Keith Thal, Chief Systems Engineer | Ultra Cyber
4 minute read
When researching solutions to protect valuable and mission-critical data, one of the first questions is usually “Which algorithm should be used?”. While the strength of the algorithm does play an important role in protecting data at rest and data in transit, the layered security mechanisms surrounding and integrated within the system are arguably much more important.
Think about it this way: if a two-inch thick iron door was added to the front of a home to prevent any unauthorized entry, does that ensure security of the home contents? Several other factors contribute to the security of the home such as location of the door’s key. Did the homeowner leave it under the doormat? Where are the hinge pins mounted? Are there windows that can easily be accessed? Is there an additional alarm system? This is very analogous to protecting your most sensitive information that is stored and transmitted with electronic devices such as computers, radios, and phones. When designing these devices, careful thought must be given about how access is controlled to the device along with the protection of the access mechanism themselves (passwords, physical token, biometrics, combination thereof, etc.). How is the data protected at rest and in transit? How can one protect against purposely and accidentally induced failures (e.g., high/low temperature, over/under voltage, broken RF seal, forced entry within the device) that allows unauthorized access to the data? These examples demonstrate why protecting important information requires an extensive holistic system approach commensurate with the value of the contents being protected.
At Ultra, we leverage our NSA Type 1 development experience to ensure our customers are provided with a complete secure solution to protect their classified and highly sensitive information both in storage and in-transit across networks. We do this using our expertise with embeddable System-on-Chip (SoC) cryptographic modules and cryptographic libraries. These libraries offer a number of protocols and capabilities required by customers to meet highly secure, highly adaptable and embeddable within the critical infrastructure of existing and new systems that protect our national security interests.
Modern SoC technology that when instantiated with Ultra’s software, firmware and hardware baseline is ready to meet today’s NSA Type 1 security requirements. Top-level capabilities implemented within our baseline include:
- Authentication/Access Control: Privilege Management, Password Management, Data at Rest Protection
- Key Handling: Internal Key Generation/Protection, External Key Receive and Storage
- Channels: Encryption/Decryption of Channel Data and Protocol Implementation
- Security Monitoring: Alarms, Built-In Tests, Physical Access Protection, Auditing
- Key Management Infrastructure: (KMI) Compliance as well as legacy EKMS support
- Algorithms: NSA Suite A Algorithms (including Quantum Resistant) and Suite B Algorithms
We have implemented the necessary security for cryptographic key management, active and passive alarm protection, support for intrusion protection, secure boot, authentication of loaded software and firmware, trusted development environment and many of the other features. This ensures that the over 300 NSA security requirements necessary for protection of U.S. Government information remain top secret. Leveraging this expertise and holistic approach will ensure the “iron door” is not compromised or circumvented resulting in loss of vital information.
Visit our website for more information on Ultra’s National Security cryptographic security solutions.