Skip to main content

CAHN Architecture

The nature and ambition of CAHN means it needs to integrate with many different systems, both physical and logical. It necessarily touches many different network types at a low level of detail. As a consequence the documented CAHN architecture is extensive, with critical touch points, with many different networking protocols, the interface of which needs fully defining.

Many of the core concepts in CAHN reflect critical security requirements that have been actively evolving in the NIST trusted onboarding activities. The final NIST Trusted onboarding specification has yet to be published. We have been actively evolving the primary documentation directly on the NIST documents, event though it reflects CAHN activities. Similarly for the BRSKI family of specifications. BRSKI is core the CAHN vision. The practical delivery of CAHN, means actively implementing and evolving the BRSKI specification. And, the same is true of the Volt public documentation. Volt is an NQM product, but defined by an open spec. In order to reduce duplication of effort, we directly include the completed or in progress specifications for the destination technical documents. Hence the CAHN specification is an aggregation of technical architecture documents, which have their final "home" in different organisation and specifications but all of which represent the aggregate efforts of the CAHN initiatives.

The cornerstone of the CAHN specification is the "policy frameworks", this is the area of active innovation that represents the critical commonality between the different networking protocols.

The critical sections of the architecture document are as follows.

  • Architecture overview: conceptual high level architecture showing how the different parts fit together

  • Policy frameworks: detailed design of the verifiable credential based policy core.

  • Integration architecture: detailed design and specification of the volt system, used the communications and security glue to bind the different pieces together

  • NIST reference architecture: the complete (close to final) NIST architecture for trusted on boarding and continuous assurance

  • BRSKI specification: define the IETF method of joining a security domain and the evolving mappings for different networking protocols.

  • Device security architecture: defines low level user equipment security requirements and specifications, including mappings to various legislative domains

  • Networking interface architecture: the detailed binding mappings for each target networking type. (Note this is delivered in full in milstone2)

  • Physical architecture: detailed architecture documents for the physical deployment architecture at the test sites. Define how the physical networking element fit together at an implementation level.