Publications

This paper describes a solution for the problem of authenticating the shapes of statistically variant gamma spectra while simultaneously concealing the shapes and magnitudes of the sensitive spectra. The shape of a spectrum is given by the relative magnitudes and positions of the individual spectral elements. Class-specific linear orthonormal transformations of the measured spectra are used to produce output that meet both the authentication and concealment requirements. For purposes of concealment, the n-dimensional gamma spectra are transformed into n-dimensional output spectra that are effectively indistinguishable from Gaussian white noise (independent of the class). In addition, the proposed transformations are such that statistical authentication metrics computed on the transformed spectra are identical to those computed on the original spectra.

An initial security evaluation of the proposed International Monitoring System (IMS) suggests safeguards at various points in the IMS to provide reliable information to the user community. Modeling the IMS as a network of information processing nodes provides a suitable architecture for assessing data surety needs of the system. The recommendations in this paper include the use of public-key authentication for data from monitoring stations and for commands issued to monitoring stations. Other monitoring station safeguards include tamper protection of sensor subsystems, preservation of data (i.e. short-term archival), and limiting the station`s network services. The recommendations for NDCs focus on the need to provide a backup to the IDC for data archival and data routing. Safeguards suggested for the IDC center on issues of reliability. The production of event bulletins should employ {open_quotes}two-man{close_quotes} procedures. As long as the data maintains its integrity, event bulletins can be produced by NDCs as well. The effective use of data authentication requires a sound key management system. Key management systems must be developed for the authentication of data, commands, and event bulletins if necessary. It is recommended that the trust placed in key management be distributed among multiple parties. The recommendations found in this paper offer safeguards for identified vulnerabilities in the IMS with regard to data surety. However, several outstanding security issues still exist. These issues include the need to formalize and obtain a consensus on a threat model and a trust model for the IMS. The final outstanding security issue that requires in-depth analysis concerns the IDC as a potential single point of failure in the current IMS design.

The important issue of data integrity in the CTBT International Monitoring System (IMS) is discussed and a brief tutorial on data authentication techniques is offered. The utilization of data authentication as a solution to the data integrity problem is evaluated. Public key data authentication is recommended for multilateral monitoring regimes such as the CTBT. The ramifications and system considerations of applying data authentication at various locations in the IMS, or not at all, are reviewed in a data surety context. The paper concludes with a recommendation of authenticating data at all critical monitoring stations.

An automatic phase identification system that employs a neural network approach to classifying seismic event phases is described. Extraction of feature vectors used to distinguish the different classes is explained, and the design and training of the neural networks in the system are detailed. Criteria used to evaluate the performance of the neural network approach are provided.

A public-key Treaty Data Authentication Module (TDAM) based on the National Institute of Standards and Technology (NIST) Digital Signature Standard (DSS) has been developed to support treaty verification systems. The TDAM utilizes the Motorola DSP56001 Digital Signal Processor as a coprocessor and supports both the STD Bus and PC-AT Bus platforms. The TDAM is embedded within an Authenticated Data Communication Subsystem (ADCS) which provides transparent data authentication and communications, thereby concealing the details of securely authenticating and communicating compliance data and commands. The TDAM has been designed according to the NIST security guidelines for cryptographic modules. Public-key data authentication is important for support of both bilateral and multi-lateral treaties. 8 refs.