There are a number of reasons that video conference users want to use a single Codec to communicate over multiple security domains. Key among these reasons are initial and ongoing cost savings, space savings, and simplicity of design. This paper does not deal with the rationale for this approach but only the security issues that must be addressed when using a single Codec in a multi-domain environment.
A security domain is a set of equipment, communications assets, protocols and cleared users that are able to communicate with each other and share information which typically includes audio and video. Examples of security domains are Non-Secure Internet Protocol Router Network (NIPRNet), Secret Internet Protocol Router Network (SIPRNet), and the Top Secret (TS) Joint Worldwide Intelligence Communications System (JWICS). Communications over these domains may take place on many transports including ISDN and ATM but increasingly IP is the preferred communications backbone. Information and connectivity must be isolated between different domains. In general, this includes domains with the same general security level. For example, there are a number of government TS domains. Each has its own controlling agency and each must remain isolated from the others, except in very controlled situations.
When a Codec is used in a Multi-Domain (MD) environment, there are three interfaces that must be protected.