Military Embedded Systems

Expanding hardware security trust


January 07, 2020

As security threats continue to grow and undermine the trust in systems performing critical operations, the ability to detect and prevent changes to vital system components is necessary to maintain system integrity. In order to get ahead of these threats, organizations need to deploy hardware roots of trust to monitor and defend critical systems. Hardware roots of trust use encryption and digital-signature technology to ensure only legitimate changes are made to system components.

Leveraging these security capabilities starts with strong partnerships in the supply chain to monitor and detect counterfeit equipment before it deploys to the customer. At the factory, employees need to verify the hardware against the ordered equipment, check firmware versions against manufacturers’ digital fingerprints (checksums for the technical folks), and perform physical inspections to look for any suspicious alterations.

Customers benefit from working with manufacturers that have the expertise to not only take these critical early steps, but also know how to integrate the right combination of hardware and software into a system that takes advantage of the latest security features.

Rugged computer hardware manufacturer, Crystal Group, has established an ecosystem of trusted and respected partners to integrate an effective combination of hardware and software security from the beginning. They start by integrating Trusted Platform Modules (TPM 2.0) into all current systems by default to ensure the core component needed to utilize a hardware root of trust is in place. The TPM provides a physically dedicated encryption and key storage container. {Editor’s note: The author is a cyber consultant for Crystal Group.]

Current generation Intel Xeon central processing units (CPUs) provide technology to create, monitor, and check the firmware and operating system for any insecure changes or alterations. Additional security features, such as Secure Boot, ensure the integrity of the operating system by preventing rootkits from altering the system before it starts. Intel’s CPUs provide additional separation of critical applications and virtual machines’ access to memory and CPU for greater protection, while also preventing attackers from gaining a foothold in the system.

Another layer of cyber defense comes company’s partnership with Seagate to provide MIL-STD-810F, accredited SAS solid state drives for use at the tactical edge. With TCG Enterprise encryption support, these drives enable full-disk encryption and instant secure erase functionality to deny unauthorized persons access to the data contained in the system.

As technology evolves, customers’ expectations for compatible hardware and software security features are becoming exponentially more prevalent. Integrating this compatibility from the onset enables greater reliability and data protection so rugged hardware can self-monitor for risks and alert operators of attempted threats and loss of integrity if it occurs, even when deployed in remote environments.