SUPHICE - Achievements

Background

The SUPHICE programme has performed work in the 3 areas shown below to help resolve the rapid deployment of communications systems that are either classified or where the obligation to handle information such as personal details is strongly controlled by multiple legislative frameworks.

The ability to rapidly deploy secure communications is required to counter threats from terrorism and to protect sensitive information in general. This type of capability is fundamental to delivering the rapid responses required in today's multi-national threat scenarios. The implementation of secure communications using procedures that require the physical transport of encryption devices, algorithms and keys is a major impediment in an EU with 25 member states, each requiring control of national security.

Overview of Achievements

SUPHICE has advanced the state of the art, achieving progress in a number of key areas:

1. From a situation in which there is no generally accepted algorithm suitable for EU use in a SECRET environment SUPHICE has developed requirements, implemented and verified the implementation of the VEGAS algorithm, submitted and completed primary evaluation and certification at SECRET and submitted the implementation for secondary evaluation under the EU's CISPS process.
2. By placing the VEGAS algorithm in an equipment that is of EU origin but that is already certified for national and NATO use by a number of EU member states, SUPHICE has demonstrated that the same cryptographic product may be used without contravening EU, national or NATO Policy and Directives.
3. SUPHICE has sought to address one of the impediments to a European market for cryptos by delivering the primary and secondary certifications using a product, the overall design of which, with the exception of the EU algorithm, is unclassified and not the property of one nation. This has not been fully achieved due to various procedural issues although major advancements have been made towards mutual certification.
4. SUPHICE has demonstrated the on demand policy based deployment of High Integrity communications security using web based techniques including UDDI and WSDL. As part of this exercise, initial drafts of XML based standards that are applicable to the rapid deployment of crypto systems across national borders have been developed by the consortium and distributed to interested parties for comment.
5. SUPHICE has set up and operated the basis of a forum for the National Technical Infosec Authorities of Member States to explore the practical applicability of the approaches to policy based deployment of dynamic systems together with the mechanisms by which these might achieve approval. These technical meetings have achieved the active involvement of a number of the Member States' Technical Infosec Authorities in the formulation of a roadmap document and in the reviewing of technical standards.
6. The concepts and techniques of SUPHICE have also been tested at presentations in Australasia where many nations have confirmed that this approach is relevant and constitutes a significant European advantage over home grown and other overseas products.