Baseline requirements for government and military encryption algorithms

(U) Foreign government and military organizations are developing formal evaluation criteria for their communications security (COMSEC) procurements. Although many countries have unique requirements, most have a common set of criteria. Due to the value of the information being secured, these criteria are much more comprehensive, rigorous and stringent than the commercial equivalent. It is useful to examine these criteria and use them to construct a threat model and baseline requirements for COMSEC products in military and government applications. This threat model allows customer COMSEC requirements to be more thoroughly understood by equipment providers. The baseline requirements will also provide a set of metrics for evaluating the quality of a COMSEC solution. This paper presents an introduction to threat model assessment. Several example models are provided. A definition and detailed discussion of a government/military COMSEC threat model is also presented Finally, the model is used to derive baseline requirements that can be used to design or evaluate a COMSEC solution intended for military and government applications.