Trends in trusted computing and network security in aerospace and defense embedded computing applications
ASHBURN, Va. – Network security in embedded computing is getting more scrutiny these days. In a constantly evolving threat environment, where new attacks arrive virtually every day, system architects must design networks to be as secure as possible. That requires a constant review process to enable the necessary adaptation, modification, and updates to keep systems safe.
Network security involves providing protections against all devices that are connected or could have access to the network. In this area, embedded architectures are catching up to enterprise networks. In the enterprise environment, where there has always been the risk of an unauthorized person connecting on a port in an office or conference room, the need to lock down the network is well understood.
In comparison, airborne networks typically have been very controlled, with no network ports exposed. Physical access to ports in the past was easy to control. Today, however, we are seeing embedded networks connecting more devices and making more connection ports available, which makes trusted computing approaches imperative. Aboard commercial jetliners, for example, Ethernet might be available at every seat, and Wi-Fi might be provided for entertainment.
As more devices connect to the embedded network, the more of the network needs protecting. Adding to the security challenge is the growing use of converged networks. Instead of one purpose network, today's fast links can transport data from disparate systems over the same network. More systems sharing the network increases not only the potential for contention, but also the security challenge; more end points means more potential threats. We are seeing increased use of converged networking in military embedded systems.
The good news is there’s growing awareness of what’s necessary for effective network security; many of the important tools are familiar and readily available. One tool for securing the network is white-listing, or limiting access to trusted devices. This could be as simple as enabling each port only to allow traffic from a known MAC address. While simple to implement, MAC addresses can be changed and spoofed. Trusting a device just because it has the right address turns out not to be a very robust security solution.
A more advanced technique to keep out unknown users involves IEEE 802.1x for port-based network access control (PNAC). 802.1x enables the network to authenticate a network endpoint using a cryptographic exchange. Instead of trusting a MAC address, trust is based on a certificate or other credentials. It implements port security via a feature on the network switch. 802.1x is a hybrid feature that needs support on the switch; that’s what controls turning the ports on and off). Still, it also requires clients, called “supplicants,” on the end points. That means that implementing a protection like 802.1x requires a whole system solution in which both the switches and the connected computers provide support.
Another challenge for providing network security on embedded systems involves upgrade cycles. Adding a security layer on which only one device is secured can introduce a weak link -- unless all other devices on the network also have that layer of security.
While hard-coding and 802.1x enable control over what devices can access the network, MACsec and IPsec tools use encryption to protect data on the move and prevent someone from snooping into that data. IPsec is an end-to-end protocol used originally for VPNs that connect from one office to another office over an untrusted network. In comparison, MACsec secures only a point-to-point connection.
Related: Lowering the costs of encrypted data storage in trusted computing
IPsec and MACsec help encrypt network data, and validate keys when establishing connections, but differ in how much data they encrypt. IPsec, for example, supports tunneling and transport modes that offer tradeoffs between overhead and the amount of encrypted data.
Apart from IPsec and MACsec, there are encryption standards like transport layer security that work at the application level. These require less support from the network infrastructure, but consume more processor overhead and encrypt even less, because they exist at the highest layers of the network stack.
Today, we typically see IPsec in local networks like airborne networks that are contained entirely within an aircraft. This protects against data being intercepted by other devices on the network. It also provides protection if the network switches are compromised.
It’s important to select network equipment and end points that provide good performance because they encrypt network traffic at high rates. MACsec encryption is typical for hardware, and is built into the PHY devices that provide the link-layer connections. IPsec encryption typically happens in software, but can require hardware acceleration to keep up with the network.
Related: A guide to international authorities for global trusted computing standards certification
Standards also can change over time, so it is important to stick with the latest versions. Early implementations of MACsec supported only AES 128 bit encryption keys, while AES 256 bit encryption was added later.
A major challenge can be finding people with the necessary expertise. Most are familiar with enterprise IT, yet those who know rugged embedded systems may not be up to date on the latest networking technologies. The intersection of people who understand both networking and embedded systems is small, but growing. What’s helping that intersection grow is the Internet of Things (IoT) phenomenon, which is taking all manner of embedded devices that were traditionally stand-alone appliances, and connecting them to networks.
As systems designers ask for network security solutions, their specific requirements still can be vague. Security, as yet, isn’t something you can just buy from a vendor. Instead, systems designers need to implement security across all products in the system, and either perform the architecture work themselves, or hire experts to do it for them. To design-in effective network security, it’s wise first to reach out to vendor network security experts at the very beginning of the project.
Keep in mind, too, that network security doesn’t end with the architecture or initial implementation; it needs to be revisited on a regular basis. Patches likely will be necessary to address vulnerabilities at each iteration, at every software upgrade, and every time a new device gets added.
Even some fundamental tools to secure networks may need to change. Most underlying network security today is based on public key cryptography. Future generations of quantum computers likely will require a reexamination of some cryptographic primitives on which network security designers depend.
Network security is a complex and evolving challenge, and solutions are being developed continually to address emerging threats. Leveraging the latest commercial technology is key to ensuring that connected embedded systems are secure, today and in the future.
Andrew McCoubrey is the senior product manager for switching and routing products in the C4 solutions group of the Curtiss-Wright Corp Defense Solutions division in Ashburn, Va. David Sheets is senior principal security architect at Curtiss-Wright Defense Solutions in Ashburn, Va.
Ready to make a purchase? Search the Military & Aerospace Electronics Buyer's Guide for companies, new products, press releases, and videos