Messaging and Directory Server software used around the world in the Government, Military, Aviation and Commercial sectors.

isode.com / solutions / vertical solutions /

XMPP Instant Messaging & Presence Solutions for Military and Government

 

Instant Messaging (IM) and Presence applications are of growing importance in secure environments such as Military and Government. The Internet Standard XMPP (eXtensible Messaging and Presence Protocol) is being widely adopted as the technology of choice.

This solutions page looks at how XMPP solutions in general and Isode's M-Link product in particular meet Military and Government requirements, with particular emphasis on security capabilities.

Why XMPP for Military & Government?

General background on XMPP, how it works, and how it meets requirements for real time messaging and presence is described in the Isode white paper Isode's Presence, Real Time Messaging and XMPP Strategy.

There are a number of reasons why XMPP is the preferred choice for Military and Government:

• XMPP is the only open standards choice, providing server/server protocols, with client and server implementations from multiple vendors.
• An open standards client/server protocol enables use of different Web and desktop clients, allowing choice of client suitable to the specific application and avoiding vendor lock-in.
• Distributed deployment is important for:
  • Interoperability with partner organizations.
  • User partition for security reasons.
  • Survivability.

  An open server/server protocol is essential to achieve this.

• XMPP provides a base for a wide range of capabilities that go beyond basic IM, and the XSF (XMPP Standards Foundation) is an open organization actively developing this functionality, specified in the XEP (XMPP Extension Protocol) series. There is active military and government involvement in XSF to meet future requirements. This includes:
  • Extended presence that provides additional user information and capabilities such as Geo-location.
  • White-boarding.
  • Direct user to user communication, for capabilities such as VOIP and file transfer.
  • Publish/Subscribe (“PubSub”), which gives a flexible information sharing capability.

XMPP and Directory

Government and Military organizations usually use directory servers to hold user information. Isode’s architecture for XMPP use of directory is shown above. Benefits of this architecture

• User information is shared with other applications.
• XMPP clients can use the same user authentication as other applications.
• Location independent user and server configuration is provided.
• Isode’s GUI and Web administration tools provide user and server administration. In particular:
  • Internet Messaging Administration (IMA) is a Web Application that enables M-Link server configuration and user administration. It allows common administration of XMPP and Internet Email setups, and allows for delegated administration. Details on IMA are here.
  • Personal Information Administration (PIA) allows users to change their personal preferences, and change passwords, including UI support for password policy capabilities such as password ageing. Details on PIA are here.
  • Sodium is a secure directory administration GUI. It can be used to directly manage the M-Link server configuration, which is a simple option for a deployment that does not use Isode Internet Messaging. It can also be used to manage user entries in the directory that are used by M-Link. Details on Sodium are here.
• XMPP user profile information can be centrally controlled, which avoids duplication.
• XMPP user profile changes can be used to update the directory

Further information on XMPP and Directory is provided in the Isode white paper XMPP, M-Link and Directory.

Peer Security (Client/Server and Server/Server)

There are a number of security services that may be used for either client/server or server/server XMPP communication.

Use of client server architecture is important for IM security. The IM client will authenticate to the server. This will enable the server to:

1. Control messages and presence information from the client, to ensure this only goes to appropriate recipients.
2. Ensure that the client is only provided with information that the client is entitled to have.

A client/server architecture enables security controls to be managed on the server, and so places the majority of the security requirements onto the server. Given that there are less servers, and that servers can be managed centrally, this is a good thing.

An XMPP Client will bind to its own server, and server/server communication is used for remote users. This builds a trust chain, and so server/server security is critical. The XMPP protocols use common security capabilities for the client/server and server/server protocols.

Data Confidentiality & Integrity

Data confidentiality is important in many government and military environments. The XMPP protocols (server/server and client/server) support data confidentiality using TLS (Transport Layer Security).

Some high security environments specifically choose not to use data confidentiality for applications, for example to enable audit and monitoring. Where this is the case, TLS can be used with a NULL cipher suite (i.e., no data confidentiality), so that TLS can provide data integrity services and support the authentication services described next.

Strong Authentication

Use of Strong Authentication for peer authentication is desirable in high security environments, particularly for server to server authentication. See the Isode white paper The Security and Administrative Benefits of using X.509 PKI based Strong Authentication.

XMPP authentication is based on the Internet Standard SASL (Simple Authentication and Security Layer). This includes strong authentication based on X.509 using the SASL EXTERNAL mechanism, so that the XMPP application utilizes authentication done at the TLS level.

The XMPP community is strongly promoting use of strong authentication for server to server communication, as this is substantially better than the dial-back mechanism in common operational use.

M-Link supports strong authentication for both server/server and client/server protocols. Use of strong authentication is strongly recommended for server/server use in military and government deployments. It is also recommended for client/server use, where clients support strong authentication.

Password Authentication for Clients

Although strong authentication is desirable, in many situations it may be preferable to use password based authentication. In particular, password based authentication is supported by a large number of clients. Isode’s password authentication approach is to make use of the directory as the identity server.

Where passwords are used, control of password quality and general use is important. This can be supported well using a directory back-end, as described in the Isode white paper Password Policy for Directories.

Multi-User Chat (MUC)

Multi-User Chat is critical to many XMPP deployments, in particular military, where sharing of information in groups (for example decisions on whether to engage) are made using MUC rooms. Support of MUC is a key feature for many XMPP deployments.

Service Monitoring

XMPP will generally be a mission critical service, and effective operational monitoring is important. Isode’s approach is to use SNMP, as described in the whitepaper SNMP and Isode Servers. The above screen shot shows use of the CACTI Web to SNMP interface to monitor M-Link.

Future Directions

On this page we've shown the benefits of XMPP and Isode's M-Link product for government and military deployments. Isode is planning further features targeted for this type of deployment. In particular:

• Support for controls based on Security Labels, controlled by Security Policy.
• Support for operation on networks with constrained capacity.
• Switching controls, to prevent communication of certain types of traffic.