Protect This House
If you live in the world of mil-aero systems, you have most likely heard the terms “anti-tamper” (AT) and “information assurance” (IA). You may even know and understand what they mean—but have you figured out what this all means to a COTS product vendor?
Why do we need AT and IA technologies?
Widely reported events such as the 2001 EP-3E signals reconnaissance plane emergency landing on Hainan Island and the 2011 Iranian capture of an RQ-170 Sentinel unmanned aerial vehicle are but two examples that serve to illustrate that sensitive military technology can and will fall into the hands of potential adversaries. Such platforms are stuffed full of equipment and intellectual property that the U.S. has invested heavily in; whoever possesses these platforms can have an impact on national security.
Such events led to the DoD issuing a set of directives, including Instruction 5200.39—Critical Program Information (CPI) Protection. CPI is defined as technologies and applications that, if compromised, would degrade system effectiveness or capabilities, or in some other way erode the effectiveness of the mission. This can include both classified and controlled unclassified information. Critical technology (CT) is defined as CPI that is located within a weapon system, maintenance system and/or training devices protected with AT technology.
The requirement for systems integrators to protect systems is here and is real—and it is flowing down to vendors like GE Intelligent Platforms at the board and subsystem level. AT can pervade a system from the inside out, including:
- Silicon level
- Circuit board design rules
- Board LRU
Measures include trusted boot methods, burying traces and vias, tamper detection enclosures and materials.
What about software?
There are many things that can be done to defend software, including:
- Obfuscation—Code transformations designed to defend against reverse engineering.
- Encryption—Including white-box cryptography, all-at-once vs. on-demand encryption.
- Integrity verification—Protect data values, verify program state, detect tampering.
- Virtualization—The necessity to provide unbreachable walls between cores on multicore processors for virtual machines fits very well with the needs of IA. Most high-end processor architectures from major vendors support virtualization, enabling the implementation of secure solutions.
What does this mean to a COTS board and subsystems vendor?
It is now necessary for vendors like ourselves to incorporate and enable features for AT and IA. If you look at our latest SBCs and signal processors (e.g., DSP281), you will see that they incorporate such features as Trusted Platform Modules (TPMs) and security hubs. However, it is necessary to acknowledge that there is a dividing line between what we can supply as COTS and what must be a custom solution commissioned to meet specific program needs. The requirements for the latter make those products subject to much tighter government restrictions. GE Intelligent Platforms has the capability to operate on both sides of the divide.
For more on this topic, see our white paper, “Anti-Tamper Technology: Safeguarding Today’s COTS Platforms.”