Title: GALLANTWAVE

Release Date: 2014-12-28

Description: This undated presentation from NSA’s Digital Network Crypt Applications (DNCA) concerns the GALLANTWAVE tool, which decrypts VPN traffic within LONGHAUL: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.

Document: TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL

GALLANTWAVE@scale
GALLANTWAVE @ volume

Requirements

@Scale

Deploy more widely
- Leverage peering with partner

@Volume

Increased system size: 10G -> 40G -> 100G
Increased target volumes: CORNERKICK ++

@Scale

Need

§ Peer to forward “ ‘missing’ attack-events to LONGHAUL”, to LONGHAUL, so
LONGHAUL can use them to complete single-sided processing.

5 LONGHAUL to reciprocate.

Approach

5 LONGHAUL to become aware of which ‘Events’ are not pairing local to agency
and to request peer to send (copy) of such events to LONGHAUL

§ Minimise bandwidth required to communicate requests

§ Peering is a back-end (KPS LONGHAUL)

§ Peers process independently

TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL

Single-sided A->B using peering

TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL

TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL

Filtered pairing

event[B->A]

event[E->F]

GW-2



requeA[B->A]

eFound[B->A]

need[A’->B’]

need[F’->E’]

need[B’->A]

need[D’->C’]

event[A->B]

event[C->D]

GW-l

r> i—

or

responseFound[A->B]
recjuest[A->B]

ponseFound[A->B]


Download Document

GALLANTWAVE (media-35514.pdf)

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh