having augmented reality opens up more doors than what we initially expected, especially for the classified telework use cases or use cases where you need to access even higher classified networks in spaces that were natively constructed to host lower levels,” he said. “What we found out in talking with a lot of security people is that the removal of the physical monitor is step one in being allowed to access networks of very high classifications, outside of SCIFs [sensitive compartmented information facilities] or outside environments that those networks were designed to operate within.”

Comments

The content of this field is kept private and will not be shown publicly.
About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
Enjoying SIGNAL?
SIGNAL Magazine is available through subscription or as part of your membership in AFCEA.
SUBSCRIBE NOW
LEARN MORE
JOIN AFCEA