New-Tech Europe Magazine | June 2016

Anti-Tamper Technology: Safeguarding Today’s COTS Platforms

Steve Rohm, Edco Technologies

Introduction Secure embedded computer and communications systems are critical for mission success in today’s environment of escalating cyber threats. Data integrity must be protected as it is processed, stored, and transmitted. The strategic risk management of these systems is known as Information Assurance (IA), which entails a combination of physical, technical, and administrative controls. At the core of an assured system is an authentic, trusted foundation based on Anti-Tamper (AT) safeguards using layered security features at the hardware, firmware, and software level. Abaco Systems is responding to the need for assured systems by incorporating product features that enable anti-tamper safeguards. This paper focuses on the use of COTS anti-tamper frameworks to support secure platforms and

Program Information (CPI) and extend the operational effectiveness of military systems. These systems are to comply with directive 8500.01E, an Information Assurance policy, along with directive 8500.02, prescribed procedures to protect and defend information networks and systems, including anti-tamper capabilities. The US government provides publicly- announced Federal Information Processing Standards (FIPS) for use in computer systems by government contractors, and the National Institute of Standards and Technology (NIST) issues the FIPS 140 Publication Series to coordinate the requirements for cryptographic modules which includes hardware and software. FIPS 140-2 establishes the Cryptographic Module Validation Program (CMVP) as a Federal Information Processing Standards

provide information assurance. Information Assurance: The Big Picture The concept of Information Assurance pervades the design, acquisition, installation, operation, upgrade and replacement phases of defense- based information systems. The goal is to maintain an appropriate level of confidentiality, integrity, authentication, non-repudiation, and availability of information. The standards for ensuring Information Assurance and Anti- Tamper are maintained through various national and international channels. U.S. DoD Instructions and Directives The Department of Defense established Instruction 5200.39 to mitigate the exploitation of Critical

40 l New-Tech Magazine Europe