Designing COTS for data security
We hear daily of security breaches – including successful attacks on powerful U.S. agencies such as the IRS and on corporate networks – that expose public and private data. Attacks on military systems are even more predictable, but their compromise can put lives as well as data at risk. It could be argued that the military’s reliance on commercial off-the-shelf (COTS) hardware and software make defense systems more susceptible to compromise from these escalating attacks than in the days when the armed forces used custom hardware.
Tactical systems used on the front lines have especially large bulls-eyes on their backs. Yet they use the same mass-market silicon that has proved vulnerable in the past.
The military cannot afford to go back to the days of unique hardware, but the cost and performance advantages of COTS could potentially be negated by its vulnerabilities. Without “hardened” components and the building blocks from which customers can implement highly individualized antitamper and information assurance architectures, COTS systems could become as helpful to adversaries as to the intended users.
Major failures in the past were compounded by the simple fact that they lacked of some of the technologies that are available now. The crew of the U.S. Navy EP-3E intelligence aircraft, for example, failed to destroy sensitive electronics with their axes when their aircraft was forced to land in Chinese territory in 2001. Their efforts – not to mention the intelligence-gathering operations of the U.S. and its allies – would have benefited from the zeroizing-on-demand capability of today’s chips and boards.
Designers and manufacturers have not been sitting on their hands, however. They understand the seriousness of the threats and are providing numerous options from which COTS customers may choose in order to implement their security requirements. Among these options are CPU chipsets with root-of-trust and secure boot capabilities, antitamper-hardened FPGAs into which customers can load security policies, strong encryption, and operating systems that can enforce these policies at the application level.
These and other security tools continue to multiply, so that it is becoming a less an issue of availability than a question of the users’ willingness to understand and apply them and to accept the associated costs.
Chip makers such as Intel and Freescale provide elements from which the foundation of trustworthiness can be verified. This root of trust is used in the secure boot process to verify the integrity of the BIOS (Basic Input/Output System) code at system startup.
The CPU-based secure boot process is very limited in scope, though: When the board is activated, the processor performs the authentication operation and checks the BIOS software. It then boots the operating system, which brings up the applications. It is up to the user to beef up security so that an entity can detect and respond to attacks via firmware or software.
FPGAs in security applications
FPGAs are potentially attractive components in anti-tamper/information assurance solutions. Unlike CPUs, which are fixed quantities, FPGAs can be repurposed to implement security features under complete user control.
FPGA technology, for example, can be used to provide a “security hub” around which an antitamper strategy can be built. This hub can be designed to control I/O devices through a combination of active and passive antitamper features. FPGAs can be designed with hardware encryptors using 256-bit keys.
FPGAs can be programmed to detect intrusions by monitoring data for unauthorized changes. If changes are detected, the FPGA can sanitize a device, zeroizing memory, destroying data, and then confirming that the information is gone. A technology known as “pseudo-physically unclonable functions (PUFs),” moreover, can be encoded into the silicon die at the factory yet not exposed in manufacturing or in later use. This technology can then be used to generate crypto keys. FPGAs also can be hardened against passive, “side-channel” attacks.
An example of an enhanced-security COTS product is the Abaco Systems SBC328, a 3U VPX board featuring Intel’s newest Skylake CPU (with secure boot) and the Microsemi SmartFusion2, an FPGA customizable for antitamper and information assurance purposes.
The many hardware and firmware security features offered in today’s COTS-based embedded systems make it possible for users to lock down their data with confidence. FPGAs, with the latest cryptographic tools, have become harder to break than ever before. In the final analysis, however, it is up to the users to exploit these features in order to protect the most sensitive military applications.