Changing military operations demand fail-safe solutions in cyber security

Trusted Platform Modules and their encryption capabilities enhance operations on and off the field.

BY Donald Palmer

Information sharing is at the heart of a new military field operations culture. The days of tactical information traveling in a straight line from one source to another are gone. Today's multidimensional battlefield, enhanced by the latest advances in computer technology, can incorporate many other elements besides warfighters and their chain of command. Now there are coalitions, nongovernmental organizations, and communities of interest possibly all involved in the same operation.

This interplay of resources and capabilities demands incredible accuracy and security of information. In fact, the success of strategic operations can rest absolutely on the ability to trust the information that one source receives from another. Keeping that information secure is essential, even if it resides in a damaged vehicle.

The consequences of relying on a computer that cannot be trusted are dire. Imagine if your computer data was visible to others, or worse, could be changed by others. What if you are part of a sensitive military operation and crashes, viruses, and spyware were involved?

These concerns have given rise to an emphasis on "trusted computing." When you flip a light switch, you trust the lights will come on. Likewise, turn on your computer, and you trust it will behave as always, and nothing has been modified or stolen from it.

To determine if a computer can be trusted, the industry suggests asking these questions:

  • Did a trusted system boot the computer?
  • Is that system still running on the computer?
  • Is the running system approved for the application?
  • Can the system join a trusted network?
  • Can the system have access to trusted network service?

Gathering evidence is the only way to prove that a computer system has not been modified. Once the evidence has been gathered and trust has been established, each of the questions above can be answered. To do this, a baseline must be established. By comparing a baseline measurement against the measurement taken every time the computer is powered on, the decision of trust becomes an evaluation of the evidence.

Measuring a computer involves the types of devices that make up the computer system: the keyboard, processor, memory, data storage, and so on. Once you have all the configuration data, it can be encrypted. The encrypted data and the encryption key are stored (separately, of course) where no one else can find them, so they are virtually tamperproof. This provides a safe measurement of the computer's hardware that can be used as evidence to prove the computer can be trusted.

Computer operators, especially in the military, must be able to trust the software, as well. As with hardware, the goal is to measure the software on the computer, encrypt it, and store the data where it is safe.

Concerned with security issues, a group of the largest companies in the computing industry, including Intel, Microsoft, HP, IBM, and others, formed a not-for-profit organization called the Trusted Computing Group (TCG) in 2003 to develop, define, and promote industry standards for trusted computing.

Since that time, the TCG has defined several specifications, and two of the most important are the Trusted Platform Module (TPM) and the Trusted Software Stack (TSS). Together, TPM and TSS form a new level of security.

Trusted Platform Module

TPM generates cryptographic security keys, encrypts data streams and creates wrapping keys, as well as provides secure storage for self-generated and other keys.

The cryptographic processor includes an interface to the host computer system through a secure I/O bus. The TPM processes commands and data from the host system; required responses are relayed back to the host computer system through this bus.

The cryptographic processor generates encryption keys to encrypt data streams. For added security and independent operations, the TPM has a built-in random number generator and encryption engine. The key generation uses an RSA generation algorithm and the SHA-1 encryption hashing function.

Data in persistent storage only can be accessed through the encrypted Storage Root Key, which is required to open up the block for use by application software. Among the primary keys are the Endorsement Key (EK) that is "burned" into the storage during manufacturing. The Storage Root Key (SRK) embedded in the TPM security hardware to protect TPM keys created by applications, so that these keys cannot be used without the TPM; and the Platform Configuration Register (PCR) to store the evidence gathered about the computer's configuration.

Versatile storage stores keys generated by the TPM or by others. The Attestation Keys are generated to secure platform configuration. There is also a generic key storage area that is used to store keys from a multitude of sources.

Extending trust

Simply keeping a computer secure is not enough. You have to know you are connected to a secure network and that the network will trust your computer. In a TPM-enabled system, secure operation begins once the hardware configuration evidence is stored in the PCR for safekeeping. Each time the platform is booted, the BIOS evaluates the evidence to determine if the hardware can be trusted. This provides the operating system and associated applications with a "root of trust."

Once evidence is gathered, a computer essentially presents it to the server, which decides to allow the computer to access one or more of the trusted networks. The TPM assists with the presentation of this evidence. The Attestation Key encrypts the evidence presented such that only the server can view it, and the evidence is tamperproof.

Establishing a root of trust when a computer is powering on is the first step. Because most system attacks occur while a computer is running, a run-time root of trust must also be established by periodically refreshing, re-evaluating and representing the evidence. Using the run-time root of trust will detect many system attacks.

Users and manufacturers recognize the urgent need for improved computing security, and the TPM is fast becoming a standard, especially in military applications. The U.S. Army and the Department of Defense have mandated that every new small PC they purchase comes with a TPM.

According to the TCG, TPMs have been shipped in more than 100 million enterprise-class computers. It has been reported that Intel, AMD, and Dell will continue to include TPMs in upcoming generations of hardware, and Microsoft will include trusted computing in its new operating systems.


Donald Palmer is chief technology officer of embedded computing specialist General Micro Systems Inc. in Rancho Cucamonga, Calif.



Military & Aerospace Photos

Most Popular Articles

Related Products

VPX3-453 3U VPX Virtex-6/8640D Digital Signal Processor

The Curtiss-Wright VPX3-453 is a high performance 3U VPX DSP and FPGA processor card that combine...

CHAMP-FX4 6U OpenVPX Virtex-7 FPGA Processor Card

The CHAMP-FX4 is the flagship 6U product in Curtiss-Wright Defense Solutions’ family of user-prog...

PMC-E2001 Audio/Acoustic Waveform Generating PMC Card

PMC-E2001 Delta-sigma PMC features 16-bit resolution with 8 Analog Outputs and 4 Analog Inputs wi...

General Micro "Horizon" C299

The C299 Horizon is a third generation, 6U cPCI SBC module based on GMS’ upgradable CPU technolog...

RR2P Removable Canister RAID System

Transportable data storage for mobile field use aboard planes, ships and ground transport. 2U, du...

General Micro "Atom" XPC40X Rugged, Ultra-Small, Ultra-Low-Power Intel Atom™ CPU SBC

The XPC40X Atom is a rugged, low cost, ultra-low power, lightweight, Atom™ based computer system....

General Micro's VS295 Eclipse

The VS295 Eclipse is fifth generation, VME SBC module based on GMS, upgradable CPU technology. It...

ADEPT3000 Automatic Video Tracker

GE Intelligent Platforms ADEPT3000 is a cost-effective SWaP optimized automatic video tracking so...

6U OpenVPX HPEC Starter System

GE Intellligent Platforms new HPEC Application Ready Platforms (HARP) products respond to governm...

DSP280 - Rugged Dual Socket 2nd Gen Intel Quad Core i7 Multiprocessor

The DSP280 is a rugged, 6U OpenVPX dual socket Intel 2nd generation Quad Core i7 multiprocessor d...

Related Companies

Curtiss-Wright Defense Solutions

About Curtiss-Wright Defense Solutions Curtiss-Wright Defense Solutions (CWDS) is a long established techno...

Innovative Integration

  Since 1988, Innovative Integration has grown to become one of the world's leading suppliers of DSP and data ac...

General Micro Systems Inc

Since 1979, General Micro Systems has been providing the most diverse line of single-board computers in the industry....

Winchester Systems Inc

At its founding in 1981, Winchester Systems introduced its first 5 MB disk system for Intel development system users....

Extreme Engineering Solutions Inc (X-ES)

 Extreme Engineering Solutions, Inc. (X-ES) is a leader in the design, manufacture, and support of standard and ...

LEMO USA Inc

Provides a lightweight, compact aluminum connector. M-series connector is focused on the design that requires a MIL-3...

GE Intelligent Platforms

Provides embedded computing solutions. Products include single-board computers, networking products, avionics interfa...

Omnetics Connector Corp

Omnetics Connector Company is a privately held, world class connector design and manufacturing company with over 25 ...

Dawn VME Products

Dawn provides customers an in-depth and broad range of system and product knowledge and expertise coupled with the la...
Wire News provided by   

Press Releases

Low Viscosity, One Part Cyanoacrylate Is Non-Toxic and Meets ISO 10993-5 Specifications

Master Bond MB250NT is widely used for a variety of applications ranging from repair to high speed producti...

Thermally Conductive, Two Component Epoxy Passes USP Class VI Tests and ISO 10993-5 Specifications

With biocompatibility and cytotoxicity certifications, Master Bond EP21AOLV-2Med is often selected for bond...

One Component, Snap Cure Epoxy Features High Strength Properties

Suitable for a variety of applications in the electronic, aerospace and OEM industries, Master Bond EP3SP5F...

One Part Epoxy Resists up to 500°F and Meets NASA Low Outgassing Specifications

Master Bond Supreme 12AOHT-LO is a one component epoxy for a variety of bonding and sealing applications in...

VICTORY Shared Processing, Fire Control Computer, and Switch for Ground Vehicles Introduced by Curtiss-Wright

Curtiss-Wright Corporation today announced that its Defense Solutions division has introduced a new fully i...

CURTISS-WRIGHT CONGRATULATES NORTHROP GRUMMAN ON SUCCESSFUL FIRST FLIGHT OF SECOND MQ-4C TRITON UAS

Curtiss-Wright Corporation’s Defense Solutions division applauds Northrop Grumman Corporation (NYSE: NOC) o...

Curtiss-Wright’s New Rugged Mobile IP Router Subsystem Features an Integrated Cisco® 5915 ESR Router

Curtiss-Wright Corporation today announced that its Defense Solutions division, a Cisco® Systems Solution T...

GE Announces First Sub-Credit Card-Sized Multi-Function High Definition (HD) Video Tracker

HUNTSVILLE, AL.— OCTOBER 13, 2014—GE’s Intelligent Platforms business today announced at AUSA (October 13-...

Webcasts

Meeting the Gen3 backplane challenge with OpenVPX and COTS

Tight Pentagon budgets mean military systems must stay in the field for longer than ever before. This doesn't mean obsolete technology, however. Today's military electronics are being upgraded constantly, an...
Sponsored by:

Design Strategy Considerations for DO-178C Certified Multi-core Systems

Join Wind River to learn how system architecture and design choices can minimize your DO-178C certification challenges.

Sponsored by:

Flying, Sailing or Driving - The Rugged, Embedded Intel-based Server that goes where you need it!Flying Sailing or Driving

Leveraging the power of server-class processors is no longer relegated to the confines of data centers. Through several innovations, Mercury Systems has ruggedized Intel’s server-class chips for deployment. ...
Sponsored by:

All Access Sponsors


Mil & Aero Magazine

April 2015
Volume 26, Issue 4
file

Download Our Apps



iPhone

iPad

Android

Follow Us On...



Newsletters

Military & Aerospace Electronics

Weekly newsletter covering technical content, breaking news and product information
SUBSCRIBE

Cyber Security

Monthly newsletter covering cyber warfare, cyber security, information warfare, and information security technologies, products, contracts, and procurement opportunities
SUBSCRIBE

Defense Executive

Monthly newsletter covering business news and strategic insights for executive managers
SUBSCRIBE

Electronic Warfare

Quarterly newsletter covering technologies and applications in electronic warfare, cyber warfare, optical warfare, and spectrum warfare.
SUBSCRIBE

Embedded Computing Report

Monthly newsletter covering news on embedded computing in aerospace, defense and industrial-rugged applications
SUBSCRIBE

Unmanned Vehicles

Monthly newsletter covering news updates for designers of unmanned vehicles
SUBSCRIBE