Security Features

of CoCo Node 4.5

CoCo Communications prides itself in building secure, reliable
communication systems. CoCo Node, the packet-routing software
at the heart of all our products, uses state-of-the-art cryptographic
techniques to protect your network from intruders and attackers.

256-bit AES provides strong, rapid encryption of all data

traveling between machines on a CoCo network.

Diffie-Hellman Key Exchange lets any two nodes share

secret information without ever transmitting that
information onto the network.

Public-Key Infrastructure (PKI) confirms the identity of the

party you’re communicating with, so only your intended
recipient can decode your transmissions.

Multi-layer protection model prevents hackers from

exploiting any part of the packet delivery process.

Works seamlessly with existing security solutions at all

network layers, from data link layer security (such as
WEP) to application-layer security (such as SSL).

FIPS 140-2 certification establishes that CoCo’s use of

cryptographic technology is suitable for federal and
military applications.

Secure Packet Delivery in a Peer-to-Peer Mesh

In peer-to-peer mesh networks, security is imperative. Your data might pass
through an unknown number of intermediary hosts—not routers or other
trusted pieces of infrastructure, but machines owned by fellow users. A
mesh protocol must protect your data against potentially malicious users on
other hosts, even as it depends on these hosts for packet delivery.

CoCo Communications rises to this challenge. Our products use encryption

and certificate validation to prevent your data from being intercepted,
duplicated, or altered during delivery. Our multi-layered approach provides
defense in depth, ensuring that your data is safe on a CoCo mesh.

All contents are Copyright © 2008 CoCo Communications Corporation. All rights reserved.
 Security Features of CoCo Node 4.5
Page 2

Hop-by-hop Encryption

Encrypts traffic between adjacent nodes—any two nodes with

hardware interfaces to the same network medium.

Algorithms Two nodes on the same network public keys can compute a shared
used in hop-by-hop medium exchange packets directly, secret, without transmitting that
encryption without passing those packets secret across the network. Each node
through intermediary nodes. To takes its partner’s public key and its
Cipher: protect these packets against own private key, and runs these
256-bit AES eavesdropping or impersonation, values through a mathematical
(CFB mode) they create a secret key that only formula to produce a value; the
those two nodes can know. All data node’s partner uses the opposite set
Key Exchange: passed between those nodes is of keys to produce the same value.
Diffie-Hellman encrypted with this key. An attacker can read both of their
public keys, but can’t compute the
When CoCo Node software is shared value without one of their
installed on a machine, the private keys as well.
installation process creates a Diffie-
Hellman (DH) public/private key pair. When two nodes detect one another
Each Node broadcasts its DH public on the same network medium, they
key once per second, so all nodes on compute this shared secret using
that share a medium learn each each other’s DH public keys, and
other’s public keys within a second of initialize a 256-bit AES cipher in CFB
joining the network. mode using the shared secret as the
AES key. From that point on, all traffic
With the Diffie-Hellman algorithm, any between those two nodes is
two nodes that know each other’s encrypted with the AES cipher.

All contents are Copyright © 2008 CoCo Communications Corporation. All rights reserved.
Security Features of CoCo Node 4.5
Page 3

End-to-end Encryption

Encrypts traffic that travels through intermediary nodes, thwarting

man-in-the-middle attacks such as eavesdropping or insertion.

Certificate-based Public Key Infrastructure (PKI) guarantees the Algorithms

identity of your intended recipient, preventing impersonation. used in end-to-end
encryption

Two nodes that don’t share a
network segment must route
packets through intermediary
nodes. End-to-end encryption
ensures that, though an
intermediary forwards packets for
these two nodes, it can’t decipher
the contents of those packets.
A CoCo network integrates signed
certificates into the name/address
resolution system. This guarantees
that, when a node sends packets,
only the intended recipient can
read them.
Cipher:
To send a packet, a node must first 256-bit AES
determine the recipient’s network (CFB mode)
address from its human-readable
name. This is similar to a DNS lookup Key Exchange:
on a conventional IP network. Diffie-Hellman
With CoCo, name/address Signature:
resolution involves transmitting a DSA
signed certificate from the sender
to the intended recipient. The
recipient validates the sender’s DH
public key using the certificate
chain described in the table below.

Key Signed by...

Sender’s DH public key Sender’s DSA key

Sender’s DSA public key DSA key of the Provisioning

Provisioning Server’s DSA
public key
Server. Every CoCo
deployment has one
Provisioning Server, which
functions as a certificate
authority for that network.
DSA key of a root certificate
authority hosted by CoCo
Communications.

Root authority’s DSA public Comes built in with every

key copy of CoCo Node, and is in
the recipient’s trusted host list.

(continued on next page)

All contents are Copyright © 2008 CoCo Communications Corporation. All rights reserved.
 Security Features of CoCo Node 4.5
Page 4

End-to-end Encryption
(continued from previous page)

If each signature in the sender’s nodes use each other’s DH public

certificate chain is valid, the
recipient transmits its own
certificate chain and network
location to the sender. The sender
likewise verifies the recipient’s
identity by virtue of its certificate
chain.
At that point, the sender and
recipient both have one another’s
DH public keys, and proof that
those keys are correct. As with
hop-by-hop encryption, these two
keys to compute a shared secret,
which they use as a symmetric key
in a 256-bit AES cipher to encrypt
all subsequent packets between
them. Even if the traffic passes
through many intermediary nodes,
only the two nodes at either end
of the circuit are able to read it.

All contents are Copyright © 2008 CoCo Communications Corporation. All rights reserved.
Security Features of CoCo Node 4.5
Page 5

Compatible with existing network security

Mimics an IP interface to applications for out-of-the-box

compatibility with transport-layer and application-layer security.

Leverages Data Link and Physical security by working with your

computer’s existing network interface hardware.

CoCo’s software operates between architecture. CoCo Node can take

the IP and Ethernet layers of your advantage of the protections offered
computer’s network stack. To by any OSI Layer 3 protocol (such as
applications, it looks like a normal IPSec) as well as any Ethernet-
network interface with IP address compatible data link layer (such as
bindings. To the network interface 802.11 or Type 1 Ethernet systems).
hardware, it looks like an application
writing Ethernet frames. This allows
CoCo to take advantage of existing Security above CoCo
security measures both above it (at
the transport or application layers) Every network application has its own
and below it (at the data link layer unique security concerns. The Internet
and physical layer). offers no inherent security, and years
of experience have taught software
developers that hackers can easily
Security below CoCo take down any network application
without additional safeguards.
Many network systems have built-in Whether they use common protocols
encryption capabilities. This is such as SSL or custom-built
common for wireless networks, which cryptographic handshakes, today’s
a machine can join simply by being in developers take for granted that IP is
transmission range. When CoCo inherently unsafe and build their
Nodes exchange packets across such applications to remain robust and
a medium, each packet gets hacker-proof regardless of the
wrapped in that medium’s existing underlying network’s lack of security.
security methods.
CoCo technology honors these
For example, a CoCo mesh can application-layer security measures by
include machines on a WEP-enabled remaining fully compatible with all IP-
802.11 network. CoCo Node writes based application features. CoCo
Ethernet frames to the wireless Node uses IP tunneling technology to
network interface card (NIC), which appear as a network interface,
encrypts that data with the WEP key complete with an IP address binding.
before transmitting it out into the air. When a user installs CoCo Node on a
computer, that machine will behave
Nodes on a CoCo network can
exchange packets over Ethernet
(continued on next page)
directly, or over IP using a VPN-like

All contents are Copyright © 2008 CoCo Communications Corporation. All rights reserved.
 Security Features of CoCo Node 4.5
Page 6

Compatible with Existing Network Security

(continued from previous page)

as though it has a new network dynamic structure, but to third-party

interface, called a “tunnel device”, applications running on machines
alongside its existing network cards. with CoCo Node, it all simply looks
like IP. They can continue to function
Applications will send IP packets to as normal, using the security
this “imaginary” network interface, mechanisms their developers built in
just like they would send packets to order to remain robust against IP
the computer’s Ethernet interface or network attacks – while at the same
WiFi card. Instead of traveling out to time benefiting from the additional
the network right away, though, protection offered by CoCo’s hop-
these packets written to the tunnel by-hop and end-to-end security
will get processed by CoCo Node features.
and routed in accordance with
CoCo’s mesh network technology.

Under the hood, the network may

be a highly complex, mobile,

All contents are Copyright © 2008 CoCo Communications Corporation. All rights reserved.
Security Features of CoCo Node 4.5
Page 7

FIPS 140-2 Certification

The “CoCo Crypto Module”, a standalone function library,

contains all cryptographic algorithms used by CoCo Node.

NIST has approved FIPS 140-2 compliance under the CMVP.

!" Certificate #1021 establishes that the CoCo Crypto Module
meets federal and military data security standards.
!" Listed on NIST’s website at http://csrc.nist.gov/groups/STM/
cmvp/documents/140-1/1401val2008.htm

The cryptographic functions used by
the CoCo Node application are
encapsulated in the CoCo Crypto
Module, a standalone function library
that contains implementations of
cryptographic algorithms.
The CoCo Crypto Module not only
provides programmatic access to
cryptographic routines, but also
performs error-checking tasks such as
power-on self-tests and continuous
output validation. This allows the
module to guarantee at all times that
CoCo Node is using correct, robust
implementations of the algorithms it
needs for providing state-of-the-art
cryptographic security.
The CoCo Crypto Module has passed
evaluation by the National Institute of
Standards in Technology (NIST)
through their Cryptographic Module
Validation Program (CMVP). This
evaluation determines that the
software meets Federal Information
Processing Standard (FIPS) 140-2, the
U.S. Government’s standards for
security and reliability.
NIST has issued a certificate
establishing that the CoCo Crypto
Module meets or exceeds the
CMVP’s requirements. Certificate
#1021 for the CoCo Crypto Module is
listed on the CMVP website at http://
csrc.nist.gov/groups/STM/cmvp/
documents/140-1/1401val2008.htm.

All contents are Copyright © 2008 CoCo Communications Corporation. All rights reserved.