Six Trusted Computing Terms That Should Be Top of Mind in Defense and Aerospace System Design

blog
blog
Blog
January 05, 2018

Six Trusted Computing Terms That Should Be Top of Mind in Defense and Aerospace System Design

Today, every integrator of defense and aerospace solutions is asked to provide assurances that their solutions deliver various levels of Trusted Computing. They will refer to trust and cybersecurity and any number of other security-related features. But what exactly do these terms mean? And how can an integrator be sure that a solution provides the level of protection a particular system needs? The key is to understand the role that each security capability plays in protecting the solution and the overall system.

Here we break down some common trusted computing terms and how they protect critical program information in defense and aerospace systems.

Confidentiality Protects Privacy

Confidentiality techniques keep information private so it is not visible to those who should not be able to see it. Confidential information is typically encrypted using complex cryptography algorithms, so even if it is visible or intercepted, it cannot be understood. In defense and aerospace systems, confidential information may include mission information, targeting information, or algorithms and technologies, such as those used in radar systems, to identify approaching objects.

Integrity Verifies Data Has Not Been Altered

Data integrity techniques check whether data has been changed since it was last known to be valid. These techniques do not identify what data has changed, they simply indicate that the data has been altered in some way. For example, if malware was inserted into an operating system or a database, the value of the data integrity check would indicate that the software is not exactly the same as it was before the insertion.

Authentication Restricts Access to Data

Authentication techniques grant the right data access levels to the right people and systems based on logins, passwords, and other credentials. For example, senior officers and senior IT personnel will have access to more systems and more data than junior personnel. Authentication is related to confidentiality in a system. A senior officer’s credentials must be authenticated before he or she is given access to confidential information.

Availability Ensures Access to Systems and Data

Data availability techniques ensure that data is not blocked from the systems that need it. Consider a navigation system that relies on GPS data. If the GPS data were to become unavailable, due to GPS jamming or other methods, it would be a critical problem for many different types of deployed systems.

Techniques that ensure data availability increase the resiliency of systems so the correct data continues to flow despite malicious efforts to stop it. The internet provides a good example. Even if the internet connection between two cities was severed, data would continue to be available to people in both cities because there are so many alternate data paths available.

Non-Repudiation Ensures Transactions Are Valid

Non-repudiation techniques ensure that the systems on both sides of data exchanges consider the transaction to be valid. For example, if an adversary tried to spoof a GPS signal to make it look like a vehicle was in a different location than it actually was, the system would recognize that the GPS information was not coming from the correct satellite.

Anti-Tamper Mechanisms Protect Against Physical Attacks

Anti-tamper techniques typically safeguard technology should an adversary gain physical access to it. There are three main aspects to anti-tamper mechanisms:

  • Protect: Protection mechanisms might involve completely enclosing a board or a system so it cannot be physically accessed.
  • Detect: Detection mechanisms provide notifications if someone is trying to physically access the hardware or the software, for example by removing a cover or inserting a probe.
  • Respond: Response mechanisms ensure that the technology cannot be accessed even if physical access is detected. These techniques may include self-destruction or automatically erasing the data in the system or on the board.

To learn more - download our white paper: 'The Many Faces of Trusted Computing'

In future posts, we’ll look at how these elements of Trusted Computing are addressed by the technology, data and process protection capabilities of Trusted Commercial Off-The-Shelf (TCOTS) products.

 

Aaron Frank

Aaron Frank

Senior Product Manager

Aaron Frank joined Curtiss-Wright in January 2010. As a Senior Product Manager within the C5ISR group, he is responsible for a wide range of COTS products utilizing advanced processing, video graphics/GPU and network switching technologies in many industry-standard module formats (VME, VPX, etc.). His focus includes product development and marketing strategies, technology roadmaps, and being a subject matter expert to the sales team and with customers. Aaron has a Bachelor of Science in Electrical Engineering degree from the University of Waterloo.